mirror of
https://github.com/mattermost/mattermost.git
synced 2026-05-28 04:35:04 -04:00
c6b59cc9a7
* Generalize the file storage Test Connection endpoint Replaces the S3-only /api/v4/file/s3_test handler with a backend-agnostic POST /api/v4/file/test that validates mandatory fields per driver and runs a write/read/delete probe against the configured backend. The legacy /file/s3_test route stays as a thin wrapper so existing clients keep working. The driver switch validates S3 and Azure mandatory fields explicitly, treats Local as a no-op (no required credentials), and rejects unknown or empty driver names with a 400 and a specific error code so admins get a useful message instead of a generic backend failure. Reuses config.Desanitize (renamed from the package-private desanitize) so the FakeSetting placeholder swap for secrets is shared with the PUT /api/v4/config save path. Adding a new driver-secret in the future only requires touching config.Desanitize once. Desanitize is also made nil-safe on every pointer dereference so callers can hand it a partial config without first running SetDefaults(). Mattermost-redux and the webapp client gain a corresponding TestFileStoreConnection method that the admin console action layer calls instead of the deprecated S3-specific method. ------ AI assisted commit * Wire Azure Blob Storage into the file storage admin console Adds the Azure Blob Storage option to the File Storage panel in the System Console. Selecting it enables Azure-specific fields for the storage account name, container, optional path prefix, shared key, optional endpoint override, secure-connections toggle, and request timeout. The fields are hidden and disabled when the driver is set to Local or S3, matching the existing pattern. Help text and placeholders are added in the webapp i18n catalog so admins see the same field labels documented in the admin guide. The same set of fields is repeated for the Files Export panel when DedicatedExportStore is enabled, keeping the export backend configurable independently of the primary file store. ------ AI assisted commit * Document /api/v4/file/test in the OpenAPI spec Adds the new backend-agnostic file storage Test Connection endpoint to the public OpenAPI surface. The request body is optional: callers that omit it test the running server configuration, callers that include a full AdminConfig test the supplied configuration without persisting anything. The deprecated /api/v4/file/s3_test endpoint is left unchanged in the spec for the existing S3-only flow. ------ AI assisted commit * Add UI-only Cypress coverage for the Azure file storage panel Adds a Cypress spec that drives the System Console File Storage panel, switches the driver to Azure Blob Storage, fills in the Azure fields, and asserts the expected fields appear (and S3 fields are hidden). The spec is UI-only and does not depend on an Azure backend or Azurite, so it can run in CI without external infrastructure. Updates the existing environment_spec.js so it tolerates the new Azure option in the driver dropdown. ------ AI assisted commit * Nil-guard file storage mandatory-field checks CheckMandatoryS3Fields and CheckMandatoryAzureFields built a FileBackendSettings via NewFileBackendSettingsFromConfig before validating, but that constructor dereferences pointers unconditionally and would panic if a caller skipped the api handler's reflective nil check. Validate the required pointers directly against FileSettings instead, dropping the throwaway constructor call so the methods are safe to call from any path. ------ AI assisted commit * Check permission before validating file settings The /file/test handler ran checkHasNilFields before SessionHasPermissionTo, so an unauthorized caller posting a partial config got a 400, leaking config shape, rather than a 403. Swap the two blocks so the permission decision happens first. ------ AI assisted commit * Preserve FakeSetting when desanitize has no actual The Azure access key, export Azure access key, and S3 secret access key branches in Desanitize reassigned target to actual without checking actual for nil. When the running config had no value, the FakeSetting placeholder in target was replaced with nil, dropping the field from the round-trip. Guard the assignment so the placeholder stays in place when actual is unset. ------ AI assisted commit --------- Co-authored-by: Mattermost Build <build@mattermost.com>
1132 lines
39 KiB
Go
1132 lines
39 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"reflect"
|
|
"runtime"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/mattermost/mattermost/server/public/model"
|
|
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
|
"github.com/mattermost/mattermost/server/public/utils"
|
|
"github.com/mattermost/mattermost/server/v8/config"
|
|
"github.com/mattermost/mattermost/server/v8/platform/services/cache"
|
|
"github.com/mattermost/mattermost/server/v8/platform/services/upgrader"
|
|
"github.com/mattermost/mattermost/server/v8/platform/shared/web"
|
|
)
|
|
|
|
const (
|
|
RedirectLocationCacheSize = 10000
|
|
RedirectLocationMaximumLength = 2100
|
|
RedirectLocationCacheExpiry = 1 * time.Hour
|
|
DefaultServerBusySeconds = 3600
|
|
MaxServerBusySeconds = 86400
|
|
)
|
|
|
|
var redirectLocationDataCache = cache.NewLRU(&cache.CacheOptions{
|
|
Size: RedirectLocationCacheSize,
|
|
})
|
|
|
|
func (api *API) InitSystem() {
|
|
api.BaseRoutes.System.Handle("/ping", api.APIHandler(getSystemPing)).Methods(http.MethodGet)
|
|
|
|
api.BaseRoutes.System.Handle("/timezones", api.APISessionRequired(getSupportedTimezones)).Methods(http.MethodGet)
|
|
|
|
api.BaseRoutes.APIRoot.Handle("/audits", api.APISessionRequired(getAudits)).Methods(http.MethodGet)
|
|
api.BaseRoutes.APIRoot.Handle("/notifications/test", api.APISessionRequired(testNotifications)).Methods(http.MethodPost)
|
|
api.BaseRoutes.APIRoot.Handle("/email/test", api.APISessionRequired(testEmail)).Methods(http.MethodPost)
|
|
api.BaseRoutes.APIRoot.Handle("/site_url/test", api.APISessionRequired(testSiteURL)).Methods(http.MethodPost)
|
|
api.BaseRoutes.APIRoot.Handle("/file/test", api.APISessionRequired(testFileStore)).Methods(http.MethodPost)
|
|
// Deprecated: use /file/test instead. Kept as a thin compatibility wrapper.
