[feature] Admin accounts endpoints; approve/reject sign-ups (#2826)

* update settings panels, add pending overview + approve/deny functions * add admin accounts get, approve, reject * send approved/rejected emails * use signup URL * docs! * email * swagger * web linting * fix email tests * wee lil fixerinos * use new paging logic for GetAccounts() series of admin endpoints, small changes to query building * shuffle useAccountIDIn check *before* adding to query * fix parse from toot react error * use `netip.Addr` * put valid slices in globals * optimistic updates for account state --------- Co-authored-by: kim <grufwub@gmail.com>
author: tobi <31960611+tsmethurst@users.noreply.github.com> 2024-04-13 13:25:10 +0200
committer: GitHub <noreply@github.com> 2024-04-13 13:25:10 +0200
commit: 89e0cfd8741b6763ca04e90558bccf4c3c380cfa (patch)
tree: 5858ada73473816fa1982f12717b66996d163f9d /internal/api
parent: [performance] update GetAccountsByIDs() to use the new multi cache loader end... (diff)
download: gotosocial-89e0cfd8741b6763ca04e90558bccf4c3c380cfa.tar.xz
8 files changed, 1042 insertions, 19 deletions
diff --git a/internal/api/client/admin/accountapprove.go b/internal/api/client/admin/accountapprove.go
new file mode 100644
index 000000000..ff6474adb
--- /dev/null
+++ b/internal/api/client/admin/accountapprove.go
@@ -0,0 +1,105 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package admin
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+)
+
+// AccountApprovePOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/approve adminAccountApprove
+//
+// Approve pending account.
+//
+//	---
+//	tags:
+//	- admin
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		required: true
+//		in: path
+//		description: ID of the account.
+//		type: string
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- admin
+//
+//	responses:
+//		'200':
+//			description: The now-approved account.
+//			schema:
+//				"$ref": "#/definitions/adminAccountInfo"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'403':
+//			description: forbidden
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) AccountApprovePOSTHandler(c *gin.Context) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if !*authed.User.Admin {
+		err := fmt.Errorf("user %s not an admin", authed.User.ID)
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
+	targetAcctID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	account, errWithCode := m.processor.Admin().AccountApprove(
+		c.Request.Context(),
+		authed.Account,
+		targetAcctID,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, account)
+}
diff --git a/internal/api/client/admin/accountget.go b/internal/api/client/admin/accountget.go
new file mode 100644
index 000000000..3a656fecc
--- /dev/null
+++ b/internal/api/client/admin/accountget.go
@@ -0,0 +1,101 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package admin
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+)
+
+// AccountGETHandler swagger:operation GET /api/v1/admin/accounts/{id} adminAccountGet
+//
+// View one account.
+//
+//	---
+//	tags:
+//	- admin
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		required: true
+//		in: path
+//		description: ID of the account.
+//		type: string
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- admin
+//
+//	responses:
+//		'200':
+//			description: OK
+//			schema:
+//				"$ref": "#/definitions/adminAccountInfo"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'403':
+//			description: forbidden
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) AccountGETHandler(c *gin.Context) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if !*authed.User.Admin {
+		err := fmt.Errorf("user %s not an admin", authed.User.ID)
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
+	targetAcctID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	account, errWithCode := m.processor.Admin().AccountGet(c.Request.Context(), targetAcctID)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, account)
+}
diff --git a/internal/api/client/admin/accountreject.go b/internal/api/client/admin/accountreject.go
new file mode 100644
index 000000000..1e909b508
--- /dev/null
+++ b/internal/api/client/admin/accountreject.go
@@ -0,0 +1,136 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package admin
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+)
+
+// AccountRejectPOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/reject adminAccountReject
+//
+// Reject pending account.
+//
+//	---
+//	tags:
+//	- admin
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: id
+//		required: true
+//		in: path
+//		description: ID of the account.
+//		type: string
+//	-
+//		name: private_comment
+//		in: formData
+//		description: >-
+//			Comment to leave on why the account was denied.
+//			The comment will be visible to admins only.
+//		type: string
+//	-
+//		name: message
+//		in: formData
