Your ROOT_URL in app.ini is https://git.cloudchain.link/ but you are visiting https://dash.bss.nz/open-source-mirrors/jfa-go/blame/commit/41c092f578c6fdd5e609c0d117c67ee8714f43f2/api-userpage.go You should set ROOT_URL correctly, otherwise the web may not work correctly.
open-source-mirrors
/
jfa-go
mirror of https://github.com/hrfee/jfa-go
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
jfa-go/api-userpage.go

710 lines
21 KiB
Raw Normal View History Unescape

userpage: initial page login, lang, and theme work. Currently only makes a request to a hello-world type endpoint to verify auth works. Accessible at /my/account.
2 years ago
package main
userpage: change email (+ confirmation) edit/add button added for email address. Confirmation works too.
2 years ago
import (
"net/http"
"os"
referrals: 1/2 generation routes, display route, partial frontend route for generation/enabling of referral for user(s) done? the frontend is mostly done, but functionality is not there yet. Route for finding and displaying referral to user is done. Also the config option for referral is there, in user page settings.
2 years ago
"strconv"
userpage: change email (+ confirmation) edit/add button added for email address. Confirmation works too.
2 years ago
"strings"
"time"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt"
referrals: 1/2 generation routes, display route, partial frontend route for generation/enabling of referral for user(s) done? the frontend is mostly done, but functionality is not there yet. Route for finding and displaying referral to user is done. Also the config option for referral is there, in user page settings.
2 years ago
"github.com/lithammer/shortuuid/v3"
"github.com/timshannon/badgerhold/v4"
)
const (
userpage: generate & display referral links shown on a new card, with an explanation, the number of remaining uses, and expiry of the current referral.
2 years ago
REFERRAL_EXPIRY_DAYS = 90
userpage: change email (+ confirmation) edit/add button added for email address. Confirmation works too.
2 years ago
)
userpage: initial page login, lang, and theme work. Currently only makes a request to a hello-world type endpoint to verify auth works. Accessible at /my/account.
2 years ago
userpage: add matrix
2 years ago
// @Summary Returns the logged-in user's Jellyfin ID & Username, and other details.
userpage: use form langfile, move login strings to common login-related stuff was moved into common using the langmover script, so that the user page doesn't have to use the admin language files.
2 years ago
// @Produce json
// @Success 200 {object} MyDetailsDTO
// @Router /my/details [get]
// @tags User Page
func (app *appContext) MyDetails(gc *gin.Context) {
resp := MyDetailsDTO{
Id: gc.GetString("jfId"),
}
user, status, err := app.jf.UserByID(resp.Id, false)
if status != 200 || err != nil {
app.err.Printf("Failed to get Jellyfin user (%d): %+v\n", status, err)
respond(500, "Failed to get user", gc)
return
}
resp.Username = user.Name
userpage: show and allow modification of contact methods
2 years ago
resp.Admin = user.Policy.IsAdministrator
userpage: show placeholder message card for admins
2 years ago
resp.AccountsAdmin = false
if !app.config.Section("ui").Key("allow_all").MustBool(false) {
adminOnly := app.config.Section("ui").Key("admin_only").MustBool(true)
if emailStore, ok := app.storage.GetEmailsKey(resp.Id); ok {
resp.AccountsAdmin = emailStore.Admin
}
resp.AccountsAdmin = resp.AccountsAdmin || (adminOnly && resp.Admin)
}
userpage: show and allow modification of contact methods
2 years ago
resp.Disabled = user.Policy.IsDisabled
db: migrate invites, user expiry some fixes to stuff in there too, probably
2 years ago
if exp, ok := app.storage.GetUserExpiryKey(user.ID); ok {
resp.Expiry = exp.Expiry.Unix()
userpage: show and allow modification of contact methods
2 years ago
}
if emailEnabled {
resp.Email = &MyDetailsContactMethodsDTO{}
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
if email, ok := app.storage.GetEmailsKey(user.ID); ok && email.Addr != "" {
userpage: show and allow modification of contact methods
2 years ago
resp.Email.Value = email.Addr
resp.Email.Enabled = email.Contact
}
}
if discordEnabled {
resp.Discord = &MyDetailsContactMethodsDTO{}
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
if discord, ok := app.storage.GetDiscordKey(user.ID); ok {
userpage: show and allow modification of contact methods
2 years ago
resp.Discord.Value = RenderDiscordUsername(discord)
resp.Discord.Enabled = discord.Contact
}
}
if telegramEnabled {
resp.Telegram = &MyDetailsContactMethodsDTO{}
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
if telegram, ok := app.storage.GetTelegramKey(user.ID); ok {
userpage: show and allow modification of contact methods
2 years ago
resp.Telegram.Value = telegram.Username
resp.Telegram.Enabled = telegram.Contact
}
}
if matrixEnabled {
resp.Matrix = &MyDetailsContactMethodsDTO{}
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
if matrix, ok := app.storage.GetMatrixKey(user.ID); ok {
userpage: show and allow modification of contact methods
2 years ago
resp.Matrix.Value = matrix.UserID
resp.Matrix.Enabled = matrix.Contact
}
}
userpage: use form langfile, move login strings to common login-related stuff was moved into common using the langmover script, so that the user page doesn't have to use the admin language files.
