documize/domain/setting/endpoint.go

// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
//
// This software (Documize Community Edition) is licensed under
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
//
// You can operate outside the AGPL restrictions by purchasing
// Documize Enterprise Edition and obtaining a commercial license
// by contacting <sales@documize.com>.
//
// https://documize.com

// Package setting manages both global and user level settings
package setting

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"net/http"

	"github.com/documize/community/core/env"
	"github.com/documize/community/core/request"
	"github.com/documize/community/core/response"
	"github.com/documize/community/core/streamutil"
	"github.com/documize/community/domain"
	"github.com/documize/community/domain/smtp"
	"github.com/documize/community/domain/store"
	"github.com/documize/community/model/audit"
)

// Handler contains the runtime information such as logging and database.
type Handler struct {
	Runtime *env.Runtime
	Store   *store.Store
}

// SMTP returns installation-wide SMTP settings
func (h *Handler) SMTP(w http.ResponseWriter, r *http.Request) {
	method := "setting.SMTP"
	ctx := domain.GetRequestContext(r)

	if !ctx.GlobalAdmin {
		response.WriteForbiddenError(w)
		return
	}

	config, _ := h.Store.Setting.Get("SMTP", "")

	var y map[string]interface{}
	json.Unmarshal([]byte(config), &y)

	j, err := json.Marshal(y)
	if err != nil {
		response.WriteBadRequestError(w, method, err.Error())
		h.Runtime.Log.Error(method, err)
		return
	}

	response.WriteBytes(w, j)
}

// SetSMTP persists global SMTP configuration.
func (h *Handler) SetSMTP(w http.ResponseWriter, r *http.Request) {
	method := "setting.SetSMTP"
	ctx := domain.GetRequestContext(r)

	if !ctx.GlobalAdmin {
		response.WriteForbiddenError(w)
		return
	}

	defer r.Body.Close()
	body, err := ioutil.ReadAll(r.Body)
	if err != nil {
		response.WriteBadRequestError(w, method, err.Error())
		h.Runtime.Log.Error(method, err)
		return
	}

	var config string
	config = string(body)

	// ctx.Transaction, err = h.Runtime.Db.Beginx()
	// if err != nil {
	// 	response.WriteServerError(w, method, err)
	// 	h.Runtime.Log.Error(method, err)
	// 	return
	// }

	h.Store.Setting.Set("SMTP", config)

	// ctx.Transaction.Commit()

	h.Store.Audit.Record(ctx, audit.EventTypeSystemSMTP)

	// test connection
	var result struct {
		Success bool   `json:"success"`
		Message string `json:"message"`
	}

	result.Message = "Email sent successfully!"

	u, err := h.Store.User.Get(ctx, ctx.UserID)
	if err != nil {
		result.Success = false
		result.Message = err.Error()
		h.Runtime.Log.Error(method, err)
		response.WriteJSON(w, result)
		return
	}

	cfg := GetSMTPConfig(h.Store)
	dialer, err := smtp.Connect(cfg)
	em := smtp.EmailMessage{}
	em.Subject = "Documize SMTP Test"
	em.BodyHTML = "<p>This is a test email from Documize using current SMTP settings.</p>"
	em.ToEmail = u.Email
	em.ToName = u.Fullname()

	result.Success, err = smtp.SendMessage(dialer, cfg, em)
	if !result.Success {
		result.Message = fmt.Sprintf("Unable to send test email: %s", err.Error())
	}

	response.WriteJSON(w, result)
}

// AuthConfig returns installation-wide auth configuration
func (h *Handler) AuthConfig(w http.ResponseWriter, r *http.Request) {
	method := "global.auth"
	ctx := domain.GetRequestContext(r)

	if !ctx.GlobalAdmin {
		response.WriteForbiddenError(w)
		return
	}

	org, err := h.Store.Organization.GetOrganization(ctx, ctx.OrgID)
	if err != nil {
		response.WriteForbiddenError(w)
		h.Runtime.Log.Error(method, err)
		return
	}

