mirror of
https://github.com/binwiederhier/ntfy.git
synced 2025-05-28 17:35:36 +02:00
More CLI for access control
This commit is contained in:
Philipp Heckel
parent
243d549975
commit
03a4e3e8e9
6 changed files with 243 additions and 28 deletions
cmd
62
cmd/user.go
62
cmd/user.go
|
|
@ -29,12 +29,7 @@ dabbling for CLI
|
|||
|
||||
*/
|
||||
|
||||
var flagsUser = []cli.Flag{
|
||||
&cli.StringFlag{Name: "config", Aliases: []string{"c"}, EnvVars: []string{"NTFY_CONFIG_FILE"}, Value: "/etc/ntfy/server.yml", DefaultText: "/etc/ntfy/server.yml", Usage: "config file"},
|
||||
altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-file", Aliases: []string{"H"}, EnvVars: []string{"NTFY_AUTH_FILE"}, Usage: "auth database file used for access control"}),
|
||||
altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-default-access", Aliases: []string{"p"}, EnvVars: []string{"NTFY_AUTH_DEFAULT_ACCESS"}, Value: "read-write", Usage: "default permissions if no matching entries in the auth database are found"}),
|
||||
}
|
||||
|
||||
var flagsUser = userCommandFlags()
|
||||
var cmdUser = &cli.Command{
|
||||
Name: "user",
|
||||
Usage: "Manage users and access to topics",
|
||||
|
|
@ -60,21 +55,33 @@ var cmdUser = &cli.Command{
|
|||
},
|
||||
{
|
||||
Name: "change-pass",
|
||||
Aliases: []string{"ch"},
|
||||
Aliases: []string{"chp"},
|
||||
Usage: "change user password",
|
||||
Action: execUserChangePass,
|
||||
},
|
||||
{
|
||||
Name: "change-role",
|
||||
Aliases: []string{"chr"},
|
||||
Usage: "change user role",
|
||||
Action: execUserChangeRole,
|
||||
},
|
||||
{
|
||||
Name: "list",
|
||||
Aliases: []string{"chr"},
|
||||
Usage: "change user role",
|
||||
Action: execUserChangeRole,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
func execUserAdd(c *cli.Context) error {
|
||||
role := c.String("role")
|
||||
if c.NArg() == 0 {
|
||||
username := c.Args().Get(0)
|
||||
role := auth.Role(c.String("role"))
|
||||
if username == "" {
|
||||
return errors.New("username expected, type 'ntfy user add --help' for help")
|
||||
} else if role != string(auth.RoleUser) && role != string(auth.RoleAdmin) {
|
||||
} else if !auth.AllowedRole(role) {
|
||||
return errors.New("role must be either 'user' or 'admin'")
|
||||
}
|
||||
username := c.Args().Get(0)
|
||||
password, err := readPassword(c)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -91,10 +98,10 @@ func execUserAdd(c *cli.Context) error {
|
|||
}
|
||||
|
||||
func execUserDel(c *cli.Context) error {
|
||||
if c.NArg() == 0 {
|
||||
username := c.Args().Get(0)
|
||||
if username == "" {
|
||||
return errors.New("username expected, type 'ntfy user del --help' for help")
|
||||
}
|
||||
username := c.Args().Get(0)
|
||||
manager, err := createAuthManager(c)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -107,10 +114,10 @@ func execUserDel(c *cli.Context) error {
|
|||
}
|
||||
|
||||
func execUserChangePass(c *cli.Context) error {
|
||||
if c.NArg() == 0 {
|
||||
username := c.Args().Get(0)
|
||||
if username == "" {
|
||||
return errors.New("username expected, type 'ntfy user change-pass --help' for help")
|
||||
}
|
||||
username := c.Args().Get(0)
|
||||
password, err := readPassword(c)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -126,6 +133,23 @@ func execUserChangePass(c *cli.Context) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func execUserChangeRole(c *cli.Context) error {
|
||||
username := c.Args().Get(0)
|
||||
role := auth.Role(c.Args().Get(1))
|
||||
if username == "" || !auth.AllowedRole(role) {
|
||||
return errors.New("username and new role expected, type 'ntfy user change-role --help' for help")
|
||||
}
|
||||
manager, err := createAuthManager(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := manager.ChangeRole(username, role); err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Fprintf(c.App.ErrWriter, "Changed role for user %s to %s\n", username, role)
|
||||
return nil
|
||||
}
|
||||
|
||||
func createAuthManager(c *cli.Context) (auth.Manager, error) {
|
||||
authFile := c.String("auth-file")
|
||||
authDefaultAccess := c.String("auth-default-access")
|
||||
|
|
@ -158,3 +182,11 @@ func readPassword(c *cli.Context) (string, error) {
|
|||
}
|
||||
return string(password), nil
|
||||
}
|
||||
|
||||
func userCommandFlags() []cli.Flag {
|
||||
return []cli.Flag{
|
||||
&cli.StringFlag{Name: "config", Aliases: []string{"c"}, EnvVars: []string{"NTFY_CONFIG_FILE"}, Value: "/etc/ntfy/server.yml", DefaultText: "/etc/ntfy/server.yml", Usage: "config file"},
|
||||
altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-file", Aliases: []string{"H"}, EnvVars: []string{"NTFY_AUTH_FILE"}, Usage: "auth database file used for access control"}),
|
||||
altsrc.NewStringFlag(&cli.StringFlag{Name: "auth-default-access", Aliases: []string{"p"}, EnvVars: []string{"NTFY_AUTH_DEFAULT_ACCESS"}, Value: "read-write", Usage: "default permissions if no matching entries in the auth database are found"}),
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue