mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
3a71709103
* refactor utils/config* to config/ * pull validateLdapFilter into app * clean up Config/GetConfig/GetSanitizedConfig usage Eliminate app.GetConfig() in favour of just using app.Config() directly, but expose app.GetSanitizedConfig() for when the old behaviour was required. * web: isolate config setup * TestInvitePeopleProvider: make config explicit * regenerateClientConfig: avoid racey map access * integrate watch flag into app.ConfigFile option * make app.Option return an error * release.mk: only cp static files from config/ * release.mk: fix cp static files from config/ * api4: TestPlugin cleanup * s/c/cfg/ for clarity * fix merge conflict * testlib: allow customization of testlib driver name
518 lines
15 KiB
Go
518 lines
15 KiB
Go
// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
|
|
// See License.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"runtime"
|
|
|
|
"github.com/mattermost/mattermost-server/mlog"
|
|
"github.com/mattermost/mattermost-server/model"
|
|
"github.com/mattermost/mattermost-server/services/filesstore"
|
|
"github.com/mattermost/mattermost-server/utils"
|
|
)
|
|
|
|
const REDIRECT_LOCATION_CACHE_SIZE = 10000
|
|
|
|
var redirectLocationDataCache = utils.NewLru(REDIRECT_LOCATION_CACHE_SIZE)
|
|
|
|
func (api *API) InitSystem() {
|
|
api.BaseRoutes.System.Handle("/ping", api.ApiHandler(getSystemPing)).Methods("GET")
|
|
|
|
api.BaseRoutes.System.Handle("/timezones", api.ApiSessionRequired(getSupportedTimezones)).Methods("GET")
|
|
|
|
api.BaseRoutes.ApiRoot.Handle("/config", api.ApiSessionRequired(getConfig)).Methods("GET")
|
|
api.BaseRoutes.ApiRoot.Handle("/config", api.ApiSessionRequired(updateConfig)).Methods("PUT")
|
|
api.BaseRoutes.ApiRoot.Handle("/config/reload", api.ApiSessionRequired(configReload)).Methods("POST")
|
|
api.BaseRoutes.ApiRoot.Handle("/config/client", api.ApiHandler(getClientConfig)).Methods("GET")
|
|
api.BaseRoutes.ApiRoot.Handle("/config/environment", api.ApiSessionRequired(getEnvironmentConfig)).Methods("GET")
|
|
|
|
api.BaseRoutes.ApiRoot.Handle("/license", api.ApiSessionRequired(addLicense)).Methods("POST")
|
|
api.BaseRoutes.ApiRoot.Handle("/license", api.ApiSessionRequired(removeLicense)).Methods("DELETE")
|
|
api.BaseRoutes.ApiRoot.Handle("/license/client", api.ApiHandler(getClientLicense)).Methods("GET")
|
|
|
|
api.BaseRoutes.ApiRoot.Handle("/audits", api.ApiSessionRequired(getAudits)).Methods("GET")
|
|
api.BaseRoutes.ApiRoot.Handle("/email/test", api.ApiSessionRequired(testEmail)).Methods("POST")
|
|
api.BaseRoutes.ApiRoot.Handle("/file/s3_test", api.ApiSessionRequired(testS3)).Methods("POST")
|
|
api.BaseRoutes.ApiRoot.Handle("/database/recycle", api.ApiSessionRequired(databaseRecycle)).Methods("POST")
|
|
api.BaseRoutes.ApiRoot.Handle("/caches/invalidate", api.ApiSessionRequired(invalidateCaches)).Methods("POST")
|
|
|
|
api.BaseRoutes.ApiRoot.Handle("/logs", api.ApiSessionRequired(getLogs)).Methods("GET")
|
|
api.BaseRoutes.ApiRoot.Handle("/logs", api.ApiHandler(postLog)).Methods("POST")
|
|
|
|
api.BaseRoutes.ApiRoot.Handle("/analytics/old", api.ApiSessionRequired(getAnalytics)).Methods("GET")