	response.WriteJSON(w, org.AuthConfig)
}

// SetAuthConfig persists installation-wide authentication configuration
func (h *Handler) SetAuthConfig(w http.ResponseWriter, r *http.Request) {
	method := "global.auth.save"
	ctx := domain.GetRequestContext(r)

	if !ctx.GlobalAdmin {
		response.WriteForbiddenError(w)
		return
	}

	defer r.Body.Close()
	body, err := ioutil.ReadAll(r.Body)
	if err != nil {
		response.WriteBadRequestError(w, method, err.Error())
		return
	}

	var data authData
	err = json.Unmarshal(body, &data)
	if err != nil {
		response.WriteBadRequestError(w, method, err.Error())
		h.Runtime.Log.Error(method, err)
		return
	}

	org, err := h.Store.Organization.GetOrganization(ctx, ctx.OrgID)
	if err != nil {
		response.WriteServerError(w, method, err)
		h.Runtime.Log.Error(method, err)
		return
	}

	org.AuthProvider = data.AuthProvider
	org.AuthConfig = data.AuthConfig

	ctx.Transaction, err = h.Runtime.Db.Beginx()
	if err != nil {
		response.WriteServerError(w, method, err)
		h.Runtime.Log.Error(method, err)
		return
	}

	err = h.Store.Organization.UpdateAuthConfig(ctx, org)
	if err != nil {
		ctx.Transaction.Rollback()
		response.WriteServerError(w, method, err)
		h.Runtime.Log.Error(method, err)
		return
	}

	ctx.Transaction.Commit()

	h.Store.Audit.Record(ctx, audit.EventTypeSystemAuth)

	response.WriteEmpty(w)
}

// GetInstanceSetting returns the requested organization level setting.
func (h *Handler) GetInstanceSetting(w http.ResponseWriter, r *http.Request) {
	ctx := domain.GetRequestContext(r)

	orgID := request.Param(r, "orgID")
	if orgID != ctx.OrgID || !ctx.Administrator {
		response.WriteForbiddenError(w)
		return
	}

	key := request.Query(r, "key")
	setting, _ := h.Store.Setting.GetUser(orgID, "", key, "")
	if len(setting) == 0 {
		setting = "{}"
	}

	response.WriteJSON(w, setting)
}

// SaveInstanceSetting saves org level setting.
func (h *Handler) SaveInstanceSetting(w http.ResponseWriter, r *http.Request) {
	method := "org.SaveInstanceSetting"
	ctx := domain.GetRequestContext(r)

	orgID := request.Param(r, "orgID")
	if orgID != ctx.OrgID || !ctx.Administrator {
		response.WriteForbiddenError(w)
		return
	}

	key := request.Query(r, "key")

	defer streamutil.Close(r.Body)
	body, err := ioutil.ReadAll(r.Body)
	if err != nil {
		response.WriteServerError(w, method, err)
		h.Runtime.Log.Error(method, err)
		return
	}

	config := string(body)
	h.Store.Setting.SetUser(orgID, "", key, config)

	response.WriteEmpty(w)
}

// GetGlobalSetting returns the requested organization level setting.
func (h *Handler) GetGlobalSetting(w http.ResponseWriter, r *http.Request) {
	ctx := domain.GetRequestContext(r)

	if !ctx.GlobalAdmin {
		response.WriteForbiddenError(w)
		return
	}

	key := request.Query(r, "key")
	setting, _ := h.Store.Setting.Get(key, "")

	response.WriteJSON(w, setting)
}

// SaveGlobalSetting saves org level setting.
func (h *Handler) SaveGlobalSetting(w http.ResponseWriter, r *http.Request) {
	method := "org.SaveGlobalSetting"
	ctx := domain.GetRequestContext(r)

	if !ctx.GlobalAdmin {
		response.WriteForbiddenError(w)
		return
	}

	key := request.Query(r, "key")

	defer streamutil.Close(r.Body)
	body, err := ioutil.ReadAll(r.Body)
	if err != nil {
		response.WriteServerError(w, method, err)
		h.Runtime.Log.Error(method, err)
		return
	}

	config := string(body)
	h.Store.Setting.Set(key, config)

	response.WriteEmpty(w)
}
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.`
			`//`
			`// This software (Documize Community Edition) is licensed under`
			`// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html`
			`//`
			`// You can operate outside the AGPL restrictions by purchasing`
			`// Documize Enterprise Edition and obtaining a commercial license`
			`// by contacting <sales@documize.com>.`
			`//`
			`// https://documize.com`

