2022-12-16 06:07:04 +03:00
|
|
|
package server
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2023-02-08 06:45:55 +03:00
|
|
|
"heckel.io/ntfy/log"
|
2022-12-25 19:41:38 +03:00
|
|
|
"heckel.io/ntfy/user"
|
2022-12-16 06:07:04 +03:00
|
|
|
"heckel.io/ntfy/util"
|
|
|
|
"net/http"
|
2023-01-29 04:29:06 +03:00
|
|
|
"net/netip"
|
2023-01-23 18:58:39 +03:00
|
|
|
"strings"
|
2023-01-28 07:10:59 +03:00
|
|
|
"time"
|
2022-12-16 06:07:04 +03:00
|
|
|
)
|
|
|
|
|
2022-12-29 03:55:11 +03:00
|
|
|
const (
|
2023-01-17 00:35:37 +03:00
|
|
|
syncTopicAccountSyncEvent = "sync"
|
2023-01-28 07:10:59 +03:00
|
|
|
tokenExpiryDuration = 72 * time.Hour // Extend tokens by this much
|
2022-12-29 03:55:11 +03:00
|
|
|
)
|
|
|
|
|
2022-12-16 06:07:04 +03:00
|
|
|
func (s *Server) handleAccountCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
2023-02-10 05:51:12 +03:00
|
|
|
if !u.IsAdmin() { // u may be nil, but that's fine
|
2022-12-24 20:10:51 +03:00
|
|
|
if !s.config.EnableSignup {
|
|
|
|
return errHTTPBadRequestSignupNotEnabled
|
2023-01-29 04:43:06 +03:00
|
|
|
} else if u != nil {
|
2022-12-24 20:10:51 +03:00
|
|
|
return errHTTPUnauthorized // Cannot create account from user context
|
|
|
|
}
|
2023-01-27 19:33:51 +03:00
|
|
|
if !v.AccountCreationAllowed() {
|
2023-01-27 06:57:18 +03:00
|
|
|
return errHTTPTooManyRequestsLimitAccountCreation
|
|
|
|
}
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
newAccount, err := readJSONWithLimit[apiAccountCreateRequest](r.Body, jsonBodyBytesLimit, false)
|
2022-12-16 06:07:04 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-12-25 19:41:38 +03:00
|
|
|
if existingUser, _ := s.userManager.User(newAccount.Username); existingUser != nil {
|
2022-12-22 05:55:39 +03:00
|
|
|
return errHTTPConflictUserExists
|
|
|
|
}
|
2023-02-08 06:45:55 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).Field("user_name", newAccount.Username).Info("Creating user %s", newAccount.Username)
|
|
|
|
if err := s.userManager.AddUser(newAccount.Username, newAccount.Password, user.RoleUser); err != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-02-08 23:20:44 +03:00
|
|
|
v.AccountCreated()
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
|
2023-02-08 00:20:49 +03:00
|
|
|
func (s *Server) handleAccountGet(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-09 23:40:46 +03:00
|
|
|
info, err := v.Info()
|
2022-12-17 23:17:52 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-02-08 00:20:49 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).Fields(visitorExtendedInfoContext(info)).Debug("Retrieving account stats")
|
2023-01-09 23:40:46 +03:00
|
|
|
limits, stats := info.Limits, info.Stats
|
2022-12-28 06:14:14 +03:00
|
|
|
response := &apiAccountResponse{
|
2023-01-09 23:40:46 +03:00
|
|
|
Limits: &apiAccountLimits{
|
|
|
|
Basis: string(limits.Basis),
|
2023-01-27 06:57:18 +03:00
|
|
|
Messages: limits.MessageLimit,
|
|
|
|
MessagesExpiryDuration: int64(limits.MessageExpiryDuration.Seconds()),
|
|
|
|
Emails: limits.EmailLimit,
|
2023-05-07 18:59:15 +03:00
|
|
|
Calls: limits.CallLimit,
|
2023-01-09 23:40:46 +03:00
|
|
|
Reservations: limits.ReservationsLimit,
|
|
|
|
AttachmentTotalSize: limits.AttachmentTotalSizeLimit,
|
|
|
|
AttachmentFileSize: limits.AttachmentFileSizeLimit,
|
|
|
|
AttachmentExpiryDuration: int64(limits.AttachmentExpiryDuration.Seconds()),
|
2023-01-25 18:05:54 +03:00
|
|
|
AttachmentBandwidth: limits.AttachmentBandwidthLimit,
|
2023-01-09 23:40:46 +03:00
|
|
|
},
|
2022-12-20 00:22:13 +03:00
|
|
|
Stats: &apiAccountStats{
|
|
|
|
Messages: stats.Messages,
|
|
|
|
MessagesRemaining: stats.MessagesRemaining,
