app/auth/api_user.go

package auth

import (
	"encoding/base64"

	"github.com/gin-gonic/gin"
	"gorm.io/gorm"
	"kumoly.io/kumoly/app/errors"
	"kumoly.io/kumoly/app/server"
)

func ApiUsers(c *gin.Context) {
	users := []User{}
	result := DB.Preload("Groups").Preload("Profile").Find(&users)
	if result.Error != nil {
		panic(result.Error)
	}
	server.Res(c, &server.Response{Data: users})
}

type apiUserNewReq struct {
	Name   string `json:"username" example:"user" binding:"required"`
	PwdB64 string `json:"password" example:"YWRtaW4=" binding:"required,base64"`
}

func ApiUserNew(c *gin.Context) {
	var data apiUserNewReq
	if err := c.ShouldBindJSON(&data); err != nil {
		panic(err)
	}
	pwd, err := base64.URLEncoding.DecodeString(data.PwdB64)
	if err != nil {
		panic(err)
	}
	usr := &User{
		Username: data.Name,
		Password: string(pwd),
	}
	err = NewUser(usr)
	if err != nil {
		panic(err)
	}
	server.Res(c, &server.Response{Data: usr})
}

func ApiUserDelete(c *gin.Context) {
	var err error
	id := c.Param("id")
	if id == "" {
		panic(errors.ErrorBadRequest)
	}
	usr := &User{
		ID: id,
	}
	err = DB.First(usr, "id = ?", id).Error
	if err != nil {
		panic(errors.NewError(404, err))
	}

	if IsLastAdminUser(id) {
		panic(ErrorDelLastAdmin)
	}

	prof := &Profile{}
	profExist := true
	err = DB.First(prof, "user_id = ?", id).Error
	if err != nil {
		profExist = false
	}

	grp := &Group{}
	grpExist := false
	err = DB.Where("name = ?", usr.Username).First(grp).Error
	if err == nil {
		grpExist = true
	}
	err = DB.Transaction(func(tx *gorm.DB) error {
		if grpExist {
			err = tx.Model(&grp).Association("Users").Clear()
			if err != nil {
				return err
			}
		}
		err = tx.Model(&usr).Association("Groups").Clear()
		if err != nil {
			return err
		}
		err = tx.Model(&usr).Association("Profile").Clear()
		if err != nil {
			return err
		}

		if profExist {
			err = tx.Delete(&prof).Error
			if err != nil {
				return err
			}
		}
		err = tx.Delete(usr).Error
		if err != nil {
			return err
		}
		err = tx.Delete(grp).Error
		return err
	})
	if err != nil {
		panic(err)
	}
	server.Res(c, &server.Response{Data: "ok"})
}

type apiUserChangePasswdReq struct {
	UserID    string `json:"uid" example:"c35icut3sbav3gg5j1b0" binding:"required"`
	PwdB64    string `json:"old" `
	NewPwdB64 string `json:"new" example:"YWRtaW4=" binding:"required,base64"`
}

func ApiUserChangePasswd(c *gin.Context) {
	var err error
	var data apiUserChangePasswdReq
	if err = c.ShouldBindJSON(&data); err != nil {
		panic(err)
	}
	usr := &User{}
	err = DB.First(usr, "id = ?", data.UserID).Error
	if err != nil {
		panic(errors.NewError(404, err))
	}

	if !ACHas(c, ADMIN) {
		if !ACHas(c, usr.Username) {
			panic(errors.ErrorForbidden)
		}
		old_pwd, err := base64.URLEncoding.DecodeString(data.PwdB64)
		if err != nil {
			panic(err)
		}
		err = usr.ValidatePassword(string(old_pwd))
		if err != nil {
			panic(err)
		}
	}

	new_pwd, err := base64.URLEncoding.DecodeString(data.NewPwdB64)
	if err != nil {
		panic(err)
	}
	err = usr.ChangePassword(DB, string(new_pwd))
	if err != nil {
		panic(err)
	}
	server.Res(c, &server.Response{Data: "ok"})
}

func ApiUserActivate(c *gin.Context) {
	usr := &User{}
	uid := c.Param("id")
	if uid == "" {
		panic(errors.ErrorBadRequest)
	}
	err := DB.Where("id = ?", uid).First(usr).Error
	if err != nil {
		panic(errors.NewError(404, err))
	}
	err = DB.Model(&usr).Update("activated", true).Error
	if err != nil {
		panic(err)
	}
	server.Res(c, &server.Response{Data: "ok"})
}

func ApiUserDeactivate(c *gin.Context) {
	usr := &User{}
	uid := c.Param("id")
	if uid == "" {
		panic(errors.ErrorBadRequest)
	}
	err := DB.Where("id = ?", uid).First(usr).Error
	if err != nil {
		panic(errors.NewError(404, err))
	}
	if IsLastAdminUser(uid) {
		panic(ErrorDelLastAdmin)
	}
	err = DB.Model(&usr).Update("activated", false).Error
	if err != nil {
		panic(err)
	}
	server.Res(c, &server.Response{Data: "ok"})
}