🗑️ Clean up code

2025-03-01 14:12:29 +08:00
parent e737d31fd9
commit 07d9335180
52 changed files with 71 additions and 17582 deletions
--- a/pkg/internal/web/admin/badges_api.go
+++ b/pkg/internal/web/admin/badges_api.go
@ -0,0 +1,63 @@
+package admin
+
+import (
+	"fmt"
+	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/web/exts"
+
+	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
+	"github.com/gofiber/fiber/v2"
+)
+
+func grantBadge(c *fiber.Ctx) error {
+	if err := exts.EnsureGrantedPerm(c, "AdminGrantBadges", true); err != nil {
+		return err
+	}
+
+	var data struct {
+		Type      string         `json:"type" validate:"required"`
+		Metadata  map[string]any `json:"metadata"`
+		AccountID uint           `json:"account_id"`
+	}
+
+	if err := exts.BindAndValidate(c, &data); err != nil {
+		return err
+	}
+
+	var err error
+	var account models.Account
+	if account, err = services.GetAccount(data.AccountID); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("target account was not found: %v", err))
+	}
+
+	badge := models.Badge{
+		Type:     data.Type,
+		Metadata: data.Metadata,
+	}
+
+	if err := services.GrantBadge(account, badge); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	} else {
+		return c.JSON(badge)
+	}
+}
+
+func revokeBadge(c *fiber.Ctx) error {
+	if err := exts.EnsureGrantedPerm(c, "AdminRevokeBadges", true); err != nil {
+		return err
+	}
+
+	id, _ := c.ParamsInt("badgeId", 0)
+
+	var badge models.Badge
+	if err := database.C.Where("id = ?", id).First(&badge).Error; err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("target badge was not found: %v", err))
+	}
+
+	if err := services.RevokeBadge(badge); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	} else {
+		return c.JSON(badge)
+	}
+}
--- a/pkg/internal/web/admin/factors_api.go
+++ b/pkg/internal/web/admin/factors_api.go
@ -0,0 +1,40 @@
+package admin
+
+import (
+	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/web/exts"
+	"github.com/gofiber/fiber/v2"
+	jsoniter "github.com/json-iterator/go"
+	"github.com/samber/lo"
+)
+
+func getUserAuthFactors(c *fiber.Ctx) error {
+	userId, _ := c.ParamsInt("user")
+
+	if err := exts.EnsureGrantedPerm(c, "AdminAuthFactors", true); err != nil {
+		return err
+	}
+
+	var factors []models.AuthFactor
+	if err := database.C.Where("account_id = ?", userId).Find(&factors).Error; err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	}
+
+	encodedResp := lo.Map(factors, func(item models.AuthFactor, idx int) map[string]any {
+		var encoded map[string]any
+		raw, _ := jsoniter.Marshal(item)
+		_ = jsoniter.Unmarshal(raw, &encoded)
+
+		// Blur out the secret if it isn't current rolling email one-time-password
+		if item.Type != models.EmailPasswordFactor && len(item.Secret) != 6 {
+			encoded["secret"] = "**CENSORED**"
+		} else {
+			encoded["secret"] = item.Secret
+		}
+
+		return encoded
+	})
+
+	return c.JSON(encodedResp)
+}
--- a/pkg/internal/web/admin/index.go
+++ b/pkg/internal/web/admin/index.go
@ -0,0 +1,22 @@
+package admin
+
+import (
+	"github.com/gofiber/fiber/v2"
+)
+
+func MapControllers(app *fiber.App, baseURL string) {
+	admin := app.Group(baseURL)
+	{
+		admin.Post("/badges", grantBadge)
+		admin.Delete("/badges/:badgeId", revokeBadge)
+
+		admin.Post("/notify/all", notifyAllUser)
+		admin.Post("/notify/:user", notifyOneUser)
+
+		admin.Get("/users", listUser)
+		admin.Get("/users/:user", getUser)
+		admin.Get("/users/:user/factors", getUserAuthFactors)
+		admin.Put("/users/:user/permissions", editUserPermission)