+//		description: >-
+//			Message to include in email to applicant.
+//			Will be included only if send_email is true.
+//		type: string
+//	-
+//		name: send_email
+//		in: formData
+//		description: >-
+//			Send an email to the applicant informing
+//			them that their sign-up has been rejected.
+//		type: boolean
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- admin
+//
+//	responses:
+//		'200':
+//			description: The now-rejected account.
+//			schema:
+//				"$ref": "#/definitions/adminAccountInfo"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'403':
+//			description: forbidden
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+func (m *Module) AccountRejectPOSTHandler(c *gin.Context) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if !*authed.User.Admin {
+		err := fmt.Errorf("user %s not an admin", authed.User.ID)
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
+	targetAcctID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey))
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	form := new(apimodel.AdminAccountRejectRequest)
+	if err := c.ShouldBind(form); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	account, errWithCode := m.processor.Admin().AccountReject(
+		c.Request.Context(),
+		authed.Account,
+		targetAcctID,
+		form.PrivateComment,
+		form.SendEmail,
+		form.Message,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	apiutil.JSON(c, http.StatusOK, account)
+}
diff --git a/internal/api/client/admin/accountsgetv1.go b/internal/api/client/admin/accountsgetv1.go
new file mode 100644
index 000000000..604d74992
--- /dev/null
+++ b/internal/api/client/admin/accountsgetv1.go
@@ -0,0 +1,348 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// AccountsGETHandlerV1 swagger:operation GET /api/v1/admin/accounts adminAccountsGetV1
+//
+// View + page through known accounts according to given filters.
+//
+// The next and previous queries can be parsed from the returned Link header.
+// Example:
+//
+// ```
+// <https://example.org/api/v1/admin/accounts?limit=80&max_id=01FC0SKA48HNSVR6YKZCQGS2V8>; rel="next", <https://example.org/api/v1/admin/accounts?limit=80&min_id=01FC0SKW5JK2Q4EVAV2B462YY0>; rel="prev"
+// ````
+//
+//	---
+//	tags:
+//	- admin
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: local
+//		in: query
+//		type: boolean
+//		description: Filter for local accounts.
+//		default: false
+//	-
+//		name: remote
+//		in: query
+//		type: boolean
+//		description: Filter for remote accounts.
+//		default: false
+//	-
+//		name: active
+//		in: query
+//		type: boolean
+//		description: Filter for currently active accounts.
+//		default: false
+//	-
+//		name: pending
+//		in: query
+//		type: boolean
+//		description: Filter for currently pending accounts.
+//		default: false
+//	-
+//		name: disabled
+//		in: query
+//		type: boolean
+//		description: Filter for currently disabled accounts.
+//		default: false
+//	-
+//		name: silenced
+//		in: query
+//		type: boolean
+//		description: Filter for currently silenced accounts.
+//		default: false
+//	-
+//		name: suspended
+//		in: query
+//		type: boolean
+//		description: Filter for currently suspended accounts.
+//		default: false
+//	-
+//		name: sensitized
+//		in: query
+//		type: boolean
+//		description: Filter for accounts force-marked as sensitive.
+//		default: false
+//	-
+//		name: username
+//		in: query
+//		type: string
+//		description: Search for the given username.
+//	-
+//		name: display_name
+//		in: query
+//		type: string
+//		description: Search for the given display name.
+//	-
+//		name: by_domain
+//		in: query
+//		type: string
+//		description: Filter by the given domain.
+//	-
+//		name: email
+//		in: query
+//		type: string
+//		description: Lookup a user with this email.
+//	-
+//		name: ip
+//		in: query
+//		type: string
+//		description: Lookup users with this IP address.
+//	-
+//		name: staff
+//		in: query
+//		type: boolean
+//		description: Filter for staff accounts.
+//		default: false
+//	-
+//		name: max_id
+//		in: query
+//		type: string
+//		description: All results returned will be older than the item with this ID.
+//	-
+//		name: since_id
+//		in: query
+//		type: string
+//		description: All results returned will be newer than the item with this ID.
+//	-
+//		name: min_id
+//		in: query
+//		type: string
+//		description: Returns results immediately newer than the item with this ID.
+//	-
+//		name: limit
+//		in: query
+//		type: integer
+//		description: Maximum number of results to return.
+//		default: 100
+//		maximum: 200
+//		minimum: 1
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- admin
+//
+//	responses:
+//		'200':
+//			headers:
+//				Link:
+//					type: string
+//					description: Links to the next and previous queries.
+//			schema:
+//				type: array
+//				items:
+//					"$ref": "#/definitions/adminAccountInfo"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'403':
