diff options
Diffstat (limited to 'internal/api/client')
| -rw-r--r-- | internal/api/client/admin/accountapprove.go | 105 | ||||
| -rw-r--r-- | internal/api/client/admin/accountget.go | 101 | ||||
| -rw-r--r-- | internal/api/client/admin/accountreject.go | 136 | ||||
| -rw-r--r-- | internal/api/client/admin/accountsgetv1.go | 348 | ||||
| -rw-r--r-- | internal/api/client/admin/accountsgetv2.go | 212 | ||||
| -rw-r--r-- | internal/api/client/admin/admin.go | 12 | 
6 files changed, 912 insertions, 2 deletions
| diff --git a/internal/api/client/admin/accountapprove.go b/internal/api/client/admin/accountapprove.go new file mode 100644 index 000000000..ff6474adb --- /dev/null +++ b/internal/api/client/admin/accountapprove.go @@ -0,0 +1,105 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program.  If not, see <http://www.gnu.org/licenses/>. + +package admin + +import ( +	"fmt" +	"net/http" + +	"github.com/gin-gonic/gin" +	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" +	"github.com/superseriousbusiness/gotosocial/internal/gtserror" +	"github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// AccountApprovePOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/approve adminAccountApprove +// +// Approve pending account. +// +//	--- +//	tags: +//	- admin +// +//	produces: +//	- application/json +// +//	parameters: +//	- +//		name: id +//		required: true +//		in: path +//		description: ID of the account. +//		type: string +// +//	security: +//	- OAuth2 Bearer: +//		- admin +// +//	responses: +//		'200': +//			description: The now-approved account. +//			schema: +//				"$ref": "#/definitions/adminAccountInfo" +//		'400': +//			description: bad request +//		'401': +//			description: unauthorized +//		'403': +//			description: forbidden +//		'404': +//			description: not found +//		'406': +//			description: not acceptable +//		'500': +//			description: internal server error +func (m *Module) AccountApprovePOSTHandler(c *gin.Context) { +	authed, err := oauth.Authed(c, true, true, true, true) +	if err != nil { +		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if !*authed.User.Admin { +		err := fmt.Errorf("user %s not an admin", authed.User.ID) +		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if authed.Account.IsMoving() { +		apiutil.ForbiddenAfterMove(c) +		return +	} + +	targetAcctID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey)) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	account, errWithCode := m.processor.Admin().AccountApprove( +		c.Request.Context(), +		authed.Account, +		targetAcctID, +	) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	apiutil.JSON(c, http.StatusOK, account) +} diff --git a/internal/api/client/admin/accountget.go b/internal/api/client/admin/accountget.go new file mode 100644 index 000000000..3a656fecc --- /dev/null +++ b/internal/api/client/admin/accountget.go @@ -0,0 +1,101 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program.  If not, see <http://www.gnu.org/licenses/>. + +package admin + +import ( +	"fmt" +	"net/http" + +	"github.com/gin-gonic/gin" +	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" +	"github.com/superseriousbusiness/gotosocial/internal/gtserror" +	"github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// AccountGETHandler swagger:operation GET /api/v1/admin/accounts/{id} adminAccountGet +// +// View one account. +// +//	--- +//	tags: +//	- admin +// +//	produces: +//	- application/json +// +//	parameters: +//	- +//		name: id +//		required: true +//		in: path +//		description: ID of the account. +//		type: string +// +//	security: +//	- OAuth2 Bearer: +//		- admin +// +//	responses: +//		'200': +//			description: OK +//			schema: +//				"$ref": "#/definitions/adminAccountInfo" +//		'400': +//			description: bad request +//		'401': +//			description: unauthorized +//		'403': +//			description: forbidden +//		'404': +//			description: not found +//		'406': +//			description: not acceptable +//		'500': +//			description: internal server error +func (m *Module) AccountGETHandler(c *gin.Context) { +	authed, err := oauth.Authed(c, true, true, true, true) +	if err != nil { +		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if !