+		admin.Post("/users/:user/confirm", forceConfirmAccount)
+	}
+}
--- a/pkg/internal/web/admin/notify_api.go
+++ b/pkg/internal/web/admin/notify_api.go
@ -0,0 +1,121 @@
+package admin
+
+import (
+	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/web/exts"
+	"github.com/gofiber/fiber/v2"
+	"github.com/rs/zerolog/log"
+)
+
+func notifyAllUser(c *fiber.Ctx) error {
+	var data struct {
+		Topic      string         `json:"type" validate:"required"`
+		Title      string         `json:"subject" validate:"required,max=1024"`
+		Subtitle   string         `json:"subtitle" validate:"max=1024"`
+		Body       string         `json:"content" validate:"required,max=4096"`
+		Metadata   map[string]any `json:"metadata"`
+		Priority   int            `json:"priority"`
+		IsRealtime bool           `json:"is_realtime"`
+	}
+
+	if err := exts.BindAndValidate(c, &data); err != nil {
+		return err
+	}
+
+	if err := exts.EnsureGrantedPerm(c, "AdminNotifyAll", true); err != nil {
+		return err
+	}
+	operator := c.Locals("user").(models.Account)
+
+	var users []models.Account
+	if err := database.C.Find(&users).Error; err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	} else {
+		services.AddAuditRecord(operator, "notify.all", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
+			"payload": data,
+		})
+	}
+
+	go func() {
+		for _, user := range users {
+			notification := models.Notification{
+				Topic:     data.Topic,
+				Subtitle:  data.Subtitle,
+				Title:     data.Title,
+				Body:      data.Body,
+				Metadata:  data.Metadata,
+				Priority:  data.Priority,
+				Account:   user,
+				AccountID: user.ID,
+			}
+
+			if data.IsRealtime {
+				if err := services.PushNotification(notification); err != nil {
+					log.Error().Err(err).Uint("user", user.ID).Msg("Failed to push notification...")
+				}
+			} else {
+				if err := services.NewNotification(notification); err != nil {
+					log.Error().Err(err).Uint("user", user.ID).Msg("Failed to create notification...")
+				}
+			}
+		}
+	}()
+
+	return c.SendStatus(fiber.StatusOK)
+}
+
+func notifyOneUser(c *fiber.Ctx) error {
+	var data struct {
+		Topic      string         `json:"type" validate:"required"`
+		Title      string         `json:"subject" validate:"required,max=1024"`
+		Subtitle   string         `json:"subtitle" validate:"max=1024"`
+		Body       string         `json:"content" validate:"required,max=4096"`
+		Metadata   map[string]any `json:"metadata"`
+		Priority   int            `json:"priority"`
+		IsRealtime bool           `json:"is_realtime"`
+	}
+
+	if err := exts.BindAndValidate(c, &data); err != nil {
+		return err
+	}
+
+	if err := exts.EnsureGrantedPerm(c, "AdminNotifyAll", true); err != nil {
+		return err
+	}
+	operator := c.Locals("user").(models.Account)
+
+	userId, _ := c.ParamsInt("user", 0)
+
+	var user models.Account
+	if err := database.C.Where("id = ?", userId).First(&user).Error; err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	} else {
+		services.AddAuditRecord(operator, "notify.one", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
+			"user_id": user.ID,
+			"payload": data,
+		})
+	}
+
+	notification := models.Notification{
+		Topic:     data.Topic,
+		Subtitle:  data.Subtitle,
+		Title:     data.Title,
+		Body:      data.Body,
+		Priority:  data.Priority,
+		AccountID: user.ID,
+	}
+
+	if data.IsRealtime {
+		if err := services.PushNotification(notification); err != nil {
+			log.Error().Err(err).Uint("user", user.ID).Msg("Failed to push notification...")