|
|
|
|
Emails: stats.Emails,
|
|
|
|
EmailsRemaining: stats.EmailsRemaining,
|
2023-05-07 18:59:15 +03:00
|
|
|
Calls: stats.Calls,
|
|
|
|
CallsRemaining: stats.CallsRemaining,
|
2023-01-08 05:04:13 +03:00
|
|
|
Reservations: stats.Reservations,
|
|
|
|
ReservationsRemaining: stats.ReservationsRemaining,
|
2022-12-20 00:22:13 +03:00
|
|
|
AttachmentTotalSize: stats.AttachmentTotalSize,
|
|
|
|
AttachmentTotalSizeRemaining: stats.AttachmentTotalSizeRemaining,
|
|
|
|
},
|
2022-12-17 23:17:52 +03:00
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
u := v.User()
|
|
|
|
if u != nil {
|
|
|
|
response.Username = u.Name
|
|
|
|
response.Role = string(u.Role)
|
|
|
|
response.SyncTopic = u.SyncTopic
|
|
|
|
if u.Prefs != nil {
|
|
|
|
if u.Prefs.Language != nil {
|
|
|
|
response.Language = *u.Prefs.Language
|
2022-12-17 23:17:52 +03:00
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
if u.Prefs.Notification != nil {
|
|
|
|
response.Notification = u.Prefs.Notification
|
2022-12-17 23:17:52 +03:00
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
if u.Prefs.Subscriptions != nil {
|
|
|
|
response.Subscriptions = u.Prefs.Subscriptions
|
2022-12-17 23:17:52 +03:00
|
|
|
}
|
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
if u.Tier != nil {
|
2023-01-08 05:04:13 +03:00
|
|
|
response.Tier = &apiAccountTier{
|
2023-01-28 07:10:59 +03:00
|
|
|
Code: u.Tier.Code,
|
|
|
|
Name: u.Tier.Name,
|
2022-12-18 07:54:19 +03:00
|
|
|
}
|
2022-12-17 23:17:52 +03:00
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
if u.Billing.StripeCustomerID != "" {
|
2023-01-16 07:29:46 +03:00
|
|
|
response.Billing = &apiAccountBilling{
|
|
|
|
Customer: true,
|
2023-01-28 07:10:59 +03:00
|
|
|
Subscription: u.Billing.StripeSubscriptionID != "",
|
|
|
|
Status: string(u.Billing.StripeSubscriptionStatus),
|
2023-02-22 06:44:30 +03:00
|
|
|
Interval: string(u.Billing.StripeSubscriptionInterval),
|
2023-01-28 07:10:59 +03:00
|
|
|
PaidUntil: u.Billing.StripeSubscriptionPaidUntil.Unix(),
|
|
|
|
CancelAt: u.Billing.StripeSubscriptionCancelAt.Unix(),
|
2023-01-16 07:29:46 +03:00
|
|
|
}
|
|
|
|
}
|
2023-05-17 17:58:28 +03:00
|
|
|
if s.config.EnableReservations {
|
|
|
|
reservations, err := s.userManager.Reservations(u.Name)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if len(reservations) > 0 {
|
|
|
|
response.Reservations = make([]*apiAccountReservation, 0)
|
|
|
|
for _, r := range reservations {
|
|
|
|
response.Reservations = append(response.Reservations, &apiAccountReservation{
|
|
|
|
Topic: r.Topic,
|
|
|
|
Everyone: r.Everyone.String(),
|
|
|
|
})
|
|
|
|
}
|
2023-01-01 23:21:43 +03:00
|
|
|
}
|
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
tokens, err := s.userManager.Tokens(u.ID)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if len(tokens) > 0 {
|
|
|
|
response.Tokens = make([]*apiAccountTokenResponse, 0)
|
|
|
|
for _, t := range tokens {
|
2023-01-29 04:29:06 +03:00
|
|
|
var lastOrigin string
|
|
|
|
if t.LastOrigin != netip.IPv4Unspecified() {
|
|
|
|
lastOrigin = t.LastOrigin.String()
|
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
response.Tokens = append(response.Tokens, &apiAccountTokenResponse{
|
2023-01-29 04:29:06 +03:00
|
|
|
Token: t.Value,
|
|
|
|
Label: t.Label,
|
|
|
|
LastAccess: t.LastAccess.Unix(),
|
|
|
|
LastOrigin: lastOrigin,
|
|
|
|
Expires: t.Expires.Unix(),
|
2023-01-28 07:10:59 +03:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2023-05-17 17:58:28 +03:00
|
|
|
if s.config.TwilioAccount != "" {
|
|
|
|
phoneNumbers, err := s.userManager.PhoneNumbers(u.ID)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if len(phoneNumbers) > 0 {
