git.squeep.com Git - akkoma/blob - lib/pleroma/web/admin_api/admin_api_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   6   use Pleroma.Web, :controller
   7   alias Pleroma.User
   8   alias Pleroma.UserInviteToken
   9   alias Pleroma.Web.ActivityPub.Relay
  10   alias Pleroma.Web.AdminAPI.AccountView
  11   alias Pleroma.Web.AdminAPI.Search
  12
  13   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
  14
  15   require Logger
  16
  17   @users_page_size 50
  18
  19   action_fallback(:errors)
  20
  21   def user_delete(conn, %{"nickname" => nickname}) do
  22     User.get_by_nickname(nickname)
  23     |> User.delete()
  24
  25     conn
  26     |> json(nickname)
  27   end
  28
  29   def user_follow(conn, %{"follower" => follower_nick, "followed" => followed_nick}) do
  30     with %User{} = follower <- User.get_by_nickname(follower_nick),
  31          %User{} = followed <- User.get_by_nickname(followed_nick) do
  32       User.follow(follower, followed)
  33     end
  34
  35     conn
  36     |> json("ok")
  37   end
  38
  39   def user_unfollow(conn, %{"follower" => follower_nick, "followed" => followed_nick}) do
  40     with %User{} = follower <- User.get_by_nickname(follower_nick),
  41          %User{} = followed <- User.get_by_nickname(followed_nick) do
  42       User.unfollow(follower, followed)
  43     end
  44
  45     conn
  46     |> json("ok")
  47   end
  48
  49   def user_create(
  50         conn,
  51         %{"nickname" => nickname, "email" => email, "password" => password}
  52       ) do
  53     user_data = %{
  54       nickname: nickname,
  55       name: nickname,
  56       email: email,
  57       password: password,
  58       password_confirmation: password,
  59       bio: "."
  60     }
  61
  62     changeset = User.register_changeset(%User{}, user_data, confirmed: true)
  63     {:ok, user} = User.register(changeset)
  64
  65     conn
  66     |> json(user.nickname)
  67   end
  68
  69   def user_show(conn, %{"nickname" => nickname}) do
  70     with %User{} = user <- User.get_by_nickname(nickname) do
  71       conn
  72       |> json(AccountView.render("show.json", %{user: user}))
  73     else
  74       _ -> {:error, :not_found}
  75     end
  76   end
  77
  78   def user_toggle_activation(conn, %{"nickname" => nickname}) do
  79     user = User.get_by_nickname(nickname)
  80
  81     {:ok, updated_user} = User.deactivate(user, !user.info.deactivated)
  82
  83     conn
  84     |> json(AccountView.render("show.json", %{user: updated_user}))
  85   end
  86
  87   def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  88     with {:ok, _} <- User.tag(nicknames, tags),
  89          do: json_response(conn, :no_content, "")
  90   end
  91
  92   def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  93     with {:ok, _} <- User.untag(nicknames, tags),
  94          do: json_response(conn, :no_content, "")
  95   end
  96
  97   def list_users(conn, params) do
  98     {page, page_size} = page_params(params)
  99     filters = maybe_parse_filters(params["filters"])
 100
 101     search_params = %{
 102       query: params["query"],
 103       page: page,
 104       page_size: page_size
 105     }
 106
 107     with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)),
 108          do:
 109            conn
 110            |> json(
 111              AccountView.render("index.json",
 112                users: users,
 113                count: count,
 114                page_size: page_size
 115              )
 116            )
 117   end
 118
 119   @filters ~w(local external active deactivated)
 120
 121   defp maybe_parse_filters(filters) when is_nil(filters) or filters == "", do: %{}
 122
 123   @spec maybe_parse_filters(String.t()) :: %{required(String.t()) => true} | %{}
 124   defp maybe_parse_filters(filters) do
 125     filters
 126     |> String.split(",")
 127     |> Enum.filter(&Enum.member?(@filters, &1))
 128     |> Enum.map(&String.to_atom(&1))
 129     |> Enum.into(%{}, &{&1, true})
 130   end
 131
 132   def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname})
 133       when permission_group in ["moderator", "admin"] do
 134     user = User.get_by_nickname(nickname)
 135
 136     info =
 137       %{}
 138       |> Map.put("is_" <> permission_group, true)
 139
 140     info_cng = User.Info.admin_api_update(user.info, info)
 141
 142     cng =
 143       user
 144       |> Ecto.Changeset.change()
 145       |> Ecto.Changeset.put_embed(:info, info_cng)
 146
 147     {:ok, _user} = User.update_and_set_cache(cng)
 148
 149     json(conn, info)
 150   end
 151
 152   def right_add(conn, _) do
 153     conn
 154     |> put_status(404)
 155     |> json(%{error: "No such permission_group"})
 156   end
 157
 158   def right_get(conn, %{"nickname" => nickname}) do
 159     user = User.get_by_nickname(nickname)
 160
 161     conn
 162     |> json(%{
 163       is_moderator: user.info.is_moderator,
 164       is_admin: user.info.is_admin
