jimzah/Telodendria
1
0
Fork 0
forked from Telodendria/Telodendria
Code Pull requests Activity

Compare commits

base: jimzah:pull-37
Branches Tags
jimzah:master
jimzah:pull-37
Telodendria:master
jimzah:Telodendria-0_3_0
jimzah:Telodendria-0_2_1
jimzah:Telodendria-0_2_0
jimzah:Telodendria-0_1_0
Telodendria:Telodendria-0_1_0
Telodendria:Telodendria-0_2_0
Telodendria:Telodendria-0_2_1
Telodendria:Telodendria-0_3_0
..
compare: jimzah:master
Branches Tags
jimzah:master
jimzah:pull-37
Telodendria:master
jimzah:Telodendria-0_3_0
jimzah:Telodendria-0_2_1
jimzah:Telodendria-0_2_0
jimzah:Telodendria-0_1_0
Telodendria:Telodendria-0_1_0
Telodendria:Telodendria-0_2_0
Telodendria:Telodendria-0_2_1
Telodendria:Telodendria-0_3_0

1 commit
pull-37 ... master

Author SHA1 Message Date
Jordan Bancino
6e7f170768 Start working on #15. 2023-11-06 20:42:39 -05:00
11 changed files with 164 additions and 264 deletions
Show stats Expand all files Collapse all files

9
docs/CHANGELOG.md
View file

@ -29,16 +29,11 @@ Matrix clients. (#35)
### New Features
- Implemented `/_telodendria/admin/v1/deactivate/[localpart]` for admins to be able to
deactivate users.
- Moved all administrator API endpoints to `/_telodendria/admin/v1`, because later revisions
of the administrator API may break clients, so we want a way to give those breaking revisions
new endpoints.
- Implemented `/_telodendria/admin/v1/deactivate/[localpart]` for admins to be able to
deactivate users.
- Implemented the following APIs for managing registration tokens:
- **GET** `/_telodendria/admin/tokens`
- **GET** `/_telodendria/admin/tokens/[token]`
- **POST** `/_telodendria/admin/tokens`
- **DELETE** `/_telodendria/admin/tokens/[token]`
## v0.3.0

64
src/RegToken.c
View file

@ -30,10 +30,8 @@
#include <Cytoplasm/Json.h>
#include <Cytoplasm/Util.h>
#include <Cytoplasm/Str.h>
#include <Cytoplasm/Int64.h>
#include <Cytoplasm/Log.h>
#include <User.h>
#include <Cytoplasm/Int64.h>
int
RegTokenValid(RegTokenInfo * token)
@ -101,7 +99,8 @@ RegTokenDelete(RegTokenInfo * token)
{
return 0;
}
RegTokenInfoFree(token);
Free(token->name);
Free(token->owner);
Free(token);
return 1;
}
@ -114,8 +113,6 @@ RegTokenGetInfo(Db * db, char *token)
DbRef *tokenRef;
HashMap *tokenJson;
char *errp = NULL;
if (!RegTokenExists(db, token))
{
return NULL;
@ -129,25 +126,36 @@ RegTokenGetInfo(Db * db, char *token)
tokenJson = DbJson(tokenRef);
ret = Malloc(sizeof(RegTokenInfo));
if (!RegTokenInfoFromJson(tokenJson, ret, &errp))
{
Log(LOG_ERR, "RegTokenGetInfo(): Database decoding error: %s", errp);
RegTokenFree(ret);
return NULL;
}
ret->db = db;
ret->ref = tokenRef;
ret->owner =
StrDuplicate(JsonValueAsString(HashMapGet(tokenJson, "created_by")));
ret->name = StrDuplicate(token);
ret->expires =
JsonValueAsInteger(HashMapGet(tokenJson, "expires_on"));
ret->created =
JsonValueAsInteger(HashMapGet(tokenJson, "created_on"));
ret->uses =
JsonValueAsInteger(HashMapGet(tokenJson, "uses"));
ret->used =
JsonValueAsInteger(HashMapGet(tokenJson, "used"));
ret->grants =
UserDecodePrivileges(HashMapGet(tokenJson, "grants"));
return ret;
}
void
RegTokenFree(RegTokenInfo *tokeninfo)
RegTokenFree(RegTokenInfo * tokeninfo)
{
if (tokeninfo)
{
RegTokenInfoFree(tokeninfo);
Free(tokeninfo->name);
Free(tokeninfo->owner);
Free(tokeninfo);
}
}
@ -159,9 +167,6 @@ RegTokenClose(RegTokenInfo * tokeninfo)
return 0;
}
/* Write object to database. */
DbJsonSet(tokeninfo->ref, RegTokenInfoToJson(tokeninfo));
return DbUnlock(tokeninfo->db, tokeninfo->ref);
}
static int
@ -197,6 +202,7 @@ RegTokenInfo *
RegTokenCreate(Db * db, char *name, char *owner, UInt64 expires, Int64 uses, int privileges)
{
RegTokenInfo *ret;
HashMap *tokenJson;
UInt64 timestamp = UtilServerTs();
@ -229,12 +235,26 @@ RegTokenCreate(Db * db, char *name, char *owner, UInt64 expires, Int64 uses, int
return NULL;
}
ret->name = StrDuplicate(name);
ret->created_by = StrDuplicate(owner);
ret->owner = StrDuplicate(owner);
ret->used = Int64Create(0, 0);
ret->uses = uses;
ret->created_on = timestamp;
ret->expires_on = expires;
ret->grants = UserEncodePrivileges(privileges);
ret->created = timestamp;
ret->expires = expires;
ret->grants = privileges;
/* Write user info to database. */
tokenJson = DbJson(ret->ref);
HashMapSet(tokenJson, "created_by",
JsonValueString(ret->owner));
HashMapSet(tokenJson, "created_on",
JsonValueInteger(ret->created));
HashMapSet(tokenJson, "expires_on",
JsonValueInteger(ret->expires));
HashMapSet(tokenJson, "used",
JsonValueInteger(ret->used));
HashMapSet(tokenJson, "uses",
JsonValueInteger(ret->uses));
HashMapSet(tokenJson, "grants", UserEncodePrivileges(privileges));
return ret;
}

2
src/Routes.c
View file

@ -87,8 +87,6 @@ RouterBuild(void)
R("/_telodendria/admin/v1/privileges", RoutePrivileges);
R("/_telodendria/admin/v1/privileges/(.*)", RoutePrivileges);
R("/_telodendria/admin/v1/deactivate/(.*)", RouteAdminDeactivate);
R("/_telodendria/admin/v1/tokens/(.*)", RouteAdminTokens);
R("/_telodendria/admin/v1/tokens", RouteAdminTokens);
#undef R

212
src/Routes/RouteAdminTokens.c
View file

@ -1,212 +0,0 @@
/*
* Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <Routes.h>
#include <Cytoplasm/Json.h>
#include <Cytoplasm/HashMap.h>
#include <Cytoplasm/Str.h>
#include <Cytoplasm/Memory.h>
#include <RegToken.h>
#include <User.h>
ROUTE_IMPL(RouteAdminTokens, path, argp)
{
RouteArgs *args = argp;
HashMap *request = NULL;
HashMap *response = NULL;
char *token;
char *username;
char *name;
char *msg;
Db *db = args->matrixArgs->db;
User *user = NULL;
HttpRequestMethod method = HttpRequestMethodGet(args->context);
Array *tokensarray;
Array *tokens;
RegTokenInfo *info;
RegTokenAdminRequest *req;
size_t i;
Int64 maxuses;
Int64 lifetime;
if (method != HTTP_GET && method != HTTP_POST && method != HTTP_DELETE)
{
msg = "Route only supports GET, POST, and DELETE";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
return MatrixErrorCreate(M_UNRECOGNIZED, msg);
}
response = MatrixGetAccessToken(args->context, &token);
if (response)
{
goto finish;
}
user = UserAuthenticate(db, token);
if (!user)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNKNOWN_TOKEN, NULL);
goto finish;
}
if (!(UserGetPrivileges(user) & USER_ISSUE_TOKENS))
{
msg = "User doesn't have the ISSUE_TOKENS privilege.";
HttpResponseStatus(args->context, HTTP_FORBIDDEN);
response = MatrixErrorCreate(M_FORBIDDEN, msg);
goto finish;
}
switch (method)
{
case HTTP_GET:
if (ArraySize(path) == 0)
{
tokensarray = ArrayCreate();
/* Get all registration tokens */
tokens = DbList(db, 2, "tokens", "registration");
response = HashMapCreate();
for (i = 0; i < ArraySize(tokens); i++)
{
char *tokenname = ArrayGet(tokens, i);
HashMap *jsoninfo;
info = RegTokenGetInfo(db, tokenname);
jsoninfo = RegTokenInfoToJson(info);
RegTokenClose(info);
RegTokenFree(info);
ArrayAdd(tokensarray, JsonValueObject(jsoninfo));
}
JsonSet(response, JsonValueArray(tokensarray), 1, "tokens");
DbListFree(tokens);
break;
}
info = RegTokenGetInfo(db, ArrayGet(path, 0));
if (!info)
{
msg = "Token doesn't exist.";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_INVALID_PARAM, msg);
goto finish;
}
response = RegTokenInfoToJson(info);
RegTokenClose(info);
RegTokenFree(info);
break;
case HTTP_POST:
request = JsonDecode(HttpServerStream(args->context));
if (!request)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_NOT_JSON, NULL);
goto finish;
}
req = Malloc(sizeof(RegTokenAdminRequest));
req->max_uses = Int64Neg(Int64Create(0, 1));
req->lifetime = Int64Create(0, 0);
req->name = NULL;
if (!RegTokenAdminRequestFromJson(request, req, &msg))
{
RegTokenAdminRequestFree(req);
Free(req);
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, msg);
goto finish;
}
if (!req->name)
{
req->name = StrRandom(16);
}
username = UserGetName(user);
name = req->name;
maxuses = req->max_uses;
lifetime = req->lifetime;
info = RegTokenCreate(db, name, username, maxuses, lifetime, 0);
if (!info)
{
RegTokenClose(info);
RegTokenFree(info);
RegTokenAdminRequestFree(req);
Free(req);
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
msg = "Cannot create token";
response = MatrixErrorCreate(M_INVALID_PARAM, msg);
goto finish;
}
response = RegTokenInfoToJson(info);
RegTokenClose(info);
RegTokenFree(info);
RegTokenAdminRequestFree(req);
Free(req);
break;
case HTTP_DELETE:
if (ArraySize(path) == 0)
{
msg = "No registration token given to DELETE /tokens/[token].";
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_INVALID_PARAM, msg);
goto finish;
}
info = RegTokenGetInfo(db, ArrayGet(path, 0));
RegTokenDelete(info);
/* As this is a No Content, let's not set any data in the
* response */
HttpResponseStatus(args->context, HTTP_NO_CONTENT);
default:
/* Fallthrough, as those are naturally kept out beforehand */
break;
}
finish:
UserUnlock(user);
JsonFree(request);
return response;
}

50
src/Routes/RouteConfig.c
View file

@ -39,6 +39,7 @@ ROUTE_IMPL(RouteConfig, path, argp)
HashMap *request = NULL;
Config *newConf;
HashMap *newJson = NULL;
(void) path;
@ -121,7 +122,54 @@ ROUTE_IMPL(RouteConfig, path, argp)
JsonFree(request);
break;
case HTTP_PUT:
/* TODO: Support incremental changes to the config */
request = JsonDecode(HttpServerStream(args->context));
if (!request)
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_NOT_JSON, NULL);
break;
}
newJson = JsonDuplicate(DbJson(config->ref));
JsonMerge(newJson, request);
newConf = ConfigParse(newJson);
/* TODO: Don't leak newJson. */
if (!newConf)
{
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
break;
}
if (newConf->ok)
{
if (DbJsonSet(config->ref, newJson))
{
response = HashMapCreate();
/*
* TODO: Apply configuration and set this only if a main
* component was reconfigured, such as the listeners.
*/
HashMapSet(response, "restart_required", JsonValueBoolean(1));
}
else
{
HttpResponseStatus(args->context, HTTP_INTERNAL_SERVER_ERROR);
response = MatrixErrorCreate(M_UNKNOWN, NULL);
}
}
else
{
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_BAD_JSON, newConf->err);
}
ConfigFree(newConf);
JsonFree(request);
break;
default:
HttpResponseStatus(args->context, HTTP_BAD_REQUEST);
response = MatrixErrorCreate(M_UNRECOGNIZED, NULL);

6
src/Routes/RoutePrivileges.c
View file

@ -98,15 +98,15 @@ ROUTE_IMPL(RoutePrivileges, path, argp)
switch (HttpRequestMethodGet(args->context))
{
case HTTP_POST:
privileges = UserDecodePrivileges(JsonValueAsArray(val));
privileges = UserDecodePrivileges(val);
break;
case HTTP_PUT:
privileges = UserGetPrivileges(user);
privileges |= UserDecodePrivileges(JsonValueAsArray(val));
privileges |= UserDecodePrivileges(val);
break;
case HTTP_DELETE:
privileges = UserGetPrivileges(user);
privileges &= ~UserDecodePrivileges(JsonValueAsArray(val));
privileges &= ~UserDecodePrivileges(val);
break;
default:
/* Impossible */