			`// Package setting manages both global and user level settings`
			`package setting`

			`import (`
			`"encoding/json"`
New SMTP library and refactoring of mailer code 2018-03-07 18:52:19 +00:00			`"fmt"`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`"io/ioutil"`
			`"net/http"`

			`"github.com/documize/community/core/env"`
Continued MySQL/PostgreSQL store provider refactoring Refactored, renamed, removed storage related code. Basic smoke test passed for PostgreSQL whilst fully working on MySQL variants as per usual. 2018-09-27 15:14:48 +01:00			`"github.com/documize/community/core/request"`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`"github.com/documize/community/core/response"`
Continued MySQL/PostgreSQL store provider refactoring Refactored, renamed, removed storage related code. Basic smoke test passed for PostgreSQL whilst fully working on MySQL variants as per usual. 2018-09-27 15:14:48 +01:00			`"github.com/documize/community/core/streamutil"`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`"github.com/documize/community/domain"`
New SMTP library and refactoring of mailer code 2018-03-07 18:52:19 +00:00			`"github.com/documize/community/domain/smtp"`
Continued MySQL/PostgreSQL store provider refactoring Refactored, renamed, removed storage related code. Basic smoke test passed for PostgreSQL whilst fully working on MySQL variants as per usual. 2018-09-27 15:14:48 +01:00			`"github.com/documize/community/domain/store"`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`"github.com/documize/community/model/audit"`
			`)`

			`// Handler contains the runtime information such as logging and database.`
			`type Handler struct {`
			`Runtime *env.Runtime`
Continued MySQL/PostgreSQL store provider refactoring Refactored, renamed, removed storage related code. Basic smoke test passed for PostgreSQL whilst fully working on MySQL variants as per usual. 2018-09-27 15:14:48 +01:00			`Store *store.Store`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`}`

			`// SMTP returns installation-wide SMTP settings`
			`func (h Handler) SMTP(w http.ResponseWriter, r http.Request) {`
			`method := "setting.SMTP"`
			`ctx := domain.GetRequestContext(r)`

Make API work with new schema 2018-09-19 16:03:29 +01:00			`if !ctx.GlobalAdmin {`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`response.WriteForbiddenError(w)`
			`return`
			`}`

set defaults for request context 2017-08-27 16:39:09 +01:00			`config, _ := h.Store.Setting.Get("SMTP", "")`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00
			`var y map[string]interface{}`
			`json.Unmarshal([]byte(config), &y)`

			`j, err := json.Marshal(y)`
			`if err != nil {`
			`response.WriteBadRequestError(w, method, err.Error())`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`h.Runtime.Log.Error(method, err)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`return`
			`}`

			`response.WriteBytes(w, j)`
			`}`

			`// SetSMTP persists global SMTP configuration.`
			`func (h Handler) SetSMTP(w http.ResponseWriter, r http.Request) {`
			`method := "setting.SetSMTP"`
			`ctx := domain.GetRequestContext(r)`

Make API work with new schema 2018-09-19 16:03:29 +01:00			`if !ctx.GlobalAdmin {`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`response.WriteForbiddenError(w)`
			`return`
			`}`

			`defer r.Body.Close()`
			`body, err := ioutil.ReadAll(r.Body)`
			`if err != nil {`
			`response.WriteBadRequestError(w, method, err.Error())`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`h.Runtime.Log.Error(method, err)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`return`
			`}`