2 years ago
userpage: generate & display referral links shown on a new card, with an explanation, the number of remaining uses, and expiry of the current referral.
2 years ago
if app.config.Section("user_page").Key("referrals").MustBool(false) {
// 1. Look for existing template bound to this Jellyfin ID
// If one exists, that means its just for us and so we
// can use it directly.
inv := Invite{}
err := app.storage.db.FindOne(&inv, badgerhold.Where("ReferrerJellyfinID").Eq(resp.Id))
if err == nil {
resp.HasReferrals = true
} else {
// 2. Look for a template matching the key found in the user storage
// Since this key is shared between users in a profile, we make a copy.
user, ok := app.storage.GetEmailsKey(gc.GetString("jfId"))
err = app.storage.db.Get(user.ReferralTemplateKey, &inv)
if ok && err == nil {
resp.HasReferrals = true
}
}
}
userpage: use form langfile, move login strings to common login-related stuff was moved into common using the langmover script, so that the user page doesn't have to use the admin language files.
2 years ago
gc.JSON(200, resp)
userpage: initial page login, lang, and theme work. Currently only makes a request to a hello-world type endpoint to verify auth works. Accessible at /my/account.
2 years ago
}
userpage: show and allow modification of contact methods
2 years ago
// @Summary Sets whether to notify yourself through telegram/discord/matrix/email or not.
// @Produce json
// @Param SetContactMethodsDTO body SetContactMethodsDTO true "User's Jellyfin ID and whether or not to notify then through Telegram."
// @Success 200 {object} boolResponse
// @Success 400 {object} boolResponse
// @Success 500 {object} boolResponse
// @Router /my/contact [post]
// @Security Bearer
// @tags User Page
func (app *appContext) SetMyContactMethods(gc *gin.Context) {
var req SetContactMethodsDTO
gc.BindJSON(&req)
req.ID = gc.GetString("jfId")
if req.ID == "" {
respondBool(400, false, gc)
return
}
app.setContactMethods(req, gc)
}
// @Summary Logout by deleting refresh token from cookies.
// @Produce json
// @Success 200 {object} boolResponse
// @Failure 500 {object} stringResponse
// @Router /my/logout [post]
// @Security Bearer
// @tags User Page
func (app *appContext) LogoutUser(gc *gin.Context) {
userpage: store refresh token separately stored as "user-refresh" fixes weird issues when two accounts are logged in.
2 years ago
cookie, err := gc.Cookie("user-refresh")
userpage: show and allow modification of contact methods
2 years ago
if err != nil {
app.debug.Printf("Couldn't get cookies: %s", err)
respond(500, "Couldn't fetch cookies", gc)
return
}
app.invalidTokens = append(app.invalidTokens, cookie)
gc.SetCookie("refresh", "invalid", -1, "/my", gc.Request.URL.Hostname(), true, true)
respondBool(200, true, gc)
}
userpage: change email (+ confirmation) edit/add button added for email address. Confirmation works too.
2 years ago
// @Summary confirm an action (e.g. changing an email address.)
// @Produce json
// @Param jwt path string true "jwt confirmation code"
// @Router /my/confirm/{jwt} [post]
// @Success 200 {object} boolResponse
// @Failure 400 {object} stringResponse
// @Failure 404
// @Success 303
// @Failure 500 {object} stringResponse
// @tags User Page
func (app *appContext) ConfirmMyAction(gc *gin.Context) {
app.confirmMyAction(gc, "")
}
func (app *appContext) confirmMyAction(gc *gin.Context, key string) {
var claims jwt.MapClaims
var target ConfirmationTarget
var id string
fail := func() {
gcHTML(gc, 404, "404.html", gin.H{
"cssClass": app.cssClass,
"cssVersion": cssVersion,
"contactMessage": app.config.Section("ui").Key("contact_message").String(),
})
}
// Validate key
if key == "" {
key = gc.Param("jwt")
}
token, err := jwt.Parse(key, checkToken)
if err != nil {
app.err.Printf("Failed to parse key: %s", err)
fail()
// respond(500, "unknownError", gc)
return
}
claims, ok := token.Claims.(jwt.MapClaims)
if !ok {
app.err.Printf("Failed to parse key: %s", err)
fail()
// respond(500, "unknownError", gc)
return
}
expiry := time.Unix(int64(claims["exp"].(float64)), 0)
if !(ok && token.Valid && claims["type"].(string) == "confirmation" && expiry.After(time.Now())) {
app.err.Printf("Invalid key")
fail()
// respond(400, "invalidKey", gc)
return
}
target = ConfirmationTarget(int(claims["target"].(float64)))
id = claims["id"].(string)
// Perform an Action
if target == NoOp {
gc.Redirect(http.StatusSeeOther, "/my/account")
return
} else if target == UserEmailChange {
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
emailStore, ok := app.storage.GetEmailsKey(id)
userpage: change email (+ confirmation) edit/add button added for email address. Confirmation works too.