|
|
|
|
response.PhoneNumbers = phoneNumbers
|
|
|
|
}
|
2023-05-11 20:50:10 +03:00
|
|
|
}
|
2022-12-17 23:17:52 +03:00
|
|
|
} else {
|
2022-12-25 19:41:38 +03:00
|
|
|
response.Username = user.Everyone
|
|
|
|
response.Role = string(user.RoleAnonymous)
|
2022-12-17 23:17:52 +03:00
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, response)
|
2022-12-17 23:17:52 +03:00
|
|
|
}
|
|
|
|
|
2023-01-23 06:21:30 +03:00
|
|
|
func (s *Server) handleAccountDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-28 07:10:59 +03:00
|
|
|
req, err := readJSONWithLimit[apiAccountDeleteRequest](r.Body, jsonBodyBytesLimit, false)
|
2023-01-23 18:58:39 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
} else if req.Password == "" {
|
|
|
|
return errHTTPBadRequest
|
|
|
|
}
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
|
|
|
if _, err := s.userManager.Authenticate(u.Name, req.Password); err != nil {
|
2023-01-23 18:58:39 +03:00
|
|
|
return errHTTPBadRequestIncorrectPasswordConfirmation
|
|
|
|
}
|
2023-01-29 04:43:06 +03:00
|
|
|
if u.Billing.StripeSubscriptionID != "" {
|
2023-02-06 07:34:27 +03:00
|
|
|
logvr(v, r).Tag(tagStripe).Info("Canceling billing subscription for user %s", u.Name)
|
2023-01-29 04:43:06 +03:00
|
|
|
if _, err := s.stripe.CancelSubscription(u.Billing.StripeSubscriptionID); err != nil {
|
2023-01-23 06:21:30 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-01-19 22:03:39 +03:00
|
|
|
}
|
2023-02-05 05:26:01 +03:00
|
|
|
if err := s.maybeRemoveMessagesAndExcessReservations(r, v, u, 0); err != nil {
|
2023-01-23 18:58:39 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-02-04 06:21:50 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).Info("Marking user %s as deleted", u.Name)
|
2023-01-29 04:43:06 +03:00
|
|
|
if err := s.userManager.MarkUserRemoved(u); err != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) handleAccountPasswordChange(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-28 07:10:59 +03:00
|
|
|
req, err := readJSONWithLimit[apiAccountPasswordChangeRequest](r.Body, jsonBodyBytesLimit, false)
|
2022-12-16 06:07:04 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2023-01-22 04:52:16 +03:00
|
|
|
} else if req.Password == "" || req.NewPassword == "" {
|
|
|
|
return errHTTPBadRequest
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
|
|
|
if _, err := s.userManager.Authenticate(u.Name, req.Password); err != nil {
|
2023-01-23 18:58:39 +03:00
|
|
|
return errHTTPBadRequestIncorrectPasswordConfirmation
|
2023-01-22 04:52:16 +03:00
|
|
|
}
|
2023-02-08 06:45:55 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).Debug("Changing password for user %s", u.Name)
|
2023-01-29 04:43:06 +03:00
|
|
|
if err := s.userManager.ChangePassword(u.Name, req.NewPassword); err != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
|
2023-01-28 07:10:59 +03:00
|
|
|
func (s *Server) handleAccountTokenCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
req, err := readJSONWithLimit[apiAccountTokenIssueRequest](r.Body, jsonBodyBytesLimit, true) // Allow empty body!
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
var label string
|
|
|
|
if req.Label != nil {
|
|
|
|
label = *req.Label
|
|
|
|
}
|
|
|
|
expires := time.Now().Add(tokenExpiryDuration)
|
|
|
|
if req.Expires != nil {
|
|
|
|
expires = time.Unix(*req.Expires, 0)
|
|
|
|
}
|
2023-02-04 06:21:50 +03:00
|
|
|
u := v.User()
|
2023-02-08 06:45:55 +03:00
|
|
|
logvr(v, r).
|
|
|
|
Tag(tagAccount).
|
|
|
|
Fields(log.Context{
|
|
|
|
"token_label": label,
|
|
|
|
"token_expires": expires,
|
|
|
|
}).