			`var config string`
			`config = string(body)`

PostgreSQL prep Update of vendored SQL libs and refactoring of store provider layer. 2018-09-26 17:59:56 +01:00			`// ctx.Transaction, err = h.Runtime.Db.Beginx()`
			`// if err != nil {`
			`// response.WriteServerError(w, method, err)`
			`// h.Runtime.Log.Error(method, err)`
			`// return`
			`// }`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00
removed old API 2017-08-02 15:26:31 +01:00			`h.Store.Setting.Set("SMTP", config)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00
PostgreSQL prep Update of vendored SQL libs and refactoring of store provider layer. 2018-09-26 17:59:56 +01:00			`// ctx.Transaction.Commit()`
Fix order of DB transaction commits Some DB commit commands were out of sequence and so have been fixed to be consist across the board. Specially, audit log entries have their own DB TX and so should be executed outside of any other commit cycle. 2018-02-04 15:43:57 +00:00
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`h.Store.Audit.Record(ctx, audit.EventTypeSystemSMTP)`

New SMTP library and refactoring of mailer code 2018-03-07 18:52:19 +00:00			`// test connection`
			`var result struct {`
			Success bool `json:"success"`
			Message string `json:"message"`
			`}`

			`result.Message = "Email sent successfully!"`

			`u, err := h.Store.User.Get(ctx, ctx.UserID)`
			`if err != nil {`
			`result.Success = false`
			`result.Message = err.Error()`
			`h.Runtime.Log.Error(method, err)`
			`response.WriteJSON(w, result)`
			`return`
			`}`

			`cfg := GetSMTPConfig(h.Store)`
			`dialer, err := smtp.Connect(cfg)`
			`em := smtp.EmailMessage{}`
			`em.Subject = "Documize SMTP Test"`
			`em.BodyHTML = "<p>This is a test email from Documize using current SMTP settings.</p>"`
			`em.ToEmail = u.Email`
			`em.ToName = u.Fullname()`

			`result.Success, err = smtp.SendMessage(dialer, cfg, em)`
			`if !result.Success {`
			`result.Message = fmt.Sprintf("Unable to send test email: %s", err.Error())`
			`}`

			`response.WriteJSON(w, result)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`}`

			`// AuthConfig returns installation-wide auth configuration`
			`func (h Handler) AuthConfig(w http.ResponseWriter, r http.Request) {`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`method := "global.auth"`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`ctx := domain.GetRequestContext(r)`

Make API work with new schema 2018-09-19 16:03:29 +01:00			`if !ctx.GlobalAdmin {`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`response.WriteForbiddenError(w)`
			`return`
			`}`

			`org, err := h.Store.Organization.GetOrganization(ctx, ctx.OrgID)`
			`if err != nil {`
			`response.WriteForbiddenError(w)`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`h.Runtime.Log.Error(method, err)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`return`
			`}`

			`response.WriteJSON(w, org.AuthConfig)`
			`}`

			`// SetAuthConfig persists installation-wide authentication configuration`
			`func (h Handler) SetAuthConfig(w http.ResponseWriter, r http.Request) {`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`method := "global.auth.save"`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`ctx := domain.GetRequestContext(r)`

Make API work with new schema 2018-09-19 16:03:29 +01:00			`if !ctx.GlobalAdmin {`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`response.WriteForbiddenError(w)`
			`return`
			`}`

			`defer r.Body.Close()`
			`body, err := ioutil.ReadAll(r.Body)`
			`if err != nil {`
			`response.WriteBadRequestError(w, method, err.Error())`
			`return`
			`}`

			`var data authData`
			`err = json.Unmarshal(body, &data)`
			`if err != nil {`
			`response.WriteBadRequestError(w, method, err.Error())`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`h.Runtime.Log.Error(method, err)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`return`
			`}`

			`org, err := h.Store.Organization.GetOrganization(ctx, ctx.OrgID)`
			`if err != nil {`
			`response.WriteServerError(w, method, err)`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`h.Runtime.Log.Error(method, err)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`return`
			`}`

			`org.AuthProvider = data.AuthProvider`
			`org.AuthConfig = data.AuthConfig`

			`ctx.Transaction, err = h.Runtime.Db.Beginx()`
			`if err != nil {`
			`response.WriteServerError(w, method, err)`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`h.Runtime.Log.Error(method, err)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`return`
			`}`

