From 97fc287b78521cc0ac0d805eb84c29c54f8b7959 Mon Sep 17 00:00:00 2001
From: binwiederhier <philipp.heckel@gmail.com>
Date: Sat, 13 May 2023 22:07:54 -0400
Subject: [PATCH] User endpoint

---
 server/errors.go                              |   2 +
 server/server.go                              |   6 +-
 server/server_access.go                       |  50 ---------
 server/server_admin.go                        | 105 ++++++++++++++++++
 ...er_access_test.go => server_admin_test.go} |   0
 server/types.go                               |  11 ++
 6 files changed, 123 insertions(+), 51 deletions(-)
 delete mode 100644 server/server_access.go
 create mode 100644 server/server_admin.go
 rename server/{server_access_test.go => server_admin_test.go} (100%)

diff --git a/server/errors.go b/server/errors.go
index 8e565197..7812989b 100644
--- a/server/errors.go
+++ b/server/errors.go
@@ -106,6 +106,8 @@ var (
 	errHTTPBadRequestNotAPaidUser                    = &errHTTP{40027, http.StatusBadRequest, "invalid request: not a paid user", "", nil}
 	errHTTPBadRequestBillingRequestInvalid           = &errHTTP{40028, http.StatusBadRequest, "invalid request: not a valid billing request", "", nil}
 	errHTTPBadRequestBillingSubscriptionExists       = &errHTTP{40029, http.StatusBadRequest, "invalid request: billing subscription already exists", "", nil}
+	errHTTPBadRequestTierInvalid                     = &errHTTP{40030, http.StatusBadRequest, "invalid request: tier does not exist", "", nil}
+	errHTTPBadRequestUserNotFound                    = &errHTTP{40031, http.StatusBadRequest, "invalid request: user does not exist", "", nil}
 	errHTTPNotFound                                  = &errHTTP{40401, http.StatusNotFound, "page not found", "", nil}
 	errHTTPUnauthorized                              = &errHTTP{40101, http.StatusUnauthorized, "unauthorized", "https://ntfy.sh/docs/publish/#authentication", nil}
 	errHTTPForbidden                                 = &errHTTP{40301, http.StatusForbidden, "forbidden", "https://ntfy.sh/docs/publish/#authentication", nil}
diff --git a/server/server.go b/server/server.go
index 74a879bf..1c2f10c3 100644
--- a/server/server.go
+++ b/server/server.go
@@ -413,7 +413,11 @@ func (s *Server) handleInternal(w http.ResponseWriter, r *http.Request, v *visit
 		return s.handleHealth(w, r, v)
 	} else if r.Method == http.MethodGet && r.URL.Path == webConfigPath {
 		return s.ensureWebEnabled(s.handleWebConfig)(w, r, v)
-	} else if r.Method == http.MethodPost && r.URL.Path == apiAccessPath {
+	} else if r.Method == http.MethodPut && r.URL.Path == apiUserPath {
+		return s.ensureAdmin(s.handleUserAdd)(w, r, v)
+	} else if r.Method == http.MethodDelete && r.URL.Path == apiUserPath {
+		return s.ensureAdmin(s.handleUserDelete)(w, r, v)
+	} else if (r.Method == http.MethodPut || r.Method == http.MethodPost) && r.URL.Path == apiAccessPath {
 		return s.ensureAdmin(s.handleAccessAllow)(w, r, v)
 	} else if r.Method == http.MethodDelete && r.URL.Path == apiAccessPath {
 		return s.ensureAdmin(s.handleAccessReset)(w, r, v)
diff --git a/server/server_access.go b/server/server_access.go
deleted file mode 100644
index a747b67d..00000000
--- a/server/server_access.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package server
-
-import (
-	"heckel.io/ntfy/user"
-	"net/http"
-)
-
-func (s *Server) handleAccessAllow(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	req, err := readJSONWithLimit[apiAccessAllowRequest](r.Body, jsonBodyBytesLimit, false)
-	if err != nil {
-		return err
-	}
-	permission, err := user.ParsePermission(req.Permission)
-	if err != nil {
-		return errHTTPBadRequestPermissionInvalid
-	}
-	if err := s.userManager.AllowAccess(req.Username, req.Topic, permission); err != nil {
-		return err
-	}
-	return s.writeJSON(w, newSuccessResponse())
-}
-
-func (s *Server) handleAccessReset(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	req, err := readJSONWithLimit[apiAccessResetRequest](r.Body, jsonBodyBytesLimit, false)
-	if err != nil {
-		return err
-	}
-	u, err := s.userManager.User(req.Username)
-	if err != nil {
-		return err
-	}
-	if err := s.userManager.ResetAccess(req.Username, req.Topic); err != nil {
-		return err
-	}
-	if err := s.killUserSubscriber(u, req.Topic); err != nil { // This may be a pattern