*authed.User.Admin { +		err := fmt.Errorf("user %s not an admin", authed.User.ID) +		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if authed.Account.IsMoving() { +		apiutil.ForbiddenAfterMove(c) +		return +	} + +	targetAcctID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey)) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	account, errWithCode := m.processor.Admin().AccountGet(c.Request.Context(), targetAcctID) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	apiutil.JSON(c, http.StatusOK, account) +} diff --git a/internal/api/client/admin/accountreject.go b/internal/api/client/admin/accountreject.go new file mode 100644 index 000000000..1e909b508 --- /dev/null +++ b/internal/api/client/admin/accountreject.go @@ -0,0 +1,136 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program.  If not, see <http://www.gnu.org/licenses/>. + +package admin + +import ( +	"fmt" +	"net/http" + +	"github.com/gin-gonic/gin" +	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" +	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" +	"github.com/superseriousbusiness/gotosocial/internal/gtserror" +	"github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// AccountRejectPOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/reject adminAccountReject +// +// Reject pending account. +// +//	--- +//	tags: +//	- admin +// +//	produces: +//	- application/json +// +//	parameters: +//	- +//		name: id +//		required: true +//		in: path +//		description: ID of the account. +//		type: string +//	- +//		name: private_comment +//		in: formData +//		description: >- +//			Comment to leave on why the account was denied. +//			The comment will be visible to admins only. +//		type: string +//	- +//		name: message +//		in: formData +//		description: >- +//			Message to include in email to applicant. +//			Will be included only if send_email is true. +//		type: string +//	- +//		name: send_email +//		in: formData +//		description: >- +//			Send an email to the applicant informing +//			them that their sign-up has been rejected. +//		type: boolean +// +//	security: +//	- OAuth2 Bearer: +//		- admin +// +//	responses: +//		'200': +//			description: The now-rejected account. +//			schema: +//				"$ref": "#/definitions/adminAccountInfo" +//		'400': +//			description: bad request +//		'401': +//			description: unauthorized +//		'403': +//			description: forbidden +//		'404': +//			description: not found +//		'406': +//			description: not acceptable +//		'500': +//			description: internal server error +func (m *Module) AccountRejectPOSTHandler(c *gin.Context) { +	authed, err := oauth.Authed(c, true, true, true, true) +	if err != nil { +		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if !*authed.User.Admin { +		err := fmt.Errorf("user %s not an admin", authed.User.ID) +		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if authed.Account.IsMoving() { +		apiutil.ForbiddenAfterMove(c) +		return +	} + +	targetAcctID, errWithCode := apiutil.ParseID(c.Param(apiutil.IDKey)) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	form := new(apimodel.AdminAccountRejectRequest) +	if err := c.ShouldBind(form); err != nil { +		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	account, errWithCode := m.processor.Admin().AccountReject( +		c.Request.Context(), +		authed.Account, +		targetAcctID, +		form.PrivateComment, +		form.SendEmail, +		form.Message, +	) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	apiutil.JSON(c, http.StatusOK, account) +} diff --git a/internal/api/client/admin/accountsgetv1.go b/internal/api/client/admin/accountsgetv1.go new file mode 100644 index 000000000..604d74992 --- /dev/null +++ b/internal/api/client/admin/accountsgetv1.go @@ -0,0 +1,348 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program.  If not, see <http://www.gnu.org/licenses/>. + +// AccountsGETHandlerV1 swagger:operation GET /api/v1/admin/accounts adminAccountsGetV1 +// +// View + page through known accounts according to given filters. +// +// The next and previous queries can be parsed from the returned Link header. +// Example: +// +// ``` +// <https://example.org/api/v1/admin/accounts?limit=80&max_id=01FC0SKA48HNSVR6YKZCQGS2V8>; rel="next", <https://example.org/api/v1/admin/accounts?limit=80&min_id=01FC0SKW5JK2Q4EVAV2B462YY0>; rel="prev" +// ```` +// +//	--- +//	tags: +//	- admin +// +//	produces: +//	- application/json +// +//	parameters: +//	- +//		name: local +//		in: query +//		type: boolean +//		description: Filter for local accounts. +//		default: false +//	- +//		name: remote +//		in: query +//		type: boolean +//		description: Filter for remote accounts. +//		default: false +//	- +//		name: active +//		in: query +//		type: boolean +//		description: Filter for currently active accounts. +//		default: false +//	- +//		name: pending +//		in: query +//		type: boolean +//		description: Filter for currently pending accounts. +//		default: false +//	- +//		name: disabled +//		in: query +//		type: boolean +//		description: Filter for currently disabled accounts. +//		default: false +//	- +//		name: silenced +//		in: query +//		type: boolean +//		description: Filter for currently silenced accounts. +//		default: false +//	- +//		name: suspended +//		in: query +//		type: boolean +//		description: Filter for currently suspended accounts. +//		default: false +//	- +//		name: sensitized +//		in: query +//		type: boolean +//		description: Filter for accounts force-marked as sensitive. +//		default: false +//	- +//		name: username +//		in: query +//		type: string +//		description: Search for the given username. +//	- +//		name: display_name +//		in: query +//		type: string +//		description: Search for the given display name. +//	- +//		name: by_domain +//		in: query +//		type: string +//		description: Filter by the given domain. +//	- +//		name: email +//		in: query +//		type: string +//		description: Lookup a user with this email. +//	- +//		name: ip +//		in: query +//		type: string +//		description: Lookup users with this IP address. +//	- +//		name: staff +//		in: query +//		type: boolean +//		description: Filter for staff accounts. +//		default: false +//	- +//		name: max_id +//		in: query +//		type: string +//		description: All results returned will be older than the item with this ID. +//	- +//		name: since_id +//		in: query +//		type: string +//		description: All results returned will be newer than the item with this ID. +//	- +//		name: min_id +//		in: query +//		type: string +//		description: Returns results immediately newer than the item with this ID. +//	- +//		name: limit +//		in: query +//		type: integer +//		description: Maximum number of results to return. +//		default: 100 +//		maximum: 200 +//		minimum: 1 +// +//	security: +//	- OAuth2 Bearer: +//		- admin +// +//	responses: +//		'200': +//			headers: +//				Link: +//					type: string +//					description: Links to the next and previous queries. +//			schema: +//				type: array +//				items: +//					"$ref": "#/definitions/adminAccountInfo" +//		'400': +//			description: bad request +//		'401': +//			description: unauthorized +//		'403': +//			description: forbidden +//		'404': +//			description: not found +//		'406': +//			description: not acceptable +//		'500': +//			description: internal server error +package admin + +import ( +	"fmt" +	"net/http" + +	"github.com/gin-gonic/gin" +	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" +	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" +	"github.com/superseriousbusiness/gotosocial/internal/gtserror" +	"github.com/superseriousbusiness/gotosocial/internal/oauth" +	"github.com/superseriousbusiness/gotosocial/internal/paging" +) + +func (m *Module) AccountsGETV1Handler(c *gin.Context) { +	authed, err := oauth.Authed(c, true, true, true, true) +	if err != nil { +		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if !*authed.User.Admin { +		err := fmt.Errorf("user %s not an admin", authed.User.ID) +		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if authed.Account.IsMoving() { +		apiutil.ForbiddenAfterMove(c) +		return +	} + +	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil { +		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	page, errWithCode := paging.ParseIDPage(c, 1, 200, 100) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	/* Translate to v2 `origin` query param */ + +	local, errWithCode := apiutil.ParseLocal(c.Query(apiutil.LocalKey), false) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	remote, errWithCode := apiutil.ParseAdminRemote(c.Query(apiutil.AdminRemoteKey), false) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	if local && remote { +		keys := []string{apiutil.LocalKey, apiutil.AdminRemoteKey} +		err := fmt.Errorf("only one of %+v can be true", keys) +		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	var origin string +	if local { +		origin = "local" +	} else if remote { +		origin = "remote" +	} + +	/* Translate to v2 `status` query param */ + +	active, errWithCode := apiutil.ParseAdminActive(c.Query(apiutil.AdminActiveKey), false) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	pending, errWithCode := apiutil.ParseAdminPending(c.Query(apiutil.AdminPendingKey), false) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	disabled, errWithCode := apiutil.ParseAdminDisabled(c.Query(apiutil.AdminDisabledKey), false) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	silenced, errWithCode := apiutil.ParseAdminSilenced(c.Query(apiutil.AdminSilencedKey), false) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	