2
src/Routes/RouteRegister.c
View file

@ -276,7 +276,7 @@ ROUTE_IMPL(RouteRegister, path, argp)
if (info)
{
UserSetPrivileges(user, UserDecodePrivileges(info->grants));
UserSetPrivileges(user, info->grants);
RegTokenClose(info);
RegTokenFree(info);
}

27
src/User.c
View file

@ -768,7 +768,7 @@ UserSetPrivileges(User * user, int privileges)
return 1;
}
val = JsonValueArray(UserEncodePrivileges(privileges));
val = UserEncodePrivileges(privileges);
if (!val)
{
return 0;
@ -779,26 +779,31 @@ UserSetPrivileges(User * user, int privileges)
}
int
UserDecodePrivileges(Array * arr)
UserDecodePrivileges(JsonValue * val)
{
int privileges = USER_NONE;
size_t i;
Array *arr;
if (!arr)
if (!val)
{
goto finish;
}
for (i = 0; i < ArraySize(arr); i++)
if (JsonValueType(val) == JSON_ARRAY)
{
JsonValue *val = ArrayGet(arr, i);
if (!val || JsonValueType(val) != JSON_STRING)
arr = JsonValueAsArray(val);
for (i = 0; i < ArraySize(arr); i++)
{
continue;
}
val = ArrayGet(arr, i);
if (!val || JsonValueType(val) != JSON_STRING)
{
continue;
}
privileges |= UserDecodePrivilege(JsonValueAsString(val));
privileges |= UserDecodePrivilege(JsonValueAsString(val));
}
}
finish:
@ -846,7 +851,7 @@ UserDecodePrivilege(const char *p)
}
}
Array *
JsonValue *
UserEncodePrivileges(int privileges)
{
Array *arr = ArrayCreate();
@ -878,7 +883,7 @@ UserEncodePrivileges(int privileges)
#undef A
finish:
return arr;
return JsonValueArray(arr);
}
UserId *

50
src/include/RegToken.h
View file

@ -42,7 +42,54 @@
#include <Cytoplasm/Db.h>
#include <Cytoplasm/Int64.h>
#include <Schema/RegToken.h>
/**
* This structure describes a registration token that is in the
* database.
*/
typedef struct RegTokenInfo
{
Db *db;
DbRef *ref;
/*
* The token itself.
*/
char *name;
/*
* Who created this token. Note that this can be NULL if the
* token was created by Telodendria itself.
*/
char *owner;
/*
* How many times the token was used.
*/
Int64 used;
/*
* How many uses are allowed.
*/
Int64 uses;
/*
* Timestamp when this token was created.
*/
UInt64 created;
/*
* Timestamp when this token expires, or 0 if it does not
* expire.
*/
UInt64 expires;
/*
* A bit field describing the privileges this token grants. See
* the User API documentation for the privileges supported.
*/
int grants;
} RegTokenInfo;
/**
* ``Use'' the specified registration token by increasing the used
@ -85,6 +132,7 @@ RegTokenCreate(Db *, char *, char *, UInt64, Int64, int);
* .Fn RegTokenClose .
*/
extern void RegTokenFree(RegTokenInfo *);
/**
* Return a boolean value indicating whether or not the specified token
* is valid. A registration token is only valid if it has not expired

2
src/include/Routes.h
View file

@ -105,8 +105,6 @@ ROUTE(RouteRoomAliases);
ROUTE(RouteAdminDeactivate);
ROUTE(RouteAdminTokens);
#undef ROUTE
#endif

4
src/include/User.h
View file

@ -286,13 +286,13 @@ extern int UserSetPrivileges(User *, int);
* Decode the JSON that represents the user privileges into a packed
* bit field for simple manipulation.
*/
extern int UserDecodePrivileges(Array *);
extern int UserDecodePrivileges(JsonValue *);
/**
* Encode the packed bit field that represents user privileges as a
* JSON value.
*/
extern Array *UserEncodePrivileges(int);
extern JsonValue *UserEncodePrivileges(int);
/**
* Convert a string privilege into its bit in the bit field. This is