package main import ( "fmt" "os" "strings" "time" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt" "github.com/aleksasiriski/mediabrowser" ) // @Summary Creates a new Jellyfin user without an invite. // @Produce json // @Param newUserDTO body newUserDTO true "New user request object" // @Success 200 // @Router /users [post] // @Security Bearer // @tags Users func (app *appContext) NewUserAdmin(gc *gin.Context) { respondUser := func(code int, user, email bool, msg string, gc *gin.Context) { resp := newUserResponse{ User: user, Email: email, Error: msg, } gc.JSON(code, resp) gc.Abort() } var req newUserDTO gc.BindJSON(&req) existingUser, _, _ := app.jf.UserByName(req.Username, false) if existingUser.Name != "" { msg := fmt.Sprintf("User already exists named %s", req.Username) app.info.Printf("%s New user failed: %s", req.Username, msg) respondUser(401, false, false, msg, gc) return } user, status, err := app.jf.NewUser(req.Username, req.Password) if !(status == 200 || status == 204) || err != nil { app.err.Printf("%s New user failed (%d): %v", req.Username, status, err) respondUser(401, false, false, err.Error(), gc) return } id := user.ID if app.storage.policy.BlockedTags != nil { status, err = app.jf.SetPolicy(id, app.storage.policy) if !(status == 200 || status == 204 || err == nil) { app.err.Printf("%s: Failed to set user policy (%d): %v", req.Username, status, err) } } if app.storage.configuration.GroupedFolders != nil && len(app.storage.displayprefs) != 0 { status, err = app.jf.SetConfiguration(id, app.storage.configuration) if (status == 200 || status == 204) && err == nil { status, err = app.jf.SetDisplayPreferences(id, app.storage.displayprefs) } if !((status == 200 || status == 204) && err == nil) { app.err.Printf("%s: Failed to set configuration template (%d): %v", req.Username, status, err) } } app.jf.CacheExpiry = time.Now() if emailEnabled { app.storage.emails[id] = EmailAddress{Addr: req.Email, Contact: true} app.storage.storeEmails() } if app.config.Section("ombi").Key("enabled").MustBool(false) { app.storage.loadOmbiTemplate() if len(app.storage.ombi_template) != 0 { errors, code, err := app.ombi.NewUser(req.Username, req.Password, req.Email, app.storage.ombi_template) if err != nil || code != 200 { app.err.Printf("Failed to create Ombi user (%d): %v", code, err) app.debug.Printf("Errors reported by Ombi: %s", strings.Join(errors, ", ")) } else { app.info.Println("Created Ombi user") } } } if emailEnabled && app.config.Section("welcome_email").Key("enabled").MustBool(false) && req.Email != "" { app.debug.Printf("%s: Sending welcome email to %s", req.Username, req.Email) msg, err := app.email.constructWelcome(req.Username, time.Time{}, app, false) if err != nil { app.err.Printf("%s: Failed to construct welcome email: %v", req.Username, err) respondUser(500, true, false, err.Error(), gc) return } else if err := app.email.send(msg, req.Email); err != nil { app.err.Printf("%s: Failed to send welcome email: %v", req.Username, err) respondUser(500, true, false, err.Error(), gc) return } else { app.info.Printf("%s: Sent welcome email to %s", req.Username, req.Email) } } respondUser(200, true, true, "", gc) } type errorFunc func(gc *gin.Context) // Used on the form & when a users email has been confirmed. func (app *appContext) newUser(req newUserDTO, confirmed bool) (f errorFunc, success bool) { existingUser, _, _ := app.jf.UserByName(req.Username, false) if existingUser.Name != "" { f = func(gc *gin.Context) { msg := fmt.Sprintf("User %s already exists", req.Username) app.info.Printf("%s: New user failed: %s", req.Code, msg) respond(401, "errorUserExists", gc) } success = false return } var discordUser DiscordUser discordVerified := false if discordEnabled { if req.DiscordPIN == "" { if app.config.Section("discord").Key("required").MustBool(false) { f = func(gc *gin.Context) { app.debug.Printf("%s: New user failed: Discord verification not completed", req.Code) respond(401, "errorDiscordVerification", gc) } success = false return } } else { discordUser, discordVerified = app.discord.verifiedTokens[req.DiscordPIN] if !discordVerified { f = func(gc *gin.Context) { app.debug.Printf("%s: New user failed: Discord PIN was invalid", req.Code) respond(401, "errorInvalidPIN", gc) } success = false return } err := app.discord.ApplyRole(discordUser.ID) if err != nil { f = func(gc *gin.Context) { app.err.Printf("%s: New user failed: Failed to set member role: %v", req.Code, err) respond(401, "error", gc) } success = false