|
|
|
|
Debug("Creating token for user %s", u.Name)
|
2023-02-04 06:21:50 +03:00
|
|
|
token, err := s.userManager.CreateToken(u.ID, label, expires, v.IP())
|
2022-12-16 06:07:04 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
response := &apiAccountTokenResponse{
|
2023-01-29 04:29:06 +03:00
|
|
|
Token: token.Value,
|
|
|
|
Label: token.Label,
|
|
|
|
LastAccess: token.LastAccess.Unix(),
|
|
|
|
LastOrigin: token.LastOrigin.String(),
|
|
|
|
Expires: token.Expires.Unix(),
|
2022-12-25 19:41:38 +03:00
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, response)
|
2022-12-25 19:41:38 +03:00
|
|
|
}
|
|
|
|
|
2023-01-28 07:10:59 +03:00
|
|
|
func (s *Server) handleAccountTokenUpdate(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
u := v.User()
|
|
|
|
req, err := readJSONWithLimit[apiAccountTokenUpdateRequest](r.Body, jsonBodyBytesLimit, true) // Allow empty body!
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
} else if req.Token == "" {
|
|
|
|
req.Token = u.Token
|
|
|
|
if req.Token == "" {
|
|
|
|
return errHTTPBadRequestNoTokenProvided
|
|
|
|
}
|
2022-12-25 19:41:38 +03:00
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
var expires *time.Time
|
|
|
|
if req.Expires != nil {
|
|
|
|
expires = util.Time(time.Unix(*req.Expires, 0))
|
|
|
|
} else if req.Label == nil {
|
2023-02-08 06:45:55 +03:00
|
|
|
expires = util.Time(time.Now().Add(tokenExpiryDuration)) // If label/expires not set, extend token by 72 hours
|
|
|
|
}
|
|
|
|
logvr(v, r).
|
|
|
|
Tag(tagAccount).
|
|
|
|
Fields(log.Context{
|
|
|
|
"token_label": req.Label,
|
|
|
|
"token_expires": expires,
|
|
|
|
}).
|
|
|
|
Debug("Updating token for user %s as deleted", u.Name)
|
2023-01-28 07:10:59 +03:00
|
|
|
token, err := s.userManager.ChangeToken(u.ID, req.Token, req.Label, expires)
|
2022-12-25 19:41:38 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
response := &apiAccountTokenResponse{
|
2023-01-29 04:29:06 +03:00
|
|
|
Token: token.Value,
|
|
|
|
Label: token.Label,
|
|
|
|
LastAccess: token.LastAccess.Unix(),
|
|
|
|
LastOrigin: token.LastOrigin.String(),
|
|
|
|
Expires: token.Expires.Unix(),
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, response)
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
|
2023-01-28 07:10:59 +03:00
|
|
|
func (s *Server) handleAccountTokenDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
u := v.User()
|
|
|
|
token := readParam(r, "X-Token", "Token") // DELETEs cannot have a body, and we don't want it in the path
|
|
|
|
if token == "" {
|
|
|
|
token = u.Token
|
|
|
|
if token == "" {
|
|
|
|
return errHTTPBadRequestNoTokenProvided
|
|
|
|
}
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2023-01-28 07:10:59 +03:00
|
|
|
if err := s.userManager.RemoveToken(u.ID, token); err != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-02-08 06:45:55 +03:00
|
|
|
logvr(v, r).
|
|
|
|
Tag(tagAccount).
|
|
|
|
Field("token", token).
|
|
|
|
Debug("Deleted token for user %s", u.Name)
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) handleAccountSettingsChange(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-28 07:10:59 +03:00
|
|
|
newPrefs, err := readJSONWithLimit[user.Prefs](r.Body, jsonBodyBytesLimit, false)
|
2022-12-16 06:07:04 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
|
|
|
if u.Prefs == nil {
|
|
|
|
u.Prefs = &user.Prefs{}
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2023-01-29 04:43:06 +03:00
|
|
|
prefs := u.Prefs
|
2023-01-24 23:05:19 +03:00
|
|
|
if newPrefs.Language != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
prefs.Language = newPrefs.Language
|
|
|
|
}
|
|
|
|
if newPrefs.Notification != nil {
|
|
|
|
if prefs.Notification == nil {
|
2022-12-25 19:41:38 +03:00
|
|
|
prefs.Notification = &user.NotificationPrefs{}
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2023-01-24 23:05:19 +03:00
|
|
|
if newPrefs.Notification.DeleteAfter != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
prefs.Notification.DeleteAfter = newPrefs.Notification.DeleteAfter
|
|
|
|
}
|
2023-01-24 23:05:19 +03:00
|
|
|
if newPrefs.Notification.Sound != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
prefs.Notification.Sound = newPrefs.Notification.Sound
|
|
|
|
}
|
2023-01-24 23:05:19 +03:00
|
|
|
if newPrefs.Notification.MinPriority != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
prefs.Notification.MinPriority = newPrefs.Notification.MinPriority
|
|
|
|
}
|
|
|
|
}
|
2023-02-08 06:45:55 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).Debug("Changing account settings for user %s", u.Name)
