Annotate

mod_http_admin_api/mod_http_admin_api.lua @ 4343:ee313922b8d1

mod_http_admin_api: HTTP API for managing users and invites
author Matthew Wild <mwild1@gmail.com>
date Sun, 17 Jan 2021 12:49:20 +0000
child 4345:1bb08e9ffa82
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4343
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 local json = require "util.json";
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 module:depends("http");
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local invites = module:depends("invites");
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local tokens = module:depends("tokenauth");
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 local json_content_type = "application/json";
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 local www_authenticate_header = ("Bearer realm=%q"):format(module.host.."/"..module.name);
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 local function check_credentials(request)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local auth_type, auth_data = string.match(request.headers.authorization or "", "^(%S+)%s(.+)$");
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 if not (auth_type and auth_data) then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 return false;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 if auth_type == "Bearer" then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 local token_info = tokens.get_token_info(auth_data);
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 if not token_info or not token_info.session then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 return false;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 return token_info.session;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 return nil;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 function check_auth(routes)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 local function check_request_auth(event)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 local session = check_credentials(event.request);
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 if not session then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 event.response.headers.authorization = www_authenticate_header;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 return false, 401;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 elseif session.auth_scope ~= "prosody:scope:admin" then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 return false, 403;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 event.session = session;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 return true;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 for route, handler in pairs(routes) do
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 routes[route] = function (event, ...)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 local permit, code = check_request_auth(event);
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 if not permit then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 return code;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 return handler(event, ...);
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 end;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 return routes;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 local function token_info_to_invite_info(token_info)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 return {
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 id = token_info.token;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 type = token_info.type;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 inviter = token_info.inviter;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 jid = token_info.jid;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 landing_page = token_info.landing_page;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 created_at = token_info.created_at;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 expires = token_info.expires;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 };
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 function list_invites(event)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 local invites_list = {};
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 for token, invite in invites.pending_account_invites() do --luacheck: ignore 213/token
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 table.insert(invites_list, token_info_to_invite_info(invite));
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 table.sort(invites_list, function (a, b)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 return a.created_at < b.created_at;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 end);
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 event.response.headers["Content-Type"] = json_content_type;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 return json.encode(invites_list);
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 function get_invite_by_id(event, invite_id)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 local invite = invites.get_account_invite_info(invite_id);
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 if not invite then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 return 404;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 event.response.headers["Content-Type"] = json_content_type;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 return json.encode(token_info_to_invite_info(invite));
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 function create_invite(event)
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89 local invite = invites.create_account(nil, { source = "admin_api/"..event.session.username });
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 if not invite then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 return 500;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 event.response.headers["Content-Type"] = json_content_type;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 return json.encode(token_info_to_invite_info(invite));
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 function delete_invite(event, invite_id) --luacheck: ignore 212/event
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 if not invites.delete_account_invite(invite_id) then
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 return 404;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 return 200;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 end
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 module:provides("http", {
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 route = check_auth {
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 ["GET /invites"] = list_invites;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108 ["GET /invites/*"] = get_invite_by_id;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
109 ["PUT /invites"] = create_invite;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110 ["DELETE /invites/*"] = delete_invite;
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
111 };
ee313922b8d1 mod_http_admin_api: HTTP API for managing users and invites
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 });