git.squeep.com Git - akkoma/blob - lib/pleroma/web/admin_api/admin_api_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   6   @users_page_size 50
   7
   8   use Pleroma.Web, :controller
   9   alias Pleroma.User
  10   alias Pleroma.Web.ActivityPub.Relay
  11   alias Pleroma.Web.MastodonAPI.Admin.AccountView
  12
  13   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
  14
  15   require Logger
  16
  17   action_fallback(:errors)
  18
  19   def user_delete(conn, %{"nickname" => nickname}) do
  20     User.get_by_nickname(nickname)
  21     |> User.delete()
  22
  23     conn
  24     |> json(nickname)
  25   end
  26
  27   def user_create(
  28         conn,
  29         %{"nickname" => nickname, "email" => email, "password" => password}
  30       ) do
  31     user_data = %{
  32       nickname: nickname,
  33       name: nickname,
  34       email: email,
  35       password: password,
  36       password_confirmation: password,
  37       bio: "."
  38     }
  39
  40     changeset = User.register_changeset(%User{}, user_data, confirmed: true)
  41     {:ok, user} = User.register(changeset)
  42
  43     conn
  44     |> json(user.nickname)
  45   end
  46
  47   def user_toggle_activation(conn, %{"nickname" => nickname}) do
  48     user = User.get_by_nickname(nickname)
  49
  50     {:ok, updated_user} = User.deactivate(user, !user.info.deactivated)
  51
  52     conn
  53     |> json(AccountView.render("show.json", %{user: updated_user}))
  54   end
  55
  56   def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  57     with {:ok, _} <- User.tag(nicknames, tags),
  58          do: json_response(conn, :no_content, "")
  59   end
  60
  61   def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  62     with {:ok, _} <- User.untag(nicknames, tags),
  63          do: json_response(conn, :no_content, "")
  64   end
  65
  66   def list_users(%{assigns: %{user: admin}} = conn, %{"page" => page_string}) do
  67     with {page, _} <- Integer.parse(page_string),
  68          users <- User.all_except_one(admin, page, @users_page_size),
  69          count <- User.count_all_except_one(admin),
  70          do:
  71            conn
  72            |> json(
  73              AccountView.render("index.json", %{
  74                users: users,
  75                count: count,
  76                page_size: @users_page_size
  77              })
  78            )
  79   end
  80
  81   def search_users(%{assigns: %{user: admin}} = conn, %{"query" => query}) do
  82     users = User.search(query, true, admin, @users_page_size)
  83
  84     conn
  85     |> json(
  86       AccountView.render("index.json", %{
  87         users: users,
  88         count: length(users),
  89         page_size: @users_page_size
  90       })
  91     )
  92   end
  93
  94   def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname})
  95       when permission_group in ["moderator", "admin"] do
  96     user = User.get_by_nickname(nickname)
  97
  98     info =
  99       %{}
 100       |> Map.put("is_" <> permission_group, true)
 101
 102     info_cng = User.Info.admin_api_update(user.info, info)
 103
 104     cng =
 105       user
 106       |> Ecto.Changeset.change()
 107       |> Ecto.Changeset.put_embed(:info, info_cng)
 108
 109     {:ok, _user} = User.update_and_set_cache(cng)
 110
 111     json(conn, info)
 112   end
 113
 114   def right_add(conn, _) do
 115     conn
 116     |> put_status(404)
 117     |> json(%{error: "No such permission_group"})
 118   end
 119
 120   def right_get(conn, %{"nickname" => nickname}) do
 121     user = User.get_by_nickname(nickname)
 122
 123     conn
 124     |> json(%{
 125       is_moderator: user.info.is_moderator,
 126       is_admin: user.info.is_admin
 127     })
 128   end
 129
 130   def right_delete(
 131         %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
 132         %{
 133           "permission_group" => permission_group,
 134           "nickname" => nickname
 135         }
 136       )
 137       when permission_group in ["moderator", "admin"] do
 138     if admin_nickname == nickname do
 139       conn
 140       |> put_status(403)
 141       |> json(%{error: "You can't revoke your own admin status."})
 142     else
 143       user = User.get_by_nickname(nickname)
 144
 145       info =
 146         %{}
 147         |> Map.put("is_" <> permission_group, false)
 148
 149       info_cng = User.Info.admin_api_update(user.info, info)
 150
 151       cng =
 152         Ecto.Changeset.change(user)
 153         |> Ecto.Changeset.put_embed(:info, info_cng)
 154
 155       {:ok, _user} = User.update_and_set_cache(cng)
 156
 157       json(conn, info)
 158     end
 159   end
 160
 161   def right_delete(conn, _) do
 162     conn
 163     |> put_status(404)
 164     |> json(%{error: "No such permission_group"})
 165   end
 166
 167   def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do
 168     with {:ok, status} <- Ecto.Type.cast(:boolean, status),
 169          %User{} = user <- User.get_by_nickname(nickname),
 170          {:ok, _} <- User.deactivate(user, !status),
 171          do: json_response(conn, :no_content, "")
 172   end
 173
 174   def relay_follow(conn, %{"relay_url" => target}) do
 175     with {:ok, _message} <- Relay.follow(target) do
 176       json(conn, target)
 177     else
 178       _ ->
 179         conn
 180         |> put_status(500)
 181         |> json(target)
 182     end
 183   end
 184
 185   def relay_unfollow(conn, %{"relay_url" => target}) do
 186     with {:ok, _message} <- Relay.unfollow(target) do
 187       json(conn, target)
 188     else
 189       _ ->
 190         conn
 191         |> put_status(500)
 192         |> json(target)
 193     end
 194   end
 195
 196   @doc "Sends registration invite via email"
 197   def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do
 198     with true <-
 199            Pleroma.Config.get([:instance, :invites_enabled]) &&
 200              !Pleroma.Config.get([:instance, :registrations_open]),
 201          {:ok, invite_token} <- Pleroma.UserInviteToken.create_token(),
 202          email <-
 203            Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
 204          {:ok, _} <- Pleroma.Mailer.deliver(email) do
 205       json_response(conn, :no_content, "")
 206     end
 207   end
 208
 209   @doc "Get a account registeration invite token (base64 string)"
 210   def get_invite_token(conn, _params) do
 211     {:ok, token} = Pleroma.UserInviteToken.create_token()
 212
 213     conn
 214     |> json(token.token)
 215   end
 216
 217   @doc "Get a password reset token (base64 string) for given nickname"
 218   def get_password_reset(conn, %{"nickname" => nickname}) do
 219     (%User{local: true} = user) = User.get_by_nickname(nickname)
 220     {:ok, token} = Pleroma.PasswordResetToken.create_token(user)
 221
 222     conn
 223     |> json(token.token)
 224   end
 225
 226   def errors(conn, {:param_cast, _}) do
 227     conn
 228     |> put_status(400)
 229     |> json("Invalid parameters")
 230   end
 231
 232   def errors(conn, _) do
 233     conn
 234     |> put_status(500)
 235     |> json("Something went wrong")
 236   end
 237 end