+//			description: forbidden
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+package admin
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/internal/paging"
+)
+
+func (m *Module) AccountsGETV1Handler(c *gin.Context) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if !*authed.User.Admin {
+		err := fmt.Errorf("user %s not an admin", authed.User.ID)
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	page, errWithCode := paging.ParseIDPage(c, 1, 200, 100)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	/* Translate to v2 `origin` query param */
+
+	local, errWithCode := apiutil.ParseLocal(c.Query(apiutil.LocalKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	remote, errWithCode := apiutil.ParseAdminRemote(c.Query(apiutil.AdminRemoteKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	if local && remote {
+		keys := []string{apiutil.LocalKey, apiutil.AdminRemoteKey}
+		err := fmt.Errorf("only one of %+v can be true", keys)
+		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	var origin string
+	if local {
+		origin = "local"
+	} else if remote {
+		origin = "remote"
+	}
+
+	/* Translate to v2 `status` query param */
+
+	active, errWithCode := apiutil.ParseAdminActive(c.Query(apiutil.AdminActiveKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	pending, errWithCode := apiutil.ParseAdminPending(c.Query(apiutil.AdminPendingKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	disabled, errWithCode := apiutil.ParseAdminDisabled(c.Query(apiutil.AdminDisabledKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	silenced, errWithCode := apiutil.ParseAdminSilenced(c.Query(apiutil.AdminSilencedKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	suspended, errWithCode := apiutil.ParseAdminSuspended(c.Query(apiutil.AdminSuspendedKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	// Ensure only one `status` query param set.
+	var status string
+	states := map[string]bool{
+		apiutil.AdminActiveKey:    active,
+		apiutil.AdminPendingKey:   pending,
+		apiutil.AdminDisabledKey:  disabled,
+		apiutil.AdminSilencedKey:  silenced,
+		apiutil.AdminSuspendedKey: suspended,
+	}
+	for k, v := range states {
+		if !v {
+			// False status,
+			// so irrelevant.
+			continue
+		}
+
+		if status != "" {
+			// Status was already set by another
+			// query param, this is an error.
+			keys := []string{
+				apiutil.AdminActiveKey,
+				apiutil.AdminPendingKey,
+				apiutil.AdminDisabledKey,
+				apiutil.AdminSilencedKey,
+				apiutil.AdminSuspendedKey,
+			}
+			err := fmt.Errorf("only one of %+v can be true", keys)
+			apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
+			return
+		}
+
+		// Use this
+		// account status.
+		status = k
+	}
+
+	/* Translate to v2 `permissions` query param */
+
+	staff, errWithCode := apiutil.ParseAdminStaff(c.Query(apiutil.AdminStaffKey), false)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	var permissions string
+	if staff {
+		permissions = "staff"
+	}
+
+	// Parse out all optional params from the query.
+	params := &apimodel.AdminGetAccountsRequest{
+		Origin:      origin,
+		Status:      status,
+		Permissions: permissions,
+		RoleIDs:     nil, // Can't do in V1.
+		InvitedBy:   "",  // Can't do in V1.
+		Username:    c.Query(apiutil.UsernameKey),
+		DisplayName: c.Query(apiutil.AdminDisplayNameKey),
+		ByDomain:    c.Query(apiutil.AdminByDomainKey),
+		Email:       c.Query(apiutil.AdminEmailKey),
+		IP:          c.Query(apiutil.AdminIPKey),
+		APIVersion:  1,
+	}
+
+	resp, errWithCode := m.processor.Admin().AccountsGet(
+		c.Request.Context(),
+		params,
+		page,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	if resp.LinkHeader != "" {
+		c.Header("Link", resp.LinkHeader)
+	}
+
+	apiutil.JSON(c, http.StatusOK, resp.Items)
+}
diff --git a/internal/api/client/admin/accountsgetv2.go b/internal/api/client/admin/accountsgetv2.go
new file mode 100644
index 000000000..ca32b9e7f
--- /dev/null
+++ b/internal/api/client/admin/accountsgetv2.go
@@ -0,0 +1,212 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// AccountsGETHandlerV2 swagger:operation GET /api/v2/admin/accounts adminAccountsGetV2
+//
+// View + page through known accounts according to given filters.
+//
+// The next and previous queries can be parsed from the returned Link header.
+// Example:
+//
+// ```
+// <https://example.org/api/v2/admin/accounts?limit=80&max_id=01FC0SKA48HNSVR6YKZCQGS2V8>; rel="next", <https://example.org/api/v2/admin/accounts?limit=80&min_id=01FC0SKW5JK2Q4EVAV2B462YY0>; rel="prev"
+// ````
+//
+//	---
+//	tags:
+//	- admin
+//
+//	produces:
+//	- application/json
+//
+//	parameters:
+//	-
+//		name: origin
+//		in: query
+//		type: string
+//		description: Filter for `local` or `remote` accounts.
+//	-
+//		name: status
+//		in: query
+//		type: string
+//		description: Filter for `active`, `pending`, `disabled`, `silenced`, or `suspended` accounts.