|
|
api.BaseRoutes.APIRoot.Handle("/file/s3_test", api.APISessionRequired(testFileStore)).Methods(http.MethodPost)
|
|
api.BaseRoutes.APIRoot.Handle("/database/recycle", api.APISessionRequired(databaseRecycle)).Methods(http.MethodPost)
|
|
api.BaseRoutes.APIRoot.Handle("/caches/invalidate", api.APISessionRequired(invalidateCaches)).Methods(http.MethodPost)
|
|
|
|
api.BaseRoutes.APIRoot.Handle("/logs", api.APISessionRequired(getLogs)).Methods(http.MethodGet)
|
|
api.BaseRoutes.APIRoot.Handle("/logs/download", api.APISessionRequired(downloadLogs)).Methods(http.MethodGet)
|
|
api.BaseRoutes.APIRoot.Handle("/logs/query", api.APISessionRequired(queryLogs)).Methods(http.MethodPost)
|
|
api.BaseRoutes.APIRoot.Handle("/logs", api.APIHandler(postLog)).Methods(http.MethodPost)
|
|
|
|
api.BaseRoutes.APIRoot.Handle("/analytics/old", api.APISessionRequired(getAnalytics)).Methods(http.MethodGet)
|
|
api.BaseRoutes.APIRoot.Handle("/latest_version", api.APISessionRequired(getLatestVersion)).Methods(http.MethodGet)
|
|
|
|
api.BaseRoutes.APIRoot.Handle("/redirect_location", api.APISessionRequiredTrustRequester(getRedirectLocation)).Methods(http.MethodGet)
|
|
|
|
api.BaseRoutes.APIRoot.Handle("/notifications/ack", api.APISessionRequired(pushNotificationAck)).Methods(http.MethodPost)
|
|
|
|
api.BaseRoutes.APIRoot.Handle("/server_busy", api.APISessionRequired(setServerBusy)).Methods(http.MethodPost)
|
|
api.BaseRoutes.APIRoot.Handle("/server_busy", api.APISessionRequired(getServerBusyExpires)).Methods(http.MethodGet)
|
|
api.BaseRoutes.APIRoot.Handle("/server_busy", api.APISessionRequired(clearServerBusy)).Methods(http.MethodDelete)
|
|
api.BaseRoutes.APIRoot.Handle("/upgrade_to_enterprise", api.APISessionRequired(upgradeToEnterprise)).Methods(http.MethodPost)
|
|
api.BaseRoutes.APIRoot.Handle("/upgrade_to_enterprise/status", api.APISessionRequired(upgradeToEnterpriseStatus)).Methods(http.MethodGet)
|
|
api.BaseRoutes.APIRoot.Handle("/upgrade_to_enterprise/allowed", api.APISessionRequired(isAllowedToUpgradeToEnterprise)).Methods(http.MethodGet)
|
|
api.BaseRoutes.APIRoot.Handle("/restart", api.APISessionRequired(restart)).Methods(http.MethodPost)
|
|
api.BaseRoutes.System.Handle("/notices/{team_id:[A-Za-z0-9]+}", api.APISessionRequired(getProductNotices)).Methods(http.MethodGet)
|
|
api.BaseRoutes.System.Handle("/notices/view", api.APISessionRequired(updateViewedProductNotices)).Methods(http.MethodPut)
|
|
api.BaseRoutes.System.Handle("/support_packet", api.APISessionRequired(generateSupportPacket)).Methods(http.MethodGet)
|
|
api.BaseRoutes.System.Handle("/onboarding/complete", api.APISessionRequired(getOnboarding)).Methods(http.MethodGet)
|
|
api.BaseRoutes.System.Handle("/onboarding/complete", api.APISessionRequired(completeOnboarding)).Methods(http.MethodPost)
|
|
api.BaseRoutes.System.Handle("/schema/version", api.APISessionRequired(getAppliedSchemaMigrations)).Methods(http.MethodGet)
|
|
}
|
|
|
|
func generateSupportPacket(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
const FileMime = "application/zip"
|
|
|
|
// Support Packet generation is limited to system admins (MM-42271).
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord(model.AuditEventGenerateSupportPacket, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
// We support the existing API hence the logs are always included
|
|
// if nothing specified.
|
|
includeLogs := true
|
|
if r.FormValue("basic_server_logs") == "false" {
|
|
includeLogs = false
|
|
}
|
|
supportPacketOptions := &model.SupportPacketOptions{
|
|
IncludeLogs: includeLogs,
|
|
PluginPackets: r.Form["plugin_packets"],
|
|
}
|
|
|
|
auditRec.AddMeta("include_logs", supportPacketOptions.IncludeLogs)
|
|
auditRec.AddMeta("plugin_packets", supportPacketOptions.PluginPackets)
|
|
|
|
// Checking to see if the server has a e10 or e20 license (this feature is only permitted for servers with licenses)
|
|
if c.App.Channels().License() == nil {
|
|
c.Err = model.NewAppError("Api4.generateSupportPacket", "api.no_license", nil, "", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
fileDatas := c.App.GenerateSupportPacket(c.AppContext, supportPacketOptions)
|
|
|
|
now := time.Now()
|
|
outputZipFilename := supportPacketFileName(now, c.App.License().Customer.Company)
|
|
|
|
// Create a buffer and write the zip file to it
|
|
buf := new(bytes.Buffer)
|
|
err := c.App.WriteZipFile(buf, fileDatas)
|
|
if err != nil {
|
|
c.Err = model.NewAppError("Api4.generateSupportPacket", "api.unable_to_create_zip_file", nil, "", http.StatusForbidden).Wrap(err)
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
auditRec.AddMeta("filename", outputZipFilename)
|
|
|
|
// Prevent caching so support packets are always fresh
|
|
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
|
|
|
err = web.WriteStreamResponse(w, buf, outputZipFilename, FileMime, true)
|
|
if err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
// supportPacketFileName returns the ZIP file name in the format mm_support_packet_$CUSTOMER_NAME_YYYY-MM-DDTHH-MM.zip.
