Admin endpoints

2022-06-14 20:34:55 +02:00
parent 3caa99b22a
commit 5ed0cfa837
8 changed files with 304 additions and 19 deletions
--- a/server/admin.go
+++ b/server/admin.go
@@ -0,0 +1,178 @@
+package server
+
+import (
+	"encoding/json"
+	"github.com/go-chi/chi/v5"
+	"io"
+	"log"
+	"net/http"
+	"opensavecloudserver/admin"
+	"opensavecloudserver/authentication"
+	"opensavecloudserver/database"
+	"strconv"
+	"time"
+)
+
+func AddUser(w http.ResponseWriter, r *http.Request) {
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	userInfo := new(authentication.Registration)
+	err = json.Unmarshal(body, userInfo)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	err = authentication.Register(userInfo)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	user, err := database.UserByUsername(userInfo.Username)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	ok(user, w, r)
+}
+
+func RemoveUser(w http.ResponseWriter, r *http.Request) {
+	queryId := chi.URLParam(r, "id")
+	id, err := strconv.Atoi(queryId)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	user, err := database.UserById(id)
+	if err != nil {
+		notFound(err.Error(), w, r)
+		log.Println(err)
+		return
+	}
+	err = admin.RemoveUser(user)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	ok(user, w, r)
+}
+
+func AllUsers(w http.ResponseWriter, r *http.Request) {
+	users, err := database.AllUsers()
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	ok(users, w, r)
+}
+
+func User(w http.ResponseWriter, r *http.Request) {
+	queryId := chi.URLParam(r, "id")
+	id, err := strconv.Atoi(queryId)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	user, err := database.UserById(id)
+	if err != nil {
+		notFound(err.Error(), w, r)
+		log.Println(err)
+		return
+	}
+	ok(user, w, r)
+}
+
+func SetAdmin(w http.ResponseWriter, r *http.Request) {
+	queryId := chi.URLParam(r, "id")
+	id, err := strconv.Atoi(queryId)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	user, err := database.UserById(id)
+	if err != nil {
+		notFound(err.Error(), w, r)
+		log.Println(err)
+		return
+	}
+	err = admin.SetAdmin(user)
+	if err != nil {
+		notFound(err.Error(), w, r)
+		log.Println(err)
+		return
+	}
+	ok(user, w, r)
+}
+
+func SetNotAdmin(w http.ResponseWriter, r *http.Request) {
+	queryId := chi.URLParam(r, "id")
+	id, err := strconv.Atoi(queryId)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	user, err := database.UserById(id)
+	if err != nil {
+		notFound(err.Error(), w, r)
+		log.Println(err)
+		return
+	}
+	err = admin.RemoveAdminRole(user)
+	if err != nil {
+		notFound(err.Error(), w, r)
+		log.Println(err)
+		return
+	}
+	ok(user, w, r)
+}
+
+func ChangeUserPassword(w http.ResponseWriter, r *http.Request) {
+	queryId := chi.URLParam(r, "id")
+	userId, err := strconv.Atoi(queryId)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	newPassword := new(NewPassword)
+	err = json.Unmarshal(body, newPassword)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	if newPassword.Password != newPassword.VerifyPassword {
+		badRequest("password are not the same", w, r)
+		return
+	}
+	err = database.ChangePassword(userId, []byte(newPassword.Password))
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	payload := &successMessage{
+		Message:   "Password changed",
+		Timestamp: time.Now(),
+		Status:    200,
+	}
+	ok(payload, w, r)
+}
--- a/server/data.go
+++ b/server/data.go
@@ -81,7 +81,7 @@ func GameInfoByID(w http.ResponseWriter, r *http.Request) {
 	}
 	game, err := database.GameInfoById(userId, id)
 	if err != nil {
-		internalServerError(w, r)
+		notFound(err.Error(), w, r)
 		log.Println(err)
 		return
 	}
@@ -293,12 +293,31 @@ func ChangePassword(w http.ResponseWriter, r *http.Request) {
 	ok(payload, w, r)
 }

-func AllUsers(w http.ResponseWriter, r *http.Request) {
-	users, err := database.AllUsers()
+func RemoveGame(w http.ResponseWriter, r *http.Request) {
+	userId, err := userIdFromContext(r.Context())
 	if err != nil {
 		internalServerError(w, r)
 		log.Println(err)
 		return
 	}
-	ok(users, w, r)
+	queryId := chi.URLParam(r, "id")
+	id, err := strconv.Atoi(queryId)
+	if err != nil {
+		badRequest("Game ID missing or not an int", w, r)
+		log.Println(err)
+		return
+	}
+	game, err := database.GameInfoById(userId, id)
+	if err != nil {
+		notFound(err.Error(), w, r)
+		log.Println(err)
+		return
+	}
+	err = upload.RemoveGame(userId, game)
+	if err != nil {
+		internalServerError(w, r)
+		log.Println(err)
+		return
+	}
+	ok(game, w, r)
 }
--- a/server/response.go
+++ b/server/response.go
@@ -42,6 +42,27 @@ func internalServerError(w http.ResponseWriter, r *http.Request) {
 	}
 }

+func notFound(message string, w http.ResponseWriter, r *http.Request) {
+	e := httpError{
+		Status:    404,
+		Error:     "Not Found",
+		Message:   message,
+		Path:      r.RequestURI,
+		Timestamp: time.Now(),
+	}
+
+	payload, err := json.Marshal(e)
+	if err != nil {
+		log.Println(err)
+	}
+	w.Header().Add("Content-Type", "application/json")
+	w.WriteHeader(404)
+	_, err = w.Write(payload)
+	if err != nil {
+		log.Println(err)
+	}
+}
+
 func unauthorized(w http.ResponseWriter, r *http.Request) {
 	e := httpError{
 		Status:    401,
--- a/server/server.go
+++ b/server/server.go
@@ -35,9 +35,6 @@ func Serve() {
 			}
 			r.Route("/system", func(systemRouter chi.Router) {
 				systemRouter.Get("/information", Information)
-				systemRouter.Group(func(secureRouter chi.Router) {
-					secureRouter.Get("/users", AllUsers)
-				})
 			})
 			r.Route("/user", func(secureRouter chi.Router) {
 				secureRouter.Use(authMiddleware)
@@ -45,13 +42,20 @@ func Serve() {
 				secureRouter.Post("/passwd", ChangePassword)
 			})
 			r.Route("/admin", func(secureRouter chi.Router) {
-				secureRouter.Use(authMiddleware)
 				secureRouter.Use(adminMiddleware)
+				secureRouter.Post("/user", AddUser)
+				secureRouter.Post("/user/passwd/{id}", ChangeUserPassword)
+				secureRouter.Delete("/user/{id}", RemoveUser)
+				secureRouter.Get("/user/{id}", User)
+				secureRouter.Get("/users", AllUsers)
+				secureRouter.Get("/user/role/admin/{id}", SetAdmin)
+				secureRouter.Get("/user/role/user/{id}", SetNotAdmin)
 			})
 			r.Route("/game", func(secureRouter chi.Router) {
 				secureRouter.Use(authMiddleware)
 				secureRouter.Post("/create", CreateGame)
 				secureRouter.Get("/all", AllGamesInformation)
+				secureRouter.Delete("/remove/{id}", RemoveGame)
 				secureRouter.Get("/info/{id}", GameInfoByID)
 				secureRouter.Post("/upload/init", AskForUpload)
 				secureRouter.Group(func(uploadRouter chi.Router) {