+//	-
+//		name: permissions
+//		in: query
+//		type: string
+//		description: Filter for accounts with staff permissions (users that can manage reports).
+//	-
+//		name: role_ids[]
+//		in: query
+//		type: array
+//		items:
+//			type: string
+//		description: Filter for users with these roles.
+//	-
+//		name: invited_by
+//		in: query
+//		type: string
+//		description: Lookup users invited by the account with this ID.
+//	-
+//		name: username
+//		in: query
+//		type: string
+//		description: Search for the given username.
+//	-
+//		name: display_name
+//		in: query
+//		type: string
+//		description: Search for the given display name.
+//	-
+//		name: by_domain
+//		in: query
+//		type: string
+//		description: Filter by the given domain.
+//	-
+//		name: email
+//		in: query
+//		type: string
+//		description: Lookup a user with this email.
+//	-
+//		name: ip
+//		in: query
+//		type: string
+//		description: Lookup users with this IP address.
+//	-
+//		name: max_id
+//		in: query
+//		type: string
+//		description: All results returned will be older than the item with this ID.
+//	-
+//		name: since_id
+//		in: query
+//		type: string
+//		description: All results returned will be newer than the item with this ID.
+//	-
+//		name: min_id
+//		in: query
+//		type: string
+//		description: Returns results immediately newer than the item with this ID.
+//	-
+//		name: limit
+//		in: query
+//		type: integer
+//		description: Maximum number of results to return.
+//		default: 100
+//		maximum: 200
+//		minimum: 1
+//
+//	security:
+//	- OAuth2 Bearer:
+//		- admin
+//
+//	responses:
+//		'200':
+//			headers:
+//				Link:
+//					type: string
+//					description: Links to the next and previous queries.
+//			schema:
+//				type: array
+//				items:
+//					"$ref": "#/definitions/adminAccountInfo"
+//		'400':
+//			description: bad request
+//		'401':
+//			description: unauthorized
+//		'403':
+//			description: forbidden
+//		'404':
+//			description: not found
+//		'406':
+//			description: not acceptable
+//		'500':
+//			description: internal server error
+package admin
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"github.com/superseriousbusiness/gotosocial/internal/paging"
+)
+
+func (m *Module) AccountsGETV2Handler(c *gin.Context) {
+	authed, err := oauth.Authed(c, true, true, true, true)
+	if err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if !*authed.User.Admin {
+		err := fmt.Errorf("user %s not an admin", authed.User.ID)
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	if authed.Account.IsMoving() {
+		apiutil.ForbiddenAfterMove(c)
+		return
+	}
+
+	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}
+
+	page, errWithCode := paging.ParseIDPage(c, 1, 200, 100)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	// Parse out all optional params from the query.
+	params := &apimodel.AdminGetAccountsRequest{
+		Origin:      c.Query(apiutil.AdminOriginKey),
+		Status:      c.Query(apiutil.AdminStatusKey),
+		Permissions: c.Query(apiutil.AdminPermissionsKey),
+		RoleIDs:     c.QueryArray(apiutil.AdminRoleIDsKey),
+		InvitedBy:   c.Query(apiutil.AdminInvitedByKey),
+		Username:    c.Query(apiutil.UsernameKey),
+		DisplayName: c.Query(apiutil.AdminDisplayNameKey),
+		ByDomain:    c.Query(apiutil.AdminByDomainKey),
+		Email:       c.Query(apiutil.AdminEmailKey),
+		IP:          c.Query(apiutil.AdminIPKey),
+		APIVersion:  2,
+	}
+
+	resp, errWithCode := m.processor.Admin().AccountsGet(
+		c.Request.Context(),
+		params,
+		page,
+	)
+	if errWithCode != nil {
+		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+		return
+	}
+
+	if resp.LinkHeader != "" {
+		c.Header("Link", resp.LinkHeader)
+	}
+
+	apiutil.JSON(c, http.StatusOK, resp.Items)
+}
diff --git a/internal/api/client/admin/admin.go b/internal/api/client/admin/admin.go
index f247d7ce9..e898bca46 100644
--- a/internal/api/client/admin/admin.go
+++ b/internal/api/client/admin/admin.go
@@ -39,9 +39,12 @@ const (
 	HeaderAllowsPathWithID  = HeaderAllowsPath + "/:" + IDKey
 	HeaderBlocksPath        = BasePath + "/header_blocks"
 	HeaderBlocksPathWithID  = HeaderBlocksPath + "/:" + IDKey
-	AccountsPath            = BasePath + "/accounts"
-	AccountsPathWithID      = AccountsPath + "/:" + IDKey
+	AccountsV1Path          = BasePath + "/accounts"
+	AccountsV2Path          = "/v2/admin/accounts"
+	AccountsPathWithID      = AccountsV1Path + "/:" + IDKey
 	AccountsActionPath      = AccountsPathWithID + "/action"
+	AccountsApprovePath     = AccountsPathWithID + "/approve"
+	AccountsRejectPath      = AccountsPathWithID + "/reject"
 	MediaCleanupPath        = BasePath + "/media_cleanup"
 	MediaRefetchPath        = BasePath + "/media_refetch"
 	ReportsPath             = BasePath + "/reports"
@@ -113,7 +116,12 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
 	attachHandler(http.MethodPost, DomainKeysExpirePath, m.DomainKeysExpirePOSTHandler)
 