|
|
// Note that this filename is also being checked at the webapp, please update the
|
|
// regex within the commercial_support_modal.tsx file if the naming convention ever changes.
|
|
func supportPacketFileName(now time.Time, customerName string) string {
|
|
return fmt.Sprintf("mm_support_packet_%s_%s.zip", utils.SanitizeFileName(customerName), now.Format("2006-01-02T15-04"))
|
|
}
|
|
|
|
func getSystemPing(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
reqs := c.App.Config().ClientRequirements
|
|
|
|
s := make(map[string]any)
|
|
s[model.STATUS] = model.StatusOk
|
|
s["AndroidLatestVersion"] = reqs.AndroidLatestVersion
|
|
s["AndroidMinVersion"] = reqs.AndroidMinVersion
|
|
s["IosLatestVersion"] = reqs.IosLatestVersion
|
|
s["IosMinVersion"] = reqs.IosMinVersion
|
|
|
|
testflag := c.App.Config().FeatureFlags.TestFeature
|
|
if testflag != "off" {
|
|
s["TestFeatureFlag"] = testflag
|
|
}
|
|
|
|
actualGoroutines := runtime.NumGoroutine()
|
|
if *c.App.Config().ServiceSettings.GoroutineHealthThreshold > 0 && actualGoroutines >= *c.App.Config().ServiceSettings.GoroutineHealthThreshold {
|
|
c.Logger.Warn("The number of running goroutines is over the health threshold", mlog.Int("goroutines", actualGoroutines), mlog.Int("health_threshold", *c.App.Config().ServiceSettings.GoroutineHealthThreshold))
|
|
s[model.STATUS] = model.StatusUnhealthy
|
|
}
|
|
|
|
// Enhanced ping health check:
|
|
// If an extra form value is provided then perform extra health checks for
|
|
// database and file storage backends.
|
|
if r.FormValue("get_server_status") == "true" {
|
|
dbStatusKey := "database_status"
|
|
s[dbStatusKey] = model.StatusOk
|
|
|
|
writeErr := c.App.DBHealthCheckWrite()
|
|
if writeErr != nil {
|
|
c.Logger.Warn("Unable to write to database.", mlog.Err(writeErr))
|
|
s[dbStatusKey] = model.StatusUnhealthy
|
|
s[model.STATUS] = model.StatusUnhealthy
|
|
}
|
|
|
|
writeErr = c.App.DBHealthCheckDelete()
|
|
if writeErr != nil {
|
|
c.Logger.Warn("Unable to remove ping health check value from database.", mlog.Err(writeErr))
|
|
s[dbStatusKey] = model.StatusUnhealthy
|
|
s[model.STATUS] = model.StatusUnhealthy
|
|
}
|
|
|
|
if s[dbStatusKey] == model.StatusOk {
|
|
c.Logger.Debug("Able to write to database.")
|
|
}
|
|
|
|
filestoreStatusKey := "filestore_status"
|
|
s[filestoreStatusKey] = model.StatusOk
|
|
appErr := c.App.TestFileStoreConnection()
|
|
if appErr != nil {
|
|
c.Logger.Warn("Unable to test filestore connection.", mlog.Err(appErr))
|
|
s[filestoreStatusKey] = model.StatusUnhealthy
|
|
s[model.STATUS] = model.StatusUnhealthy
|
|
}
|
|
|
|
if res, ok := s[model.STATUS].(string); ok {
|
|
w.Header().Set(model.STATUS, res)
|
|
}
|
|
if res, ok := s[dbStatusKey].(string); ok {
|
|
w.Header().Set(dbStatusKey, res)
|
|
}
|
|
if res, ok := s[filestoreStatusKey].(string); ok {
|
|
w.Header().Set(filestoreStatusKey, res)
|
|
}
|
|
|
|
// Checking if mattermost is running as root, if the user is system admin
|
|
if c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
s["root_status"] = os.Geteuid() == 0
|
|
}
|
|
}
|
|
|
|
if deviceID := r.FormValue("device_id"); deviceID != "" {
|
|
s["CanReceiveNotifications"] = c.App.SendTestPushNotification(c.AppContext, deviceID)
|
|
}
|
|
|
|
s["ActiveSearchBackend"] = c.App.ActiveSearchBackend()
|
|
|
|
if s[model.STATUS] != model.StatusOk && r.FormValue("use_rest_semantics") != "true" {
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
}
|
|
|
|
if _, err := w.Write(model.ToJSON(s)); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func testNotifications(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
_, err := c.App.SendTestMessage(c.AppContext, c.AppContext.Session().UserId)
|
|
if err != nil {
|
|
c.Err = err
|
|
return
|
|
}
|
|
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
var cfg *model.Config
|
|
err := json.NewDecoder(r.Body).Decode(&cfg)
|
|
if err != nil {
|
|
c.Logger.Warn("Error decoding the config", mlog.Err(err))
|
|
}
|
|
if cfg == nil {
|
|
cfg = c.App.Config()
|
|
}
|
|
|
|
if checkHasNilFields(&cfg.EmailSettings) {
|
|
c.Err = model.NewAppError("testEmail", "api.file.test_connection_email_settings_nil.app_error", nil, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionTestEmail) {
|
|
c.SetPermissionError(model.PermissionTestEmail)
|
|
return
|
|
}
|
|
|
|
appErr := c.App.TestEmail(c.AppContext, c.AppContext.Session().UserId, cfg)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func testSiteURL(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionTestSiteURL) {
|
|
c.SetPermissionError(model.PermissionTestSiteURL)
|
|
return
|
|
}
|
|
|
|
props := model.MapFromJSON(r.Body)
|
|
siteURL := props["site_url"]
|
|
if siteURL == "" {
|
|
c.SetInvalidParam("site_url")
|
|
return
|
|
}
|
|
|
|
appErr := c.App.TestSiteURL(c.AppContext, siteURL)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
auditRec := c.MakeAuditRecord(model.AuditEventGetAudits, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionReadAudits) {