return } } } var matrixUser MatrixUser matrixVerified := false if matrixEnabled { if req.MatrixPIN == "" { if app.config.Section("matrix").Key("required").MustBool(false) { f = func(gc *gin.Context) { app.debug.Printf("%s: New user failed: Matrix verification not completed", req.Code) respond(401, "errorMatrixVerification", gc) } success = false return } } else { user, ok := app.matrix.tokens[req.MatrixPIN] if !ok || !user.Verified { matrixVerified = false f = func(gc *gin.Context) { app.debug.Printf("%s: New user failed: Matrix PIN was invalid", req.Code) respond(401, "errorInvalidPIN", gc) } success = false return } matrixVerified = user.Verified matrixUser = *user.User } } telegramTokenIndex := -1 if telegramEnabled { if req.TelegramPIN == "" { if app.config.Section("telegram").Key("required").MustBool(false) { f = func(gc *gin.Context) { app.debug.Printf("%s: New user failed: Telegram verification not completed", req.Code) respond(401, "errorTelegramVerification", gc) } success = false return } } else { for i, v := range app.telegram.verifiedTokens { if v.Token == req.TelegramPIN { telegramTokenIndex = i break } } if telegramTokenIndex == -1 { f = func(gc *gin.Context) { app.debug.Printf("%s: New user failed: Telegram PIN was invalid", req.Code) respond(401, "errorInvalidPIN", gc) } success = false return } } } if emailEnabled && app.config.Section("email_confirmation").Key("enabled").MustBool(false) && !confirmed { claims := jwt.MapClaims{ "valid": true, "invite": req.Code, "email": req.Email, "username": req.Username, "password": req.Password, "telegramPIN": req.TelegramPIN, "exp": time.Now().Add(time.Hour * 12).Unix(), "type": "confirmation", } tk := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) key, err := tk.SignedString([]byte(os.Getenv("JFA_SECRET"))) if err != nil { f = func(gc *gin.Context) { app.info.Printf("Failed to generate confirmation token: %v", err) respond(500, "errorUnknown", gc) } success = false return } inv := app.storage.invites[req.Code] inv.Keys = append(inv.Keys, key) app.storage.invites[req.Code] = inv app.storage.storeInvites() f = func(gc *gin.Context) { app.debug.Printf("%s: Email confirmation required", req.Code) respond(401, "confirmEmail", gc) msg, err := app.email.constructConfirmation(req.Code, req.Username, key, app, false) if err != nil { app.err.Printf("%s: Failed to construct confirmation email: %v", req.Code, err) } else if err := app.email.send(msg, req.Email); err != nil { app.err.Printf("%s: Failed to send user confirmation email: %v", req.Code, err) } else { app.info.Printf("%s: Sent user confirmation email to \"%s\"", req.Code, req.Email) } } success = false return } user, status, err := app.jf.NewUser(req.Username, req.Password) if !(status == 200 || status == 204) || err != nil { f = func(gc *gin.Context) { app.err.Printf("%s New user failed (%d): %v", req.Code, status, err) respond(401, app.storage.lang.Admin[app.storage.lang.chosenAdminLang].Notifications.get("errorUnknown"), gc) } success = false return } app.storage.loadProfiles() invite := app.storage.invites[req.Code] app.checkInvite(req.Code, true, req.Username) if emailEnabled && app.config.Section("notifications").Key("enabled").MustBool(false) { for address, settings := range invite.Notify { if settings["notify-creation"] { go func() { msg, err := app.email.constructCreated(req.Code, req.Username, req.Email, invite, app, false) if err != nil { app.err.Printf("%s: Failed to construct user creation notification: %v", req.Code, err) } else { // Check whether notify "address" is an email address of Jellyfin ID if strings.Contains(address, "@") { err = app.email.send(msg, address) } else { err = app.sendByID(msg, address) } if err != nil { app.err.Printf("%s: Failed to send user creation notification: %v", req.Code, err) } else { app.info.Printf("Sent user creation notification to %s", address) } } }() } } } id := user.ID var profile Profile if invite.Profile != "" { app.debug.Printf("Applying settings from profile \"%s\"", invite.Profile) var ok bool profile, ok = app.storage.profiles[invite.Profile] if !ok { profile = app.storage.profiles["Default"] } if profile.Policy.BlockedTags != nil { app.debug.Printf("Applying policy from profile \"%s\"", invite.Profile) status, err = app.jf.SetPolicy(id, profile.Policy) if !