 	// accounts stuff
+	attachHandler(http.MethodGet, AccountsV1Path, m.AccountsGETV1Handler)
+	attachHandler(http.MethodGet, AccountsV2Path, m.AccountsGETV2Handler)
+	attachHandler(http.MethodGet, AccountsPathWithID, m.AccountGETHandler)
 	attachHandler(http.MethodPost, AccountsActionPath, m.AccountActionPOSTHandler)
+	attachHandler(http.MethodPost, AccountsApprovePath, m.AccountApprovePOSTHandler)
+	attachHandler(http.MethodPost, AccountsRejectPath, m.AccountRejectPOSTHandler)
 
 	// media stuff
 	attachHandler(http.MethodPost, MediaCleanupPath, m.MediaCleanupPOSTHandler)
diff --git a/internal/api/model/admin.go b/internal/api/model/admin.go
index ca84ffd88..637ab0ed7 100644
--- a/internal/api/model/admin.go
+++ b/internal/api/model/admin.go
@@ -229,3 +229,52 @@ type DebugAPUrlResponse struct {
 	// may be an error, may be both!
 	ResponseBody string `json:"response_body"`
 }
+
+// AdminGetAccountsRequest models a request
+// to get an admin view of one or more
+// accounts using given parameters.
+//
+// swagger:ignore
+type AdminGetAccountsRequest struct {
+	// Filter for `local` or `remote` accounts.
+	Origin string
+	// Filter for `active`, `pending`, `disabled`,
+	// `silenced`, or `suspended` accounts.
+	Status string
+	// Filter for accounts with staff perms
+	// (users that can manage reports).
+	Permissions string
+	// Filter for users with these roles.
+	RoleIDs []string
+	// Lookup users invited by the account with this ID.
+	InvitedBy string
+	// Search for the given username.
+	Username string
+	// Search for the given display name.
+	DisplayName string
+	// Filter by the given domain.
+	ByDomain string
+	// Lookup a user with this email.
+	Email string
+	// Lookup users with this IP address.
+	IP string
+	// API version to use for this request (1 or 2).
+	// Set internally, not by callers.
+	APIVersion int
+}
+
+// AdminAccountRejectRequest models a
+// request to deny a new account sign-up.
+//
+// swagger:ignore
+type AdminAccountRejectRequest struct {
+	// Comment to leave on why the account was denied.
+	// The comment will be visible to admins only.
+	PrivateComment string `form:"private_comment" json:"private_comment"`
+	// Message to include in email to applicant.
+	// Will be included only if send_email is true.
+	Message string `form:"message" json:"message"`
+	// Send an email to the applicant informing
+	// them that their sign-up has been rejected.
+	SendEmail bool `form:"send_email" json:"send_email"`
+}
diff --git a/internal/api/util/parsequery.go b/internal/api/util/parsequery.go
index da6320b67..54cb4c466 100644
--- a/internal/api/util/parsequery.go
+++ b/internal/api/util/parsequery.go
@@ -34,12 +34,13 @@ const (
 