|
2023-02-09 23:24:12 +03:00
|
|
|
if err := s.userManager.ChangeSettings(u.ID, prefs); err != nil {
|
2022-12-29 03:55:11 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) handleAccountSubscriptionAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-28 07:10:59 +03:00
|
|
|
newSubscription, err := readJSONWithLimit[user.Subscription](r.Body, jsonBodyBytesLimit, false)
|
2022-12-16 06:07:04 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
2023-02-12 22:09:44 +03:00
|
|
|
prefs := u.Prefs
|
|
|
|
if prefs == nil {
|
|
|
|
prefs = &user.Prefs{}
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2023-02-12 22:09:44 +03:00
|
|
|
for _, subscription := range prefs.Subscriptions {
|
2022-12-16 06:07:04 +03:00
|
|
|
if newSubscription.BaseURL == subscription.BaseURL && newSubscription.Topic == subscription.Topic {
|
2023-02-12 22:09:44 +03:00
|
|
|
return errHTTPConflictSubscriptionExists
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
}
|
2023-02-12 22:09:44 +03:00
|
|
|
prefs.Subscriptions = append(prefs.Subscriptions, newSubscription)
|
|
|
|
logvr(v, r).Tag(tagAccount).With(newSubscription).Debug("Adding subscription for user %s", u.Name)
|
|
|
|
if err := s.userManager.ChangeSettings(u.ID, prefs); err != nil {
|
|
|
|
return err
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSubscription)
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
|
2022-12-26 06:29:55 +03:00
|
|
|
func (s *Server) handleAccountSubscriptionChange(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-28 07:10:59 +03:00
|
|
|
updatedSubscription, err := readJSONWithLimit[user.Subscription](r.Body, jsonBodyBytesLimit, false)
|
2022-12-26 06:29:55 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
2023-02-12 22:09:44 +03:00
|
|
|
prefs := u.Prefs
|
|
|
|
if prefs == nil || prefs.Subscriptions == nil {
|
2022-12-26 06:29:55 +03:00
|
|
|
return errHTTPNotFound
|
|
|
|
}
|
|
|
|
var subscription *user.Subscription
|
2023-02-09 23:24:12 +03:00
|
|
|
for _, sub := range prefs.Subscriptions {
|
2023-02-12 22:09:44 +03:00
|
|
|
if sub.BaseURL == updatedSubscription.BaseURL && sub.Topic == updatedSubscription.Topic {
|
2022-12-26 06:29:55 +03:00
|
|
|
sub.DisplayName = updatedSubscription.DisplayName
|
|
|
|
subscription = sub
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if subscription == nil {
|
|
|
|
return errHTTPNotFound
|
|
|
|
}
|
2023-02-12 22:09:44 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).With(subscription).Debug("Changing subscription for user %s", u.Name)
|
2023-02-09 23:24:12 +03:00
|
|
|
if err := s.userManager.ChangeSettings(u.ID, prefs); err != nil {
|
2022-12-26 06:29:55 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, subscription)
|
2022-12-26 06:29:55 +03:00
|
|
|
}
|
|
|
|
|
2022-12-16 06:07:04 +03:00
|
|
|
func (s *Server) handleAccountSubscriptionDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-02-12 22:09:44 +03:00
|
|
|
// DELETEs cannot have a body, and we don't want it in the path
|
|
|
|
deleteBaseURL := readParam(r, "X-BaseURL", "BaseURL")
|
|
|
|
deleteTopic := readParam(r, "X-Topic", "Topic")
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
2023-02-12 22:09:44 +03:00
|
|
|
prefs := u.Prefs
|
|
|
|
if prefs == nil || prefs.Subscriptions == nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
return nil
|
|
|
|
}
|
2022-12-25 19:41:38 +03:00
|
|
|
newSubscriptions := make([]*user.Subscription, 0)
|
2023-02-12 22:09:44 +03:00
|
|
|
for _, sub := range u.Prefs.Subscriptions {
|
|
|
|
if sub.BaseURL == deleteBaseURL && sub.Topic == deleteTopic {
|
|
|
|
logvr(v, r).Tag(tagAccount).With(sub).Debug("Removing subscription for user %s", u.Name)
|
2023-02-08 06:45:55 +03:00
|
|
|
} else {
|
2023-02-12 22:09:44 +03:00
|
|
|
newSubscriptions = append(newSubscriptions, sub)
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
|
|
|
}
|
2023-02-12 22:09:44 +03:00
|
|
|
if len(newSubscriptions) < len(prefs.Subscriptions) {
|
2023-02-09 23:24:12 +03:00
|
|
|
prefs.Subscriptions = newSubscriptions
|
|
|
|
if err := s.userManager.ChangeSettings(u.ID, prefs); err != nil {
|
2022-12-16 06:07:04 +03:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
2022-12-16 06:07:04 +03:00
|
|
|
}
|
2022-12-30 22:20:48 +03:00
|
|
|
|
2023-02-02 23:19:37 +03:00
|
|
|
// handleAccountReservationAdd adds a topic reservation for the logged-in user, but only if the user has a tier
|
|
|
|
// with enough remaining reservations left, or if the user is an admin. Admins can always reserve a topic, unless
|
|
|
|
// it is already reserved by someone else.
