package controller
import (
"slices"
"strconv"
"github.com/gin-gonic/gin"
"golang.org/x/crypto/bcrypt"
"github.com/nezhahq/nezha/model"
"github.com/nezhahq/nezha/pkg/utils"
"github.com/nezhahq/nezha/service/singleton"
)
// Get profile
// @Summary Get profile
// @Security BearerAuth
// @Schemes
// @Description Get profile
// @Tags auth required
// @Produce json
// @Success 200 {object} model.CommonResponse[model.Profile]
// @Router /profile [get]
func getProfile(c *gin.Context) (*model.Profile, error) {
auth, ok := c.Get(model.CtxKeyAuthorizedUser)
if !ok {
return nil, singleton.Localizer.ErrorT("unauthorized")
}
var ob []model.Oauth2Bind
if err := singleton.DB.Where("user_id = ?", auth.(*model.User).ID).Find(&ob).Error; err != nil {
return nil, newGormError("%v", err)
}
var obMap = make(map[string]string)
for _, v := range ob {
obMap[v.Provider] = v.OpenID
}
return &model.Profile{
User: *auth.(*model.User),
LoginIP: c.GetString(model.CtxKeyRealIPStr),
Oauth2Bind: obMap,
}, nil
}
// Update password for current user
// @Summary Update password for current user
// @Security BearerAuth
// @Schemes
// @Description Update password for current user
// @Tags auth required
// @Accept json
// @param request body model.ProfileForm true "password"
// @Produce json
// @Success 200 {object} model.CommonResponse[any]
// @Router /profile [post]
func updateProfile(c *gin.Context) (any, error) {
var pf model.ProfileForm
if err := c.ShouldBindJSON(&pf); err != nil {
return 0, err
}
auth, ok := c.Get(model.CtxKeyAuthorizedUser)
if !ok {
return nil, singleton.Localizer.ErrorT("unauthorized")
}
user := *auth.(*model.User)
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(pf.OriginalPassword)); err != nil {
return nil, singleton.Localizer.ErrorT("incorrect password")
}
hash, err := bcrypt.GenerateFromPassword([]byte(pf.NewPassword), bcrypt.DefaultCost)
if err != nil {
return nil, err
}
var bindCount int64
if err := singleton.DB.Model(&model.Oauth2Bind{}).Where("user_id = ?", auth.(*model.User).ID).Count(&bindCount).Error; err != nil {
return nil, newGormError("%v", err)
}
if pf.RejectPassword && bindCount < 1 {
return nil, singleton.Localizer.ErrorT("you don't have any oauth2 bindings")
}
user.Username = pf.NewUsername
user.Password = string(hash)
user.RejectPassword = pf.RejectPassword
if err := singleton.DB.Save(&user).Error; err != nil {
return nil, newGormError("%v", err)
}
return nil, nil
}
// List user
// @Summary List user
// @Security BearerAuth
// @Schemes
// @Description List user
// @Tags admin required
// @Produce json
// @Success 200 {object} model.CommonResponse[[]model.User]
// @Router /user [get]
func listUser(c *gin.Context) ([]model.User, error) {
var users []model.User
if err := singleton.DB.Omit("password").Find(&users).Error; err != nil {
return nil, err
}
return users, nil
}
// Create user
// @Summary Create user
// @Security BearerAuth
// @Schemes
// @Description Create user
// @Tags admin required
// @Accept json
// @param request body model.UserForm true "User Request"
// @Produce json
// @Success 200 {object} model.CommonResponse[uint64]
// @Router /user [post]
func createUser(c *gin.Context) (uint64, error) {
var uf model.UserForm
if err := c.ShouldBindJSON(&uf); err != nil {
return 0, err
}
if len(uf.Password) < 6 {
return 0, singleton.Localizer.ErrorT("password length must be greater than 6")
}
if uf.Username == "" {
return 0, singleton.Localizer.ErrorT("username can't be empty")
}
if uf.Role != model.RoleAdmin && uf.Role != model.RoleMember {
return 0, singleton.Localizer.ErrorT("invalid role")
}
var u model.User
u.Username = uf.Username
u.Role = uf.Role
hash, err := bcrypt.GenerateFromPassword([]byte(uf.Password), bcrypt.DefaultCost)
if err != nil {
return 0, err
}
u.Password = string(hash)
if err := singleton.DB.Create(&u).Error; err != nil {
return 0, err
}
singleton.OnUserUpdate(&u)
return u.ID, nil
}
// Batch delete users
// @Summary Batch delete users
// @Security BearerAuth
// @Schemes
// @Description Batch delete users
// @Tags admin required
// @Accept json
// @param request body []uint true "id list"
// @Produce json
// @Success 200 {object} model.CommonResponse[any]
// @Router /batch-delete/user [post]
func batchDeleteUser(c *gin.Context) (any, error) {
var ids []uint64
if err := c.ShouldBindJSON(&ids); err != nil {
return nil, err
}
auth := c.MustGet(model.CtxKeyAuthorizedUser).(*model.User)
if slices.Contains(ids, auth.ID) {
return nil, singleton.Localizer.ErrorT("can't delete yourself")
}
err := singleton.OnUserDelete(ids, newGormError)
return nil, err
}
// List online users
// @Summary List online users
// @Security BearerAuth
// @Schemes
// @Description List online users
// @Tags auth required
// @Param limit query uint false "Page limit"
// @Param offset query uint false "Page offset"
// @Produce json
// @Success 200 {object} model.PaginatedResponse[[]model.OnlineUser, model.OnlineUser]
// @Router /online-user [get]
func listOnlineUser(c *gin.Context) (*model.Value[[]*model.OnlineUser], error) {
var isAdmin bool
u, ok := c.Get(model.CtxKeyAuthorizedUser)
if ok {
isAdmin = u.(*model.User).Role == model.RoleAdmin
}
limit, err := strconv.Atoi(c.Query("limit"))
if err != nil || limit < 1 {
limit = 25
}
offset, err := strconv.Atoi(c.Query("offset"))
if err != nil || offset < 0 {
offset = 0
}
users := singleton.GetOnlineUsers(limit, offset)
if !isAdmin {
var newUsers []*model.OnlineUser
for _, user := range users {
newUsers = append(newUsers, &model.OnlineUser{
UserID: user.UserID,
IP: utils.IPDesensitize(user.IP),
ConnectedAt: user.ConnectedAt,
})
}
users = newUsers
}
return &model.Value[[]*model.OnlineUser]{
Value: users,
Pagination: model.Pagination{
Offset: offset,
Limit: limit,
Total: int64(singleton.GetOnlineUserCount()),
},
}, nil
}
// Batch block online user
// @Summary Batch block online user
// @Security BearerAuth
// @Schemes
// @Description Batch block online user
// @Tags admin required
// @Accept json
// @Param request body []string true "block list"
// @Produce json
// @Success 200 {object} model.CommonResponse[any]
// @Router /online-user/batch-block [post]
func batchBlockOnlineUser(c *gin.Context) (any, error) {
var list []string
if err := c.ShouldBindJSON(&list); err != nil {
return nil, err
}
if err := singleton.BlockByIPs(utils.Unique(list)); err != nil {
return nil, newGormError("%v", err)
}
return nil, nil
}