 	/* Common keys */
 
-	IDKey      = "id"
-	LimitKey   = "limit"
-	LocalKey   = "local"
-	MaxIDKey   = "max_id"
-	SinceIDKey = "since_id"
-	MinIDKey   = "min_id"
+	IDKey       = "id"
+	LimitKey    = "limit"
+	LocalKey    = "local"
+	MaxIDKey    = "max_id"
+	SinceIDKey  = "since_id"
+	MinIDKey    = "min_id"
+	UsernameKey = "username"
 
 	/* AP endpoint keys */
 
@@ -61,33 +62,55 @@ const (
 
 	/* Web endpoint keys */
 
-	WebUsernameKey = "username"
 	WebStatusIDKey = "status"
 
 	/* Domain permission keys */
 
 	DomainPermissionExportKey = "export"
 	DomainPermissionImportKey = "import"
+
+	/* Admin query keys */
+
+	AdminRemoteKey      = "remote"
+	AdminActiveKey      = "active"
+	AdminPendingKey     = "pending"
+	AdminDisabledKey    = "disabled"
+	AdminSilencedKey    = "silenced"
+	AdminSuspendedKey   = "suspended"
+	AdminSensitizedKey  = "sensitized"
+	AdminDisplayNameKey = "display_name"
+	AdminByDomainKey    = "by_domain"
+	AdminEmailKey       = "email"
+	AdminIPKey          = "ip"
+	AdminStaffKey       = "staff"
+	AdminOriginKey      = "origin"
+	AdminStatusKey      = "status"
+	AdminPermissionsKey = "permissions"
+	AdminRoleIDsKey     = "role_ids[]"
+	AdminInvitedByKey   = "invited_by"
 )
 