|
|
c.SetPermissionError(model.PermissionReadAudits)
|
|
return
|
|
}
|
|
|
|
audits, appErr := c.App.GetAuditsPage(c.AppContext, "", c.Params.Page, c.Params.PerPage)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
model.AddEventParameterToAuditRec(auditRec, "page", c.Params.Page)
|
|
model.AddEventParameterToAuditRec(auditRec, "audits_per_page", c.Params.LogsPerPage)
|
|
|
|
if err := json.NewEncoder(w).Encode(audits); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func databaseRecycle(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionRecycleDatabaseConnections) {
|
|
c.SetPermissionError(model.PermissionRecycleDatabaseConnections)
|
|
return
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord(model.AuditEventDatabaseRecycle, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
c.App.RecycleDatabaseConnection(c.AppContext)
|
|
|
|
auditRec.Success()
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func invalidateCaches(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionInvalidateCaches) {
|
|
c.SetPermissionError(model.PermissionInvalidateCaches)
|
|
return
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord(model.AuditEventInvalidateCaches, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
appErr := c.App.Srv().InvalidateAllCaches()
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
|
|
w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func queryLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
auditRec := c.MakeAuditRecord(model.AuditEventQueryLogs, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) {
|
|
c.SetPermissionError(model.PermissionGetLogs)
|
|
return
|
|
}
|
|
|
|
var logFilter *model.LogFilter
|
|
err := json.NewDecoder(r.Body).Decode(&logFilter)
|
|
if err != nil || logFilter == nil {
|
|
c.Err = model.NewAppError("queryLogs", "api.system.logs.invalidFilter", nil, "", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
logs, appErr := c.App.QueryLogs(c.AppContext, c.Params.Page, c.Params.LogsPerPage, logFilter)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
logsJSON := make(map[string][]any)
|
|
var result any
|
|
for node, logLines := range logs {
|
|
for _, log := range logLines {
|
|
err = json.Unmarshal([]byte(log), &result)
|
|
if err != nil {
|
|
c.Logger.Warn("Error parsing log line in Server Logs", mlog.String("from_node", node), mlog.Err(err))
|
|
} else {
|
|
logsJSON[node] = append(logsJSON[node], result)
|
|
}
|
|
}
|
|
}
|
|
|
|
auditRec.AddMeta("page", c.Params.Page)
|
|
auditRec.AddMeta("logs_per_page", c.Params.LogsPerPage)
|
|
|
|
if _, err := w.Write(model.ToJSON(logsJSON)); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
auditRec := c.MakeAuditRecord(model.AuditEventGetLogs, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) {
|
|
c.SetPermissionError(model.PermissionGetLogs)
|
|
return
|
|
}
|
|
|
|
lines, appErr := c.App.GetLogs(c.AppContext, c.Params.Page, c.Params.LogsPerPage)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
model.AddEventParameterToAuditRec(auditRec, "page", c.Params.Page)
|
|
model.AddEventParameterToAuditRec(auditRec, "logs_per_page", c.Params.LogsPerPage)
|
|
|
|
if _, err := w.Write([]byte(model.ArrayToJSON(lines))); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func downloadLogs(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
auditRec := c.MakeAuditRecord(model.AuditEventDownloadLogs, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionGetLogs) {
|
|
c.SetPermissionError(model.PermissionGetLogs)
|
|
return
|
|
}
|
|
|
|
fileData, err := c.App.Srv().Platform().GetLogFile(c.AppContext)
|
|
if err != nil {
|
|
c.Err = model.NewAppError("downloadLogs", "api.system.logs.download_bytes_buffer.app_error", nil, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
reader := bytes.NewReader(fileData.Body)
|
|
web.WriteFileResponse(config.LogFilename,
|
|
"text/plain",
|
|
int64(len(fileData.Body)),
|
|
time.Now(),
|
|
*c.App.Config().ServiceSettings.WebserverMode,
|
|
reader,
|
|
true,
|
|
w,
|
|
r)
|
|
}
|
|
|
|
func postLog(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
forceToDebug := false
|
|
|
|
if !*c.App.Config().ServiceSettings.EnableDeveloper {
|
|
if c.AppContext.Session().UserId == "" {
|
|
c.Err = model.NewAppError("postLog", "api.context.permissions.app_error", nil, "", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
forceToDebug = true
|
|
}
|
|
}
|
|
|
|
var m map[string]string
|
|
err := json.NewDecoder(r.Body).Decode(&m)
|
|
if err != nil {
|
|
c.Logger.Warn("Error decoding request.", mlog.Err(err))
|
|
}
|
|
if m == nil {
|
|
m = map[string]string{}
|
|
}
|
|
|
|
lvl := m["level"]
|
|
msg := m["message"]
|
|
|
|
if len(msg) > 400 {
|
|
msg = msg[0:399]
|
|
}
|
|
|
|
msg = "Client Logs API Endpoint Message: " + msg
|
|
fields := []mlog.Field{
|
|
mlog.String("type", "client_message"),
|
|
mlog.String("user_agent", c.AppContext.UserAgent()),
|
|
}
|
|
|
|
if !forceToDebug && lvl == "ERROR" {
|
|
mlog.Error(msg, fields...)
