alist/server/handles/user.go

package handles

import (
	"strconv"

	"github.com/alist-org/alist/v3/internal/model"
	"github.com/alist-org/alist/v3/internal/op"
	"github.com/alist-org/alist/v3/server/common"
	"github.com/gin-gonic/gin"
	log "github.com/sirupsen/logrus"
)

func ListUsers(c *gin.Context) {
	var req model.PageReq
	if err := c.ShouldBind(&req); err != nil {
		common.ErrorResp(c, err, 400)
		return
	}
	req.Validate()
	log.Debugf("%+v", req)
	users, total, err := op.GetUsers(req.Page, req.PerPage)
	if err != nil {
		common.ErrorResp(c, err, 500, true)
		return
	}
	common.SuccessResp(c, common.PageResp{
		Content: users,
		Total:   total,
	})
}

func CreateUser(c *gin.Context) {
	var req model.User
	if err := c.ShouldBind(&req); err != nil {
		common.ErrorResp(c, err, 400)
		return
	}
	if req.IsAdmin() || req.IsGuest() {
		common.ErrorStrResp(c, "admin or guest user can not be created", 400, true)
		return
	}
	req.SetPassword(req.Password)
	req.Password = ""
	if err := op.CreateUser(&req); err != nil {
		common.ErrorResp(c, err, 500, true)
	} else {
		common.SuccessResp(c)
	}
}

func UpdateUser(c *gin.Context) {
	var req model.User
	if err := c.ShouldBind(&req); err != nil {
		common.ErrorResp(c, err, 400)
		return
	}
	user, err := op.GetUserById(req.ID)
	if err != nil {
		common.ErrorResp(c, err, 500)
		return
	}
	if user.Role != req.Role {
		common.ErrorStrResp(c, "role can not be changed", 400)
		return
	}
	if req.Password == "" {
		req.PwdHash = user.PwdHash
		req.Salt = user.Salt
	} else {
		req.SetPassword(req.Password)
		req.Password = ""
	}
	if req.OtpSecret == "" {
		req.OtpSecret = user.OtpSecret
	}
	if req.Disabled && req.IsAdmin() {
		common.ErrorStrResp(c, "admin user can not be disabled", 400)
		return
	}
	if err := op.UpdateUser(&req); err != nil {
		common.ErrorResp(c, err, 500)
	} else {
		common.SuccessResp(c)
	}
}

func DeleteUser(c *gin.Context) {
	idStr := c.Query("id")
	id, err := strconv.Atoi(idStr)
	if err != nil {
		common.ErrorResp(c, err, 400)
		return
	}
	if err := op.DeleteUserById(uint(id)); err != nil {
		common.ErrorResp(c, err, 500)
		return
	}
	common.SuccessResp(c)
}

func GetUser(c *gin.Context) {
	idStr := c.Query("id")
	id, err := strconv.Atoi(idStr)
	if err != nil {
		common.ErrorResp(c, err, 400)
		return
	}
	user, err := op.GetUserById(uint(id))
	if err != nil {
		common.ErrorResp(c, err, 500, true)
		return
	}
	common.SuccessResp(c, user)
}

func Cancel2FAById(c *gin.Context) {
	idStr := c.Query("id")
	id, err := strconv.Atoi(idStr)
	if err != nil {
		common.ErrorResp(c, err, 400)
		return
	}
	if err := op.Cancel2FAById(uint(id)); err != nil {
		common.ErrorResp(c, err, 500)
		return
	}
	common.SuccessResp(c)
}

func DelUserCache(c *gin.Context) {
	username := c.Query("username")
	err := op.DelUserCache(username)
	if err != nil {
		common.ErrorResp(c, err, 500)
		return
	}
	common.SuccessResp(c)
}
chore: rename controllers to handles 2022-07-11 09:12:50 +00:00			`package handles`
feat: user manage api 2022-06-26 11:36:27 +00:00
			`import (`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`"strconv"`