((status == 200 || status == 204) && err == nil) { app.err.Printf("%s: Failed to set user policy (%d): %v", req.Code, status, err) } } if profile.Configuration.GroupedFolders != nil && len(profile.Displayprefs) != 0 { app.debug.Printf("Applying homescreen from profile \"%s\"", invite.Profile) status, err = app.jf.SetConfiguration(id, profile.Configuration) if (status == 200 || status == 204) && err == nil { status, err = app.jf.SetDisplayPreferences(id, profile.Displayprefs) } if !((status == 200 || status == 204) && err == nil) { app.err.Printf("%s: Failed to set configuration template (%d): %v", req.Code, status, err) } } } // if app.config.Section("password_resets").Key("enabled").MustBool(false) { if req.Email != "" { app.storage.emails[id] = EmailAddress{Addr: req.Email, Contact: true} app.storage.storeEmails() } expiry := time.Time{} if invite.UserExpiry { app.storage.usersLock.Lock() defer app.storage.usersLock.Unlock() expiry = time.Now().AddDate(0, invite.UserMonths, invite.UserDays).Add(time.Duration((60*invite.UserHours)+invite.UserMinutes) * time.Minute) app.storage.users[id] = expiry if err := app.storage.storeUsers(); err != nil { app.err.Printf("Failed to store user duration: %v", err) } } if discordEnabled && discordVerified { discordUser.Contact = req.DiscordContact if app.storage.discord == nil { app.storage.discord = map[string]DiscordUser{} } app.storage.discord[user.ID] = discordUser if err := app.storage.storeDiscordUsers(); err != nil { app.err.Printf("Failed to store Discord users: %v", err) } else { delete(app.discord.verifiedTokens, req.DiscordPIN) } } if telegramEnabled && telegramTokenIndex != -1 { tgToken := app.telegram.verifiedTokens[telegramTokenIndex] tgUser := TelegramUser{ ChatID: tgToken.ChatID, Username: tgToken.Username, Contact: req.TelegramContact, } if lang, ok := app.telegram.languages[tgToken.ChatID]; ok { tgUser.Lang = lang } if app.storage.telegram == nil { app.storage.telegram = map[string]TelegramUser{} } app.storage.telegram[user.ID] = tgUser if err := app.storage.storeTelegramUsers(); err != nil { app.err.Printf("Failed to store Telegram users: %v", err) } else { app.telegram.verifiedTokens[len(app.telegram.verifiedTokens)-1], app.telegram.verifiedTokens[telegramTokenIndex] = app.telegram.verifiedTokens[telegramTokenIndex], app.telegram.verifiedTokens[len(app.telegram.verifiedTokens)-1] app.telegram.verifiedTokens = app.telegram.verifiedTokens[:len(app.telegram.verifiedTokens)-1] } } if invite.Profile != "" && app.config.Section("ombi").Key("enabled").MustBool(false) { if profile.Ombi != nil && len(profile.Ombi) != 0 { template := profile.Ombi errors, code, err := app.ombi.NewUser(req.Username, req.Password, req.Email, template) if err != nil || code != 200 { app.info.Printf("Failed to create Ombi user (%d): %s", code, err) app.debug.Printf("Errors reported by Ombi: %s", strings.Join(errors, ", ")) } else { app.info.Println("Created Ombi user") if (discordEnabled && discordVerified) || (telegramEnabled && telegramTokenIndex != -1) { ombiUser, status, err := app.getOmbiUser(id) if status != 200 || err != nil { app.err.Printf("Failed to get Ombi user (%d): %v", status, err) } else { dID := "" tUser := "" if discordEnabled && discordVerified { dID = discordUser.ID } if telegramEnabled && telegramTokenIndex != -1 { tUser = app.storage.telegram[user.ID].Username } resp, status, err := app.ombi.SetNotificationPrefs(ombiUser, dID, tUser) if !(status == 200 || status == 204) || err != nil { app.err.Printf("Failed to link Telegram/Discord to Ombi (%d): %v", status, err) app.debug.Printf("Response: %v", resp) } } } } } else { app.debug.Printf("Skipping Ombi: Profile \"%s\" was empty", invite.Profile) } } if matrixVerified { matrixUser.Contact = req.MatrixContact delete(app.matrix.tokens, req.MatrixPIN) if app.storage.matrix == nil { app.storage.matrix = map[string]MatrixUser{} } app.storage.matrix[user.ID] = matrixUser if err := app.storage.storeMatrixUsers(); err != nil { app.err.Printf("Failed to store Matrix users: %v", err) } } if (emailEnabled && app.config.Section("welcome_email").Key("enabled").MustBool(false) && req.Email != "") || telegramTokenIndex != -1 || discordVerified { name := app.getAddressOrName(user.ID) app.debug.Printf("%s: Sending welcome message to %s", req.Username, name) msg, err := app.email.constructWelcome(req.Username, expiry, app, false) if err != nil { app.err.Printf("%s: Failed to construct welcome message: %v", req.Username, err) } else if err := app.sendByID(msg, user.ID); err != nil { app.err.Printf("%s: Failed to send welcome message: %v", req.Username, err) } else { app.info.Printf("%s: Sent welcome message to \"%s\"", req.Username, name) } } app.jf.CacheExpiry = time.Now() success = true return } // @Summary Creates a new Jellyfin user via invite code // @Produce json // @Param newUserDTO body newUserDTO true "New user request object" // @Success 200 {object} PasswordValidation // @Failure 400 {object} PasswordValidation // @Router /newUser [post] // @tags Users func (app *appContext) NewUser(gc *gin.Context) { var req newUserDTO gc.BindJSON(&req) app.debug.Printf("%s: New user attempt", req.Code) if app.config.Section("captcha").Key("enabled").MustBool(false) && !app.verifyCaptcha(req.Code, req.CaptchaID, req.CaptchaText) { app.info.Printf("%s: New user failed: Captcha Incorrect", req.Code) respond(400, "errorCaptcha", gc) return } if !app.checkInvite(req.Code, false, "") { app.info.Printf("%s New user failed: invalid code", req.Code) respond(401, "errorInvalidCode", gc) return } validation := app.validator.validate(req.Password) valid := true for _, val := range validation { if !val { valid = false } } if !valid { // 200 bcs idk what i did in js app.info.Printf("%s: New user failed: Invalid password", req.Code) gc.JSON(200, validation) return } if emailEnabled && app.config.Section("email").Key("required").MustBool(false) && !strings.Contains(req.Email, "@") { app.info.Printf("%s: New user failed: Email Required", req.Code) respond(400, "errorNoEmail", gc) return } f, success := app.newUser(req, false) if !success { f(gc) return } code := 200 for _, val := range validation { if !val { code = 400 } } gc.JSON(code, validation) } // @Summary Enable/Disable a list of users, optionally notifying them why. // @Produce json // @Param enableDisableUserDTO body enableDisableUserDTO true "User enable/disable request object" // @Success 200 {object} boolResponse // @Failure 400 {object} stringResponse // @Failure 500 {object} errorListDTO "List of errors" // @Router /users/enable [post] // @Security Bearer // @tags Users func (app *appContext) EnableDisableUsers(gc *gin.Context) { var req enableDisableUserDTO gc.BindJSON(&req) errors := errorListDTO{ "GetUser": map[string]string{}, "SetPolicy": map[string]string{}, } sendMail := messagesEnabled var msg *Message var err error if sendMail { if req.Enabled { msg, err = app.email.constructEnabled(req.Reason, app, false) } else { msg, err = app.email.constructDisabled(req.Reason, app, false) } if err != nil { app.err.Printf("Failed to construct account enabled/disabled emails: %v", err) sendMail = false } } for _, userID := range req.Users { user, status, err := app.jf.UserByID(userID, false) if status != 200 || err != nil { errors["GetUser"][userID] = fmt.Sprintf("%d %v", status, err) app.err.Printf("Failed to get user \"%s\" (%d): %v", userID, status, err) continue } user.Policy.IsDisabled = !req.Enabled status, err = app.jf.SetPolicy(userID, user.Policy) if !(status == 200 || status == 204) || err != nil { errors["SetPolicy"][userID] = fmt.Sprintf("%d %v", status, err) app.err.Printf("Failed to set policy for user \"%s\" (%d): %v", userID, status, err) continue } if sendMail && req.Notify { if err := app.sendByID(msg, userID); err != nil { app.err.Printf("Failed to send account enabled/disabled email: %v", err) continue } } } app.jf.CacheExpiry = time.Now() if len(errors["GetUser"]) != 0 || len(errors["SetPolicy"]) != 0 { gc.JSON(500, errors) return } respondBool(200, true, gc) } // @Summary Delete a list of users, optionally notifying them why. // @Produce json // @Param deleteUserDTO body deleteUserDTO true "User deletion request object" // @Success 200 {object} boolResponse // @Failure 400 {object} stringResponse // @Failure 500 {object} errorListDTO "List of errors" // @Router /users [delete] // @Security Bearer // @tags Users func (app *appContext) DeleteUsers(gc *gin.Context) { var req deleteUserDTO gc.BindJSON(&req) errors := map[string]string{} ombiEnabled := app.config.Section("ombi").Key("enabled").MustBool(false) sendMail := messagesEnabled var msg *Message var err error if sendMail { msg, err = app.email.constructDeleted(req.Reason, app, false) if err != nil { app.err.Printf("Failed to construct account deletion emails: %v", err) sendMail = false } } for _, userID := range req.Users { if ombiEnabled { ombiUser, code, err := app.getOmbiUser(userID) if code == 200 && err == nil { if id, ok := ombiUser["id"]; ok { status, err := app.ombi.DeleteUser(id.(string)) if err != nil || status != 200 { app.err.Printf("Failed to delete ombi user (%d): %v", status, err) errors[userID] = fmt.Sprintf("Ombi: %d %v, ", status, err) } } } } status, err := app.jf.DeleteUser(userID) if !