Mikescher/SimpleCloudNotifier
1
0
Fork 0
Code Pull Requests Actions Releases Activity

Add KeyToken authorization

Browse Source
This commit is contained in:
Mike Schwörer
2023-04-21 21:45:16 +02:00
parent 16f6ab4861
commit b1bd278f9b
49 changed files with 3109 additions and 1313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scnserver/api/apierr/enums.go
View File

@@ -1,6 +1,6 @@
package apierr
type APIError int
type APIError int //@enum:type
//goland:noinspection GoSnakeCaseUsage
const (
@@ -37,11 +37,13 @@ const (
SUBSCRIPTION_NOT_FOUND APIError = 1304
MESSAGE_NOT_FOUND APIError = 1305
SUBSCRIPTION_USER_MISMATCH APIError = 1306
KEY_NOT_FOUND APIError = 1307
USER_AUTH_FAILED APIError = 1311
NO_DEVICE_LINKED APIError = 1401
CHANNEL_ALREADY_EXISTS APIError = 1501
CANNOT_SELFDELETE_KEY APIError = 1511
QUOTA_REACHED APIError = 2101

2
scnserver/api/apihighlight/highlights.go
View File

@@ -1,6 +1,6 @@
package apihighlight
type ErrHighlight int
type ErrHighlight int //@enum:type
//goland:noinspection GoSnakeCaseUsage
const (

10
scnserver/api/ginresp/wrapper.go
View File

@@ -108,6 +108,11 @@ func createRequestLog(g *gin.Context, t0 time.Time, ctr int, resp HTTPResponse,
permObj, hasPerm := g.Get("perm")
hasTok := false
if hasPerm {
hasTok = permObj.(models.PermissionSet).Token != nil
}
return models.RequestLog{
Method: g.Request.Method,
URI: g.Request.URL.String(),
@@ -117,8 +122,9 @@ func createRequestLog(g *gin.Context, t0 time.Time, ctr int, resp HTTPResponse,
RequestBodySize: int64(len(reqbody)),
RequestContentType: ct,
RemoteIP: g.RemoteIP(),
UserID: langext.ConditionalFn10(hasPerm, func() *models.UserID { return permObj.(models.PermissionSet).UserID }, nil),
Permissions: langext.ConditionalFn10(hasPerm, func() *string { return langext.Ptr(string(permObj.(models.PermissionSet).KeyType)) }, nil),
TokenID: langext.ConditionalFn10(hasTok, func() *models.KeyTokenID { return langext.Ptr(permObj.(models.PermissionSet).Token.KeyTokenID) }, nil),
UserID: langext.ConditionalFn10(hasTok, func() *models.UserID { return langext.Ptr(permObj.(models.PermissionSet).Token.OwnerUserID) }, nil),
Permissions: langext.ConditionalFn10(hasTok, func() *string { return langext.Ptr(permObj.(models.PermissionSet).Token.Permissions.String()) }, nil),
ResponseStatuscode: langext.ConditionalFn10(resp != nil, func() *int64 { return langext.Ptr(int64(resp.Statuscode())) }, nil),
ResponseBodySize: langext.ConditionalFn10(strrespbody != nil, func() *int64 { return langext.Ptr(int64(len(*respbody))) }, nil),
ResponseBody: strrespbody,