|
2023-01-12 18:50:09 +03:00
|
|
|
func (s *Server) handleAccountReservationAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
2023-01-28 07:10:59 +03:00
|
|
|
req, err := readJSONWithLimit[apiAccountReservationRequest](r.Body, jsonBodyBytesLimit, false)
|
2022-12-30 22:20:48 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if !topicRegex.MatchString(req.Topic) {
|
|
|
|
return errHTTPBadRequestTopicInvalid
|
|
|
|
}
|
2023-01-06 18:45:38 +03:00
|
|
|
everyone, err := user.ParsePermission(req.Everyone)
|
|
|
|
if err != nil {
|
|
|
|
return errHTTPBadRequestPermissionInvalid
|
|
|
|
}
|
2023-02-02 23:19:37 +03:00
|
|
|
// Check if we are allowed to reserve this topic
|
2023-02-10 05:51:12 +03:00
|
|
|
if u.IsUser() && u.Tier == nil {
|
2023-01-12 18:50:09 +03:00
|
|
|
return errHTTPUnauthorized
|
2023-02-12 06:14:09 +03:00
|
|
|
} else if err := s.userManager.AllowReservation(u.Name, req.Topic); err != nil {
|
2023-01-01 23:21:43 +03:00
|
|
|
return errHTTPConflictTopicReserved
|
2023-02-10 05:51:12 +03:00
|
|
|
} else if u.IsUser() {
|
2023-02-02 23:19:37 +03:00
|
|
|
hasReservation, err := s.userManager.HasReservation(u.Name, req.Topic)
|
2023-01-06 18:45:38 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2023-02-02 23:19:37 +03:00
|
|
|
}
|
|
|
|
if !hasReservation {
|
|
|
|
reservations, err := s.userManager.ReservationsCount(u.Name)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
} else if reservations >= u.Tier.ReservationLimit {
|
|
|
|
return errHTTPTooManyRequestsLimitReservations
|
|
|
|
}
|
2023-01-06 18:45:38 +03:00
|
|
|
}
|
2023-01-03 05:12:42 +03:00
|
|
|
}
|
2023-01-23 22:05:41 +03:00
|
|
|
// Actually add the reservation
|
2023-02-08 06:45:55 +03:00
|
|
|
logvr(v, r).
|
|
|
|
Tag(tagAccount).
|
|
|
|
Fields(log.Context{
|
|
|
|
"topic": req.Topic,
|
|
|
|
"everyone": everyone.String(),
|
|
|
|
}).
|
|
|
|
Debug("Adding topic reservation")
|
2023-01-29 04:43:06 +03:00
|
|
|
if err := s.userManager.AddReservation(u.Name, req.Topic, everyone); err != nil {
|
2023-01-01 23:21:43 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-01-23 22:05:41 +03:00
|
|
|
// Kill existing subscribers
|
|
|
|
t, err := s.topicFromID(req.Topic)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-05-13 21:39:31 +03:00
|
|
|
t.CancelSubscribersExceptUser(u.ID)
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
2023-01-01 23:21:43 +03:00
|
|
|
}
|
|
|
|
|
2023-02-02 23:19:37 +03:00
|
|
|
// handleAccountReservationDelete deletes a topic reservation if it is owned by the current user
|
2023-01-12 18:50:09 +03:00
|
|
|
func (s *Server) handleAccountReservationDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-01-17 18:09:37 +03:00
|
|
|
matches := apiAccountReservationSingleRegex.FindStringSubmatch(r.URL.Path)
|
2023-01-01 23:21:43 +03:00
|
|
|
if len(matches) != 2 {
|
|
|
|
return errHTTPInternalErrorInvalidPath
|
|
|
|
}
|
|
|
|
topic := matches[1]
|
|
|
|
if !topicRegex.MatchString(topic) {
|
|
|
|
return errHTTPBadRequestTopicInvalid
|
|
|
|
}
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
|
|
|
authorized, err := s.userManager.HasReservation(u.Name, topic)
|
2023-01-03 04:08:37 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2023-01-06 18:45:38 +03:00
|
|
|
} else if !authorized {
|
2023-01-01 23:21:43 +03:00
|
|
|
return errHTTPUnauthorized
|
|
|
|
}
|
2023-02-08 06:45:55 +03:00
|
|
|
deleteMessages := readBoolParam(r, false, "X-Delete-Messages", "Delete-Messages")
|
|
|
|
logvr(v, r).