|
|
} else {
|
|
mlog.Debug(msg, fields...)
|
|
}
|
|
|
|
m["message"] = msg
|
|
err = json.NewEncoder(w).Encode(m)
|
|
if err != nil {
|
|
c.Logger.Warn("Error while writing response.", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
name := r.URL.Query().Get("name")
|
|
teamId := r.URL.Query().Get("team_id")
|
|
|
|
if name == "" {
|
|
name = "standard"
|
|
}
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionGetAnalytics) {
|
|
c.SetPermissionError(model.PermissionGetAnalytics)
|
|
return
|
|
}
|
|
|
|
rows, appErr := c.App.GetAnalytics(c.AppContext, name, teamId)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
if rows == nil {
|
|
c.SetInvalidParam("name")
|
|
return
|
|
}
|
|
|
|
if err := json.NewEncoder(w).Encode(rows); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func getLatestVersion(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionToAndNotRestrictedAdmin(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
resp, appErr := c.App.GetLatestVersion(c.AppContext, "https://api.github.com/repos/mattermost/mattermost-server/releases/latest")
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
b, err := json.Marshal(resp)
|
|
if err != nil {
|
|
c.Logger.Warn("Unable to marshal JSON for latest version.", mlog.Err(err))
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
}
|
|
|
|
if _, err := w.Write(b); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func getSupportedTimezones(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
supportedTimezones := c.App.Timezones().GetSupported()
|
|
if supportedTimezones == nil {
|
|
supportedTimezones = make([]string, 0)
|
|
}
|
|
|
|
b, err := json.Marshal(supportedTimezones)
|
|
if err != nil {
|
|
c.Logger.Warn("Unable to marshal JSON in timezones.", mlog.Err(err))
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
}
|
|
|
|
if _, err := w.Write(b); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func testFileStore(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
var cfg *model.Config
|
|
err := json.NewDecoder(r.Body).Decode(&cfg)
|
|
if err != nil {
|
|
c.Logger.Warn("Error decoding the config", mlog.Err(err))
|
|
}
|
|
if cfg == nil {
|
|
cfg = c.App.Config()
|
|
}
|
|
|
|
// PermissionTestS3 is kept for backwards compatibility -- it was named
|
|
// after the only supported test endpoint at the time it was introduced.
|
|
// The new /file/test endpoint is backend-agnostic but reuses the same
|
|
// permission to avoid a role migration.
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionTestS3) {
|
|
c.SetPermissionError(model.PermissionTestS3)
|
|
return
|
|
}
|
|
|
|
if checkHasNilFields(&cfg.FileSettings) {
|
|
c.Err = model.NewAppError("testFileStore", "api.file.test_connection_settings_nil.app_error", nil, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
// Validate mandatory fields per driver. TestFileStoreConnectionWithConfig
|
|
// will catch missing fields by failing to construct the backend, but a
|
|
// dedicated validation step lets us surface a clearer error.
|
|
driver := ""
|
|
if cfg.FileSettings.DriverName != nil {
|
|
driver = *cfg.FileSettings.DriverName
|
|
}
|
|
switch driver {
|
|
case model.ImageDriverLocal:
|
|
// Local driver has no mandatory fields beyond the directory, which has a default.
|
|
case model.ImageDriverS3:
|
|
if appErr := c.App.CheckMandatoryS3Fields(&cfg.FileSettings); appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
case model.ImageDriverAzure:
|
|
if appErr := c.App.CheckMandatoryAzureFields(&cfg.FileSettings); appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
default:
|
|
c.Err = model.NewAppError("testFileStore", "api.file.test_connection_unsupported_driver.app_error", map[string]any{"Driver": driver}, "", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
// A client editing the admin UI and clicking Test Connection without
|
|
// re-entering the secret would send the FakeSetting placeholder back, so we
|
|
// need to desanitize this first.
|
|
config.Desanitize(c.App.Config(), cfg)
|
|
|
|
if appErr := c.App.TestFileStoreConnectionWithConfig(&cfg.FileSettings); appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getRedirectLocation(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
m := make(map[string]string)
|
|
m["location"] = ""
|
|
|
|
if !*c.App.Config().ServiceSettings.EnableLinkPreviews {
|
|
if _, err := w.Write([]byte(model.MapToJSON(m))); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
return
|
|
}
|
|
|
|
url := r.URL.Query().Get("url")
|
|
if url == "" {
|
|
c.SetInvalidParam("url")
|
|
return
|
|
}
|
|
|
|
var location string
|
|
if err := redirectLocationDataCache.Get(url, &location); err == nil {
|
|
m["location"] = location
|
|
if _, err := w.Write([]byte(model.MapToJSON(m))); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
return
|
|
}
|
|
|
|
client := c.App.HTTPService().MakeClient(false)
|
|
client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
|
|
return http.ErrUseLastResponse
|
|
}
|
|
|
|
res, err := client.Head(url)
|
|
if err != nil {
|
|
// Cache failures to prevent retries.
|
|
cacheErr := redirectLocationDataCache.SetWithExpiry(url, "", RedirectLocationCacheExpiry)
|
|
if cacheErr != nil {
|
|
c.Logger.Warn("Failed to set cache for URL", mlog.String("url", url), mlog.Err(err))
|
|
}
|
|
// Always return a success status and a JSON string to limit information returned to client.
|
|
if _, err = w.Write([]byte(model.MapToJSON(m))); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
return
|
|
}
|
|
defer func() {
|
|
if _, err = io.Copy(io.Discard, res.Body); err != nil {
|
|
c.Logger.Warn("Error while removing directory", mlog.Err(err))
|
|
}
|
|
res.Body.Close()
|
|
}()
|
|
|
|
location = res.Header.Get("Location")
|
|
|
|
// If the location length is > 2100, we can probably ignore. Fixes https://mattermost.atlassian.net/browse/MM-54219
|
|
if len(location) > RedirectLocationMaximumLength {
|
|
// Treating as a "failure". Cache failures to prevent retries.