|
|
|
|
api.BaseRoutes.ApiRoot.Handle("/redirect_location", api.ApiSessionRequiredTrustRequester(getRedirectLocation)).Methods("GET")
|
|
}
|
|
|
|
func getSystemPing(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
actualGoroutines := runtime.NumGoroutine()
|
|
if *c.App.Config().ServiceSettings.GoroutineHealthThreshold <= 0 || actualGoroutines <= *c.App.Config().ServiceSettings.GoroutineHealthThreshold {
|
|
m := make(map[string]string)
|
|
m[model.STATUS] = model.STATUS_OK
|
|
|
|
reqs := c.App.Config().ClientRequirements
|
|
m["AndroidLatestVersion"] = reqs.AndroidLatestVersion
|
|
m["AndroidMinVersion"] = reqs.AndroidMinVersion
|
|
m["DesktopLatestVersion"] = reqs.DesktopLatestVersion
|
|
m["DesktopMinVersion"] = reqs.DesktopMinVersion
|
|
m["IosLatestVersion"] = reqs.IosLatestVersion
|
|
m["IosMinVersion"] = reqs.IosMinVersion
|
|
|
|
w.Write([]byte(model.MapToJson(m)))
|
|
} else {
|
|
rdata := map[string]string{}
|
|
rdata["status"] = "unhealthy"
|
|
|
|
mlog.Warn(fmt.Sprintf("The number of running goroutines is over the health threshold %v of %v", actualGoroutines, *c.App.Config().ServiceSettings.GoroutineHealthThreshold))
|
|
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
w.Write([]byte(model.MapToJson(rdata)))
|
|
}
|
|
}
|
|
|
|
func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
cfg := model.ConfigFromJson(r.Body)
|
|
if cfg == nil {
|
|
cfg = c.App.Config()
|
|
}
|
|
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
err := c.App.TestEmail(c.App.Session.UserId, cfg)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
cfg := c.App.GetSanitizedConfig()
|
|
|
|
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
|
w.Write([]byte(cfg.ToJson()))
|
|
}
|
|
|
|
func configReload(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
c.App.ReloadConfig()
|
|
|
|
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func updateConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
cfg := model.ConfigFromJson(r.Body)
|
|
if cfg == nil {
|
|
c.SetInvalidParam("config")
|
|
return
|
|
}
|
|
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
// Do not allow plugin uploads to be toggled through the API
|
|
cfg.PluginSettings.EnableUploads = c.App.Config().PluginSettings.EnableUploads
|
|
|
|
// If the Message Export feature has been toggled in the System Console, rewrite the ExportFromTimestamp field to an
|
|
// appropriate value. The rewriting occurs here to ensure it doesn't affect values written to the config file
|
|
// directly and not through the System Console UI.
|
|
if *cfg.MessageExportSettings.EnableExport != *c.App.Config().MessageExportSettings.EnableExport {
|
|
if *cfg.MessageExportSettings.EnableExport && *cfg.MessageExportSettings.ExportFromTimestamp == int64(0) {
|
|
// When the feature is toggled on, use the current timestamp as the start time for future exports.
|
|
cfg.MessageExportSettings.ExportFromTimestamp = model.NewInt64(model.GetMillis())
|
|
} else if !*cfg.MessageExportSettings.EnableExport {
|
|
// When the feature is disabled, reset the timestamp so that the timestamp will be set if
|
|
// the feature is re-enabled from the System Console in future.