918
scnserver/api/handler/api.go
View File

File diff suppressed because it is too large Load Diff

58
scnserver/api/handler/common.go
View File

@@ -39,17 +39,17 @@ type pingResponseInfo struct {
// Ping swaggerdoc
//
// @Summary Simple endpoint to test connection (any http method)
// @Tags Common
// @Summary Simple endpoint to test connection (any http method)
// @Tags Common
//
// @Success 200 {object} pingResponse
// @Failure 500 {object} ginresp.apiError
// @Success 200 {object} pingResponse
// @Failure 500 {object} ginresp.apiError
//
// @Router /api/ping [get]
// @Router /api/ping [post]
// @Router /api/ping [put]
// @Router /api/ping [delete]
// @Router /api/ping [patch]
// @Router /api/ping [get]
// @Router /api/ping [post]
// @Router /api/ping [put]
// @Router /api/ping [delete]
// @Router /api/ping [patch]
func (h CommonHandler) Ping(g *gin.Context) ginresp.HTTPResponse {
buf := new(bytes.Buffer)
_, _ = buf.ReadFrom(g.Request.Body)
@@ -69,14 +69,14 @@ func (h CommonHandler) Ping(g *gin.Context) ginresp.HTTPResponse {
// DatabaseTest swaggerdoc
//
// @Summary Check for a working database connection
// @ID api-common-dbtest
// @Tags Common
// @Summary Check for a working database connection
// @ID api-common-dbtest
// @Tags Common
//
// @Success 200 {object} handler.DatabaseTest.response
// @Failure 500 {object} ginresp.apiError
// @Success 200 {object} handler.DatabaseTest.response
// @Failure 500 {object} ginresp.apiError
//
// @Router /api/db-test [post]
// @Router /api/db-test [post]
func (h CommonHandler) DatabaseTest(g *gin.Context) ginresp.HTTPResponse {
type response struct {
Success bool `json:"success"`
@@ -105,14 +105,14 @@ func (h CommonHandler) DatabaseTest(g *gin.Context) ginresp.HTTPResponse {
// Health swaggerdoc
//
// @Summary Server Health-checks
// @ID api-common-health
// @Tags Common
// @Summary Server Health-checks
// @ID api-common-health
// @Tags Common
//
// @Success 200 {object} handler.Health.response
// @Failure 500 {object} ginresp.apiError
// @Success 200 {object} handler.Health.response
// @Failure 500 {object} ginresp.apiError
//
// @Router /api/health [get]
// @Router /api/health [get]
func (h CommonHandler) Health(g *gin.Context) ginresp.HTTPResponse {
type response struct {
Status string `json:"status"`
@@ -163,17 +163,17 @@ func (h CommonHandler) Health(g *gin.Context) ginresp.HTTPResponse {
// Sleep swaggerdoc
//
// @Summary Return 200 after x seconds
// @ID api-common-sleep
// @Tags Common
// @Summary Return 200 after x seconds
// @ID api-common-sleep
// @Tags Common
//
// @Param secs path number true "sleep delay (in seconds)"
// @Param secs path number true "sleep delay (in seconds)"
//
// @Success 200 {object} handler.Sleep.response
// @Failure 400 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
// @Success 200 {object} handler.Sleep.response
// @Failure 400 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /api/sleep/{secs} [post]
// @Router /api/sleep/{secs} [post]
func (h CommonHandler) Sleep(g *gin.Context) ginresp.HTTPResponse {
type uri struct {
Seconds float64 `uri:"secs"`