+		}
+	} else {
+		if err := services.NewNotification(notification); err != nil {
+			log.Error().Err(err).Uint("user", user.ID).Msg("Failed to create notification...")
+		}
+	}
+
+	return c.SendStatus(fiber.StatusOK)
+}
--- a/pkg/internal/web/admin/permissions_api.go
+++ b/pkg/internal/web/admin/permissions_api.go
@ -0,0 +1,50 @@
+package admin
+
+import (
+	"fmt"
+
+	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/web/exts"
+	"github.com/gofiber/fiber/v2"
+)
+
+func editUserPermission(c *fiber.Ctx) error {
+	userId, _ := c.ParamsInt("user")
+
+	if err := exts.EnsureGrantedPerm(c, "AdminUserPermission", true); err != nil {
+		return err
+	}
+	operator := c.Locals("user").(models.Account)
+
+	var data struct {
+		PermNodes map[string]any `json:"perm_nodes" validate:"required"`
+	}
+
+	if err := exts.BindAndValidate(c, &data); err != nil {
+		return err
+	}
+
+	var user models.Account
+	if err := database.C.Where("id = ?", userId).First(&user).Error; err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("account was not found: %v", err))
+	}
+
+	prev := user.PermNodes
+	user.PermNodes = data.PermNodes
+
+	services.InvalidAuthCacheWithUser(user.ID)
+
+	if err := database.C.Save(&user).Error; err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	} else {
+		services.AddAuditRecord(operator, "user.permissions.edit", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
+			"user_id":              user.ID,
+			"previous_permissions": prev,
+			"new_permissions":      data.PermNodes,
+		})
+	}
+
+	return c.SendStatus(fiber.StatusOK)
+}
--- a/pkg/internal/web/admin/users_api.go
+++ b/pkg/internal/web/admin/users_api.go
@ -0,0 +1,72 @@
+package admin
+
+import (
+	"fmt"
+	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
+	"git.solsynth.dev/hypernet/passport/pkg/internal/web/exts"
+	"github.com/gofiber/fiber/v2"
+)
+
+func listUser(c *fiber.Ctx) error {
+	take := c.QueryInt("take", 0)
+	offset := c.QueryInt("offset", 0)
+
+	if err := exts.EnsureGrantedPerm(c, "AdminUser", true); err != nil {
+		return err
+	}
+
+	var count int64
+	if err := database.C.Model(&models.Account{}).Count(&count).Error; err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	}
+	var items []models.Account
+	if err := database.C.Offset(offset).Limit(take).Order("id ASC").Find(&items).Error; err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	}
+
+	return c.JSON(fiber.Map{
+		"count": count,
+		"data":  items,
+	})
+}
+
+func getUser(c *fiber.Ctx) error {
+	userId, _ := c.ParamsInt("user")
+
+	if err := exts.EnsureGrantedPerm(c, "AdminUser", true); err != nil {
+		return err
+	}
+
+	var user models.Account
+	if err := database.C.Where("id = ?", userId).First(&user).Error; err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("account was not found: %v", err))
+	}
+
+	return c.JSON(user)
+}
+
+func forceConfirmAccount(c *fiber.Ctx) error {
+	userId, _ := c.ParamsInt("user")
+
+	if err := exts.EnsureGrantedPerm(c, "AdminUserConfirmation", true); err != nil {
+		return err
+	}
+	operator := c.Locals("user").(models.Account)
+
+	var user models.Account
+	if err := database.C.Where("id = ?", userId).First(&user).Error; err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("account was not found: %v", err))
+	}
+
+	if err := services.ForceConfirmAccount(user); err != nil {
+		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	} else {
+		services.AddAuditRecord(operator, "user.confirm", c.IP(), c.Get(fiber.HeaderUserAgent), map[string]any{
+			"user_id": user.ID,
+		})
+	}
+
+	return c.SendStatus(fiber.StatusOK)
+}