2 years ago
if !ok {
emailStore = EmailAddress{
Contact: true,
}
}
emailStore.Addr = claims["email"].(string)
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
app.storage.SetEmailsKey(id, emailStore)
userpage: change email (+ confirmation) edit/add button added for email address. Confirmation works too.
2 years ago
if app.config.Section("ombi").Key("enabled").MustBool(false) {
ombiUser, code, err := app.getOmbiUser(id)
if code == 200 && err == nil {
ombiUser["emailAddress"] = claims["email"].(string)
code, err = app.ombi.ModifyUser(ombiUser)
if code != 200 || err != nil {
app.err.Printf("%s: Failed to change ombi email address (%d): %v", ombiUser["userName"].(string), code, err)
}
}
}
app.info.Println("Email list modified")
gc.Redirect(http.StatusSeeOther, "/my/account")
return
}
}
// @Summary Modify your email address.
// @Produce json
// @Param ModifyMyEmailDTO body ModifyMyEmailDTO true "New email address."
// @Success 200 {object} boolResponse
// @Failure 400 {object} stringResponse
// @Failure 401 {object} stringResponse
// @Failure 500 {object} stringResponse
// @Router /my/email [post]
// @Security Bearer
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
// @tags User Page
userpage: change email (+ confirmation) edit/add button added for email address. Confirmation works too.
2 years ago
func (app *appContext) ModifyMyEmail(gc *gin.Context) {
var req ModifyMyEmailDTO
gc.BindJSON(&req)
app.debug.Println("Email modification requested")
if !strings.ContainsRune(req.Email, '@') {
respond(400, "Invalid Email Address", gc)
return
}
id := gc.GetString("jfId")
// We'll use the ConfirmMyAction route to do the work, even if we don't need to confirm the address.
claims := jwt.MapClaims{
"valid": true,
"id": id,
"email": req.Email,
"type": "confirmation",
"target": UserEmailChange,
"exp": time.Now().Add(time.Hour).Unix(),
}
tk := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
key, err := tk.SignedString([]byte(os.Getenv("JFA_SECRET")))
if err != nil {
app.err.Printf("Failed to generate confirmation token: %v", err)
respond(500, "errorUnknown", gc)
return
}
if emailEnabled && app.config.Section("email_confirmation").Key("enabled").MustBool(false) {
user, status, err := app.jf.UserByID(id, false)
name := ""
if status == 200 && err == nil {
name = user.Name
}
app.debug.Printf("%s: Email confirmation required", id)
respond(401, "confirmEmail", gc)
msg, err := app.email.constructConfirmation("", name, key, app, false)
if err != nil {
app.err.Printf("%s: Failed to construct confirmation email: %v", name, err)
} else if err := app.email.send(msg, req.Email); err != nil {
app.err.Printf("%s: Failed to send user confirmation email: %v", name, err)
} else {
app.info.Printf("%s: Sent user confirmation email to \"%s\"", name, req.Email)
}
return
}
app.confirmMyAction(gc, key)
return
}
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
// @Summary Returns a 10-minute, one-use Discord server invite
// @Produce json
// @Success 200 {object} DiscordInviteDTO
// @Failure 400 {object} boolResponse
// @Failure 401 {object} boolResponse
// @Failure 500 {object} boolResponse
// @Param invCode path string true "invite Code"
// @Router /my/discord/invite [get]
userpage: implement change password functionality
2 years ago
// @Security Bearer
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
// @tags User Page
func (app *appContext) MyDiscordServerInvite(gc *gin.Context) {
if app.discord.inviteChannelName == "" {
respondBool(400, false, gc)
return
}
invURL, iconURL := app.discord.NewTempInvite(10*60, 1)
if invURL == "" {
respondBool(500, false, gc)
return
}
gc.JSON(200, DiscordInviteDTO{invURL, iconURL})
}
// @Summary Returns a linking PIN for discord/telegram
// @Produce json
// @Success 200 {object} GetMyPINDTO
// @Failure 400 {object} stringResponse
// Param service path string true "discord/telegram"
// @Router /my/pin/{service} [get]
userpage: implement change password functionality
2 years ago
// @Security Bearer
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
// @tags User Page
func (app *appContext) GetMyPIN(gc *gin.Context) {
service := gc.Param("service")
resp := GetMyPINDTO{}
switch service {
case "discord":
messages: assign tokens to jf users on userpage pins generated on the user page are assigned to that user, no other jellyifn user can verify them.