|
|
cacheErr := redirectLocationDataCache.SetWithExpiry(url, "", RedirectLocationCacheExpiry)
|
|
if cacheErr != nil {
|
|
c.Logger.Warn("Failed to set cache for URL", mlog.String("url", url), mlog.Err(err))
|
|
}
|
|
// Always return a success status and a JSON string to limit information returned to client.
|
|
if _, err = w.Write([]byte(model.MapToJSON(m))); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
return
|
|
}
|
|
|
|
cacheErr := redirectLocationDataCache.SetWithExpiry(url, location, RedirectLocationCacheExpiry)
|
|
if cacheErr != nil {
|
|
c.Logger.Warn("Failed to set cache for URL", mlog.String("url", url), mlog.Err(err))
|
|
}
|
|
m["location"] = location
|
|
|
|
if _, err := w.Write([]byte(model.MapToJSON(m))); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func pushNotificationAck(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
var ack model.PushNotificationAck
|
|
if jsonErr := json.NewDecoder(r.Body).Decode(&ack); jsonErr != nil {
|
|
c.Err = model.NewAppError("pushNotificationAck",
|
|
"api.push_notifications_ack.message.parse.app_error",
|
|
nil,
|
|
"",
|
|
http.StatusBadRequest,
|
|
).Wrap(jsonErr)
|
|
return
|
|
}
|
|
|
|
if !*c.App.Config().EmailSettings.SendPushNotifications {
|
|
c.Err = model.NewAppError("pushNotificationAck", "api.push_notification.disabled.app_error", nil, "", http.StatusNotImplemented)
|
|
return
|
|
}
|
|
|
|
if ack.NotificationType == model.PushTypeMessage {
|
|
session := c.AppContext.Session()
|
|
ignoreNotificationACK := session.Props[model.SessionPropDeviceNotificationDisabled] == "true"
|
|
if ignoreNotificationACK && ack.ClientPlatform == "ios" {
|
|
// iOS doesn't send ack when the notificications are disabled
|
|
// so we restore the value the moment we receive an ack
|
|
if err := c.App.SetExtraSessionProps(session, map[string]string{
|
|
model.SessionPropDeviceNotificationDisabled: "false",
|
|
}); err != nil {
|
|
c.Logger.Warn("Failed to set extra session props", mlog.Err(err))
|
|
}
|
|
c.App.ClearSessionCacheForUser(session.UserId)
|
|
}
|
|
if !ignoreNotificationACK {
|
|
c.App.CountNotificationAck(model.NotificationTypePush, ack.ClientPlatform)
|
|
}
|
|
}
|
|
|
|
c.AppContext = c.AppContext.WithLogFields(
|
|
mlog.String("type", model.NotificationTypePush),
|
|
mlog.String("ack_id", ack.Id),
|
|
mlog.String("push_type", ack.NotificationType),
|
|
mlog.String("post_id", ack.PostId),
|
|
mlog.String("ack_type", ack.NotificationType),
|
|
mlog.String("device_type", ack.ClientPlatform),
|
|
mlog.Int("received_at", ack.ClientReceivedAt),
|
|
)
|
|
err := c.App.SendAckToPushProxy(c.AppContext, &ack)
|
|
if ack.IsIdLoaded {
|
|
if err != nil {
|
|
c.App.CountNotificationReason(model.NotificationStatusError, model.NotificationTypePush, model.NotificationReasonPushProxySendError, ack.ClientPlatform)
|
|
c.AppContext.Logger().LogM(mlog.MlvlNotificationError, "Notification ack not sent to push proxy",
|
|
mlog.String("status", model.NotificationStatusError),
|
|
mlog.String("reason", model.NotificationReasonPushProxySendError),
|
|
mlog.Err(err),
|
|
)
|
|
} else {
|
|
c.App.CountNotificationReason(model.NotificationStatusSuccess, model.NotificationTypePush, model.NotificationReason(""), ack.ClientPlatform)
|
|
}
|
|
// Return post data only when PostId is passed.
|
|
if ack.PostId != "" && ack.NotificationType == model.PushTypeMessage {
|
|
var isMember bool
|
|
var appErr *model.AppError
|
|
if _, appErr, isMember = c.App.GetPostIfAuthorized(c.AppContext, ack.PostId, c.AppContext.Session(), false); appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
notificationInterface := c.App.Notification()
|
|
|
|
if notificationInterface == nil {
|
|
c.Err = model.NewAppError("pushNotificationAck", "api.system.id_loaded.not_available.app_error", nil, "", http.StatusFound)
|
|
return
|
|
}
|
|
|
|
msg, appError := notificationInterface.GetNotificationMessage(c.AppContext, &ack, c.AppContext.Session().UserId)
|
|
if appError != nil {
|
|
c.Err = model.NewAppError("pushNotificationAck", "api.push_notification.id_loaded.fetch.app_error", nil, "", http.StatusInternalServerError).Wrap(appError)
|
|
return
|
|
}
|
|
if err2 := json.NewEncoder(w).Encode(msg); err2 != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err2))
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord(model.AuditEventNotificationAck, model.AuditStatusSuccess)
|
|
defer c.LogAuditRec(auditRec)
|
|
model.AddEventParameterToAuditRec(auditRec, "post_id", ack.PostId)
|
|
|
|
if !isMember {
|
|
model.AddEventParameterToAuditRec(auditRec, "non_channel_member_access", true)
|
|
}
|
|
}
|
|
|
|
return
|
|
} else if err != nil {
|
|
c.Err = model.NewAppError("pushNotificationAck", "api.push_notifications_ack.forward.app_error", nil, "", http.StatusInternalServerError).Wrap(err)
|
|
return
|
|
}
|
|
|
|
c.App.CountNotificationReason(model.NotificationStatusSuccess, model.NotificationTypePush, model.NotificationReason(""), ack.ClientPlatform)
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func setServerBusy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
// number of seconds to keep server marked busy
|
|
secs := r.URL.Query().Get("seconds")
|
|
if secs == "" {
|
|
secs = strconv.FormatInt(DefaultServerBusySeconds, 10)
|
|
}
|
|
|
|
i, err := strconv.ParseInt(secs, 10, 64)
|
|
if err != nil || i <= 0 || i > MaxServerBusySeconds {
|
|
c.SetInvalidURLParam(fmt.Sprintf("seconds must be 1 - %d", MaxServerBusySeconds))
|
|
return
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord(model.AuditEventSetServerBusy, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
model.AddEventParameterToAuditRec(auditRec, "seconds", i)
|
|
|
|
c.App.Srv().Platform().Busy.Set(time.Second * time.Duration(i))
|
|
c.Logger.Warn("server busy state activated - non-critical services disabled", mlog.Int("seconds", i))
|
|
|
|
auditRec.Success()
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func clearServerBusy(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord(model.AuditEventClearServerBusy, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
c.App.Srv().Platform().Busy.Clear()
|
|
c.Logger.Info("server busy state cleared - non-critical services enabled")
|
|
|
|
auditRec.Success()
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getServerBusyExpires(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
// We call to ToJSON because it actually returns a different struct
|
|
// along with doing some computations.
