prosody-modules
bd63feda3704
mod_http_admin_api/mod_http_admin_api.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Comparison

mod_http_admin_api/mod_http_admin_api.lua @ 5008:bd63feda3704

Merge role-auth
author Matthew Wild <mwild1@gmail.com>
date Mon, 22 Aug 2022 15:39:02 +0100
parent 5005:d68348323406
child 5283:cc89c97befe7
comparison
equal deleted inserted replaced
4994:cce12a660b98 5008:bd63feda3704
1 local usermanager = require "core.usermanager"; 1 local usermanager = require "core.usermanager";
2 2
3 local it = require "util.iterators";
3 local json = require "util.json"; 4 local json = require "util.json";
4 local st = require "util.stanza"; 5 local st = require "util.stanza";
5 local array = require "util.array"; 6 local array = require "util.array";
6 local statsmanager = require "core.statsmanager"; 7 local statsmanager = require "core.statsmanager";
7 8
31 if not (auth_type and auth_data) then 32 if not (auth_type and auth_data) then
32 return false; 33 return false;
33 end 34 end
34 35
35 if auth_type == "Bearer" then 36 if auth_type == "Bearer" then
36 local token_info = tokens.get_token_info(auth_data); 37 return tokens.get_token_session(auth_data);
37 if not token_info or not token_info.session then
38 return false;
39 end
40 return token_info.session;
41 end 38 end
42 return nil; 39 return nil;
43 end 40 end
41
42 module:default_permission("prosody:admin", ":access-admin-api");
44 43
45 function check_auth(routes) 44 function check_auth(routes)
46 local function check_request_auth(event) 45 local function check_request_auth(event)
47 local session = check_credentials(event.request); 46 local session = check_credentials(event.request);
48 if not session then 47 if not session then
49 event.response.headers.authorization = www_authenticate_header; 48 event.response.headers.authorization = www_authenticate_header;
50 return false, 401; 49 return false, 401;
51 elseif session.auth_scope ~= "prosody:scope:admin" then 50 end
51 event.session = session;
52 if not module:may(":access-admin-api", event) then
52 return false, 403; 53 return false, 403;
53 end 54 end
54 event.session = session;
55 return true; 55 return true;
56 end 56 end
57 57
58 for route, handler in pairs(routes) do 58 for route, handler in pairs(routes) do
59 routes[route] = function (event, ...) 59 routes[route] = function (event, ...)
177 if ok and nick_item then 177 if ok and nick_item then
178 display_name = nick_item:get_child_text("nick", xmlns_nick); 178 display_name = nick_item:get_child_text("nick", xmlns_nick);
179 end 179 end
180 end 180 end
181 181
182 local roles = nil; 182 local primary_role, secondary_roles, legacy_roles;
183 if usermanager.get_roles then 183 if usermanager.get_user_role then
184 local roles_map = usermanager.get_roles(username.."@"..module.host, module.host) 184 primary_role = usermanager.get_user_role(username, module.host);
185 roles = array() 185 secondary_roles = array.collect(it.keys(usermanager.get_user_secondary_roles(username, module.host)));
186 if roles_map then 186 elseif usermanager.get_user_roles then -- COMPAT w/0.12
187 for role in pairs(roles_map) do 187 legacy_roles = array();
188 roles:push(role) 188 local roles_map = usermanager.get_user_roles(username, module.host);
189 end 189 for role_name in pairs(roles_map) do
190 legacy_roles:push(role_name);
190 end 191 end
191 end 192 end
192 193
193 return { 194 return {
194 username = username; 195 username = username;
195 display_name = display_name; 196 display_name = display_name;
196 roles = roles; 197 role = primary_role and primary_role.name or nil;
198 secondary_roles = secondary_roles;
199 roles = legacy_roles; -- COMPAT w/0.12
197 }; 200 };
198 end 201 end
199 202
200 local function get_session_debug_info(session) 203 local function get_session_debug_info(session)
201 local info = { 204 local info = {
307 local debug_info = { 310 local debug_info = {
308 time = os.time(); 311 time = os.time();
309 }; 312 };
310 -- Online sessions 313 -- Online sessions
311 do 314 do
312 local user_sessions = hosts[module.host].sessions[username]; 315 local user_sessions = prosody.hosts[module.host].sessions[username];
313 if user_sessions then 316 if user_sessions then
314 user_sessions = user_sessions.sessions 317 user_sessions = user_sessions.sessions
315 end 318 end
316 local sessions = {}; 319 local sessions = {};
317 if user_sessions then 320 if user_sessions then
413 }) then 416 }) then
414 final_user.display_name = new_user.display_name; 417 final_user.display_name = new_user.display_name;
415 end 418 end
416 end 419 end
417 420
418 if new_user.roles then 421 if new_user.role then
419 if not usermanager.set_roles then 422 if not usermanager.set_user_role then
423 return 500, "feature-not-implemented";
424 end
425 if not usermanager.set_user_role(username, module.host, new_user.role) then
426 module:log("error", "failed to set role %s for %s", new_user.role, username);
427 return 500;
428 end
429 end
430
431 if new_user.roles then -- COMPAT w/0.12
432 if not usermanager.set_user_roles then
420 return 500, "feature-not-implemented" 433 return 500, "feature-not-implemented"
421 end 434 end
422 435
423 local backend_roles = {}; 436 local backend_roles = {};
424 for _, role in ipairs(new_user.roles) do 437 for _, role in ipairs(new_user.roles) do
425 backend_roles[role] = true; 438 backend_roles[role] = true;
426 end 439 end
427 local jid = username.."@"..module.host; 440 local jid = username.."@"..module.host;
428 if not usermanager.set_roles(jid, module.host, backend_roles) then 441 if not usermanager.set_user_roles(username, module.host, backend_roles) then
429 module:log("error", "failed to set roles %q for %s", backend_roles, jid) 442 module:log("error", "failed to set roles %q for %s", backend_roles, jid)
430 return 500 443 return 500
431 end 444 end
432 end 445 end
433 446