|
|
|
|
Tag(tagAccount).
|
|
|
|
Fields(log.Context{
|
|
|
|
"topic": topic,
|
|
|
|
"delete_messages": deleteMessages,
|
|
|
|
}).
|
|
|
|
Debug("Removing topic reservation")
|
2023-01-29 04:43:06 +03:00
|
|
|
if err := s.userManager.RemoveReservations(u.Name, topic); err != nil {
|
2022-12-30 22:20:48 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-02-01 05:39:30 +03:00
|
|
|
if deleteMessages {
|
|
|
|
if err := s.messageCache.ExpireMessages(topic); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-02-13 05:05:24 +03:00
|
|
|
s.pruneMessages()
|
2023-02-01 05:39:30 +03:00
|
|
|
}
|
2023-01-18 23:50:06 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
2022-12-30 22:20:48 +03:00
|
|
|
}
|
2023-01-17 00:35:37 +03:00
|
|
|
|
2023-01-23 18:58:39 +03:00
|
|
|
// maybeRemoveMessagesAndExcessReservations deletes topic reservations for the given user (if too many for tier),
|
|
|
|
// and marks associated messages for the topics as deleted. This also eventually deletes attachments.
|
|
|
|
// The process relies on the manager to perform the actual deletions (see runManager).
|
2023-02-05 05:26:01 +03:00
|
|
|
func (s *Server) maybeRemoveMessagesAndExcessReservations(r *http.Request, v *visitor, u *user.User, reservationsLimit int64) error {
|
2023-01-23 18:58:39 +03:00
|
|
|
reservations, err := s.userManager.Reservations(u.Name)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
} else if int64(len(reservations)) <= reservationsLimit {
|
2023-02-05 05:26:01 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).Debug("No excess reservations to remove")
|
2023-01-23 18:58:39 +03:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
topics := make([]string, 0)
|
|
|
|
for i := int64(len(reservations)) - 1; i >= reservationsLimit; i-- {
|
|
|
|
topics = append(topics, reservations[i].Topic)
|
|
|
|
}
|
2023-02-05 05:26:01 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).Info("Removing excess reservations for topics %s", strings.Join(topics, ", "))
|
2023-01-23 18:58:39 +03:00
|
|
|
if err := s.userManager.RemoveReservations(u.Name, topics...); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if err := s.messageCache.ExpireMessages(topics...); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-02-17 23:56:48 +03:00
|
|
|
go s.pruneMessages()
|
2023-01-23 18:58:39 +03:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-05-16 21:15:58 +03:00
|
|
|
func (s *Server) handleAccountPhoneNumberVerify(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-05-11 20:50:10 +03:00
|
|
|
u := v.User()
|
2023-05-17 05:27:48 +03:00
|
|
|
req, err := readJSONWithLimit[apiAccountPhoneNumberVerifyRequest](r.Body, jsonBodyBytesLimit, false)
|
2023-05-11 20:50:10 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
2023-05-17 05:27:48 +03:00
|
|
|
} else if !phoneNumberRegex.MatchString(req.Number) {
|
2023-05-11 20:50:10 +03:00
|
|
|
return errHTTPBadRequestPhoneNumberInvalid
|
2023-05-17 05:27:48 +03:00
|
|
|
} else if req.Channel != "sms" && req.Channel != "call" {
|
|
|
|
return errHTTPBadRequestPhoneNumberVerifyChannelInvalid
|
2023-05-11 20:50:10 +03:00
|
|
|
}
|
|
|
|
// Check user is allowed to add phone numbers
|
|
|
|
if u == nil || (u.IsUser() && u.Tier == nil) {
|
|
|
|
return errHTTPUnauthorized
|
2023-05-13 03:01:12 +03:00
|
|
|
} else if u.IsUser() && u.Tier.CallLimit == 0 {
|
2023-05-11 20:50:10 +03:00
|
|
|
return errHTTPUnauthorized
|
|
|
|
}
|
2023-05-13 04:47:41 +03:00
|
|
|
// Check if phone number exists
|
|
|
|
phoneNumbers, err := s.userManager.PhoneNumbers(u.ID)
|
|
|
|
if err != nil {
|
2023-05-11 20:50:10 +03:00
|
|
|
return err
|
2023-05-13 04:47:41 +03:00
|
|
|
} else if util.Contains(phoneNumbers, req.Number) {
|
|
|
|
