miniflux-v2/api/user.go

// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.

package api

import (
	"errors"
	"net/http"

	"github.com/miniflux/miniflux/http/context"
	"github.com/miniflux/miniflux/http/request"
	"github.com/miniflux/miniflux/http/response/json"
)

// CurrentUser is the API handler to retrieve the authenticated user.
func (c *Controller) CurrentUser(w http.ResponseWriter, r *http.Request) {
	ctx := context.New(r)
	user, err := c.store.UserByID(ctx.UserID())
	if err != nil {
		json.ServerError(w, err)
		return
	}

	json.OK(w, user)
}

// CreateUser is the API handler to create a new user.
func (c *Controller) CreateUser(w http.ResponseWriter, r *http.Request) {
	ctx := context.New(r)
	if !ctx.IsAdminUser() {
		json.Forbidden(w)
		return
	}

	user, err := decodeUserCreationPayload(r.Body)
	if err != nil {
		json.BadRequest(w, err)
		return
	}

	if err := user.ValidateUserCreation(); err != nil {
		json.BadRequest(w, err)
		return
	}

	if c.store.UserExists(user.Username) {
		json.BadRequest(w, errors.New("This user already exists"))
		return
	}

	err = c.store.CreateUser(user)
	if err != nil {
		json.ServerError(w, errors.New("Unable to create this user"))
		return
	}

	user.Password = ""
	json.Created(w, user)
}

// UpdateUser is the API handler to update the given user.
func (c *Controller) UpdateUser(w http.ResponseWriter, r *http.Request) {
	ctx := context.New(r)
	if !ctx.IsAdminUser() {
		json.Forbidden(w)
		return
	}

	userID, err := request.IntParam(r, "userID")
	if err != nil {
		json.BadRequest(w, err)
		return
	}

	userChanges, err := decodeUserModificationPayload(r.Body)
	if err != nil {
		json.BadRequest(w, err)
		return
	}

	originalUser, err := c.store.UserByID(userID)
	if err != nil {
		json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
		return
	}

	if originalUser == nil {
		json.NotFound(w, errors.New("User not found"))
		return
	}

	userChanges.Update(originalUser)
	if err := originalUser.ValidateUserModification(); err != nil {
		json.BadRequest(w, err)
		return
	}

	if err = c.store.UpdateUser(originalUser); err != nil {
		json.ServerError(w, errors.New("Unable to update this user"))
		return
	}

	json.Created(w, originalUser)
}

// Users is the API handler to get the list of users.
func (c *Controller) Users(w http.ResponseWriter, r *http.Request) {
	ctx := context.New(r)
	if !ctx.IsAdminUser() {
		json.Forbidden(w)
		return
	}

	users, err := c.store.Users()
	if err != nil {
		json.ServerError(w, errors.New("Unable to fetch the list of users"))
		return
	}

	users.UseTimezone(ctx.UserTimezone())
	json.OK(w, users)
}

// UserByID is the API handler to fetch the given user by the ID.
func (c *Controller) UserByID(w http.ResponseWriter, r *http.Request) {
	ctx := context.New(r)
	if !ctx.IsAdminUser() {
		json.Forbidden(w)
		return
	}

	userID, err := request.IntParam(r, "userID")
	if err != nil {
		json.BadRequest(w, err)
		return
	}

	user, err := c.store.UserByID(userID)
	if err != nil {
		json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
		return
	}

	if user == nil {
		json.NotFound(w, errors.New("User not found"))
		return
	}

	user.UseTimezone(ctx.UserTimezone())
	json.OK(w, user)
}

// UserByUsername is the API handler to fetch the given user by the username.
func (c *Controller) UserByUsername(w http.ResponseWriter, r *http.Request) {
	ctx := context.New(r)
	if !ctx.IsAdminUser() {
		json.Forbidden(w)
		return
	}

	username := request.Param(r, "username", "")
	user, err := c.store.UserByUsername(username)
	if err != nil {
		json.BadRequest(w, errors.New("Unable to fetch this user from the database"))
		return
	}

	if user == nil {
		json.NotFound(w, errors.New("User not found"))
		return
	}

	json.OK(w, user)
}

// RemoveUser is the API handler to remove an existing user.
func (c *Controller) RemoveUser(w http.ResponseWriter, r *http.Request) {
	ctx := context.New(r)
	if !ctx.IsAdminUser() {
		json.Forbidden(w)
		return
	}

	userID, err := request.IntParam(r, "userID")
	if err != nil {
		json.BadRequest(w, err)
		return
	}

	user, err := c.store.UserByID(userID)
	if err != nil {
		json.ServerError(w, errors.New("Unable to fetch this user from the database"))
		return
	}

	if user == nil {
		json.NotFound(w, errors.New("User not found"))
		return
	}

	if err := c.store.RemoveUser(user.ID); err != nil {
		json.BadRequest(w, errors.New("Unable to remove this user from the database"))
		return
	}

	json.NoContent(w)
}
First commit 2017-11-20 06:10:04 +01:00			`// Copyright 2017 Frédéric Guillot. All rights reserved.`
			`// Use of this source code is governed by the Apache 2.0`
			`// license that can be found in the LICENSE file.`

			`package api`

			`import (`
			`"errors"`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`"net/http"`
Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`"github.com/miniflux/miniflux/http/context"`
			`"github.com/miniflux/miniflux/http/request"`
			`"github.com/miniflux/miniflux/http/response/json"`
First commit 2017-11-20 06:10:04 +01:00			`)`