282
scnserver/api/handler/compat.go
View File

@@ -29,22 +29,22 @@ func NewCompatHandler(app *logic.Application) CompatHandler {
// SendMessageCompat swaggerdoc
//
// @Deprecated
// @Deprecated
//
// @Summary Send a new message (compatibility)
// @Description All parameter can be set via query-parameter or form-data body. Only UserID, UserKey and Title are required
// @Tags External
// @Summary Send a new message (compatibility)
// @Description All parameter can be set via query-parameter or form-data body. Only UserID, UserKey and Title are required
// @Tags External
//
// @Param query_data query handler.SendMessageCompat.combined false " "
// @Param form_data formData handler.SendMessageCompat.combined false " "
// @Param query_data query handler.SendMessageCompat.combined false " "
// @Param form_data formData handler.SendMessageCompat.combined false " "
//
// @Success 200 {object} handler.SendMessageCompat.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 403 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
// @Success 200 {object} handler.SendMessageCompat.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError
// @Failure 403 {object} ginresp.apiError
// @Failure 500 {object} ginresp.apiError
//
// @Router /send.php [POST]
// @Router /send.php [POST]
func (h MessageHandler) SendMessageCompat(g *gin.Context) ginresp.HTTPResponse {
type combined struct {
UserID *int64 `json:"user_id" form:"user_id"`
@@ -86,7 +86,7 @@ func (h MessageHandler) SendMessageCompat(g *gin.Context) ginresp.HTTPResponse {
return ginresp.SendAPIError(g, 400, apierr.USER_NOT_FOUND, hl.USER_ID, "User not found (compat)", nil)
}
okResp, errResp := h.sendMessageInternal(g, ctx, langext.Ptr(models.UserID(*newid)), data.UserKey, nil, nil, data.Title, data.Content, data.Priority, data.UserMessageID, data.SendTimestamp, nil)
okResp, errResp := h.sendMessageInternal(g, ctx, langext.Ptr(models.UserID(*newid)), data.UserKey, nil, data.Title, data.Content, data.Priority, data.UserMessageID, data.SendTimestamp, nil)
if errResp != nil {
return *errResp
} else {
@@ -122,24 +122,24 @@ func (h MessageHandler) SendMessageCompat(g *gin.Context) ginresp.HTTPResponse {
// Register swaggerdoc
//
// @Summary Register a new account
// @ID compat-register
// @Tags API-v1
// @Summary Register a new account
// @ID compat-register
// @Tags API-v1
//
// @Deprecated
// @Deprecated
//
// @Param fcm_token query string true "the (android) fcm token"
// @Param pro query string true "if the user is a paid account" Enums(true, false)
// @Param pro_token query string true "the (android) IAP token"
// @Param fcm_token query string true "the (android) fcm token"
// @Param pro query string true "if the user is a paid account" Enums(true, false)
// @Param pro_token query string true "the (android) IAP token"
//
// @Param fcm_token formData string true "the (android) fcm token"
// @Param pro formData string true "if the user is a paid account" Enums(true, false)
// @Param pro_token formData string true "the (android) IAP token"
// @Param fcm_token formData string true "the (android) fcm token"
// @Param pro formData string true "if the user is a paid account" Enums(true, false)
// @Param pro_token formData string true "the (android) IAP token"
//
// @Success 200 {object} handler.Register.response
// @Failure default {object} ginresp.compatAPIError
// @Success 200 {object} handler.Register.response
// @Failure default {object} ginresp.compatAPIError
//
// @Router /api/register.php [get]
// @Router /api/register.php [get]
func (h CompatHandler) Register(g *gin.Context) ginresp.HTTPResponse {
type query struct {
FCMToken *string `json:"fcm_token" form:"fcm_token"`
@@ -195,8 +195,6 @@ func (h CompatHandler) Register(g *gin.Context) ginresp.HTTPResponse {
}
}
readKey := h.app.GenerateRandomAuthKey()
sendKey := h.app.GenerateRandomAuthKey()
adminKey := h.app.GenerateRandomAuthKey()
err := h.database.ClearFCMTokens(ctx, *data.FCMToken)
@@ -211,11 +209,16 @@ func (h CompatHandler) Register(g *gin.Context) ginresp.HTTPResponse {
}
}
user, err := h.database.CreateUser(ctx, readKey, sendKey, adminKey, data.ProToken, nil)