(status == 200 || status == 204) || err != nil { msg := fmt.Sprintf("%d: %v", status, err) if _, ok := errors[userID]; !ok { errors[userID] = msg } else { errors[userID] += msg } } if sendMail && req.Notify { if err := app.sendByID(msg, userID); err != nil { app.err.Printf("Failed to send account deletion email: %v", err) } } } app.jf.CacheExpiry = time.Now() if len(errors) == len(req.Users) { respondBool(500, false, gc) app.err.Printf("Account deletion failed: %s", errors[req.Users[0]]) return } else if len(errors) != 0 { gc.JSON(500, errors) return } respondBool(200, true, gc) } // @Summary Extend time before the user(s) expiry, or create and expiry if it doesn't exist. // @Produce json // @Param extendExpiryDTO body extendExpiryDTO true "Extend expiry object" // @Success 200 {object} boolResponse // @Failure 400 {object} boolResponse // @Failure 500 {object} boolResponse // @Router /users/extend [post] // @tags Users func (app *appContext) ExtendExpiry(gc *gin.Context) { var req extendExpiryDTO gc.BindJSON(&req) app.info.Printf("Expiry extension requested for %d user(s)", len(req.Users)) if req.Months <= 0 && req.Days <= 0 && req.Hours <= 0 && req.Minutes <= 0 { respondBool(400, false, gc) return } app.storage.usersLock.Lock() defer app.storage.usersLock.Unlock() for _, id := range req.Users { if expiry, ok := app.storage.users[id]; ok { app.storage.users[id] = expiry.AddDate(0, req.Months, req.Days).Add(time.Duration(((60 * req.Hours) + req.Minutes)) * time.Minute) app.debug.Printf("Expiry extended for \"%s\"", id) } else { app.storage.users[id] = time.Now().AddDate(0, req.Months, req.Days).Add(time.Duration(((60 * req.Hours) + req.Minutes)) * time.Minute) app.debug.Printf("Created expiry for \"%s\"", id) } } if err := app.storage.storeUsers(); err != nil { app.err.Printf("Failed to store user duration: %v", err) respondBool(500, false, gc) return } respondBool(204, true, gc) } // @Summary Send an announcement via email to a given list of users. // @Produce json // @Param announcementDTO body announcementDTO true "Announcement request object" // @Success 200 {object} boolResponse // @Failure 400 {object} boolResponse // @Failure 500 {object} boolResponse // @Router /users/announce [post] // @Security Bearer // @tags Users func (app *appContext) Announce(gc *gin.Context) { var req announcementDTO gc.BindJSON(&req) if !messagesEnabled { respondBool(400, false, gc) return } // Generally, we only need to construct once. If {username} is included, however, this needs to be done for each user. unique := strings.Contains(req.Message, "{username}") if unique { for _, userID := range req.Users { user, status, err := app.jf.UserByID(userID, false) if status != 200 || err != nil { app.err.Printf("Failed to get user with ID \"%s\" (%d): %v", userID, status, err) continue } msg, err := app.email.constructTemplate(req.Subject, req.Message, app, user.Name) if err != nil { app.err.Printf("Failed to construct announcement message: %v", err) respondBool(500, false, gc) return } else if err := app.sendByID(msg, userID); err != nil { app.err.Printf("Failed to send announcement message: %v", err) respondBool(500, false, gc) return } } } else { msg, err := app.email.constructTemplate(req.Subject, req.Message, app) if err != nil { app.err.Printf("Failed to construct announcement messages: %v", err) respondBool(500, false, gc) return } else if err := app.sendByID(msg, req.Users...); err != nil { app.err.Printf("Failed to send announcement messages: %v", err) respondBool(500, false, gc) return } } app.info.Println("Sent announcement messages") respondBool(200, true, gc) } // @Summary Save an announcement as a template for use or editing later. // @Produce json // @Param announcementTemplate body announcementTemplate true "Announcement request object" // @Success 200 {object} boolResponse // @Failure 500 {object} boolResponse // @Router /users/announce/template [post] // @Security Bearer // @tags Users func (app *appContext) SaveAnnounceTemplate(gc *gin.Context) { var req announcementTemplate gc.BindJSON(&req) if !messagesEnabled { respondBool(400, false, gc) return } app.storage.announcements[req.Name] = req if err := app.storage.storeAnnouncements(); err != nil { respondBool(500, false, gc) app.err.Printf("Failed to store announcement templates: %v", err) return } respondBool(200, true, gc) } // @Summary Save an announcement as a template for use or editing later. // @Produce json // @Success 