git.squeep.com Git - akkoma/blob - lib/pleroma/web/admin_api/admin_api_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.AdminAPI.AdminAPIController do
   6   use Pleroma.Web, :controller
   7   alias Pleroma.User
   8   alias Pleroma.Web.ActivityPub.Relay
   9   alias Pleroma.Web.AdminAPI.AccountView
  10   alias Pleroma.Web.AdminAPI.Search
  11
  12   alias Pleroma.UserInviteToken
  13
  14   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
  15
  16   require Logger
  17
  18   @users_page_size 50
  19
  20   action_fallback(:errors)
  21
  22   def user_delete(conn, %{"nickname" => nickname}) do
  23     User.get_by_nickname(nickname)
  24     |> User.delete()
  25
  26     conn
  27     |> json(nickname)
  28   end
  29
  30   def user_follow(conn, %{"follower" => follower_nick, "followed" => followed_nick}) do
  31     with %User{} = follower <- User.get_by_nickname(follower_nick),
  32          %User{} = followed <- User.get_by_nickname(followed_nick) do
  33       User.follow(follower, followed)
  34     end
  35
  36     conn
  37     |> json("ok")
  38   end
  39
  40   def user_unfollow(conn, %{"follower" => follower_nick, "followed" => followed_nick}) do
  41     with %User{} = follower <- User.get_by_nickname(follower_nick),
  42          %User{} = followed <- User.get_by_nickname(followed_nick) do
  43       User.unfollow(follower, followed)
  44     end
  45
  46     conn
  47     |> json("ok")
  48   end
  49
  50   def user_create(
  51         conn,
  52         %{"nickname" => nickname, "email" => email, "password" => password}
  53       ) do
  54     user_data = %{
  55       nickname: nickname,
  56       name: nickname,
  57       email: email,
  58       password: password,
  59       password_confirmation: password,
  60       bio: "."
  61     }
  62
  63     changeset = User.register_changeset(%User{}, user_data, confirmed: true)
  64     {:ok, user} = User.register(changeset)
  65
  66     conn
  67     |> json(user.nickname)
  68   end
  69
  70   def user_show(conn, %{"nickname" => nickname}) do
  71     with %User{} = user <- User.get_by_nickname(nickname) do
  72       conn
  73       |> json(AccountView.render("show.json", %{user: user}))
  74     else
  75       _ -> {:error, :not_found}
  76     end
  77   end
  78
  79   def user_toggle_activation(conn, %{"nickname" => nickname}) do
  80     user = User.get_by_nickname(nickname)
  81
  82     {:ok, updated_user} = User.deactivate(user, !user.info.deactivated)
  83
  84     conn
  85     |> json(AccountView.render("show.json", %{user: updated_user}))
  86   end
  87
  88   def tag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  89     with {:ok, _} <- User.tag(nicknames, tags),
  90          do: json_response(conn, :no_content, "")
  91   end
  92
  93   def untag_users(conn, %{"nicknames" => nicknames, "tags" => tags}) do
  94     with {:ok, _} <- User.untag(nicknames, tags),
  95          do: json_response(conn, :no_content, "")
  96   end
  97
  98   def list_users(conn, params) do
  99     {page, page_size} = page_params(params)
 100     filters = maybe_parse_filters(params["filters"])
 101
 102     search_params = %{
 103       query: params["query"],
 104       page: page,
 105       page_size: page_size
 106     }
 107
 108     with {:ok, users, count} <- Search.user(Map.merge(search_params, filters)),
 109          do:
 110            conn
 111            |> json(
 112              AccountView.render("index.json",
 113                users: users,
 114                count: count,
 115                page_size: page_size
 116              )
 117            )
 118   end
 119
 120   @filters ~w(local external active deactivated)
 121
 122   defp maybe_parse_filters(filters) when is_nil(filters) or filters == "", do: %{}
 123
 124   @spec maybe_parse_filters(String.t()) :: %{required(String.t()) => true} | %{}
 125   defp maybe_parse_filters(filters) do
 126     filters
 127     |> String.split(",")
 128     |> Enum.filter(&Enum.member?(@filters, &1))
 129     |> Enum.map(&String.to_atom(&1))
 130     |> Enum.into(%{}, &{&1, true})
 131   end
 132
 133   def right_add(conn, %{"permission_group" => permission_group, "nickname" => nickname})
 134       when permission_group in ["moderator", "admin"] do
 135     user = User.get_by_nickname(nickname)
 136
 137     info =
 138       %{}
 139       |> Map.put("is_" <> permission_group, true)
 140
 141     info_cng = User.Info.admin_api_update(user.info, info)
 142
 143     cng =
 144       user
 145       |> Ecto.Changeset.change()
 146       |> Ecto.Changeset.put_embed(:info, info_cng)
 147
 148     {:ok, _user} = User.update_and_set_cache(cng)
 149
 150     json(conn, info)
 151   end
 152
 153   def right_add(conn, _) do
 154     conn
 155     |> put_status(404)
 156     |> json(%{error: "No such permission_group"})
 157   end
 158
 159   def right_get(conn, %{"nickname" => nickname}) do
 160     user = User.get_by_nickname(nickname)
 161
 162     conn
 163     |> json(%{