Add API endpoint to get logged user 2018-05-15 03:41:41 +02:00			`// CurrentUser is the API handler to retrieve the authenticated user.`
			`func (c Controller) CurrentUser(w http.ResponseWriter, r http.Request) {`
			`ctx := context.New(r)`
			`user, err := c.store.UserByID(ctx.UserID())`
			`if err != nil {`
			`json.ServerError(w, err)`
			`return`
			`}`

			`json.OK(w, user)`
			`}`

First commit 2017-11-20 06:10:04 +01:00			`// CreateUser is the API handler to create a new user.`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`func (c Controller) CreateUser(w http.ResponseWriter, r http.Request) {`
			`ctx := context.New(r)`
First commit 2017-11-20 06:10:04 +01:00			`if !ctx.IsAdminUser() {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.Forbidden(w)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Improve feed and user API updates with optional values 2018-06-24 01:16:54 +02:00			`user, err := decodeUserCreationPayload(r.Body)`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, err)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

			`if err := user.ValidateUserCreation(); err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, err)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

			`if c.store.UserExists(user.Username) {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, errors.New("This user already exists"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

			`err = c.store.CreateUser(user)`
			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.ServerError(w, errors.New("Unable to create this user"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

			`user.Password = ""`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.Created(w, user)`
First commit 2017-11-20 06:10:04 +01:00			`}`

			`// UpdateUser is the API handler to update the given user.`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`func (c Controller) UpdateUser(w http.ResponseWriter, r http.Request) {`
			`ctx := context.New(r)`
First commit 2017-11-20 06:10:04 +01:00			`if !ctx.IsAdminUser() {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.Forbidden(w)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`userID, err := request.IntParam(r, "userID")`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, err)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Improve feed and user API updates with optional values 2018-06-24 01:16:54 +02:00			`userChanges, err := decodeUserModificationPayload(r.Body)`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, err)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`originalUser, err := c.store.UserByID(userID)`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, errors.New("Unable to fetch this user from the database"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

			`if originalUser == nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.NotFound(w, errors.New("User not found"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Improve feed and user API updates with optional values 2018-06-24 01:16:54 +02:00			`userChanges.Update(originalUser)`
			`if err := originalUser.ValidateUserModification(); err != nil {`
			`json.BadRequest(w, err)`
			`return`
			`}`

First commit 2017-11-20 06:10:04 +01:00			`if err = c.store.UpdateUser(originalUser); err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.ServerError(w, errors.New("Unable to update this user"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.Created(w, originalUser)`
First commit 2017-11-20 06:10:04 +01:00			`}`

Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`// Users is the API handler to get the list of users.`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`func (c Controller) Users(w http.ResponseWriter, r http.Request) {`
			`ctx := context.New(r)`
First commit 2017-11-20 06:10:04 +01:00			`if !ctx.IsAdminUser() {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.Forbidden(w)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`users, err := c.store.Users()`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.ServerError(w, errors.New("Unable to fetch the list of users"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Show last login and session creation date in current timezone 2018-03-05 02:04:31 +01:00			`users.UseTimezone(ctx.UserTimezone())`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.OK(w, users)`
First commit 2017-11-20 06:10:04 +01:00			`}`

Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`// UserByID is the API handler to fetch the given user by the ID.`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`func (c Controller) UserByID(w http.ResponseWriter, r http.Request) {`
			`ctx := context.New(r)`
First commit 2017-11-20 06:10:04 +01:00			`if !ctx.IsAdminUser() {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.Forbidden(w)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`userID, err := request.IntParam(r, "userID")`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, err)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`user, err := c.store.UserByID(userID)`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, errors.New("Unable to fetch this user from the database"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

			`if user == nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.NotFound(w, errors.New("User not found"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Show last login and session creation date in current timezone 2018-03-05 02:04:31 +01:00			`user.UseTimezone(ctx.UserTimezone())`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.OK(w, user)`
First commit 2017-11-20 06:10:04 +01:00			`}`

Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`// UserByUsername is the API handler to fetch the given user by the username.`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`func (c Controller) UserByUsername(w http.ResponseWriter, r http.Request) {`
			`ctx := context.New(r)`
Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`if !ctx.IsAdminUser() {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.Forbidden(w)`
Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`return`
			`}`

Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`username := request.Param(r, "username", "")`
Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`user, err := c.store.UserByUsername(username)`
			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, errors.New("Unable to fetch this user from the database"))`
Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`return`
			`}`

			`if user == nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.NotFound(w, errors.New("User not found"))`
Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`return`
			`}`

Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.OK(w, user)`
Add API handler to fetch user by username 2017-12-26 21:10:48 +01:00			`}`

First commit 2017-11-20 06:10:04 +01:00			`// RemoveUser is the API handler to remove an existing user.`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`func (c Controller) RemoveUser(w http.ResponseWriter, r http.Request) {`
			`ctx := context.New(r)`
First commit 2017-11-20 06:10:04 +01:00			`if !ctx.IsAdminUser() {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.Forbidden(w)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`userID, err := request.IntParam(r, "userID")`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, err)`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`user, err := c.store.UserByID(userID)`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.ServerError(w, errors.New("Unable to fetch this user from the database"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

			`if user == nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.NotFound(w, errors.New("User not found"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

			`if err := c.store.RemoveUser(user.ID); err != nil {`
Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.BadRequest(w, errors.New("Unable to remove this user from the database"))`
First commit 2017-11-20 06:10:04 +01:00			`return`
			`}`

Use vanilla HTTP handlers (refactoring) 2018-04-30 01:35:04 +02:00			`json.NoContent(w)`
First commit 2017-11-20 06:10:04 +01:00			`}`