-		return err
-	}
-	return s.writeJSON(w, newSuccessResponse())
-}
-
-func (s *Server) killUserSubscriber(u *user.User, topicPattern string) error {
-	topics, err := s.topicsFromPattern(topicPattern)
-	if err != nil {
-		return err
-	}
-	for _, t := range topics {
-		t.CancelSubscriberUser(u.ID)
-	}
-	return nil
-}
diff --git a/server/server_admin.go b/server/server_admin.go
new file mode 100644
index 00000000..ca362785
--- /dev/null
+++ b/server/server_admin.go
@@ -0,0 +1,105 @@
+package server
+
+import (
+	"heckel.io/ntfy/user"
+	"net/http"
+)
+
+func (s *Server) handleUserAdd(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	req, err := readJSONWithLimit[apiUserAddRequest](r.Body, jsonBodyBytesLimit, false)
+	if err != nil {
+		return err
+	} else if !user.AllowedUsername(req.Username) || req.Password == "" {
+		return errHTTPBadRequest.Wrap("username invalid, or password missing")
+	}
+	u, err := s.userManager.User(req.Username)
+	if err != nil && err != user.ErrUserNotFound {
+		return err
+	} else if u != nil {
+		return errHTTPConflictUserExists
+	}
+	var tier *user.Tier
+	if req.Tier != "" {
+		tier, err = s.userManager.Tier(req.Tier)
+		if err == user.ErrTierNotFound {
+			return errHTTPBadRequestTierInvalid
+		} else if err != nil {
+			return err
+		}
+	}
+	if err := s.userManager.AddUser(req.Username, req.Password, user.RoleUser); err != nil {
+		return err
+	}
+	if tier != nil {
+		if err := s.userManager.ChangeTier(req.Username, req.Tier); err != nil {
+			return err
+		}
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleUserDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	req, err := readJSONWithLimit[apiUserDeleteRequest](r.Body, jsonBodyBytesLimit, false)
+	if err != nil {
+		return err
+	}
+	u, err := s.userManager.User(req.Username)
+	if err == user.ErrUserNotFound {
+		return errHTTPBadRequestUserNotFound
+	} else if err != nil {
+		return err
+	} else if !u.IsUser() {
+		return errHTTPUnauthorized.Wrap("can only remove regular users from API")
+	}
+	if err := s.userManager.RemoveUser(req.Username); err != nil {
+		return err
+	}
+	if err := s.killUserSubscriber(u, "*"); err != nil { // FIXME super inefficient
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccessAllow(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	req, err := readJSONWithLimit[apiAccessAllowRequest](r.Body, jsonBodyBytesLimit, false)
+	if err != nil {
+		return err
+	}
+	permission, err := user.ParsePermission(req.Permission)
+	if err != nil {
+		return errHTTPBadRequestPermissionInvalid
+	}
+	if err := s.userManager.AllowAccess(req.Username, req.Topic, permission); err != nil {
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) handleAccessReset(w http.ResponseWriter, r *http.Request, v *visitor) error {
+	req, err := readJSONWithLimit[apiAccessResetRequest](r.Body, jsonBodyBytesLimit, false)
+	if err != nil {
+		return err
+	}
+	u, err := s.userManager.User(req.Username)
+	if err != nil {
+		return err
+	}
+	if err := s.userManager.ResetAccess(req.Username, req.Topic); err != nil {
+		return err
+	}
+	if err := s.killUserSubscriber(u, req.Topic); err != nil { // This may be a pattern
+		return err
+	}
+	return s.writeJSON(w, newSuccessResponse())
+}
+
+func (s *Server) killUserSubscriber(u *user.User, topicPattern string) error {
+	topics, err := s.topicsFromPattern(topicPattern)
+	if err != nil {
+		return err
+	}
+	for _, t := range topics {
+		t.CancelSubscriberUser(u.ID)
+	}
+	return nil
+}
diff --git a/server/server_access_test.go b/server/server_admin_test.go
similarity index 100%
rename from server/server_access_test.go
rename to server/server_admin_test.go
diff --git a/server/types.go b/server/types.go
index 2a2e736e..8eec8b02 100644
--- a/server/types.go
+++ b/server/types.go
@@ -244,6 +244,17 @@ type apiStatsResponse struct {
 	MessagesRate float64 `json:"messages_rate"` // Average number of messages per second
 }
 
+type apiUserAddRequest struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+	Tier     string `json:"tier"`
+	// Do not add 'role' here. We don't want to add admins via the API.
+}
+
+type apiUserDeleteRequest struct {
+	Username string `json:"username"`
+}
+
 type apiAccessAllowRequest struct {
 	Username   string `json:"username"`
 	Topic      string `json:"topic"`