200 {object} getAnnouncementsDTO // @Router /users/announce/template [get] // @Security Bearer // @tags Users func (app *appContext) GetAnnounceTemplates(gc *gin.Context) { resp := &getAnnouncementsDTO{make([]string, len(app.storage.announcements))} i := 0 for name := range app.storage.announcements { resp.Announcements[i] = name i++ } gc.JSON(200, resp) } // @Summary Get an announcement template. // @Produce json // @Success 200 {object} announcementTemplate // @Failure 400 {object} boolResponse // @Param name path string true "name of template" // @Router /users/announce/template/{name} [get] // @Security Bearer // @tags Users func (app *appContext) GetAnnounceTemplate(gc *gin.Context) { name := gc.Param("name") if announcement, ok := app.storage.announcements[name]; ok { gc.JSON(200, announcement) return } respondBool(400, false, gc) } // @Summary Delete an announcement template. // @Produce json // @Success 200 {object} boolResponse // @Failure 500 {object} boolResponse // @Param name path string true "name of template" // @Router /users/announce/template/{name} [delete] // @Security Bearer // @tags Users func (app *appContext) DeleteAnnounceTemplate(gc *gin.Context) { name := gc.Param("name") delete(app.storage.announcements, name) if err := app.storage.storeAnnouncements(); err != nil { respondBool(500, false, gc) app.err.Printf("Failed to store announcement templates: %v", err) return } respondBool(200, false, gc) } // @Summary Generate password reset links for a list of users, sending the links to them if possible. // @Produce json // @Param AdminPasswordResetDTO body AdminPasswordResetDTO true "List of user IDs" // @Success 204 {object} boolResponse // @Success 200 {object} AdminPasswordResetRespDTO // @Failure 400 {object} boolResponse // @Failure 500 {object} boolResponse // @Router /users/password-reset [post] // @Security Bearer // @tags Users func (app *appContext) AdminPasswordReset(gc *gin.Context) { var req AdminPasswordResetDTO gc.BindJSON(&req) if req.Users == nil || len(req.Users) == 0 { app.debug.Println("Ignoring empty request for PWR") respondBool(400, false, gc) return } linkCount := 0 var pwr InternalPWR var err error resp := AdminPasswordResetRespDTO{} for _, id := range req.Users { pwr, err = app.GenInternalReset(id) if err != nil { app.err.Printf("Failed to get user from Jellyfin: %v", err) respondBool(500, false, gc) return } if app.internalPWRs == nil { app.internalPWRs = map[string]InternalPWR{} } app.internalPWRs[pwr.PIN] = pwr sendAddress := app.getAddressOrName(id) if sendAddress == "" || len(req.Users) == 1 { resp.Link, err = app.GenResetLink(pwr.PIN) linkCount++ if sendAddress == "" { resp.Manual = true } } if sendAddress != "" { msg, err := app.email.constructReset( PasswordReset{ Pin: pwr.PIN, Username: pwr.Username, Expiry: pwr.Expiry, Internal: true, }, app, false, ) if err != nil { app.err.Printf("Failed to construct password reset message for \"%s\": %v", pwr.Username, err) respondBool(500, false, gc) return } else if err := app.sendByID(msg, id); err != nil { app.err.Printf("Failed to send password reset message to \"%s\": %v", sendAddress, err) } else { app.info.Printf("Sent password reset message to \"%s\"", sendAddress) } } } if resp.Link != "" && linkCount == 1 { gc.JSON(200, resp) return } respondBool(204, true, gc) } // @Summary Get a list of Jellyfin users. // @Produce json // @Success 200 {object} getUsersDTO // @Failure 500 {object} stringResponse // @Router /users [get] // @Security Bearer // @tags Users func (app *appContext) GetUsers(gc *gin.Context) { app.debug.Println("Users requested") var resp getUsersDTO users, status, err := app.jf.GetUsers(false) resp.UserList = make([]respUser, len(users)) if !(status == 200 || status == 204) || err != nil { app.err.Printf("Failed to get users from Jellyfin (%d): %v", status, err) respond(500, "Couldn't get users", gc) return } adminOnly := app.config.Section("ui").Key("admin_only").MustBool(true) allowAll := app.config.Section("ui").Key("allow_all").MustBool(false) i := 0 app.storage.usersLock.Lock() defer app.storage.usersLock.Unlock() for _, jfUser := range users { user := respUser{ ID: jfUser.ID, Name: jfUser.Name, Admin: jfUser.Policy.IsAdministrator, Disabled: jfUser.Policy.IsDisabled, } if !jfUser.LastActivityDate.IsZero() { user.LastActive = jfUser.LastActivityDate.Unix() } if email, ok := app.storage.emails[jfUser.ID]; ok { user.Email = email.Addr user.NotifyThroughEmail = email.Contact user.Label = email.Label