2 years ago
resp.PIN = app.discord.NewAssignedAuthToken(gc.GetString("jfId"))
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
break
case "telegram":
messages: assign tokens to jf users on userpage pins generated on the user page are assigned to that user, no other jellyifn user can verify them.
2 years ago
resp.PIN = app.telegram.NewAssignedAuthToken(gc.GetString("jfId"))
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
break
default:
respond(400, "invalid service", gc)
return
}
gc.JSON(200, resp)
}
// @Summary Returns true/false on whether or not your discord PIN was verified, and assigns the discord user to you.
// @Produce json
// @Success 200 {object} boolResponse
// @Failure 401 {object} boolResponse
// @Param pin path string true "PIN code to check"
// @Router /my/discord/verified/{pin} [get]
userpage: implement change password functionality
2 years ago
// @Security Bearer
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
// @tags User Page
func (app *appContext) MyDiscordVerifiedInvite(gc *gin.Context) {
pin := gc.Param("pin")
messages: assign tokens to jf users on userpage pins generated on the user page are assigned to that user, no other jellyifn user can verify them.
2 years ago
dcUser, ok := app.discord.AssignedUserVerified(pin, gc.GetString("jfId"))
messages: refactor dc/tg, fix tg less external access to Discord/TelegramDaemon internals, will be easier to keep user/admin-side uses functioning similarly. Also changed their internal token stores to use a map, and store an expiry. verifiedTokens is also now a map in telegram. Also fixed issue where token wasn't being deleted after use on the user page.
2 years ago
app.discord.DeleteVerifiedUser(pin)
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
if !ok {
respondBool(200, false, gc)
return
}
messages: refactor dc/tg, fix tg less external access to Discord/TelegramDaemon internals, will be easier to keep user/admin-side uses functioning similarly. Also changed their internal token stores to use a map, and store an expiry. verifiedTokens is also now a map in telegram. Also fixed issue where token wasn't being deleted after use on the user page.
2 years ago
if app.config.Section("discord").Key("require_unique").MustBool(false) && app.discord.UserExists(dcUser.ID) {
respondBool(400, false, gc)
return
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
}
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
existingUser, ok := app.storage.GetDiscordKey(gc.GetString("jfId"))
telegram: modularize, add to userpage
2 years ago
if ok {
dcUser.Lang = existingUser.Lang
dcUser.Contact = existingUser.Contact
}
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
app.storage.SetDiscordKey(gc.GetString("jfId"), dcUser)
userpage: add/edit discord works identically to on the form, would like to eventually factor out the discord/telegram/matrix verif stuff so it can be shared between the two pages though.
2 years ago
respondBool(200, true, gc)
}
telegram: modularize, add to userpage
2 years ago
// @Summary Returns true/false on whether or not your telegram PIN was verified, and assigns the telegram user to you.
// @Produce json
// @Success 200 {object} boolResponse
// @Failure 401 {object} boolResponse
// @Param pin path string true "PIN code to check"
// @Router /my/telegram/verified/{pin} [get]
userpage: implement change password functionality
2 years ago
// @Security Bearer
telegram: modularize, add to userpage
2 years ago
// @tags User Page
func (app *appContext) MyTelegramVerifiedInvite(gc *gin.Context) {
pin := gc.Param("pin")
messages: assign tokens to jf users on userpage pins generated on the user page are assigned to that user, no other jellyifn user can verify them.
2 years ago
token, ok := app.telegram.AssignedTokenVerified(pin, gc.GetString("jfId"))
messages: refactor dc/tg, fix tg less external access to Discord/TelegramDaemon internals, will be easier to keep user/admin-side uses functioning similarly. Also changed their internal token stores to use a map, and store an expiry. verifiedTokens is also now a map in telegram. Also fixed issue where token wasn't being deleted after use on the user page.
