diff options
Diffstat (limited to 'internal/api')
| -rw-r--r-- | internal/api/client/admin/accountaction.go | 126 | ||||
| -rw-r--r-- | internal/api/client/admin/admin.go | 7 | ||||
| -rw-r--r-- | internal/api/client/admin/admin_test.go | 2 | ||||
| -rw-r--r-- | internal/api/model/admin.go | 12 |
4 files changed, 145 insertions, 2 deletions
diff --git a/internal/api/client/admin/accountaction.go b/internal/api/client/admin/accountaction.go new file mode 100644 index 000000000..46473fa73 --- /dev/null +++ b/internal/api/client/admin/accountaction.go @@ -0,0 +1,126 @@ +/* + GoToSocial + Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +package admin + +import ( + "fmt" + "net/http" + + "github.com/gin-gonic/gin" + "github.com/sirupsen/logrus" + "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// AccountActionPOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/action adminAccountAction +// +// Perform an admin action on an account. +// +// --- +// tags: +// - admin +// +// consumes: +// - multipart/form-data +// +// produces: +// - application/json +// +// parameters: +// - name: id +// required: true +// in: path +// description: ID of the account. +// type: string +// - name: type +// in: formData +// description: |- +// Type of action to be taken. One of: disable, silence, suspend. +// type: string +// required: true +// - name: text +// in: formData +// description: Optional text describing why this action was taken. +// type: string +// +// security: +// - OAuth2 Bearer: +// - admin +// +// responses: +// '200': +// description: OK +// '400': +// description: bad request +// '401': +// description: unauthorized +// '403': +// description: forbidden +func (m *Module) AccountActionPOSTHandler(c *gin.Context) { + l := logrus.WithFields(logrus.Fields{ + "func": "AccountActionPOSTHandler", + "request_uri": c.Request.RequestURI, + "user_agent": c.Request.UserAgent(), + "origin_ip": c.ClientIP(), + }) + + // make sure we're authed... + authed, err := oauth.Authed(c, true, true, true, true) + if err != nil { + l.Debugf("couldn't auth: %s", err) + c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()}) + return + } + + // with an admin account + if !authed.User.Admin { + l.Debugf("user %s not an admin", authed.User.ID) + c.JSON(http.StatusForbidden, gin.H{"error": "not an admin"}) + return + } + + // extract the form from the request context + l.Tracef("parsing request form: %+v", c.Request.Form) + form := &model.AdminAccountActionRequest{} + if err := c.ShouldBind(form); err != nil { + l.Debugf("error parsing form %+v: %s", c.Request.Form, err) + c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("could not parse form: %s", err)}) + return + } + + if form.Type == "" { + c.JSON(http.StatusBadRequest, gin.H{"error": "no type specified"}) + return + } + + targetAcctID := c.Param(IDKey) + if targetAcctID == "" { + c.JSON(http.StatusBadRequest, gin.H{"error": "no account id specified"}) + return + } + form.TargetAccountID = targetAcctID + + if errWithCode := m.processor.AdminAccountAction(c.Request.Context(), authed, form); errWithCode != nil { + l.Debugf("error performing account action: %s", errWithCode.Error()) + c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()}) + return + } + + c.JSON(http.StatusOK, gin.H{"message": "OK"}) +} diff --git a/internal/api/client/admin/admin.go b/internal/api/client/admin/admin.go index f5256c996..7cf2c9bfc 100644 --- a/internal/api/client/admin/admin.go +++ b/internal/api/client/admin/admin.go @@ -35,6 +35,12 @@ const ( DomainBlocksPath = BasePath + "/domain_blocks" // DomainBlocksPathWithID is used for interacting with a single domain block. DomainBlocksPathWithID = DomainBlocksPath + "/:" + IDKey + // AccountsPath is used for listing + acting on accounts. + AccountsPath = BasePath + "/accounts" + // AccountsPathWithID is used for interacting with a single account. + AccountsPathWithID = AccountsPath + "/:" + IDKey + // AccountsActionPath is used for taking action on a single account. + AccountsActionPath = AccountsPathWithID + "/action" // ExportQueryKey is for requesting a public export of some data. ExportQueryKey = "export" @@ -63,5 +69,6 @@ func (m *Module) Route(r router.Router) error { r.AttachHandler(http.MethodGet, DomainBlocksPath, m.DomainBlocksGETHandler) r.AttachHandler(http.MethodGet, DomainBlocksPathWithID, m.DomainBlockGETHandler) r.AttachHandler(http.MethodDelete, DomainBlocksPathWithID, m.DomainBlockDELETEHandler) + r.AttachHandler(http.MethodPost, AccountsActionPath, m.AccountActionPOSTHandler) return nil } diff --git a/internal/api/client/admin/admin_test.go b/internal/api/client/admin/admin_test.go index da5b03949..a161191df 100644 --- a/internal/api/client/admin/admin_test.go +++ b/internal/api/client/admin/admin_test.go @@ -37,7 +37,6 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/media" "github.com/superseriousbusiness/gotosocial/internal/oauth" "github.com/superseriousbusiness/gotosocial/internal/processing" - "github.com/superseriousbusiness/gotosocial/internal/typeutils" "github.com/superseriousbusiness/gotosocial/testrig" ) @@ -45,7 +44,6 @@ type AdminStandardTestSuite struct { // standard suite interfaces suite.Suite db db.DB - tc typeutils.TypeConverter storage *kv.KVStore mediaManager media.Manager federator federation.Federator diff --git a/internal/api/model/admin.go b/internal/api/model/admin.go index 9bf1f6d8d..ada415546 100644 --- a/internal/api/model/admin.go +++ b/internal/api/model/admin.go @@ -79,3 +79,15 @@ type AdminReportInfo struct { // Statuses attached to the report, for context. Statuses []Status `json:"statuses"` } + +// AdminAccountActionRequest models the admin view of an account's details. +// +// swagger:ignore +type AdminAccountActionRequest struct { + // Type of the account action. One of disable, silence, suspend. + Type string `form:"type" json:"type" xml:"type"` + // Text describing why an action was taken. + Text string `form:"text" json:"text" xml:"text"` + // ID of the account to be acted on. + TargetAccountID string `form:"-" json:"-" xml:"-"` +} |