Software /
code /
prosody-modules
Annotate
mod_http_admin_api/mod_http_admin_api.lua @ 4343:ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Sun, 17 Jan 2021 12:49:20 +0000 |
child | 4345:1bb08e9ffa82 |
rev | line source |
---|---|
4343
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local json = require "util.json"; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
2 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
3 module:depends("http"); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
4 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
5 local invites = module:depends("invites"); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
6 local tokens = module:depends("tokenauth"); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
7 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 local json_content_type = "application/json"; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
9 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
10 local www_authenticate_header = ("Bearer realm=%q"):format(module.host.."/"..module.name); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
11 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
12 local function check_credentials(request) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
13 local auth_type, auth_data = string.match(request.headers.authorization or "", "^(%S+)%s(.+)$"); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
14 if not (auth_type and auth_data) then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
15 return false; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
18 if auth_type == "Bearer" then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
19 local token_info = tokens.get_token_info(auth_data); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 if not token_info or not token_info.session then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 return false; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
22 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
23 return token_info.session; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 return nil; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
26 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
27 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
28 function check_auth(routes) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
29 local function check_request_auth(event) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
30 local session = check_credentials(event.request); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
31 if not session then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
32 event.response.headers.authorization = www_authenticate_header; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
33 return false, 401; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
34 elseif session.auth_scope ~= "prosody:scope:admin" then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
35 return false, 403; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
36 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
37 event.session = session; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
38 return true; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
39 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
40 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
41 for route, handler in pairs(routes) do |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
42 routes[route] = function (event, ...) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
43 local permit, code = check_request_auth(event); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
44 if not permit then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
45 return code; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
46 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
47 return handler(event, ...); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
48 end; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
49 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
50 return routes; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
51 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
52 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
53 local function token_info_to_invite_info(token_info) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
54 return { |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
55 id = token_info.token; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
56 type = token_info.type; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
57 inviter = token_info.inviter; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
58 jid = token_info.jid; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
59 landing_page = token_info.landing_page; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
60 created_at = token_info.created_at; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
61 expires = token_info.expires; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
62 }; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
63 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
64 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
65 function list_invites(event) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
66 local invites_list = {}; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
67 for token, invite in invites.pending_account_invites() do --luacheck: ignore 213/token |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
68 table.insert(invites_list, token_info_to_invite_info(invite)); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
69 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
70 table.sort(invites_list, function (a, b) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
71 return a.created_at < b.created_at; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
72 end); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
73 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
74 event.response.headers["Content-Type"] = json_content_type; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
75 return json.encode(invites_list); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
76 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
77 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
78 function get_invite_by_id(event, invite_id) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
79 local invite = invites.get_account_invite_info(invite_id); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
80 if not invite then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
81 return 404; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
82 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
83 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
84 event.response.headers["Content-Type"] = json_content_type; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
85 return json.encode(token_info_to_invite_info(invite)); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
86 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
87 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
88 function create_invite(event) |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
89 local invite = invites.create_account(nil, { source = "admin_api/"..event.session.username }); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
90 if not invite then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
91 return 500; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
92 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
93 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
94 event.response.headers["Content-Type"] = json_content_type; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
95 return json.encode(token_info_to_invite_info(invite)); |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
96 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
97 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
98 function delete_invite(event, invite_id) --luacheck: ignore 212/event |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
99 if not invites.delete_account_invite(invite_id) then |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
100 return 404; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
101 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
102 return 200; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
103 end |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
104 |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
105 module:provides("http", { |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
106 route = check_auth { |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
107 ["GET /invites"] = list_invites; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
108 ["GET /invites/*"] = get_invite_by_id; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
109 ["PUT /invites"] = create_invite; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
110 ["DELETE /invites/*"] = delete_invite; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
111 }; |
ee313922b8d1
mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
112 }); |