user, err := h.database.CreateUser(ctx, data.ProToken, nil)
if err != nil {
return ginresp.CompatAPIError(0, "Failed to create user in db")
}
_, err = h.database.CreateKeyToken(ctx, "CompatKey", user.UserID, true, make([]models.ChannelID, 0), models.TokenPermissionList{models.PermAdmin}, adminKey)
if err != nil {
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to create admin-key in db", err)
}
_, err = h.database.CreateClient(ctx, user.UserID, models.ClientTypeAndroid, *data.FCMToken, "compat", "compat")
if err != nil {
return ginresp.CompatAPIError(0, "Failed to create client in db")
@@ -230,7 +233,7 @@ func (h CompatHandler) Register(g *gin.Context) ginresp.HTTPResponse {
Success: true,
Message: "New user registered",
UserID: oldid,
UserKey: user.AdminKey,
UserKey: adminKey,
QuotaUsed: user.QuotaUsedToday(),
QuotaMax: user.QuotaPerDay(),
IsPro: user.IsPro,
@@ -239,22 +242,22 @@ func (h CompatHandler) Register(g *gin.Context) ginresp.HTTPResponse {
// Info swaggerdoc
//
// @Summary Get information about the current user
// @ID compat-info
// @Tags API-v1
// @Summary Get information about the current user
// @ID compat-info
// @Tags API-v1
//
// @Deprecated
// @Deprecated
//
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
//
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
//
// @Success 200 {object} handler.Info.response
// @Failure default {object} ginresp.compatAPIError
// @Success 200 {object} handler.Info.response
// @Failure default {object} ginresp.compatAPIError
//
// @Router /api/info.php [get]
// @Router /api/info.php [get]
func (h CompatHandler) Info(g *gin.Context) ginresp.HTTPResponse {
type query struct {
UserID *int64 `json:"user_id" form:"user_id"`
@@ -305,7 +308,14 @@ func (h CompatHandler) Info(g *gin.Context) ginresp.HTTPResponse {
return ginresp.CompatAPIError(0, "Failed to query user")
}
if user.AdminKey != *data.UserKey {
keytok, err := h.database.GetKeyTokenByToken(ctx, *data.UserKey)
if err == sql.ErrNoRows {
return ginresp.CompatAPIError(204, "Authentification failed")
}
if err != nil {
return ginresp.CompatAPIError(0, "Failed to query token")
}
if !keytok.IsAdmin(user.UserID) {
return ginresp.CompatAPIError(204, "Authentification failed")
}
@@ -320,7 +330,7 @@ func (h CompatHandler) Info(g *gin.Context) ginresp.HTTPResponse {
Success: true,
Message: "ok",
UserID: *data.UserID,
UserKey: user.AdminKey,
UserKey: keytok.Token,
QuotaUsed: user.QuotaUsedToday(),
QuotaMax: user.QuotaPerDay(),
IsPro: langext.Conditional(user.IsPro, 1, 0),
@@ -331,24 +341,24 @@ func (h CompatHandler) Info(g *gin.Context) ginresp.HTTPResponse {
// Ack swaggerdoc
//
// @Summary Acknowledge that a message was received
// @ID compat-ack
// @Tags API-v1
// @Summary Acknowledge that a message was received
// @ID compat-ack
// @Tags API-v1
//
// @Deprecated
// @Deprecated
//
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
// @Param scn_msg_id query string true "the message id"
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
// @Param scn_msg_id query string true "the message id"
//
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
// @Param scn_msg_id formData string true "the message id"
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
// @Param scn_msg_id formData string true "the message id"
//
// @Success 200 {object} handler.Ack.response
// @Failure default {object} ginresp.compatAPIError
// @Success 200 {object} handler.Ack.response
// @Failure default {object} ginresp.compatAPIError
//
// @Router /api/ack.php [get]
// @Router /api/ack.php [get]
func (h CompatHandler) Ack(g *gin.Context) ginresp.HTTPResponse {
type query struct {
UserID *int64 `json:"user_id" form:"user_id"`
@@ -398,7 +408,14 @@ func (h CompatHandler) Ack(g *gin.Context) ginresp.HTTPResponse {
return ginresp.CompatAPIError(0, "Failed to query user")
}
if user.AdminKey != *data.UserKey {
keytok, err := h.database.GetKeyTokenByToken(ctx, *data.UserKey)
if err == sql.ErrNoRows {
return ginresp.CompatAPIError(204, "Authentification failed")
}
if err != nil {
return ginresp.CompatAPIError(0, "Failed to query token")
}
if !keytok.IsAdmin(user.UserID) {