feat: user manage api 2022-06-26 11:36:27 +00:00			`"github.com/alist-org/alist/v3/internal/model"`
refactor: split the db package hook and cache to the op package (#2747) * refactor:separate the setting method from the db package to the op package and add the cache * refactor:separate the meta method from the db package to the op package * fix:setting not load database data * refactor:separate the user method from the db package to the op package * refactor:remove user JoinPath error * fix:op package user cache * refactor:fs package list method * fix:tile virtual paths (close #2743) * Revert "refactor:remove user JoinPath error" This reverts commit 4e20daaf9e700da047000d4fd4900abbe05c3848. * clean path directly may lead to unknown behavior * fix: The path of the meta passed in must be prefix of reqPath * chore: rename all virtualPath to mountPath * fix: `getStoragesByPath` and `GetStorageVirtualFilesByPath` is_sub_path: /a/b isn't subpath of /a/bc * fix: don't save setting if hook error Co-authored-by: Noah Hsu <i@nn.ci> 2022-12-18 11:51:20 +00:00			`"github.com/alist-org/alist/v3/internal/op"`
feat: user manage api 2022-06-26 11:36:27 +00:00			`"github.com/alist-org/alist/v3/server/common"`
			`"github.com/gin-gonic/gin"`
			`log "github.com/sirupsen/logrus"`
			`)`

			`func ListUsers(c *gin.Context) {`
feat: multiple search indexes (#2514) * refactor: abstract search interface * wip: ~ * fix cycle import * objs update hook * wip: ~ * Delete search/none * auto update index while cache changed * db searcher TODO: bleve init issue cannot open index, metadata missing * fix size type why float64?? * fix typo * fix nil pointer using * api adapt ui * bleve: fix clear & change struct 2022-11-28 05:45:25 +00:00			`var req model.PageReq`
feat: user manage api 2022-06-26 11:36:27 +00:00			`if err := c.ShouldBind(&req); err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 400)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`return`
			`}`
chore: fix typo 2022-07-12 10:41:16 +00:00			`req.Validate()`
feat: user manage api 2022-06-26 11:36:27 +00:00			`log.Debugf("%+v", req)`
refactor: split the db package hook and cache to the op package (#2747) * refactor:separate the setting method from the db package to the op package and add the cache * refactor:separate the meta method from the db package to the op package * fix:setting not load database data * refactor:separate the user method from the db package to the op package * refactor:remove user JoinPath error * fix:op package user cache * refactor:fs package list method * fix:tile virtual paths (close #2743) * Revert "refactor:remove user JoinPath error" This reverts commit 4e20daaf9e700da047000d4fd4900abbe05c3848. * clean path directly may lead to unknown behavior * fix: The path of the meta passed in must be prefix of reqPath * chore: rename all virtualPath to mountPath * fix: `getStoragesByPath` and `GetStorageVirtualFilesByPath` is_sub_path: /a/b isn't subpath of /a/bc * fix: don't save setting if hook error Co-authored-by: Noah Hsu <i@nn.ci> 2022-12-18 11:51:20 +00:00			`users, total, err := op.GetUsers(req.Page, req.PerPage)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`if err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 500, true)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`return`
			`}`
			`common.SuccessResp(c, common.PageResp{`
			`Content: users,`
			`Total: total,`
			`})`
			`}`

			`func CreateUser(c *gin.Context) {`
			`var req model.User`
			`if err := c.ShouldBind(&req); err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 400)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`return`
			`}`
			`if req.IsAdmin() \|\| req.IsGuest() {`
			`common.ErrorStrResp(c, "admin or guest user can not be created", 400, true)`
			`return`
			`}`
fix: missed update user's password 2023-08-07 10:51:54 +00:00			`req.SetPassword(req.Password)`
			`req.Password = ""`
refactor: split the db package hook and cache to the op package (#2747) * refactor:separate the setting method from the db package to the op package and add the cache * refactor:separate the meta method from the db package to the op package * fix:setting not load database data * refactor:separate the user method from the db package to the op package * refactor:remove user JoinPath error * fix:op package user cache * refactor:fs package list method * fix:tile virtual paths (close #2743) * Revert "refactor:remove user JoinPath error" This reverts commit 4e20daaf9e700da047000d4fd4900abbe05c3848. * clean path directly may lead to unknown behavior * fix: The path of the meta passed in must be prefix of reqPath * chore: rename all virtualPath to mountPath * fix: `getStoragesByPath` and `GetStorageVirtualFilesByPath` is_sub_path: /a/b isn't subpath of /a/bc * fix: don't save setting if hook error Co-authored-by: Noah Hsu <i@nn.ci> 2022-12-18 11:51:20 +00:00			`if err := op.CreateUser(&req); err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 500, true)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`} else {`
			`common.SuccessResp(c)`
			`}`
			`}`