user.AccountsAdmin = (app.jellyfinLogin) && (email.Admin || (adminOnly && jfUser.Policy.IsAdministrator) || allowAll) } expiry, ok := app.storage.users[jfUser.ID] if ok { user.Expiry = expiry.Unix() } if tgUser, ok := app.storage.telegram[jfUser.ID]; ok { user.Telegram = tgUser.Username user.NotifyThroughTelegram = tgUser.Contact } if mxUser, ok := app.storage.matrix[jfUser.ID]; ok { user.Matrix = mxUser.UserID user.NotifyThroughMatrix = mxUser.Contact } if dcUser, ok := app.storage.discord[jfUser.ID]; ok { user.Discord = dcUser.Username + "#" + dcUser.Discriminator user.DiscordID = dcUser.ID user.NotifyThroughDiscord = dcUser.Contact } resp.UserList[i] = user i++ } gc.JSON(200, resp) } // @Summary Set whether or not a user can access jfa-go. Redundant if the user is a Jellyfin admin. // @Produce json // @Param setAccountsAdminDTO body setAccountsAdminDTO true "Map of userIDs to whether or not they have access." // @Success 204 {object} boolResponse // @Failure 500 {object} boolResponse // @Router /users/accounts-admin [post] // @Security Bearer // @tags Users func (app *appContext) SetAccountsAdmin(gc *gin.Context) { var req setAccountsAdminDTO gc.BindJSON(&req) app.debug.Println("Admin modification requested") users, status, err := app.jf.GetUsers(false) if !(status == 200 || status == 204) || err != nil { app.err.Printf("Failed to get users from Jellyfin (%d): %v", status, err) respond(500, "Couldn't get users", gc) return } for _, jfUser := range users { id := jfUser.ID if admin, ok := req[id]; ok { var emailStore = EmailAddress{} if oldEmail, ok := app.storage.emails[id]; ok { emailStore = oldEmail } emailStore.Admin = admin app.storage.emails[id] = emailStore } } if err := app.storage.storeEmails(); err != nil { app.err.Printf("Failed to store email list: %v", err) respondBool(500, false, gc) } app.info.Println("Email list modified") respondBool(204, true, gc) } // @Summary Modify user's labels, which show next to their name in the accounts tab. // @Produce json // @Param modifyEmailsDTO body modifyEmailsDTO true "Map of userIDs to labels" // @Success 204 {object} boolResponse // @Failure 500 {object} boolResponse // @Router /users/labels [post] // @Security Bearer // @tags Users func (app *appContext) ModifyLabels(gc *gin.Context) { var req modifyEmailsDTO gc.BindJSON(&req) app.debug.Println("Label modification requested") users, status, err := app.jf.GetUsers(false) if !(status == 200 || status == 204) || err != nil { app.err.Printf("Failed to get users from Jellyfin (%d): %v", status, err) respond(500, "Couldn't get users", gc) return } for _, jfUser := range users { id := jfUser.ID if label, ok := req[id]; ok { var emailStore = EmailAddress{} if oldEmail, ok := app.storage.emails[id]; ok { emailStore = oldEmail } emailStore.Label = label app.storage.emails[id] = emailStore } } if err := app.storage.storeEmails(); err != nil { app.err.Printf("Failed to store email list: %v", err) respondBool(500, false, gc) } app.info.Println("Email list modified") respondBool(204, true, gc) } // @Summary Modify user's email addresses. // @Produce json // @Param modifyEmailsDTO body modifyEmailsDTO true "Map of userIDs to email addresses" // @Success 200 {object} boolResponse // @Failure 500 {object} stringResponse // @Router /users/emails [post] // @Security Bearer // @tags Users func (app *appContext) ModifyEmails(gc *gin.Context) { var req modifyEmailsDTO gc.BindJSON(&req) app.debug.Println("Email modification requested") users, status, err := app.jf.GetUsers(false) if !(status == 200 || status == 204) || err != nil { app.err.Printf("Failed to get users from Jellyfin (%d): %v", status, err) respond(500, "Couldn't get users", gc) return } ombiEnabled := app.config.Section("ombi").Key("enabled").MustBool(false) for _, jfUser := range users { id := jfUser.ID if address, ok := req[id]; ok { var emailStore = EmailAddress{} if oldEmail, ok := app.storage.emails[id]; ok { emailStore = oldEmail } emailStore.Addr = address app.storage.emails[id] = emailStore if ombiEnabled { ombiUser, code, err := app.getOmbiUser(id) if code == 200 && err == nil { ombiUser["emailAddress"] = address code, err = app.ombi.ModifyUser(ombiUser) if code != 200 || err != nil { app.err.Printf("%s: Failed to change ombi email address (%d): %v", ombiUser["userName"].