return ginresp.CompatAPIError(204, "Authentification failed")
}
@@ -432,22 +449,22 @@ func (h CompatHandler) Ack(g *gin.Context) ginresp.HTTPResponse {
// Requery swaggerdoc
//
// @Summary Return all not-acknowledged messages
// @ID compat-requery
// @Tags API-v1
// @Summary Return all not-acknowledged messages
// @ID compat-requery
// @Tags API-v1
//
// @Deprecated
// @Deprecated
//
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
//
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
//
// @Success 200 {object} handler.Requery.response
// @Failure default {object} ginresp.compatAPIError
// @Success 200 {object} handler.Requery.response
// @Failure default {object} ginresp.compatAPIError
//
// @Router /api/requery.php [get]
// @Router /api/requery.php [get]
func (h CompatHandler) Requery(g *gin.Context) ginresp.HTTPResponse {
type query struct {
UserID *int64 `json:"user_id" form:"user_id"`
@@ -493,7 +510,14 @@ func (h CompatHandler) Requery(g *gin.Context) ginresp.HTTPResponse {
return ginresp.CompatAPIError(0, "Failed to query user")
}
if user.AdminKey != *data.UserKey {
keytok, err := h.database.GetKeyTokenByToken(ctx, *data.UserKey)
if err == sql.ErrNoRows {
return ginresp.CompatAPIError(204, "Authentification failed")
}
if err != nil {
return ginresp.CompatAPIError(0, "Failed to query token")
}
if !keytok.IsAdmin(user.UserID) {
return ginresp.CompatAPIError(204, "Authentification failed")
}
@@ -536,24 +560,24 @@ func (h CompatHandler) Requery(g *gin.Context) ginresp.HTTPResponse {
// Update swaggerdoc
//
// @Summary Set the fcm-token (android)
// @ID compat-update
// @Tags API-v1
// @Summary Set the fcm-token (android)
// @ID compat-update
// @Tags API-v1
//
// @Deprecated
// @Deprecated
//
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
// @Param fcm_token query string true "the (android) fcm token"
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
// @Param fcm_token query string true "the (android) fcm token"
//
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
// @Param fcm_token formData string true "the (android) fcm token"
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
// @Param fcm_token formData string true "the (android) fcm token"
//
// @Success 200 {object} handler.Update.response
// @Failure default {object} ginresp.compatAPIError
// @Success 200 {object} handler.Update.response
// @Failure default {object} ginresp.compatAPIError
//
// @Router /api/update.php [get]
// @Router /api/update.php [get]
func (h CompatHandler) Update(g *gin.Context) ginresp.HTTPResponse {
type query struct {
UserID *int64 `json:"user_id" form:"user_id"`
@@ -603,7 +627,14 @@ func (h CompatHandler) Update(g *gin.Context) ginresp.HTTPResponse {
return ginresp.CompatAPIError(0, "Failed to query user")
}
if user.AdminKey != *data.UserKey {
keytok, err := h.database.GetKeyTokenByToken(ctx, *data.UserKey)
if err == sql.ErrNoRows {
return ginresp.CompatAPIError(204, "Authentification failed")
}
if err != nil {
return ginresp.CompatAPIError(0, "Failed to query token")
}
if !keytok.IsAdmin(user.UserID) {
return ginresp.CompatAPIError(204, "Authentification failed")
}
@@ -613,10 +644,13 @@ func (h CompatHandler) Update(g *gin.Context) ginresp.HTTPResponse {
}
newAdminKey := h.app.GenerateRandomAuthKey()
newReadKey := h.app.GenerateRandomAuthKey()
newSendKey := h.app.GenerateRandomAuthKey()
err = h.database.UpdateUserKeys(ctx, user.UserID, newSendKey, newReadKey, newAdminKey)
_, err = h.database.CreateKeyToken(ctx, "CompatKey", user.UserID, true, make([]models.ChannelID, 0), models.TokenPermissionList{models.PermAdmin}, newAdminKey)
if err != nil {
return ginresp.APIError(g, 500, apierr.DATABASE_ERROR, "Failed to create admin-key in db", err)
}
err = h.database.DeleteKeyToken(ctx, keytok.KeyTokenID)
if err != nil {
return ginresp.CompatAPIError(0, "Failed to update keys")
}
@@ -648,7 +682,7 @@ func (h CompatHandler) Update(g *gin.Context) ginresp.HTTPResponse {
Success: true,
Message: "user updated",
UserID: *data.UserID,
UserKey: user.AdminKey,
UserKey: newAdminKey,
QuotaUsed: user.QuotaUsedToday(),
QuotaMax: user.QuotaPerDay(),