2 years ago
app.telegram.DeleteVerifiedToken(pin)
if !ok {
telegram: modularize, add to userpage
2 years ago
respondBool(200, false, gc)
return
}
messages: refactor dc/tg, fix tg less external access to Discord/TelegramDaemon internals, will be easier to keep user/admin-side uses functioning similarly. Also changed their internal token stores to use a map, and store an expiry. verifiedTokens is also now a map in telegram. Also fixed issue where token wasn't being deleted after use on the user page.
2 years ago
if app.config.Section("telegram").Key("require_unique").MustBool(false) && app.telegram.UserExists(token.Username) {
respondBool(400, false, gc)
return
telegram: modularize, add to userpage
2 years ago
}
tgUser := TelegramUser{
messages: refactor dc/tg, fix tg less external access to Discord/TelegramDaemon internals, will be easier to keep user/admin-side uses functioning similarly. Also changed their internal token stores to use a map, and store an expiry. verifiedTokens is also now a map in telegram. Also fixed issue where token wasn't being deleted after use on the user page.
2 years ago
ChatID: token.ChatID,
Username: token.Username,
telegram: modularize, add to userpage
2 years ago
Contact: true,
}
messages: refactor dc/tg, fix tg less external access to Discord/TelegramDaemon internals, will be easier to keep user/admin-side uses functioning similarly. Also changed their internal token stores to use a map, and store an expiry. verifiedTokens is also now a map in telegram. Also fixed issue where token wasn't being deleted after use on the user page.
2 years ago
if lang, ok := app.telegram.languages[tgUser.ChatID]; ok {
tgUser.Lang = lang
}
telegram: modularize, add to userpage
2 years ago
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
existingUser, ok := app.storage.GetTelegramKey(gc.GetString("jfId"))
telegram: modularize, add to userpage
2 years ago
if ok {
tgUser.Lang = existingUser.Lang
tgUser.Contact = existingUser.Contact
}
storage: user set/get methods for contact method access Get/GetKey/SetKey/DeleteKey methods are used for access to email/discord/telegram/matrix, everywhere. Mutex added for each, avoids concurrent read/write issues. Will also make potential transition to database easier.
2 years ago
app.storage.SetTelegramKey(gc.GetString("jfId"), tgUser)
telegram: modularize, add to userpage
2 years ago
respondBool(200, true, gc)
}
userpage: add matrix
2 years ago
// @Summary Generate and send a new PIN to your given matrix user.
// @Produce json
// @Success 200 {object} boolResponse
// @Failure 400 {object} stringResponse
// @Failure 401 {object} boolResponse
// @Failure 500 {object} boolResponse
// @Param MatrixSendPINDTO body MatrixSendPINDTO true "User's Matrix ID."
// @Router /my/matrix/user [post]
userpage: implement change password functionality
2 years ago
// @Security Bearer
userpage: add matrix
2 years ago
// @tags User Page
func (app *appContext) MatrixSendMyPIN(gc *gin.Context) {
var req MatrixSendPINDTO
gc.BindJSON(&req)
if req.UserID == "" {
respond(400, "errorNoUserID", gc)
return
}
if app.config.Section("matrix").Key("require_unique").MustBool(false) {
for _, u := range app.storage.GetMatrix() {
if req.UserID == u.UserID {
respondBool(400, false, gc)
return
}
}
}
ok := app.matrix.SendStart(req.UserID)
if !ok {
respondBool(500, false, gc)
return
}
respondBool(200, true, gc)
}
// @Summary Check whether your matrix PIN is valid, and link the account to yours if so.
// @Produce json
// @Success 200 {object} boolResponse
// @Failure 401 {object} boolResponse
// @Param pin path string true "PIN code to check"
// @Param invCode path string true "invite Code"
// @Param userID path string true "Matrix User ID"
// @Router /my/matrix/verified/{userID}/{pin} [get]
userpage: implement change password functionality
2 years ago
// @Security Bearer
userpage: add matrix
2 years ago
// @tags User Page
func (app *appContext) MatrixCheckMyPIN(gc *gin.Context) {
userID := gc.Param("userID")
pin := gc.Param("pin")
user, ok := app.matrix.tokens[pin]
if !ok {
app.debug.Println("Matrix: PIN not found")
respondBool(200, false, gc)
return
}
if user.User.UserID != userID {
app.debug.Println("Matrix: User ID of PIN didn't match")
respondBool(200, false, gc)
return
}
mxUser := *user.User
mxUser.Contact = true
existingUser, ok := app.storage.GetMatrixKey(gc.GetString("jfId"))
if ok {
mxUser.Lang = existingUser.Lang
mxUser.Contact = existingUser.Contact
}
app.storage.SetMatrixKey(gc.GetString("jfId"), mxUser)
delete(app.matrix.tokens, pin)
respondBool(200, true, gc)
}
userpage: unlink accounts
2 years ago
// @Summary unlink the Discord account from your Jellyfin user. Always succeeds.