|
|
sbsJSON, jsonErr := c.App.Srv().Platform().Busy.ToJSON()
|
|
if jsonErr != nil {
|
|
c.Logger.Warn(jsonErr.Error())
|
|
}
|
|
|
|
if _, err := w.Write(sbsJSON); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func upgradeToEnterprise(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
auditRec := c.MakeAuditRecord(model.AuditEventUpgradeToEnterprise, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
if model.BuildEnterpriseReady == "true" {
|
|
c.Err = model.NewAppError("upgradeToEnterprise", "api.upgrade_to_enterprise.already-enterprise.app_error", nil, "", http.StatusTooManyRequests)
|
|
return
|
|
}
|
|
|
|
percentage, _ := c.App.Srv().UpgradeToE0Status()
|
|
|
|
if percentage > 0 {
|
|
c.Err = model.NewAppError("upgradeToEnterprise", "api.upgrade_to_enterprise.app_error", nil, "", http.StatusTooManyRequests)
|
|
return
|
|
}
|
|
if percentage == 100 {
|
|
c.Err = model.NewAppError("upgradeToEnterprise", "api.upgrade_to_enterprise.already-done.app_error", nil, "", http.StatusTooManyRequests)
|
|
return
|
|
}
|
|
|
|
if err := c.App.Srv().CanIUpgradeToE0(); err != nil {
|
|
var ipErr *upgrader.InvalidPermissions
|
|
var iaErr *upgrader.InvalidArch
|
|
switch {
|
|
case errors.As(err, &ipErr):
|
|
params := map[string]any{
|
|
"MattermostUsername": ipErr.MattermostUsername,
|
|
"FileUsername": ipErr.FileUsername,
|
|
"Path": ipErr.Path,
|
|
}
|
|
if ipErr.ErrType == "invalid-user-and-permission" {
|
|
c.Err = model.NewAppError("upgradeToEnterprise", "api.upgrade_to_enterprise.invalid-user-and-permission.app_error", params, "", http.StatusForbidden).Wrap(err)
|
|
} else if ipErr.ErrType == "invalid-user" {
|
|
c.Err = model.NewAppError("upgradeToEnterprise", "api.upgrade_to_enterprise.invalid-user.app_error", params, "", http.StatusForbidden).Wrap(err)
|
|
} else if ipErr.ErrType == "invalid-permission" {
|
|
c.Err = model.NewAppError("upgradeToEnterprise", "api.upgrade_to_enterprise.invalid-permission.app_error", params, "", http.StatusForbidden).Wrap(err)
|
|
}
|
|
case errors.As(err, &iaErr):
|
|
c.Err = model.NewAppError("upgradeToEnterprise", "api.upgrade_to_enterprise.system_not_supported.app_error", nil, "", http.StatusForbidden).Wrap(err)
|
|
default:
|
|
c.Err = model.NewAppError("upgradeToEnterprise", "api.upgrade_to_enterprise.generic_error.app_error", nil, "", http.StatusForbidden).Wrap(err)
|
|
}
|
|
return
|
|
}
|
|
|
|
c.App.Srv().Go(func() {
|
|
err := c.App.Srv().UpgradeToE0()
|
|
if err != nil {
|
|
c.Logger.Error("Error while upgrading to E0", mlog.Err(err))
|
|
}
|
|
})
|
|
|
|
auditRec.Success()
|
|
w.WriteHeader(http.StatusAccepted)
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func upgradeToEnterpriseStatus(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
percentage, err := c.App.Srv().UpgradeToE0Status()
|
|
var s map[string]any
|
|
if err != nil {
|
|
var isErr *upgrader.InvalidSignature
|
|
switch {
|
|
case errors.As(err, &isErr):
|
|
appErr := model.NewAppError("upgradeToEnterpriseStatus", "api.upgrade_to_enterprise_status.app_error", nil, "", http.StatusBadRequest).Wrap(isErr)
|
|
s = map[string]any{"percentage": 0, "error": appErr.Message}
|
|
default:
|
|
appErr := model.NewAppError("upgradeToEnterpriseStatus", "api.upgrade_to_enterprise_status.signature.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
s = map[string]any{"percentage": 0, "error": appErr.Message}
|
|
}
|
|
} else {
|
|
s = map[string]any{"percentage": percentage, "error": nil}
|
|
}
|
|
|
|
if _, err := w.Write([]byte(model.StringInterfaceToJSON(s))); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func isAllowedToUpgradeToEnterprise(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
err := c.App.Srv().CanIUpgradeToE0()
|
|
if err != nil {
|
|
var iaErr *upgrader.InvalidArch
|
|
if errors.As(err, &iaErr) {
|
|
c.Err = model.NewAppError("isAllowedToUpgradeToEnterprise", "api.upgrade_to_enterprise.system_not_supported.app_error", nil, "", http.StatusForbidden).Wrap(err)
|
|
return
|
|
}
|
|
c.Err = model.NewAppError("isAllowedToUpgradeToEnterprise", err.Error(), nil, "", http.StatusForbidden).Wrap(err)
|
|
return
|
|
}
|
|
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func restart(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
auditRec := c.MakeAuditRecord(model.AuditEventRestartServer, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
ReturnStatusOK(w)
|
|
time.Sleep(1 * time.Second)
|
|
|
|
go func() {
|
|
err := c.App.Srv().Restart()