IsPro: langext.Conditional(user.IsPro, 1, 0),
@@ -657,24 +691,24 @@ func (h CompatHandler) Update(g *gin.Context) ginresp.HTTPResponse {
// Expand swaggerdoc
//
// @Summary Get a whole (potentially truncated) message
// @ID compat-expand
// @Tags API-v1
// @Summary Get a whole (potentially truncated) message
// @ID compat-expand
// @Tags API-v1
//
// @Deprecated
// @Deprecated
//
// @Param user_id query string true "The user_id"
// @Param user_key query string true "The user_key"
// @Param scn_msg_id query string true "The message-id"
// @Param user_id query string true "The user_id"
// @Param user_key query string true "The user_key"
// @Param scn_msg_id query string true "The message-id"
//
// @Param user_id formData string true "The user_id"
// @Param user_key formData string true "The user_key"
// @Param scn_msg_id formData string true "The message-id"
// @Param user_id formData string true "The user_id"
// @Param user_key formData string true "The user_key"
// @Param scn_msg_id formData string true "The message-id"
//
// @Success 200 {object} handler.Expand.response
// @Failure default {object} ginresp.compatAPIError
// @Success 200 {object} handler.Expand.response
// @Failure default {object} ginresp.compatAPIError
//
// @Router /api/expand.php [get]
// @Router /api/expand.php [get]
func (h CompatHandler) Expand(g *gin.Context) ginresp.HTTPResponse {
type query struct {
UserID *int64 `json:"user_id" form:"user_id"`
@@ -723,7 +757,14 @@ func (h CompatHandler) Expand(g *gin.Context) ginresp.HTTPResponse {
return ginresp.CompatAPIError(0, "Failed to query user")
}
if user.AdminKey != *data.UserKey {
keytok, err := h.database.GetKeyTokenByToken(ctx, *data.UserKey)
if err == sql.ErrNoRows {
return ginresp.CompatAPIError(204, "Authentification failed")
}
if err != nil {
return ginresp.CompatAPIError(0, "Failed to query token")
}
if !keytok.IsAdmin(user.UserID) {
return ginresp.CompatAPIError(204, "Authentification failed")
}
@@ -760,26 +801,26 @@ func (h CompatHandler) Expand(g *gin.Context) ginresp.HTTPResponse {
// Upgrade swaggerdoc
//
// @Summary Upgrade a free account to a paid account
// @ID compat-upgrade
// @Tags API-v1
// @Summary Upgrade a free account to a paid account
// @ID compat-upgrade
// @Tags API-v1
//
// @Deprecated
// @Deprecated
//
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
// @Param pro query string true "if the user is a paid account" Enums(true, false)
// @Param pro_token query string true "the (android) IAP token"
// @Param user_id query string true "the user_id"
// @Param user_key query string true "the user_key"
// @Param pro query string true "if the user is a paid account" Enums(true, false)
// @Param pro_token query string true "the (android) IAP token"
//
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
// @Param pro formData string true "if the user is a paid account" Enums(true, false)
// @Param pro_token formData string true "the (android) IAP token"
// @Param user_id formData string true "the user_id"
// @Param user_key formData string true "the user_key"
// @Param pro formData string true "if the user is a paid account" Enums(true, false)
// @Param pro_token formData string true "the (android) IAP token"
//
// @Success 200 {object} handler.Upgrade.response
// @Failure default {object} ginresp.compatAPIError
// @Success 200 {object} handler.Upgrade.response
// @Failure default {object} ginresp.compatAPIError
//
// @Router /api/upgrade.php [get]
// @Router /api/upgrade.php [get]
func (h CompatHandler) Upgrade(g *gin.Context) ginresp.HTTPResponse {
type query struct {
UserID *int64 `json:"user_id" form:"user_id"`
@@ -835,7 +876,14 @@ func (h CompatHandler) Upgrade(g *gin.Context) ginresp.HTTPResponse {
return ginresp.CompatAPIError(0, "Failed to query user")
}
if user.AdminKey != *data.UserKey {
keytok, err := h.database.GetKeyTokenByToken(ctx, *data.UserKey)
if err == sql.ErrNoRows {
return ginresp.CompatAPIError(204, "Authentification failed")
}
if err != nil {
return ginresp.CompatAPIError(0, "Failed to query token")
}
if !keytok.IsAdmin(user.UserID) {
return ginresp.CompatAPIError(204, "Authentification failed")
}