// @Produce json
// @Success 200 {object} boolResponse
// @Router /my/discord [delete]
userpage: implement change password functionality
2 years ago
// @Security Bearer
// @Tags User Page
userpage: unlink accounts
2 years ago
func (app *appContext) UnlinkMyDiscord(gc *gin.Context) {
app.storage.DeleteDiscordKey(gc.GetString("jfId"))
respondBool(200, true, gc)
}
// @Summary unlink the Telegram account from your Jellyfin user. Always succeeds.
// @Produce json
// @Success 200 {object} boolResponse
// @Router /my/telegram [delete]
userpage: implement change password functionality
2 years ago
// @Security Bearer
// @Tags User Page
userpage: unlink accounts
2 years ago
func (app *appContext) UnlinkMyTelegram(gc *gin.Context) {
app.storage.DeleteTelegramKey(gc.GetString("jfId"))
respondBool(200, true, gc)
}
// @Summary unlink the Matrix account from your Jellyfin user. Always succeeds.
// @Produce json
// @Success 200 {object} boolResponse
// @Router /my/matrix [delete]
userpage: implement change password functionality
2 years ago
// @Security Bearer
// @Tags User Page
userpage: unlink accounts
2 years ago
func (app *appContext) UnlinkMyMatrix(gc *gin.Context) {
app.storage.DeleteMatrixKey(gc.GetString("jfId"))
respondBool(200, true, gc)
}
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
userpage: make pwr accept username too
2 years ago
// @Summary Generate & send a password reset link if the given username/email/contact method exists. Doesn't give you any info about it's success.
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
// @Produce json
// @Param address path string true "address/contact method associated w/ your account."
// @Success 204 {object} boolResponse
// @Failure 400 {object} boolResponse
// @Failure 500 {object} boolResponse
// @Router /my/password/reset/{address} [post]
userpage: implement change password functionality
2 years ago
// @Tags User Page
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
func (app *appContext) ResetMyPassword(gc *gin.Context) {
userpage: time-pad pwr request for ambiguity the user shouldn't know if the reset has actually been sent (i.e. if an account with the given contact address exists), so the backend response is always sent after 1 second.
2 years ago
// All requests should take 1 second, to make it harder to tell if a success occured or not.
timerWait := make(chan bool)
cancel := time.AfterFunc(1*time.Second, func() {
timerWait <- true
})
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
address := gc.Param("address")
if address == "" {
app.debug.Println("Ignoring empty request for PWR")
userpage: time-pad pwr request for ambiguity the user shouldn't know if the reset has actually been sent (i.e. if an account with the given contact address exists), so the backend response is always sent after 1 second.
2 years ago
cancel.Stop()
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
respondBool(400, false, gc)
return
}
var pwr InternalPWR
var err error
storage: start db migration (badger(hold)) migrating to badger, with the badgerhold frontend. So far, done: * Announcements (small, for a quick test) * Discord/Telegram/Matrix/Email most interaction with badgerhold is done through the standard Get<x>/Get<x>Key/Set<x>Key/Delete<x>Key. UserExists functions have been added for email and matrix, and those and the original ones now use a query against the database rather than sifting through every record. I've tagged these searched fields as "index" for badgerhold, although this definitely isn't used yet, and i'm not entirely sure if it'll be useful. migrateToBadger is now in migrations.go, and a temporary config key "migrated_to_badger" has been added, although it isn't being used yet, migration is just running every time during development.
2 years ago
jfUser, ok := app.ReverseUserSearch(address)
if !ok {
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
app.debug.Printf("Ignoring PWR request: User not found")
userpage: time-pad pwr request for ambiguity the user shouldn't know if the reset has actually been sent (i.e. if an account with the given contact address exists), so the backend response is always sent after 1 second.
2 years ago
for range timerWait {
respondBool(204, true, gc)
return
}
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
return
}
storage: start db migration (badger(hold)) migrating to badger, with the badgerhold frontend. So far, done: * Announcements (small, for a quick test) * Discord/Telegram/Matrix/Email most interaction with badgerhold is done through the standard Get<x>/Get<x>Key/Set<x>Key/Delete<x>Key. UserExists functions have been added for email and matrix, and those and the original ones now use a query against the database rather than sifting through every record. I've tagged these searched fields as "index" for badgerhold, although this definitely isn't used yet, and i'm not entirely sure if it'll be useful. migrateToBadger is now in migrations.go, and a temporary config key "migrated_to_badger" has been added, although it isn't being used yet, migration is just running every time during development.