			`func UpdateUser(c *gin.Context) {`
			`var req model.User`
			`if err := c.ShouldBind(&req); err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 400)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`return`
			`}`
refactor: split the db package hook and cache to the op package (#2747) * refactor:separate the setting method from the db package to the op package and add the cache * refactor:separate the meta method from the db package to the op package * fix:setting not load database data * refactor:separate the user method from the db package to the op package * refactor:remove user JoinPath error * fix:op package user cache * refactor:fs package list method * fix:tile virtual paths (close #2743) * Revert "refactor:remove user JoinPath error" This reverts commit 4e20daaf9e700da047000d4fd4900abbe05c3848. * clean path directly may lead to unknown behavior * fix: The path of the meta passed in must be prefix of reqPath * chore: rename all virtualPath to mountPath * fix: `getStoragesByPath` and `GetStorageVirtualFilesByPath` is_sub_path: /a/b isn't subpath of /a/bc * fix: don't save setting if hook error Co-authored-by: Noah Hsu <i@nn.ci> 2022-12-18 11:51:20 +00:00			`user, err := op.GetUserById(req.ID)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`if err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 500)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`return`
			`}`
			`if user.Role != req.Role {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorStrResp(c, "role can not be changed", 400)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`return`
			`}`
feat: 2fa/otp support 2022-08-05 17:22:13 +00:00			`if req.Password == "" {`
fix: missed update user's password 2023-08-07 10:51:54 +00:00			`req.PwdHash = user.PwdHash`
			`req.Salt = user.Salt`
			`} else {`
			`req.SetPassword(req.Password)`
			`req.Password = ""`
feat: 2fa/otp support 2022-08-05 17:22:13 +00:00			`}`
feat: cancel 2fa api 2022-08-07 03:59:33 +00:00			`if req.OtpSecret == "" {`
			`req.OtpSecret = user.OtpSecret`
			`}`
feat!: allow disable user (close #3241) From this commit, the guest user will be disabled by default 2023-02-04 03:44:17 +00:00			`if req.Disabled && req.IsAdmin() {`
			`common.ErrorStrResp(c, "admin user can not be disabled", 400)`
			`return`
			`}`
refactor: split the db package hook and cache to the op package (#2747) * refactor:separate the setting method from the db package to the op package and add the cache * refactor:separate the meta method from the db package to the op package * fix:setting not load database data * refactor:separate the user method from the db package to the op package * refactor:remove user JoinPath error * fix:op package user cache * refactor:fs package list method * fix:tile virtual paths (close #2743) * Revert "refactor:remove user JoinPath error" This reverts commit 4e20daaf9e700da047000d4fd4900abbe05c3848. * clean path directly may lead to unknown behavior * fix: The path of the meta passed in must be prefix of reqPath * chore: rename all virtualPath to mountPath * fix: `getStoragesByPath` and `GetStorageVirtualFilesByPath` is_sub_path: /a/b isn't subpath of /a/bc * fix: don't save setting if hook error Co-authored-by: Noah Hsu <i@nn.ci> 2022-12-18 11:51:20 +00:00			`if err := op.UpdateUser(&req); err != nil {`
feat: user manage api 2022-06-26 11:36:27 +00:00			`common.ErrorResp(c, err, 500)`
			`} else {`
			`common.SuccessResp(c)`
			`}`
			`}`