|
|
cfg.MessageExportSettings.ExportFromTimestamp = model.NewInt64(0)
|
|
}
|
|
}
|
|
|
|
err := c.App.SaveConfig(cfg, true)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
c.LogAudit("updateConfig")
|
|
|
|
cfg = c.App.GetSanitizedConfig()
|
|
|
|
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
|
w.Write([]byte(cfg.ToJson()))
|
|
}
|
|
|
|
func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
audits, err := c.App.GetAuditsPage("", c.Params.Page, c.Params.PerPage)
|
|
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
w.Write([]byte(audits.ToJson()))
|
|
}
|
|
|
|
func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
c.App.RecycleDatabaseConnection()
|
|
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
err := c.App.InvalidateAllCaches()
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
lines, err := c.App.GetLogs(c.Params.Page, c.Params.LogsPerPage)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
w.Write([]byte(model.ArrayToJson(lines)))
|
|
}
|
|
|
|
func postLog(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
forceToDebug := false
|
|
|
|
if !*c.App.Config().ServiceSettings.EnableDeveloper {
|
|
if c.App.Session.UserId == "" {
|
|
c.Err = model.NewAppError("postLog", "api.context.permissions.app_error", nil, "", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
forceToDebug = true
|
|
}
|
|
}
|
|
|
|
m := model.MapFromJson(r.Body)
|
|
lvl := m["level"]
|
|
msg := m["message"]
|
|
|
|
if len(msg) > 400 {
|
|
msg = msg[0:399]
|
|
}
|
|
|
|
if !forceToDebug && lvl == "ERROR" {
|
|
err := &model.AppError{}
|
|
err.Message = msg
|
|
err.Id = msg
|
|
err.Where = "client"
|
|
c.LogError(err)
|
|
} else {
|
|
mlog.Debug(fmt.Sprint(msg))
|
|
}
|
|
|
|
m["message"] = msg
|
|
w.Write([]byte(model.MapToJson(m)))
|
|
}
|
|
|
|
func getClientConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
format := r.URL.Query().Get("format")
|
|
|
|
if format == "" {
|
|
c.Err = model.NewAppError("getClientConfig", "api.config.client.old_format.app_error", nil, "", http.StatusNotImplemented)
|
|
return
|
|
}
|
|
|
|
if format != "old" {
|
|
c.SetInvalidParam("format")
|
|
return
|
|
}
|
|
|
|
var config map[string]string
|
|
if len(c.App.Session.UserId) == 0 {
|
|
config = c.App.LimitedClientConfigWithComputed()
|
|
} else {
|
|
config = c.App.ClientConfigWithComputed()
|
|
}
|
|
|
|
w.Write([]byte(model.MapToJson(config)))
|
|
}
|
|
|
|
func getEnvironmentConfig(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
envConfig := c.App.GetEnvironmentConfig()
|
|
|
|
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
|
w.Write([]byte(model.StringInterfaceToJson(envConfig)))
|
|
}
|
|
|
|
func getClientLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
format := r.URL.Query().Get("format")
|
|
|
|
if format == "" {
|
|
c.Err = model.NewAppError("getClientLicense", "api.license.client.old_format.app_error", nil, "", http.StatusNotImplemented)
|
|
return
|
|
}
|
|
|
|
if format != "old" {
|
|
c.SetInvalidParam("format")
|
|
return
|
|
}
|
|
|
|
etag := c.App.GetClientLicenseEtag(true)
|
|
if c.HandleEtag(etag, "Get Client License", w, r) {
|
|
return
|
|
}
|
|
|
|
var clientLicense map[string]string
|
|
|
|
if c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
clientLicense = c.App.ClientLicense()
|
|
} else {
|
|
clientLicense = c.App.GetSanitizedClientLicense()
|
|
}
|
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
|
w.Write([]byte(model.MapToJson(clientLicense)))
|
|
}
|
|
|
|
func addLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
c.LogAudit("attempt")
|
|
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
err := r.ParseMultipartForm(*c.App.Config().FileSettings.MaxFileSize)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
m := r.MultipartForm
|
|
|
|
fileArray, ok := m.File["license"]
|
|
if !ok {
|
|
c.Err = model.NewAppError("addLicense", "api.license.add_license.no_file.app_error", nil, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if len(fileArray) <= 0 {
|
|
c.Err = model.NewAppError("addLicense", "api.license.add_license.array.app_error", nil, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