2 years ago
pwr, err = app.GenInternalReset(jfUser.ID)
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
if err != nil {
app.err.Printf("Failed to get user from Jellyfin: %v", err)
userpage: time-pad pwr request for ambiguity the user shouldn't know if the reset has actually been sent (i.e. if an account with the given contact address exists), so the backend response is always sent after 1 second.
2 years ago
for range timerWait {
respondBool(204, true, gc)
return
}
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
return
}
if app.internalPWRs == nil {
app.internalPWRs = map[string]InternalPWR{}
}
app.internalPWRs[pwr.PIN] = pwr
// FIXME: Send to all contact methods
msg, err := app.email.constructReset(
PasswordReset{
Pin: pwr.PIN,
Username: pwr.Username,
Expiry: pwr.Expiry,
Internal: true,
}, app, false,
)
if err != nil {
app.err.Printf("Failed to construct password reset message for \"%s\": %v", pwr.Username, err)
userpage: time-pad pwr request for ambiguity the user shouldn't know if the reset has actually been sent (i.e. if an account with the given contact address exists), so the backend response is always sent after 1 second.
2 years ago
for range timerWait {
respondBool(204, true, gc)
return
}
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
return
storage: start db migration (badger(hold)) migrating to badger, with the badgerhold frontend. So far, done: * Announcements (small, for a quick test) * Discord/Telegram/Matrix/Email most interaction with badgerhold is done through the standard Get<x>/Get<x>Key/Set<x>Key/Delete<x>Key. UserExists functions have been added for email and matrix, and those and the original ones now use a query against the database rather than sifting through every record. I've tagged these searched fields as "index" for badgerhold, although this definitely isn't used yet, and i'm not entirely sure if it'll be useful. migrateToBadger is now in migrations.go, and a temporary config key "migrated_to_badger" has been added, although it isn't being used yet, migration is just running every time during development.
2 years ago
} else if err := app.sendByID(msg, jfUser.ID); err != nil {
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
app.err.Printf("Failed to send password reset message to \"%s\": %v", address, err)
} else {
app.info.Printf("Sent password reset message to \"%s\"", address)
}
userpage: time-pad pwr request for ambiguity the user shouldn't know if the reset has actually been sent (i.e. if an account with the given contact address exists), so the backend response is always sent after 1 second.
2 years ago
for range timerWait {
respondBool(204, true, gc)
return
}
userpage: password resets click "forgot password" on login modal, enter a contact method address/username, submit and check for a link. Requires link reset to be enabled.
2 years ago
}
userpage: implement change password functionality
2 years ago
// @Summary Change your password, given the old one and the new one.
// @Produce json
// @Param ChangeMyPasswordDTO body ChangeMyPasswordDTO true "User's old & new passwords."
// @Success 204 {object} boolResponse
// @Failure 400 {object} PasswordValidation
// @Failure 401 {object} boolResponse
// @Failure 500 {object} boolResponse
// @Router /my/password [post]
// @Security Bearer
// @Tags User Page
func (app *appContext) ChangeMyPassword(gc *gin.Context) {
var req ChangeMyPasswordDTO
gc.BindJSON(&req)
if req.Old == "" || req.New == "" {
respondBool(400, false, gc)
}
validation := app.validator.validate(req.New)
for _, val := range validation {
if !val {
app.debug.Printf("%s: Change password failed: Invalid password", gc.GetString("jfId"))
gc.JSON(400, validation)
return
}
}
user, status, err := app.jf.UserByID(gc.GetString("jfId"), false)
if status != 200 || err != nil {
app.err.Printf("Failed to change password: couldn't find user (%d): %+v", status, err)
respondBool(500, false, gc)
return
}
// Authenticate as user to confirm old password.
user, status, err = app.authJf.Authenticate(user.Name, req.Old)
if status != 200 || err != nil {
respondBool(401, false, gc)
return
}
status, err = app.jf.SetPassword(gc.GetString("jfId"), req.Old, req.New)
if (status != 200 && status != 204) || err != nil {
respondBool(500, false, gc)
return
}
if app.config.Section("ombi").Key("enabled").MustBool(false) {
userpage: invalid refresh token on pw change user has to log in again, although this is not strictly enforced, as the standard token remains valid until its expiry.