			`func DeleteUser(c *gin.Context) {`
			`idStr := c.Query("id")`
			`id, err := strconv.Atoi(idStr)`
			`if err != nil {`
chore: common err resp log 2022-06-28 10:12:53 +00:00			`common.ErrorResp(c, err, 400)`
feat: user manage api 2022-06-26 11:36:27 +00:00			`return`
			`}`
refactor: split the db package hook and cache to the op package (#2747) * refactor:separate the setting method from the db package to the op package and add the cache * refactor:separate the meta method from the db package to the op package * fix:setting not load database data * refactor:separate the user method from the db package to the op package * refactor:remove user JoinPath error * fix:op package user cache * refactor:fs package list method * fix:tile virtual paths (close #2743) * Revert "refactor:remove user JoinPath error" This reverts commit 4e20daaf9e700da047000d4fd4900abbe05c3848. * clean path directly may lead to unknown behavior * fix: The path of the meta passed in must be prefix of reqPath * chore: rename all virtualPath to mountPath * fix: `getStoragesByPath` and `GetStorageVirtualFilesByPath` is_sub_path: /a/b isn't subpath of /a/bc * fix: don't save setting if hook error Co-authored-by: Noah Hsu <i@nn.ci> 2022-12-18 11:51:20 +00:00			`if err := op.DeleteUserById(uint(id)); err != nil {`
feat: user manage api 2022-06-26 11:36:27 +00:00			`common.ErrorResp(c, err, 500)`
			`return`
			`}`
			`common.SuccessResp(c)`
			`}`
feat: user and meta get api 2022-07-27 09:41:25 +00:00
			`func GetUser(c *gin.Context) {`
			`idStr := c.Query("id")`
			`id, err := strconv.Atoi(idStr)`
			`if err != nil {`
			`common.ErrorResp(c, err, 400)`
			`return`
			`}`
refactor: split the db package hook and cache to the op package (#2747) * refactor:separate the setting method from the db package to the op package and add the cache * refactor:separate the meta method from the db package to the op package * fix:setting not load database data * refactor:separate the user method from the db package to the op package * refactor:remove user JoinPath error * fix:op package user cache * refactor:fs package list method * fix:tile virtual paths (close #2743) * Revert "refactor:remove user JoinPath error" This reverts commit 4e20daaf9e700da047000d4fd4900abbe05c3848. * clean path directly may lead to unknown behavior * fix: The path of the meta passed in must be prefix of reqPath * chore: rename all virtualPath to mountPath * fix: `getStoragesByPath` and `GetStorageVirtualFilesByPath` is_sub_path: /a/b isn't subpath of /a/bc * fix: don't save setting if hook error Co-authored-by: Noah Hsu <i@nn.ci> 2022-12-18 11:51:20 +00:00			`user, err := op.GetUserById(uint(id))`
feat: user and meta get api 2022-07-27 09:41:25 +00:00			`if err != nil {`
			`common.ErrorResp(c, err, 500, true)`
			`return`
			`}`
			`common.SuccessResp(c, user)`
			`}`
feat: cancel 2fa api 2022-08-07 03:59:33 +00:00
			`func Cancel2FAById(c *gin.Context) {`
			`idStr := c.Query("id")`
			`id, err := strconv.Atoi(idStr)`
			`if err != nil {`
			`common.ErrorResp(c, err, 400)`
			`return`
			`}`
refactor: split the db package hook and cache to the op package (#2747) * refactor:separate the setting method from the db package to the op package and add the cache * refactor:separate the meta method from the db package to the op package * fix:setting not load database data * refactor:separate the user method from the db package to the op package * refactor:remove user JoinPath error * fix:op package user cache * refactor:fs package list method * fix:tile virtual paths (close #2743) * Revert "refactor:remove user JoinPath error" This reverts commit 4e20daaf9e700da047000d4fd4900abbe05c3848. * clean path directly may lead to unknown behavior * fix: The path of the meta passed in must be prefix of reqPath * chore: rename all virtualPath to mountPath * fix: `getStoragesByPath` and `GetStorageVirtualFilesByPath` is_sub_path: /a/b isn't subpath of /a/bc * fix: don't save setting if hook error Co-authored-by: Noah Hsu <i@nn.ci> 2022-12-18 11:51:20 +00:00			`if err := op.Cancel2FAById(uint(id)); err != nil {`
feat: cancel 2fa api 2022-08-07 03:59:33 +00:00			`common.ErrorResp(c, err, 500)`
			`return`
			`}`
			`common.SuccessResp(c)`
			`}`
perf: delete user cache after cancel `2FA` 2023-08-06 12:47:58 +00:00
			`func DelUserCache(c *gin.Context) {`
			`username := c.Query("username")`
			`err := op.DelUserCache(username)`
			`if err != nil {`
			`common.ErrorResp(c, err, 500)`
			`return`
			`}`
			`common.SuccessResp(c)`
			`}`