return errHTTPConflictPhoneNumberExists
|
2023-05-11 20:50:10 +03:00
|
|
|
}
|
2023-05-13 04:47:41 +03:00
|
|
|
// Actually add the unverified number, and send verification
|
|
|
|
logvr(v, r).Tag(tagAccount).Field("phone_number", req.Number).Debug("Sending phone number verification")
|
2023-05-17 05:27:48 +03:00
|
|
|
if err := s.verifyPhoneNumber(v, r, req.Number, req.Channel); err != nil {
|
2023-05-11 20:50:10 +03:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
|
|
|
}
|
|
|
|
|
2023-05-16 21:15:58 +03:00
|
|
|
func (s *Server) handleAccountPhoneNumberAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
2023-05-11 20:50:10 +03:00
|
|
|
u := v.User()
|
2023-05-17 05:27:48 +03:00
|
|
|
req, err := readJSONWithLimit[apiAccountPhoneNumberAddRequest](r.Body, jsonBodyBytesLimit, false)
|
2023-05-11 20:50:10 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if !phoneNumberRegex.MatchString(req.Number) {
|
|
|
|
return errHTTPBadRequestPhoneNumberInvalid
|
|
|
|
}
|
2023-05-16 21:15:58 +03:00
|
|
|
if err := s.verifyPhoneNumberCheck(v, r, req.Number, req.Code); err != nil {
|
2023-05-11 20:50:10 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-05-13 04:47:41 +03:00
|
|
|
logvr(v, r).Tag(tagAccount).Field("phone_number", req.Number).Debug("Adding phone number as verified")
|
|
|
|
if err := s.userManager.AddPhoneNumber(u.ID, req.Number); err != nil {
|
|
|
|
return err
|
2023-05-11 20:50:10 +03:00
|
|
|
}
|
2023-05-13 04:47:41 +03:00
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Server) handleAccountPhoneNumberDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
|
|
|
|
u := v.User()
|
2023-05-17 05:27:48 +03:00
|
|
|
req, err := readJSONWithLimit[apiAccountPhoneNumberAddRequest](r.Body, jsonBodyBytesLimit, false)
|
2023-05-13 04:47:41 +03:00
|
|
|
if err != nil {
|
2023-05-11 20:50:10 +03:00
|
|
|
return err
|
|
|
|
}
|
2023-05-13 04:47:41 +03:00
|
|
|
if !phoneNumberRegex.MatchString(req.Number) {
|
|
|
|
return errHTTPBadRequestPhoneNumberInvalid
|
|
|
|
}
|
|
|
|
logvr(v, r).Tag(tagAccount).Field("phone_number", req.Number).Debug("Deleting phone number")
|
2023-05-17 17:39:15 +03:00
|
|
|
if err := s.userManager.RemovePhoneNumber(u.ID, req.Number); err != nil {
|
2023-05-11 20:50:10 +03:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return s.writeJSON(w, newSuccessResponse())
|
|
|
|
}
|
|
|
|
|
2023-01-29 04:43:06 +03:00
|
|
|
// publishSyncEventAsync kicks of a Go routine to publish a sync message to the user's sync topic
|
|
|
|
func (s *Server) publishSyncEventAsync(v *visitor) {
|
|
|
|
go func() {
|
|
|
|
if err := s.publishSyncEvent(v); err != nil {
|
2023-02-06 07:34:27 +03:00
|
|
|
logv(v).Err(err).Trace("Error publishing to user's sync topic")
|
2023-01-29 04:43:06 +03:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
|
|
|
// publishSyncEvent publishes a sync message to the user's sync topic
|
2023-01-17 00:35:37 +03:00
|
|
|
func (s *Server) publishSyncEvent(v *visitor) error {
|
2023-01-29 04:43:06 +03:00
|
|
|
u := v.User()
|
|
|
|
if u == nil || u.SyncTopic == "" {
|
2023-01-17 00:35:37 +03:00
|
|
|
return nil
|
|
|
|
}
|
2023-02-06 07:34:27 +03:00
|
|
|
logv(v).Field("sync_topic", u.SyncTopic).Trace("Publishing sync event to user's sync topic")
|
2023-01-29 04:43:06 +03:00
|
|
|
syncTopic, err := s.topicFromID(u.SyncTopic)
|
2023-01-17 00:35:37 +03:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
messageBytes, err := json.Marshal(&apiAccountSyncTopicResponse{Event: syncTopicAccountSyncEvent})
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
m := newDefaultMessage(syncTopic.ID, string(messageBytes))
|
|
|
|
if err := syncTopic.Publish(v, m); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|