parra/ntfy
parra/ntfy
1
0
Fork 0
mirror of https://github.com/binwiederhier/ntfy.git synced 2025-11-28 19:32:14 +01:00
Code Releases Activity

make POST create user and PUT update user

Browse source
This commit is contained in:
Hunter Kehoe 2025-05-22 18:58:37 -06:00
parent 2b40ad9a12
commit fa48639517
4 changed files with 50 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

49
server/server_admin.go
View file

@ -39,7 +39,7 @@ func (s *Server) handleUsersGet(w http.ResponseWriter, r *http.Request, v *visit
}
func (s *Server) handleUsersAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
req, err := readJSONWithLimit[apiUserAddRequest](r.Body, jsonBodyBytesLimit, false)
req, err := readJSONWithLimit[apiUserAddOrUpdateRequest](r.Body, jsonBodyBytesLimit, false)
if err != nil {
return err
} else if !user.AllowedUsername(req.Username) || req.Password == "" {
@ -49,15 +49,6 @@ func (s *Server) handleUsersAdd(w http.ResponseWriter, r *http.Request, v *visit
if err != nil && !errors.Is(err, user.ErrUserNotFound) {
return err
} else if u != nil {
if req.Force {
if u.IsAdmin() {
return errHTTPForbidden
}
if err := s.userManager.ChangePassword(req.Username, req.Password); err != nil {
return err
}
return s.writeJSON(w, newSuccessResponse())
}
return errHTTPConflictUserExists
}
var tier *user.Tier
@ -79,6 +70,44 @@ func (s *Server) handleUsersAdd(w http.ResponseWriter, r *http.Request, v *visit
}
return s.writeJSON(w, newSuccessResponse())
}
func (s *Server) handleUsersUpdate(w http.ResponseWriter, r *http.Request, v *visitor) error {
req, err := readJSONWithLimit[apiUserAddOrUpdateRequest](r.Body, jsonBodyBytesLimit, false)
if err != nil {
return err
} else if !user.AllowedUsername(req.Username) || req.Password == "" {
return errHTTPBadRequest.Wrap("username invalid, or password missing")
}
u, err := s.userManager.User(req.Username)
if err != nil && !errors.Is(err, user.ErrUserNotFound) {
return err
} else if u != nil {
if u.IsAdmin() {
return errHTTPForbidden
}
if err := s.userManager.ChangePassword(req.Username, req.Password); err != nil {
return err
}
return s.writeJSON(w, newSuccessResponse())
}
var tier *user.Tier
if req.Tier != "" {
tier, err = s.userManager.Tier(req.Tier)
if errors.Is(err, user.ErrTierNotFound) {
return errHTTPBadRequestTierInvalid
} else if err != nil {
return err
}
}
if err := s.userManager.AddUser(req.Username, req.Password, user.RoleUser); err != nil {
return err
}
if tier != nil {
if err := s.userManager.ChangeTier(req.Username, req.Tier); err != nil {
return err
}
}
return s.writeJSON(w, newSuccessResponse())
}
func (s *Server) handleUsersDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
req, err := readJSONWithLimit[apiUserDeleteRequest](r.Body, jsonBodyBytesLimit, false)