71
scnserver/api/handler/message.go
View File

@@ -40,28 +40,27 @@ func NewMessageHandler(app *logic.Application) MessageHandler {
// SendMessage swaggerdoc
//
// @Summary Send a new message
// @Description All parameter can be set via query-parameter or the json body. Only UserID, UserKey and Title are required
// @Tags External
// @Summary Send a new message
// @Description All parameter can be set via query-parameter or the json body. Only UserID, UserKey and Title are required
// @Tags External
//
// @Param query_data query handler.SendMessage.combined false " "
// @Param post_body body handler.SendMessage.combined false " "
// @Param form_body formData handler.SendMessage.combined false " "
// @Param query_data query handler.SendMessage.combined false " "
// @Param post_body body handler.SendMessage.combined false " "
// @Param form_body formData handler.SendMessage.combined false " "
//
// @Success 200 {object} handler.SendMessage.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError "The user_id was not found or the user_key is wrong"
// @Failure 403 {object} ginresp.apiError "The user has exceeded its daily quota - wait 24 hours or upgrade your account"
// @Failure 500 {object} ginresp.apiError "An internal server error occurred - try again later"
// @Success 200 {object} handler.SendMessage.response
// @Failure 400 {object} ginresp.apiError
// @Failure 401 {object} ginresp.apiError "The user_id was not found or the user_key is wrong"
// @Failure 403 {object} ginresp.apiError "The user has exceeded its daily quota - wait 24 hours or upgrade your account"
// @Failure 500 {object} ginresp.apiError "An internal server error occurred - try again later"
//
// @Router / [POST]
// @Router /send [POST]
// @Router / [POST]
// @Router /send [POST]
func (h MessageHandler) SendMessage(g *gin.Context) ginresp.HTTPResponse {
type combined struct {
UserID *models.UserID `json:"user_id" form:"user_id" example:"7725" `
UserKey *string `json:"user_key" form:"user_key" example:"P3TNH8mvv14fm" `
KeyToken *string `json:"key" form:"key" example:"P3TNH8mvv14fm" `
Channel *string `json:"channel" form:"channel" example:"test" `
ChanKey *string `json:"chan_key" form:"chan_key" example:"qhnUbKcLgp6tg" `
Title *string `json:"title" form:"title" example:"Hello World" `
Content *string `json:"content" form:"content" example:"This is a message" `
Priority *int `json:"priority" form:"priority" example:"1" enums:"0,1,2" `
@@ -95,7 +94,7 @@ func (h MessageHandler) SendMessage(g *gin.Context) ginresp.HTTPResponse {
// query has highest prio, then form, then json
data := dataext.ObjectMerge(dataext.ObjectMerge(b, f), q)
okResp, errResp := h.sendMessageInternal(g, ctx, data.UserID, data.UserKey, data.Channel, data.ChanKey, data.Title, data.Content, data.Priority, data.UserMessageID, data.SendTimestamp, data.SenderName)
okResp, errResp := h.sendMessageInternal(g, ctx, data.UserID, data.KeyToken, data.Channel, data.Title, data.Content, data.Priority, data.UserMessageID, data.SendTimestamp, data.SenderName)
if errResp != nil {
return *errResp
} else {
@@ -129,7 +128,7 @@ func (h MessageHandler) SendMessage(g *gin.Context) ginresp.HTTPResponse {
}
}
func (h MessageHandler) sendMessageInternal(g *gin.Context, ctx *logic.AppContext, UserID *models.UserID, UserKey *string, Channel *string, ChanKey *string, Title *string, Content *string, Priority *int, UserMessageID *string, SendTimestamp *float64, SenderName *string) (*SendMessageResponse, *ginresp.HTTPResponse) {
func (h MessageHandler) sendMessageInternal(g *gin.Context, ctx *logic.AppContext, UserID *models.UserID, Key *string, Channel *string, Title *string, Content *string, Priority *int, UserMessageID *string, SendTimestamp *float64, SenderName *string) (*SendMessageResponse, *ginresp.HTTPResponse) {
if Title != nil {
Title = langext.Ptr(strings.TrimSpace(*Title))
}
@@ -140,8 +139,8 @@ func (h MessageHandler) sendMessageInternal(g *gin.Context, ctx *logic.AppContex
if UserID == nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 400, apierr.MISSING_UID, hl.USER_ID, "Missing parameter [[user_id]]", nil))
}
if UserKey == nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 400, apierr.MISSING_TOK, hl.USER_KEY, "Missing parameter [[user_token]]", nil))
if Key == nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 400, apierr.MISSING_TOK, hl.USER_KEY, "Missing parameter [[key]]", nil))
}
if Title == nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 400, apierr.MISSING_TITLE, hl.TITLE, "Missing parameter [[title]]", nil))
@@ -224,32 +223,13 @@ func (h MessageHandler) sendMessageInternal(g *gin.Context, ctx *logic.AppContex
return nil, langext.Ptr(ginresp.SendAPIError(g, 403, apierr.QUOTA_REACHED, hl.NONE, fmt.Sprintf("Daily quota reached (%d)", user.QuotaPerDay()), nil))
}
var channel models.Channel
if ChanKey != nil {
// foreign channel (+ channel send-key)
foreignChan, err := h.database.GetChannelByNameAndSendKey(ctx, channelInternalName, *ChanKey)
if err != nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query (foreign) channel", err))
}
if foreignChan == nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 400, apierr.CHANNEL_NOT_FOUND, hl.CHANNEL, "(Foreign) Channel not found", err))
}
channel = *foreignChan
} else {
// own channel
channel, err = h.app.GetOrCreateChannel(ctx, *UserID, channelDisplayName, channelInternalName)
if err != nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query/create (owned) channel", err))
}
channel, err := h.app.GetOrCreateChannel(ctx, *UserID, channelDisplayName, channelInternalName)
if err != nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to query/create (owned) channel", err))
}
selfChanAdmin := *UserID == channel.OwnerUserID && *UserKey == user.AdminKey
selfChanSend := *UserID == channel.OwnerUserID && *UserKey == user.SendKey
forgChanSend := *UserID != channel.OwnerUserID && ChanKey != nil && *ChanKey == channel.SendKey
if !selfChanAdmin && !selfChanSend && !forgChanSend {
keytok, permResp := ctx.CheckPermissionSend(channel, *Key)
if permResp != nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 401, apierr.USER_AUTH_FAILED, hl.USER_KEY, "You are not authorized for this action", nil))
}
@@ -287,6 +267,11 @@ func (h MessageHandler) sendMessageInternal(g *gin.Context, ctx *logic.AppContex
return nil, langext.Ptr(ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to inc channel msg-counter", err))
}
err = h.database.IncKeyTokenMessageCounter(ctx, keytok.KeyTokenID)
if err != nil {
return nil, langext.Ptr(ginresp.SendAPIError(g, 500, apierr.DATABASE_ERROR, hl.NONE, "Failed to inc token msg-counter", err))
}
for _, sub := range subscriptions {
clients, err := h.database.ListClients(ctx, sub.SubscriberUserID)
if err != nil {

24
scnserver/api/router.go
View File

@@ -37,17 +37,17 @@ func NewRouter(app *logic.Application) *Router {
// Init swaggerdocs
//
// @title SimpleCloudNotifier API
// @version 2.0
// @description API for SCN
// @host scn.blackforestbytes.com
// @title SimpleCloudNotifier API
// @version 2.0
// @description API for SCN
// @host scn.blackforestbytes.com
//
// @tag.name External
// @tag.name API-v1
// @tag.name API-v2
// @tag.name Common
// @tag.name External
// @tag.name API-v1
// @tag.name API-v2
// @tag.name Common
//
// @BasePath /
// @BasePath /
func (r *Router) Init(e *gin.Engine) error {
if v, ok := binding.Validator.Engine().(*validator.Validate); ok {
@@ -127,6 +127,12 @@ func (r *Router) Init(e *gin.Engine) error {
apiv2.GET("/users/:uid", r.Wrap(r.apiHandler.GetUser))
apiv2.PATCH("/users/:uid", r.Wrap(r.apiHandler.UpdateUser))
apiv2.GET("/users/:uid/keys", r.Wrap(r.apiHandler.ListUserKeys))
apiv2.POST("/users/:uid/keys", r.Wrap(r.apiHandler.CreateUserKey))
apiv2.GET("/users/:uid/keys/:kid", r.Wrap(r.apiHandler.GetUserKey))
apiv2.PATCH("/users/:uid/keys/:kid", r.Wrap(r.apiHandler.UpdateUserKey))
apiv2.DELETE("/users/:uid/keys/:kid", r.Wrap(r.apiHandler.DeleteUserKey))
apiv2.GET("/users/:uid/clients", r.Wrap(r.apiHandler.ListClients))
apiv2.GET("/users/:uid/clients/:cid", r.Wrap(r.apiHandler.GetClient))
apiv2.POST("/users/:uid/clients", r.Wrap(r.apiHandler.AddClient))