42227d9edd
feat: add main command feat: add todos feat: add signup api feat: do not repeat code fix: user return feat: work out static box fix: setup static handlers feat: add share types License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> feat: start static License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> feat: bring back more features License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> add feat: readd more files License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> feat: add dockerignore License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> feat: gitignore License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com> feat: readd submodule License: MIT Signed-off-by: Henrique Dias <hacdias@gmail.com>
114 lines
2.0 KiB
Go
114 lines
2.0 KiB
Go
package http
|
|
|
|
import (
|
|
"net/http"
|
|
"sort"
|
|
"strconv"
|
|
|
|
"github.com/filebrowser/filebrowser/types"
|
|
"github.com/gorilla/mux"
|
|
)
|
|
|
|
func getUserID(r *http.Request) (uint, error) {
|
|
vars := mux.Vars(r)
|
|
i, err := strconv.ParseUint(vars["id"], 10, 0)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
return uint(i), err
|
|
}
|
|
|
|
func (e *Env) usersGetHandler(w http.ResponseWriter, r *http.Request) {
|
|
user, ok := e.getUser(w, r)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
if !user.Perm.Admin {
|
|
httpErr(w, http.StatusForbidden, nil)
|
|
return
|
|
}
|
|
|
|
users, err := e.Store.Users.Gets()
|
|
if err != nil {
|
|
httpErr(w, http.StatusInternalServerError, err)
|
|
return
|
|
}
|
|
|
|
for _, u := range users {
|
|
u.Password = ""
|
|
}
|
|
|
|
sort.Slice(users, func(i, j int) bool {
|
|
return users[i].ID < users[j].ID
|
|
})
|
|
|
|
renderJSON(w, users)
|
|
}
|
|
|
|
func (e *Env) userSelfOrAdmin(w http.ResponseWriter, r *http.Request) (*types.User, uint, bool) {
|
|
user, ok := e.getUser(w, r)
|
|
if !ok {
|
|
return nil, 0, false
|
|
}
|
|
|
|
id, err := getUserID(r)
|
|
if err != nil {
|
|
httpErr(w, http.StatusInternalServerError, err)
|
|
return nil, 0, false
|
|
}
|
|
|
|
if user.ID != id && !user.Perm.Admin {
|
|
httpErr(w, http.StatusForbidden, nil)
|
|
return nil, 0, false
|
|
}
|
|
|
|
return user, id, true
|
|
}
|
|
|
|
func (e *Env) userGetHandler(w http.ResponseWriter, r *http.Request) {
|
|
_, id, ok := e.userSelfOrAdmin(w, r)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
u, err := e.Store.Users.Get(id)
|
|
if err == types.ErrNotExist {
|
|
httpErr(w, http.StatusNotFound, nil)
|
|
return
|
|
}
|
|
|
|
if err != nil {
|
|
httpErr(w, http.StatusInternalServerError, err)
|
|
return
|
|
}
|
|
|
|
u.Password = ""
|
|
renderJSON(w, u)
|
|
}
|
|
|
|
func (e *Env) userDeleteHandler(w http.ResponseWriter, r *http.Request) {
|
|
_, id, ok := e.userSelfOrAdmin(w, r)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
err := e.Store.Users.Delete(id)
|
|
if err == types.ErrNotExist {
|
|
httpErr(w, http.StatusNotFound, nil)
|
|
return
|
|
}
|
|
|
|
if err != nil {
|
|
httpErr(w, http.StatusInternalServerError, err)
|
|
}
|
|
}
|
|
|
|
func (e *Env) userPostHandler(w http.ResponseWriter, r *http.Request) {
|
|
// TODO: fill me
|
|
}
|
|
|
|
func (e *Env) userPutHandler(w http.ResponseWriter, r *http.Request) {
|
|
// TODO: fill me
|
|
}
|