2018-12-18 00:53:21 +00:00
|
|
|
use rocket_contrib::json::Json;
|
|
|
|
use serde_json::Value;
|
|
|
|
|
2018-12-18 17:52:58 +00:00
|
|
|
use crate::api::{JsonResult, JsonUpcase};
|
|
|
|
use crate::CONFIG;
|
|
|
|
|
2019-01-04 15:32:51 +00:00
|
|
|
use crate::auth::{encode_jwt, generate_invite_claims};
|
|
|
|
use crate::mail;
|
2018-12-18 00:53:21 +00:00
|
|
|
use crate::db::models::*;
|
|
|
|
use crate::db::DbConn;
|
|
|
|
|
2018-12-18 17:52:58 +00:00
|
|
|
use rocket::request::{self, FromRequest, Request};
|
|
|
|
use rocket::{Outcome, Route};
|
2018-12-18 00:53:21 +00:00
|
|
|
|
|
|
|
pub fn routes() -> Vec<Route> {
|
2018-12-18 17:52:58 +00:00
|
|
|
routes![get_users, invite_user, delete_user]
|
2018-12-18 00:53:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Deserialize, Debug)]
|
|
|
|
#[allow(non_snake_case)]
|
|
|
|
struct InviteData {
|
|
|
|
Email: String,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[get("/users")]
|
|
|
|
fn get_users(_token: AdminToken, conn: DbConn) -> JsonResult {
|
2018-12-18 17:52:58 +00:00
|
|
|
let users = User::get_all(&conn);
|
2018-12-18 00:53:21 +00:00
|
|
|
let users_json: Vec<Value> = users.iter().map(|u| u.to_json(&conn)).collect();
|
2018-12-18 17:52:58 +00:00
|
|
|
|
2018-12-18 00:53:21 +00:00
|
|
|
Ok(Json(Value::Array(users_json)))
|
|
|
|
}
|
|
|
|
|
2018-12-18 17:52:58 +00:00
|
|
|
#[post("/invite", data = "<data>")]
|
|
|
|
fn invite_user(data: JsonUpcase<InviteData>, _token: AdminToken, conn: DbConn) -> JsonResult {
|
2018-12-18 00:53:21 +00:00
|
|
|
let data: InviteData = data.into_inner().data;
|
2019-01-04 15:32:51 +00:00
|
|
|
let email = data.Email.clone();
|
2018-12-18 00:53:21 +00:00
|
|
|
if User::find_by_mail(&data.Email, &conn).is_some() {
|
|
|
|
err!("User already exists")
|
|
|
|
}
|
|
|
|
|
2018-12-19 20:52:53 +00:00
|
|
|
if !CONFIG.invitations_allowed {
|
|
|
|
err!("Invitations are not allowed")
|
|
|
|
}
|
|
|
|
|
2018-12-19 21:51:08 +00:00
|
|
|
let mut invitation = Invitation::new(data.Email);
|
2018-12-19 20:52:53 +00:00
|
|
|
invitation.save(&conn)?;
|
2018-12-19 21:51:08 +00:00
|
|
|
|
2019-01-04 15:32:51 +00:00
|
|
|
if let Some(ref mail_config) = CONFIG.mail {
|
|
|
|
let mut user = User::new(email);
|
|
|
|
user.save(&conn)?;
|
|
|
|
let org_id = String::from("00000000-0000-0000-0000-000000000000");
|
|
|
|
let claims = generate_invite_claims(
|
|
|
|
user.uuid.to_string(),
|
|
|
|
user.email.clone(),
|
|
|
|
org_id.clone(),
|
|
|
|
None,
|
|
|
|
None,
|
|
|
|
);
|
|
|
|
let org_name = "bitwarden_rs";
|
|
|
|
let invite_token = encode_jwt(&claims);
|
|
|
|
mail::send_invite(&user.email, &org_id, &user.uuid, &invite_token, &org_name, mail_config)?;
|
|
|
|
}
|
2018-12-19 20:52:53 +00:00
|
|
|
|
|
|
|
Ok(Json(json!({})))
|
2018-12-18 00:53:21 +00:00
|
|
|
}
|
|
|
|
|
2018-12-18 17:52:58 +00:00
|
|
|
#[post("/users/<uuid>/delete")]
|
|
|
|
fn delete_user(uuid: String, _token: AdminToken, conn: DbConn) -> JsonResult {
|
|
|
|
let user = match User::find_by_uuid(&uuid, &conn) {
|
2018-12-18 00:53:21 +00:00
|
|
|
Some(user) => user,
|
2018-12-18 17:52:58 +00:00
|
|
|
None => err!("User doesn't exist"),
|
2018-12-18 00:53:21 +00:00
|
|
|
};
|
|
|
|
|
2018-12-19 20:52:53 +00:00
|
|
|
user.delete(&conn)?;
|
|
|
|
Ok(Json(json!({})))
|
2018-12-18 00:53:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
pub struct AdminToken {}
|
|
|
|
|
|
|
|
impl<'a, 'r> FromRequest<'a, 'r> for AdminToken {
|
|
|
|
type Error = &'static str;
|
|
|
|
|
|
|
|
fn from_request(request: &'a Request<'r>) -> request::Outcome<Self, Self::Error> {
|
2018-12-18 17:52:58 +00:00
|
|
|
let config_token = match CONFIG.admin_token.as_ref() {
|
|
|
|
Some(token) => token,
|
|
|
|
None => err_handler!("Admin panel is disabled"),
|
|
|
|
};
|
|
|
|
|
2018-12-18 00:53:21 +00:00
|
|
|
// Get access_token
|
|
|
|
let access_token: &str = match request.headers().get_one("Authorization") {
|
|
|
|
Some(a) => match a.rsplit("Bearer ").next() {
|
|
|
|
Some(split) => split,
|
|
|
|
None => err_handler!("No access token provided"),
|
|
|
|
},
|
|
|
|
None => err_handler!("No access token provided"),
|
|
|
|
};
|
|
|
|
|
|
|
|
// TODO: What authentication to use?
|
|
|
|
// Option 1: Make it a config option
|
|
|
|
// Option 2: Generate random token, and
|
|
|
|
// Option 2a: Send it to admin email, like upstream
|
|
|
|
// Option 2b: Print in console or save to data dir, so admin can check
|
|
|
|
|
2018-12-18 17:52:58 +00:00
|
|
|
if access_token != config_token {
|
2018-12-18 00:53:21 +00:00
|
|
|
err_handler!("Invalid admin token")
|
|
|
|
}
|
|
|
|
|
|
|
|
Outcome::Success(AdminToken {})
|
|
|
|
}
|
2018-12-18 17:52:58 +00:00
|
|
|
}
|