suspended, errWithCode := apiutil.ParseAdminSuspended(c.Query(apiutil.AdminSuspendedKey), false) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	// Ensure only one `status` query param set. +	var status string +	states := map[string]bool{ +		apiutil.AdminActiveKey:    active, +		apiutil.AdminPendingKey:   pending, +		apiutil.AdminDisabledKey:  disabled, +		apiutil.AdminSilencedKey:  silenced, +		apiutil.AdminSuspendedKey: suspended, +	} +	for k, v := range states { +		if !v { +			// False status, +			// so irrelevant. +			continue +		} + +		if status != "" { +			// Status was already set by another +			// query param, this is an error. +			keys := []string{ +				apiutil.AdminActiveKey, +				apiutil.AdminPendingKey, +				apiutil.AdminDisabledKey, +				apiutil.AdminSilencedKey, +				apiutil.AdminSuspendedKey, +			} +			err := fmt.Errorf("only one of %+v can be true", keys) +			apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) +			return +		} + +		// Use this +		// account status. +		status = k +	} + +	/* Translate to v2 `permissions` query param */ + +	staff, errWithCode := apiutil.ParseAdminStaff(c.Query(apiutil.AdminStaffKey), false) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	var permissions string +	if staff { +		permissions = "staff" +	} + +	// Parse out all optional params from the query. +	params := &apimodel.AdminGetAccountsRequest{ +		Origin:      origin, +		Status:      status, +		Permissions: permissions, +		RoleIDs:     nil, // Can't do in V1. +		InvitedBy:   "",  // Can't do in V1. +		Username:    c.Query(apiutil.UsernameKey), +		DisplayName: c.Query(apiutil.AdminDisplayNameKey), +		ByDomain:    c.Query(apiutil.AdminByDomainKey), +		Email:       c.Query(apiutil.AdminEmailKey), +		IP:          c.Query(apiutil.AdminIPKey), +		APIVersion:  1, +	} + +	resp, errWithCode := m.processor.Admin().AccountsGet( +		c.Request.Context(), +		params, +		page, +	) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	if resp.LinkHeader != "" { +		c.Header("Link", resp.LinkHeader) +	} + +	apiutil.JSON(c, http.StatusOK, resp.Items) +} diff --git a/internal/api/client/admin/accountsgetv2.go b/internal/api/client/admin/accountsgetv2.go new file mode 100644 index 000000000..ca32b9e7f --- /dev/null +++ b/internal/api/client/admin/accountsgetv2.go @@ -0,0 +1,212 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program.  If not, see <http://www.gnu.org/licenses/>. + +// AccountsGETHandlerV2 swagger:operation GET /api/v2/admin/accounts adminAccountsGetV2 +// +// View + page through known accounts according to given filters. +// +// The next and previous queries can be parsed from the returned Link header. +// Example: +// +// ``` +// <https://example.org/api/v2/admin/accounts?limit=80&max_id=01FC0SKA48HNSVR6YKZCQGS2V8>; rel="next", <https://example.org/api/v2/admin/accounts?limit=80&min_id=01FC0SKW5JK2Q4EVAV2B462YY0>; rel="prev" +// ```` +// +//	--- +//	tags: +//	- admin +// +//	produces: +//	- application/json +// +//	parameters: +//	- +//		name: origin +//		in: query +//		type: string +//		description: Filter for `local` or `remote` accounts. +//	- +//		name: status +//		in: query +//		type: string +//		description: Filter for `active`, `pending`, `disabled`, `silenced`, or `suspended` accounts. +//	- +//		name: permissions +//		in: query +//		type: string +//		description: Filter for accounts with staff permissions (users that can manage reports). +//	- +//		name: role_ids[] +//		in: query +//		type: array +//		items: +//			type: string +//		description: Filter for users with these roles. +//	- +//		name: invited_by +//		in: query +//		type: string +//		description: Lookup users invited by the account with this ID. +//	- +//		name: username +//		in: query +//		type: string +//		description: Search for the given username. +//	- +//		name: display_name +//		in: query +//		type: string +//		description: Search for the given display name. +//	- +//		name: by_domain +//		in: query +//		type: string +//		description: Filter by the given domain. +//	- +//		name: email +//		in: query +//		type: string +//		description: Lookup a user with this email. +//	- +//		name: ip +//		in: query +//		type: string +//		description: Lookup users with this IP address. +//	- +//		name: max_id +//		in: query +//		type: string +//		description: All results returned will be older than the item with this ID. +//	- +//		name: since_id +//		in: query +//		type: string +//		description: All results returned will be newer than the item with this ID. +//	- +//		name: min_id +//		