fileData := fileArray[0]
|
|
|
|
file, err := fileData.Open()
|
|
if err != nil {
|
|
c.Err = model.NewAppError("addLicense", "api.license.add_license.open.app_error", nil, err.Error(), http.StatusBadRequest)
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
buf := bytes.NewBuffer(nil)
|
|
io.Copy(buf, file)
|
|
|
|
license, appErr := c.App.SaveLicense(buf.Bytes())
|
|
if appErr != nil {
|
|
if appErr.Id == model.EXPIRED_LICENSE_ERROR {
|
|
c.LogAudit("failed - expired or non-started license")
|
|
} else if appErr.Id == model.INVALID_LICENSE_ERROR {
|
|
c.LogAudit("failed - invalid license")
|
|
} else {
|
|
c.LogAudit("failed - unable to save license")
|
|
}
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
c.LogAudit("success")
|
|
w.Write([]byte(license.ToJson()))
|
|
}
|
|
|
|
func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
c.LogAudit("attempt")
|
|
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
if err := c.App.RemoveLicense(); err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
c.LogAudit("success")
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
name := r.URL.Query().Get("name")
|
|
teamId := r.URL.Query().Get("team_id")
|
|
|
|
if name == "" {
|
|
name = "standard"
|
|
}
|
|
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
rows, err := c.App.GetAnalytics(name, teamId)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
if rows == nil {
|
|
c.SetInvalidParam("name")
|
|
return
|
|
}
|
|
|
|
w.Write([]byte(rows.ToJson()))
|
|
}
|
|
|
|
func getSupportedTimezones(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
supportedTimezones := c.App.Timezones.GetSupported()
|
|
if supportedTimezones == nil {
|
|
supportedTimezones = make([]string, 0)
|
|
}
|
|
|
|
b, err := json.Marshal(supportedTimezones)
|
|
if err != nil {
|
|
c.Log.Warn("Unable to marshal JSON in timezones.", mlog.Err(err))
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
}
|
|
|
|
w.Write(b)
|
|
}
|
|
|
|
func testS3(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
cfg := model.ConfigFromJson(r.Body)
|
|
if cfg == nil {
|
|
cfg = c.App.Config()
|
|
}
|
|
|
|
if !c.App.SessionHasPermissionTo(c.App.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
return
|
|
}
|
|
|
|
err := filesstore.CheckMandatoryS3Fields(&cfg.FileSettings)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
if *cfg.FileSettings.AmazonS3SecretAccessKey == model.FAKE_SETTING {
|
|
cfg.FileSettings.AmazonS3SecretAccessKey = c.App.Config().FileSettings.AmazonS3SecretAccessKey
|
|
}
|
|
|
|
license := c.App.License()
|
|
backend, appErr := filesstore.NewFileBackend(&cfg.FileSettings, license != nil && *license.Features.Compliance)
|
|
if appErr == nil {
|
|
appErr = backend.TestConnection()
|
|
}
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getRedirectLocation(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
m := make(map[string]string)
|
|
m["location"] = ""
|
|
|
|
if !*c.App.Config().ServiceSettings.EnableLinkPreviews {
|
|
w.Write([]byte(model.MapToJson(m)))
|
|
return
|
|
}
|
|
|
|
url := r.URL.Query().Get("url")
|
|
if len(url) == 0 {
|
|
c.SetInvalidParam("url")
|
|
return
|
|
}
|
|
|
|
if location, ok := redirectLocationDataCache.Get(url); ok {
|
|
m["location"] = location.(string)
|
|
w.Write([]byte(model.MapToJson(m)))
|
|
return
|
|
}
|
|
|
|
client := c.App.HTTPService.MakeClient(false)
|
|
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
|
|
return http.ErrUseLastResponse
|
|
}
|
|
|
|
res, err := client.Head(url)
|
|
if err != nil {
|
|
// Cache failures to prevent retries.
|
|
redirectLocationDataCache.AddWithExpiresInSecs(url, "", 3600) // Expires after 1 hour
|
|
// Always return a success status and a JSON string to limit information returned to client.
|
|
w.Write([]byte(model.MapToJson(m)))
|
|
return
|
|
}
|
|
|
|
location := res.Header.Get("Location")
|
|
redirectLocationDataCache.AddWithExpiresInSecs(url, location, 3600) // Expires after 1 hour
|
|
m["location"] = location
|
|
|
|
w.Write([]byte(model.MapToJson(m)))
|
|
return
|
|
}
|