2 years ago
func() {
ombiUser, status, err := app.getOmbiUser(gc.GetString("jfId"))
if status != 200 || err != nil {
app.err.Printf("Failed to get user \"%s\" from ombi (%d): %v", user.Name, status, err)
return
}
ombiUser["password"] = req.New
status, err = app.ombi.ModifyUser(ombiUser)
if status != 200 || err != nil {
app.err.Printf("Failed to set password for ombi user \"%s\" (%d): %v", ombiUser["userName"], status, err)
return
}
app.debug.Printf("Reset password for ombi user \"%s\"", ombiUser["userName"])
}()
}
cookie, err := gc.Cookie("user-refresh")
if err == nil {
app.invalidTokens = append(app.invalidTokens, cookie)
gc.SetCookie("refresh", "invalid", -1, "/my", gc.Request.URL.Hostname(), true, true)
} else {
app.debug.Printf("Couldn't get cookies: %s", err)
userpage: implement change password functionality
2 years ago
}
respondBool(204, true, gc)
}
referrals: 1/2 generation routes, display route, partial frontend route for generation/enabling of referral for user(s) done? the frontend is mostly done, but functionality is not there yet. Route for finding and displaying referral to user is done. Also the config option for referral is there, in user page settings.
2 years ago
// @Summary Get or generate a new referral code.
// @Produce json
// @Success 200 {object} GetMyReferralRespDTO
// @Failure 400 {object} boolResponse
// @Failure 401 {object} boolResponse
// @Failure 500 {object} boolResponse
// @Router /my/referral [get]
// @Security Bearer
// @Tags User Page
func (app *appContext) GetMyReferral(gc *gin.Context) {
// 1. Look for existing template bound to this Jellyfin ID
// If one exists, that means its just for us and so we
// can use it directly.
inv := Invite{}
referrals: Show enabled status on account list
2 years ago
err := app.storage.db.FindOne(&inv, badgerhold.Where("ReferrerJellyfinID").Eq(gc.GetString("jfId")))
referrals: 1/2 generation routes, display route, partial frontend route for generation/enabling of referral for user(s) done? the frontend is mostly done, but functionality is not there yet. Route for finding and displaying referral to user is done. Also the config option for referral is there, in user page settings.
2 years ago
if err != nil {
// 2. Look for a template matching the key found in the user storage
referrals: enable referral for users & profiles Enabling for individual users works, as does adding a template to a profile. Removing/Disabling for both needs to be completed.
2 years ago
// Since this key is shared between users in a profile, we make a copy.
referrals: 1/2 generation routes, display route, partial frontend route for generation/enabling of referral for user(s) done? the frontend is mostly done, but functionality is not there yet. Route for finding and displaying referral to user is done. Also the config option for referral is there, in user page settings.
2 years ago
user, ok := app.storage.GetEmailsKey(gc.GetString("jfId"))
err = app.storage.db.Get(user.ReferralTemplateKey, &inv)
if !ok || err != nil {
app.debug.Printf("Ignoring referral request, couldn't find template.")
respondBool(400, false, gc)
return
}
inv.Code = shortuuid.New()
// make sure code doesn't begin with number
_, err := strconv.Atoi(string(inv.Code[0]))
for err == nil {
inv.Code = shortuuid.New()
_, err = strconv.Atoi(string(inv.Code[0]))
}
inv.Created = time.Now()
inv.ValidTill = inv.Created.Add(REFERRAL_EXPIRY_DAYS * 24 * time.Hour)
inv.IsReferral = true
referrals: Show enabled status on account list
2 years ago
inv.ReferrerJellyfinID = gc.GetString("jfId")
referrals: 1/2 generation routes, display route, partial frontend route for generation/enabling of referral for user(s) done? the frontend is mostly done, but functionality is not there yet. Route for finding and displaying referral to user is done. Also the config option for referral is there, in user page settings.
2 years ago
app.storage.SetInvitesKey(inv.Code, inv)
} else if time.Now().After(inv.ValidTill) {
// 3. We found an invite for us, but it's expired.
// We delete it from storage, and put it back with a fresh code and expiry.
app.storage.DeleteInvitesKey(inv.Code)
inv.Code = shortuuid.New()
// make sure code doesn't begin with number
_, err := strconv.Atoi(string(inv.Code[0]))
for err == nil {
inv.Code = shortuuid.New()
_, err = strconv.Atoi(string(inv.Code[0]))
}
inv.Created = time.Now()
inv.ValidTill = inv.Created.Add(REFERRAL_EXPIRY_DAYS * 24 * time.Hour)
app.storage.SetInvitesKey(inv.Code, inv)
}
gc.JSON(200, GetMyReferralRespDTO{
Code: inv.Code,
RemainingUses: inv.RemainingUses,
NoLimit: inv.NoLimit,
userpage: generate & display referral links shown on a new card, with an explanation, the number of remaining uses, and expiry of the current referral.
2 years ago
Expiry: inv.ValidTill.Unix(),
referrals: 1/2 generation routes, display route, partial frontend route for generation/enabling of referral for user(s) done? the frontend is mostly done, but functionality is not there yet. Route for finding and displaying referral to user is done. Also the config option for referral is there, in user page settings.
2 years ago
})
}