(string), code, err) } } } } } app.storage.storeEmails() app.info.Println("Email list modified") respondBool(200, true, gc) } // @Summary Apply settings to a list of users, either from a profile or from another user. // @Produce json // @Param userSettingsDTO body userSettingsDTO true "Parameters for applying settings" // @Success 200 {object} errorListDTO // @Failure 500 {object} errorListDTO "Lists of errors that occurred while applying settings" // @Router /users/settings [post] // @Security Bearer // @tags Profiles & Settings func (app *appContext) ApplySettings(gc *gin.Context) { app.info.Println("User settings change requested") var req userSettingsDTO gc.BindJSON(&req) applyingFrom := "profile" var policy mediabrowser.Policy var configuration mediabrowser.Configuration var displayprefs map[string]interface{} var ombi map[string]interface{} if req.From == "profile" { app.storage.loadProfiles() // Check profile exists & isn't empty if _, ok := app.storage.profiles[req.Profile]; !ok || app.storage.profiles[req.Profile].Policy.BlockedTags == nil { app.err.Printf("Couldn't find profile \"%s\" or profile was empty", req.Profile) respond(500, "Couldn't find profile", gc) return } if req.Homescreen { if app.storage.profiles[req.Profile].Configuration.GroupedFolders == nil || len(app.storage.profiles[req.Profile].Displayprefs) == 0 { app.err.Printf("No homescreen saved in profile \"%s\"", req.Profile) respond(500, "No homescreen template available", gc) return } configuration = app.storage.profiles[req.Profile].Configuration displayprefs = app.storage.profiles[req.Profile].Displayprefs } policy = app.storage.profiles[req.Profile].Policy if app.config.Section("ombi").Key("enabled").MustBool(false) { profile := app.storage.profiles[req.Profile] if profile.Ombi != nil && len(profile.Ombi) != 0 { ombi = profile.Ombi } } } else if req.From == "user" { applyingFrom = "user" app.jf.CacheExpiry = time.Now() user, status, err := app.jf.UserByID(req.ID, false) if !(status == 200 || status == 204) || err != nil { app.err.Printf("Failed to get user from Jellyfin (%d): %v", status, err) respond(500, "Couldn't get user", gc) return } applyingFrom = "\"" + user.Name + "\"" policy = user.Policy if req.Homescreen { displayprefs, status, err = app.jf.GetDisplayPreferences(req.ID) if !(status == 200 || status == 204) || err != nil { app.err.Printf("Failed to get DisplayPrefs (%d): %v", status, err) respond(500, "Couldn't get displayprefs", gc) return } configuration = user.Configuration } } app.info.Printf("Applying settings to %d user(s) from %s", len(req.ApplyTo), applyingFrom) errors := errorListDTO{ "policy": map[string]string{}, "homescreen": map[string]string{}, "ombi": map[string]string{}, } /* Jellyfin doesn't seem to like too many of these requests sent in succession and can crash and mess up its database. Issue #160 says this occurs when more than 100 users are modified. A delay totalling 500ms between requests is used if so. */ var shouldDelay bool = len(req.ApplyTo) >= 100 if shouldDelay { app.debug.Println("Adding delay between requests for large batch") } for _, id := range req.ApplyTo { status, err := app.jf.SetPolicy(id, policy) if !(status == 200 || status == 204) || err != nil { errors["policy"][id] = fmt.Sprintf("%d: %s", status, err) } if shouldDelay { time.Sleep(250 * time.Millisecond) } if req.Homescreen { status, err = app.jf.SetConfiguration(id, configuration) errorString := "" if !(status == 200 || status == 204) || err != nil { errorString += fmt.Sprintf("Configuration %d: %v ", status, err) } else { status, err = app.jf.SetDisplayPreferences(id, displayprefs) if !(status == 200 || status == 204) || err != nil { errorString += fmt.Sprintf("Displayprefs %d: %v ", status, err) } } if errorString != "" { errors["homescreen"][id] = errorString } } if ombi != nil { errorString := "" user, status, err := app.getOmbiUser(id) if status != 200 || err != nil { errorString += fmt.Sprintf("Ombi GetUser %d: %v ", status, err) } else { // newUser := ombi // newUser["id"] = user["id"] // newUser["userName"] = user["userName"] // newUser["alias"] = user["alias"] // newUser["emailAddress"] = user["emailAddress"] for k, v := range ombi { switch v.(type) { case map[string]interface{}, []interface{}: user[k] = v default: if v != user[k] { user[k] = v } } } status, err = app.ombi.ModifyUser(user) if status != 200 || err != nil { errorString += fmt.Sprintf("Apply %d: %v ", status, err) } } if errorString != "" { errors["ombi"][id] = errorString } } if shouldDelay { time.Sleep(250 * time.Millisecond) } } code := 200 if len(errors["policy"]) == len(req.ApplyTo) || len(errors["homescreen"]) == len(req.ApplyTo) { code = 500 } gc.JSON(code, errors) }