 164       is_moderator: user.info.is_moderator,
 165       is_admin: user.info.is_admin
 166     })
 167   end
 168
 169   def right_delete(
 170         %{assigns: %{user: %User{:nickname => admin_nickname}}} = conn,
 171         %{
 172           "permission_group" => permission_group,
 173           "nickname" => nickname
 174         }
 175       )
 176       when permission_group in ["moderator", "admin"] do
 177     if admin_nickname == nickname do
 178       conn
 179       |> put_status(403)
 180       |> json(%{error: "You can't revoke your own admin status."})
 181     else
 182       user = User.get_by_nickname(nickname)
 183
 184       info =
 185         %{}
 186         |> Map.put("is_" <> permission_group, false)
 187
 188       info_cng = User.Info.admin_api_update(user.info, info)
 189
 190       cng =
 191         Ecto.Changeset.change(user)
 192         |> Ecto.Changeset.put_embed(:info, info_cng)
 193
 194       {:ok, _user} = User.update_and_set_cache(cng)
 195
 196       json(conn, info)
 197     end
 198   end
 199
 200   def right_delete(conn, _) do
 201     conn
 202     |> put_status(404)
 203     |> json(%{error: "No such permission_group"})
 204   end
 205
 206   def set_activation_status(conn, %{"nickname" => nickname, "status" => status}) do
 207     with {:ok, status} <- Ecto.Type.cast(:boolean, status),
 208          %User{} = user <- User.get_by_nickname(nickname),
 209          {:ok, _} <- User.deactivate(user, !status),
 210          do: json_response(conn, :no_content, "")
 211   end
 212
 213   def relay_follow(conn, %{"relay_url" => target}) do
 214     with {:ok, _message} <- Relay.follow(target) do
 215       json(conn, target)
 216     else
 217       _ ->
 218         conn
 219         |> put_status(500)
 220         |> json(target)
 221     end
 222   end
 223
 224   def relay_unfollow(conn, %{"relay_url" => target}) do
 225     with {:ok, _message} <- Relay.unfollow(target) do
 226       json(conn, target)
 227     else
 228       _ ->
 229         conn
 230         |> put_status(500)
 231         |> json(target)
 232     end
 233   end
 234
 235   @doc "Sends registration invite via email"
 236   def email_invite(%{assigns: %{user: user}} = conn, %{"email" => email} = params) do
 237     with true <-
 238            Pleroma.Config.get([:instance, :invites_enabled]) &&
 239              !Pleroma.Config.get([:instance, :registrations_open]),
 240          {:ok, invite_token} <- UserInviteToken.create_invite(),
 241          email <-
 242            Pleroma.UserEmail.user_invitation_email(user, invite_token, email, params["name"]),
 243          {:ok, _} <- Pleroma.Mailer.deliver(email) do
 244       json_response(conn, :no_content, "")
 245     end
 246   end
 247
 248   @doc "Get a account registeration invite token (base64 string)"
 249   def get_invite_token(conn, params) do
 250     options = params["invite"] || %{}
 251     {:ok, invite} = UserInviteToken.create_invite(options)
 252
 253     conn
 254     |> json(invite.token)
 255   end
 256
 257   @doc "Get list of created invites"
 258   def invites_list(conn, _params) do
 259     invites = UserInviteToken.list_invites()
 260
 261     conn
 262     |> json(AccountView.render("invites.json", %{invites: invites}))
 263   end
 264
 265   @doc "Revokes invite by token"
 266   def invite_revoke(conn, %{"token" => token}) do
 267     invite = UserInviteToken.find_by_token!(token)
 268     {:ok, updated_invite} = UserInviteToken.update_invite(invite, %{used: true})
 269
 270     conn
 271     |> json(AccountView.render("invite.json", %{invite: updated_invite}))
 272   end
 273
 274   @doc "Get a password reset token (base64 string) for given nickname"
 275   def get_password_reset(conn, %{"nickname" => nickname}) do
 276     (%User{local: true} = user) = User.get_by_nickname(nickname)
 277     {:ok, token} = Pleroma.PasswordResetToken.create_token(user)
 278
 279     conn
 280     |> json(token.token)
 281   end
 282
 283   def errors(conn, {:error, :not_found}) do
 284     conn
 285     |> put_status(404)
 286     |> json("Not found")
 287   end
 288
 289   def errors(conn, {:param_cast, _}) do
 290     conn
 291     |> put_status(400)
 292     |> json("Invalid parameters")
 293   end
 294
 295   def errors(conn, _) do
 296     conn
 297     |> put_status(500)
 298     |> json("Something went wrong")
 299   end
 300
 301   defp page_params(params) do
 302     {get_page(params["page"]), get_page_size(params["page_size"])}
 303   end
 304
 305   defp get_page(page_string) when is_nil(page_string), do: 1
 306
 307   defp get_page(page_string) do
 308     case Integer.parse(page_string) do
 309       {page, _} -> page
 310       :error -> 1
 311     end
 312   end
 313
 314   defp get_page_size(page_size_string) when is_nil(page_size_string), do: @users_page_size
 315
 316   defp get_page_size(page_size_string) do
 317     case Integer.parse(page_size_string) do
 318       {page_size, _} -> page_size
 319       :error -> @users_page_size
 320     end
 321   end
 322 end