in: query +//		type: string +//		description: Returns results immediately newer than the item with this ID. +//	- +//		name: limit +//		in: query +//		type: integer +//		description: Maximum number of results to return. +//		default: 100 +//		maximum: 200 +//		minimum: 1 +// +//	security: +//	- OAuth2 Bearer: +//		- admin +// +//	responses: +//		'200': +//			headers: +//				Link: +//					type: string +//					description: Links to the next and previous queries. +//			schema: +//				type: array +//				items: +//					"$ref": "#/definitions/adminAccountInfo" +//		'400': +//			description: bad request +//		'401': +//			description: unauthorized +//		'403': +//			description: forbidden +//		'404': +//			description: not found +//		'406': +//			description: not acceptable +//		'500': +//			description: internal server error +package admin + +import ( +	"fmt" +	"net/http" + +	"github.com/gin-gonic/gin" +	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" +	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" +	"github.com/superseriousbusiness/gotosocial/internal/gtserror" +	"github.com/superseriousbusiness/gotosocial/internal/oauth" +	"github.com/superseriousbusiness/gotosocial/internal/paging" +) + +func (m *Module) AccountsGETV2Handler(c *gin.Context) { +	authed, err := oauth.Authed(c, true, true, true, true) +	if err != nil { +		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if !*authed.User.Admin { +		err := fmt.Errorf("user %s not an admin", authed.User.ID) +		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	if authed.Account.IsMoving() { +		apiutil.ForbiddenAfterMove(c) +		return +	} + +	if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil { +		apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1) +		return +	} + +	page, errWithCode := paging.ParseIDPage(c, 1, 200, 100) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	// Parse out all optional params from the query. +	params := &apimodel.AdminGetAccountsRequest{ +		Origin:      c.Query(apiutil.AdminOriginKey), +		Status:      c.Query(apiutil.AdminStatusKey), +		Permissions: c.Query(apiutil.AdminPermissionsKey), +		RoleIDs:     c.QueryArray(apiutil.AdminRoleIDsKey), +		InvitedBy:   c.Query(apiutil.AdminInvitedByKey), +		Username:    c.Query(apiutil.UsernameKey), +		DisplayName: c.Query(apiutil.AdminDisplayNameKey), +		ByDomain:    c.Query(apiutil.AdminByDomainKey), +		Email:       c.Query(apiutil.AdminEmailKey), +		IP:          c.Query(apiutil.AdminIPKey), +		APIVersion:  2, +	} + +	resp, errWithCode := m.processor.Admin().AccountsGet( +		c.Request.Context(), +		params, +		page, +	) +	if errWithCode != nil { +		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) +		return +	} + +	if resp.LinkHeader != "" { +		c.Header("Link", resp.LinkHeader) +	} + +	apiutil.JSON(c, http.StatusOK, resp.Items) +} diff --git a/internal/api/client/admin/admin.go b/internal/api/client/admin/admin.go index f247d7ce9..e898bca46 100644 --- a/internal/api/client/admin/admin.go +++ b/internal/api/client/admin/admin.go @@ -39,9 +39,12 @@ const (  	HeaderAllowsPathWithID  = HeaderAllowsPath + "/:" + IDKey  	HeaderBlocksPath        = BasePath + "/header_blocks"  	HeaderBlocksPathWithID  = HeaderBlocksPath + "/:" + IDKey -	AccountsPath            = BasePath + "/accounts" -	AccountsPathWithID      = AccountsPath + "/:" + IDKey +	AccountsV1Path          = BasePath + "/accounts" +	AccountsV2Path          = "/v2/admin/accounts" +	AccountsPathWithID      = AccountsV1Path + "/:" + IDKey  	AccountsActionPath      = AccountsPathWithID + "/action" +	AccountsApprovePath     = AccountsPathWithID + "/approve" +	AccountsRejectPath      = AccountsPathWithID + "/reject"  	MediaCleanupPath        = BasePath + "/media_cleanup"  	MediaRefetchPath        = BasePath + "/media_refetch"  	ReportsPath             = BasePath + "/reports" @@ -113,7 +116,12 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H  	attachHandler(http.MethodPost, DomainKeysExpirePath, m.DomainKeysExpirePOSTHandler)  	// accounts stuff +	attachHandler(http.MethodGet, AccountsV1Path, m.AccountsGETV1Handler) +	attachHandler(http.MethodGet, AccountsV2Path, m.AccountsGETV2Handler) +	attachHandler(http.MethodGet, AccountsPathWithID, m.AccountGETHandler)  	attachHandler(http.MethodPost, AccountsActionPath, m.AccountActionPOSTHandler) +	attachHandler(http.MethodPost, AccountsApprovePath, m.AccountApprovePOSTHandler) +	attachHandler(http.MethodPost, AccountsRejectPath, m.AccountRejectPOSTHandler)  	// media stuff  	attachHandler(http.MethodPost, MediaCleanupPath, m.MediaCleanupPOSTHandler) | 