 165     })
 166   end
 167
 168   def right_delete(
 169         %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
 170         %{
 171           "permission_group" => permission_group,
 172           "nickname" => nickname
 173         }
 174       )
 175       when permission_group in ["moderator", "admin"] do
 176     if admin_nickname == nickname do
 177       conn
 178       |> put_status(403)
 179       |> json(%{error: "You can't revoke your own admin status."})
 180     else
 181       user = User.get_by_nickname(nickname)
 182
 183       info =
 184         %{}
 185         |> Map.put("is_" <> permission_group, false)
 186
 187       info_cng = User.Info.admin_api_update(user.info, info)
 188
 189       cng =
 190         Ecto.Changeset.change(user)
 191         |> Ecto.Changeset.put_embed(:info, info_cng)
 192
 193       {:ok, _user} = User.update_and_set_cache(cng)
 194
 195       json(conn, info)
 196     end
 197   end
 198
 199   def right_delete(conn, _) do
 200     conn
 201     |> put_status(404)
 202     |> json(%{error: "No such permission_group"})
 203   end
 204
 205   def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do
 206     with {:ok, status} <- Ecto.Type.cast(:boolean, status),
 207          %User{} = user <- User.get_by_nickname(nickname),
 208          {:ok, _} <- User.deactivate(user, !status),
 209          do: json_response(conn, :no_content, "")
 210   end
 211
 212   def relay_follow(conn, %{"relay_url" => target}) do
 213     with {:ok, _message} <- Relay.follow(target) do
 214       json(conn, target)
 215     else
 216       _ ->
 217         conn
 218         |> put_status(500)
 219         |> json(target)
 220     end
 221   end
 222
 223   def relay_unfollow(conn, %{"relay_url" => target}) do
 224     with {:ok, _message} <- Relay.unfollow(target) do
 225       json(conn, target)
 226     else
 227       _ ->
 228         conn
 229         |> put_status(500)
 230         |> json(target)
 231     end
 232   end
 233
 234   @doc "Sends registration invite via email"
 235   def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do
 236     with true <-
 237            Pleroma.Config.get([:instance, :invites_enabled]) &&
 238              !Pleroma.Config.get([:instance, :registrations_open]),
 239          {:ok, invite_token} <- UserInviteToken.create_invite(),
 240          email <-
 241            Pleroma.Emails.UserEmail.user_invitation_email(
 242              user,
 243              invite_token,
 244              email,
 245              params["name"]
 246            ),
 247          {:ok, _} <- Pleroma.Emails.Mailer.deliver(email) do
 248       json_response(conn, :no_content, "")
 249     end
 250   end
 251
 252   @doc "Get a account registeration invite token (base64 string)"
 253   def get_invite_token(conn, params) do
 254     options = params["invite"] || %{}
 255     {:ok, invite} = UserInviteToken.create_invite(options)
 256
 257     conn
 258     |> json(invite.token)
 259   end
 260
 261   @doc "Get list of created invites"
 262   def invites(conn, _params) do
 263     invites = UserInviteToken.list_invites()
 264
 265     conn
 266     |> json(AccountView.render("invites.json", %{invites: invites}))
 267   end
 268
 269   @doc "Revokes invite by token"
 270   def revoke_invite(conn, %{"token" => token}) do
 271     invite = UserInviteToken.find_by_token!(token)
 272     {:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true})
 273
 274     conn
 275     |> json(AccountView.render("invite.json", %{invite: updated_invite}))
 276   end
 277
 278   @doc "Get a password reset token (base64 string) for given nickname"
 279   def get_password_reset(conn, %{"nickname" => nickname}) do
 280     (%User{local: true} = user) = User.get_by_nickname(nickname)
 281     {:ok, token} = Pleroma.PasswordResetToken.create_token(user)
 282
 283     conn
 284     |> json(token.token)
 285   end
 286
 287   def errors(conn, {:error, :not_found}) do
 288     conn
 289     |> put_status(404)
 290     |> json("Not found")
 291   end
 292
 293   def errors(conn, {:param_cast, _}) do
 294     conn
 295     |> put_status(400)
 296     |> json("Invalid parameters")
 297   end
 298
 299   def errors(conn, _) do
 300     conn
 301     |> put_status(500)
 302     |> json("Something went wrong")
 303   end
 304
 305   defp page_params(params) do
 306     {get_page(params["page"]), get_page_size(params["page_size"])}
 307   end
 308
 309   defp get_page(page_string) when is_nil(page_string), do: 1
 310
 311   defp get_page(page_string) do
 312     case Integer.parse(page_string) do
 313       {page, _} -> page
 314       :error -> 1
 315     end
 316   end
 317
 318   defp get_page_size(page_size_string) when is_nil(page_size_string), do: @users_page_size
 319
 320   defp get_page_size(page_size_string) do
 321     case Integer.parse(page_size_string) do
 322       {page_size, _} -> page_size
 323       :error -> @users_page_size
 324     end
 325   end
 326 end