			`err = h.Store.Organization.UpdateAuthConfig(ctx, org)`
			`if err != nil {`
			`ctx.Transaction.Rollback()`
			`response.WriteServerError(w, method, err)`
wrap errors up, log at top level only 2017-08-03 10:00:24 +01:00			`h.Runtime.Log.Error(method, err)`
still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`return`
			`}`

			`ctx.Transaction.Commit()`

Fix order of DB transaction commits Some DB commit commands were out of sequence and so have been fixed to be consist across the board. Specially, audit log entries have their own DB TX and so should be executed outside of any other commit cycle. 2018-02-04 15:43:57 +00:00			`h.Store.Audit.Record(ctx, audit.EventTypeSystemAuth)`

still moving codebase to new API (WIP) 2017-07-26 20:03:23 +01:00			`response.WriteEmpty(w)`
			`}`
Continued MySQL/PostgreSQL store provider refactoring Refactored, renamed, removed storage related code. Basic smoke test passed for PostgreSQL whilst fully working on MySQL variants as per usual. 2018-09-27 15:14:48 +01:00
			`// GetInstanceSetting returns the requested organization level setting.`
			`func (h Handler) GetInstanceSetting(w http.ResponseWriter, r http.Request) {`
			`ctx := domain.GetRequestContext(r)`

			`orgID := request.Param(r, "orgID")`
			`if orgID != ctx.OrgID \|\| !ctx.Administrator {`
			`response.WriteForbiddenError(w)`
			`return`
			`}`

			`key := request.Query(r, "key")`
			`setting, _ := h.Store.Setting.GetUser(orgID, "", key, "")`
			`if len(setting) == 0 {`
			`setting = "{}"`
			`}`

			`response.WriteJSON(w, setting)`
			`}`

			`// SaveInstanceSetting saves org level setting.`
			`func (h Handler) SaveInstanceSetting(w http.ResponseWriter, r http.Request) {`
			`method := "org.SaveInstanceSetting"`
			`ctx := domain.GetRequestContext(r)`

			`orgID := request.Param(r, "orgID")`
			`if orgID != ctx.OrgID \|\| !ctx.Administrator {`
			`response.WriteForbiddenError(w)`
			`return`
			`}`

			`key := request.Query(r, "key")`

			`defer streamutil.Close(r.Body)`
			`body, err := ioutil.ReadAll(r.Body)`
			`if err != nil {`
			`response.WriteServerError(w, method, err)`
			`h.Runtime.Log.Error(method, err)`
			`return`
			`}`

			`config := string(body)`
			`h.Store.Setting.SetUser(orgID, "", key, config)`

			`response.WriteEmpty(w)`
			`}`

			`// GetGlobalSetting returns the requested organization level setting.`
			`func (h Handler) GetGlobalSetting(w http.ResponseWriter, r http.Request) {`
			`ctx := domain.GetRequestContext(r)`

			`if !ctx.GlobalAdmin {`
			`response.WriteForbiddenError(w)`
			`return`
			`}`

			`key := request.Query(r, "key")`
			`setting, _ := h.Store.Setting.Get(key, "")`

			`response.WriteJSON(w, setting)`
			`}`

			`// SaveGlobalSetting saves org level setting.`
			`func (h Handler) SaveGlobalSetting(w http.ResponseWriter, r http.Request) {`
			`method := "org.SaveGlobalSetting"`
			`ctx := domain.GetRequestContext(r)`

			`if !ctx.GlobalAdmin {`
			`response.WriteForbiddenError(w)`
			`return`
			`}`

			`key := request.Query(r, "key")`

			`defer streamutil.Close(r.Body)`
			`body, err := ioutil.ReadAll(r.Body)`
			`if err != nil {`
			`response.WriteServerError(w, method, err)`
			`h.Runtime.Log.Error(method, err)`
			`return`
			`}`

			`config := string(body)`
			`h.Store.Setting.Set(key, config)`

			`response.WriteEmpty(w)`
			`}`