 /*
 	Parse functions for *OPTIONAL* parameters with default values.
 */
 
-func ParseLimit(value string, defaultValue int, max, min int) (int, gtserror.WithCode) {
-	i, err := parseInt(value, defaultValue, max, min, LimitKey)
-	if err != nil {
-		return 0, err
+func ParseMaxID(value string, defaultValue string) string {
+	if value == "" {
+		return defaultValue
 	}
 
-	return i, nil
+	return value
 }
 
-func ParseLocal(value string, defaultValue bool) (bool, gtserror.WithCode) {
-	return parseBool(value, defaultValue, LocalKey)
+func ParseSinceID(value string, defaultValue string) string {
+	if value == "" {
+		return defaultValue
+	}
+
+	return value
 }
 
-func ParseMaxID(value string, defaultValue string) string {
+func ParseMinID(value string, defaultValue string) string {
 	if value == "" {
 		return defaultValue
 	}
@@ -95,6 +118,19 @@ func ParseMaxID(value string, defaultValue string) string {
 	return value
 }
 
+func ParseLimit(value string, defaultValue int, max, min int) (int, gtserror.WithCode) {
+	i, err := parseInt(value, defaultValue, max, min, LimitKey)
+	if err != nil {
+		return 0, err
+	}
+
+	return i, nil
+}
+
+func ParseLocal(value string, defaultValue bool) (bool, gtserror.WithCode) {
+	return parseBool(value, defaultValue, LocalKey)
+}
+
 func ParseSearchExcludeUnreviewed(value string, defaultValue bool) (bool, gtserror.WithCode) {
 	return parseBool(value, defaultValue, SearchExcludeUnreviewedKey)
 }
@@ -123,6 +159,34 @@ func ParseOnlyOtherAccounts(value string, defaultValue bool) (bool, gtserror.Wit
 	return parseBool(value, defaultValue, OnlyOtherAccountsKey)
 }
 
+func ParseAdminRemote(value string, defaultValue bool) (bool, gtserror.WithCode) {
+	return parseBool(value, defaultValue, AdminRemoteKey)
+}
+
+func ParseAdminActive(value string, defaultValue bool) (bool, gtserror.WithCode) {
+	return parseBool(value, defaultValue, AdminActiveKey)
+}
+
+func ParseAdminPending(value string, defaultValue bool) (bool, gtserror.WithCode) {
+	return parseBool(value, defaultValue, AdminPendingKey)
+}
+
+func ParseAdminDisabled(value string, defaultValue bool) (bool, gtserror.WithCode) {
+	return parseBool(value, defaultValue, AdminDisabledKey)
+}
+
+func ParseAdminSilenced(value string, defaultValue bool) (bool, gtserror.WithCode) {
+	return parseBool(value, defaultValue, AdminSilencedKey)
+}
+
+func ParseAdminSuspended(value string, defaultValue bool) (bool, gtserror.WithCode) {
+	return parseBool(value, defaultValue, AdminSuspendedKey)
+}
+
+func ParseAdminStaff(value string, defaultValue bool) (bool, gtserror.WithCode) {
+	return parseBool(value, defaultValue, AdminStaffKey)
+}
+
 /*
 	Parse functions for *REQUIRED* parameters.
 */
@@ -187,8 +251,8 @@ func ParseTagName(value string) (string, gtserror.WithCode) {
 	return value, nil
 }
 
-func ParseWebUsername(value string) (string, gtserror.WithCode) {
-	key := WebUsernameKey
+func ParseUsername(value string) (string, gtserror.WithCode) {
+	key := UsernameKey
 
 	if value == "" {
 		return "", requiredError(key)
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2024-04-13 13:25:10 +0200
committer	GitHub <noreply@github.com>	2024-04-13 13:25:10 +0200
commit	89e0cfd8741b6763ca04e90558bccf4c3c380cfa (patch)
tree	5858ada73473816fa1982f12717b66996d163f9d /internal/api
parent	[performance] update GetAccountsByIDs() to use the new multi cache loader end... (diff)
download	gotosocial-89e0cfd8741b6763ca04e90558bccf4c3c380cfa.tar.xz