|
|
if err != nil {
|
|
c.Logger.Error("Error while restarting server", mlog.Err(err))
|
|
}
|
|
}()
|
|
}
|
|
|
|
func getProductNotices(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
c.RequireTeamId()
|
|
if c.Err != nil {
|
|
return
|
|
}
|
|
|
|
client, parseError := model.NoticeClientTypeFromString(r.URL.Query().Get("client"))
|
|
if parseError != nil {
|
|
c.SetInvalidParamWithErr("client", parseError)
|
|
return
|
|
}
|
|
clientVersion := r.URL.Query().Get("clientVersion")
|
|
locale := r.URL.Query().Get("locale")
|
|
|
|
notices, appErr := c.App.GetProductNotices(c.AppContext, c.AppContext.Session().UserId, c.Params.TeamId, client, clientVersion, locale)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
result, _ := notices.Marshal()
|
|
_, _ = w.Write(result)
|
|
}
|
|
|
|
func updateViewedProductNotices(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
auditRec := c.MakeAuditRecord(model.AuditEventUpdateViewedProductNotices, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
c.LogAudit("attempt")
|
|
|
|
ids, err := model.SortedArrayFromJSON(r.Body)
|
|
if err != nil {
|
|
c.Err = model.NewAppError("updateViewedProductNotices", model.PayloadParseError, nil, "", http.StatusBadRequest).Wrap(err)
|
|
return
|
|
}
|
|
appErr := c.App.UpdateViewedProductNotices(c.AppContext.Session().UserId, ids)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getOnboarding(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
auditRec := c.MakeAuditRecord(model.AuditEventGetOnboarding, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
c.LogAudit("attempt")
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.SetPermissionError(model.PermissionManageSystem)
|
|
return
|
|
}
|
|
|
|
firstAdminCompleteSetupObj, err := c.App.GetOnboarding()
|
|
if err != nil {
|
|
c.Err = model.NewAppError("getOnboarding", "app.system.get_onboarding_request.app_error", nil, "", http.StatusInternalServerError).Wrap(err)
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
if err := json.NewEncoder(w).Encode(firstAdminCompleteSetupObj); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
func completeOnboarding(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionTo(*c.AppContext.Session(), model.PermissionManageSystem) {
|
|
c.Err = model.NewAppError("completeOnboarding", "app.system.complete_onboarding_request.no_first_user", nil, "", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord(model.AuditEventCompleteOnboarding, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
onboardingRequest, err := model.CompleteOnboardingRequestFromReader(r.Body)
|
|
if err != nil {
|
|
c.Err = model.NewAppError("completeOnboarding", "app.system.complete_onboarding_request.app_error", nil, "", http.StatusBadRequest).Wrap(err)
|
|
return
|
|
}
|
|
model.AddEventParameterToAuditRec(auditRec, "install_plugin", onboardingRequest.InstallPlugins)
|
|
model.AddEventParameterAuditableToAuditRec(auditRec, "onboarding_request", onboardingRequest)
|
|
|
|
appErr := c.App.CompleteOnboarding(c.AppContext, onboardingRequest)
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
ReturnStatusOK(w)
|
|
}
|
|
|
|
func getAppliedSchemaMigrations(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
if !c.App.SessionHasPermissionToAny(*c.AppContext.Session(), model.SysconsoleReadPermissions) {
|
|
c.SetPermissionError(model.SysconsoleReadPermissions...)
|
|
return
|
|
}
|
|
|
|
auditRec := c.MakeAuditRecord(model.AuditEventGetAppliedSchemaMigrations, model.AuditStatusFail)
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
migrations, appErr := c.App.GetAppliedSchemaMigrations()
|
|
if appErr != nil {
|
|
c.Err = appErr
|
|
return
|
|
}
|
|
|
|
js, err := json.Marshal(migrations)
|
|
if err != nil {
|
|
c.Err = model.NewAppError("getAppliedMigrations", "api.marshal_error", nil, "", http.StatusInternalServerError).Wrap(err)
|
|
return
|
|
}
|
|
|
|
auditRec.Success()
|
|
if _, err := w.Write(js); err != nil {
|
|
c.Logger.Warn("Error while writing response", mlog.Err(err))
|
|
}
|
|
}
|
|
|
|
// returns true if the data has nil fields
|
|
// this is being used for testS3 and testEmail methods
|
|
func checkHasNilFields(value any) bool {
|
|
v := reflect.Indirect(reflect.ValueOf(value))
|
|
if v.Kind() != reflect.Struct {
|
|
return false
|
|
}
|
|
|
|
for _, field := range v.Fields() {
|
|
if field.Kind() == reflect.Pointer && field.IsNil() {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|