mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-12 17:33:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Added auth on PUT /profile/{userID}/...

Browse source
This commit is contained in:
Brendan Abolivier 2017-07-10 11:55:27 +01:00
parent 54bc5129ff
commit c4d1af68b1
No known key found for this signature in database
GPG key ID: 8EF1500759F70623
2 changed files with 118 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

172
src/github.com/matrix-org/dendrite/clientapi/readers/profile.go
View file

@ -65,103 +65,123 @@ func GetProfile(
} }
} }
// AvatarURL implements GET and PUT /profile/{userID}/avatar_url // GetAvatarURL implements GET /profile/{userID}/avatar_url
func AvatarURL( func GetAvatarURL(
req *http.Request, accountDB *accounts.Database, userID string, req *http.Request, accountDB *accounts.Database, userID string,
) util.JSONResponse { ) util.JSONResponse {
if req.Method == "GET" { if req.Method != "GET" {
localpart := getLocalPart(userID)
profile, err := accountDB.GetProfileByLocalpart(localpart)
if err == nil {
res := avatarURL{
AvatarURL: profile.AvatarURL,
}
return util.JSONResponse{
Code: 200,
JSON: res,
}
}
return util.JSONResponse{ return util.JSONResponse{
Code: 500, Code: 405,
JSON: jsonerror.Unknown("Failed to load avatar URL"), JSON: jsonerror.NotFound("Bad method"),
} }
} else if req.Method == "PUT" { }
var r avatarURL localpart := getLocalPart(userID)
if resErr := httputil.UnmarshalJSONRequest(req, &r); resErr != nil { if profile, err := accountDB.GetProfileByLocalpart(localpart); err == nil {
return *resErr res := avatarURL{
} AvatarURL: profile.AvatarURL,
if r.AvatarURL == "" {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("'avatar_url' must be supplied."),
}
}
localpart := getLocalPart(userID)
if err := accountDB.SetAvatarURL(localpart, r.AvatarURL); err != nil {
return util.JSONResponse{
Code: 500,
JSON: jsonerror.Unknown("Failed to set avatar URL"),
}
} }
return util.JSONResponse{ return util.JSONResponse{
Code: 200, Code: 200,
JSON: struct{}{}, JSON: res,
} }
} }
return util.JSONResponse{ return util.JSONResponse{
Code: 405, Code: 500,
JSON: jsonerror.NotFound("Bad method"), JSON: jsonerror.Unknown("Failed to load avatar URL"),
} }
} }
// DisplayName implements GET and PUT /profile/{userID}/displayname // SetAvatarURL implements PUT /profile/{userID}/avatar_url
func DisplayName( func SetAvatarURL(
req *http.Request, accountDB *accounts.Database, userID string, req *http.Request, accountDB *accounts.Database, userID string,
) util.JSONResponse { ) util.JSONResponse {
if req.Method == "GET" { if req.Method != "PUT" {
localpart := getLocalPart(userID) return util.JSONResponse{
profile, err := accountDB.GetProfileByLocalpart(localpart) Code: 405,
if err == nil { JSON: jsonerror.NotFound("Bad method"),
res := displayName{
DisplayName: profile.DisplayName,
}
return util.JSONResponse{
Code: 200,
JSON: res,
}
} }
}
var r avatarURL
if resErr := httputil.UnmarshalJSONRequest(req, &r); resErr != nil {
return *resErr
}
if r.AvatarURL == "" {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("'avatar_url' must be supplied."),
}
}
localpart := getLocalPart(userID)
if err := accountDB.SetAvatarURL(localpart, r.AvatarURL); err != nil {
return util.JSONResponse{ return util.JSONResponse{
Code: 500, Code: 500,
JSON: jsonerror.Unknown("Failed to load display name"), JSON: jsonerror.Unknown("Failed to set avatar URL"),
}
} else if req.Method == "PUT" {
var r displayName
if resErr := httputil.UnmarshalJSONRequest(req, &r); resErr != nil {
return *resErr
}
if r.DisplayName == "" {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("'displayname' must be supplied."),
}
}
localpart := getLocalPart(userID)
if err := accountDB.SetDisplayName(localpart, r.DisplayName); err != nil {
return util.JSONResponse{
Code: 500,
JSON: jsonerror.Unknown("Failed to set display name"),
}
}
return util.JSONResponse{
Code: 200,
JSON: struct{}{},
} }
} }
return util.JSONResponse{ return util.JSONResponse{
Code: 405, Code: 200,
JSON: jsonerror.NotFound("Bad method"), JSON: struct{}{},
}
}
// SetDisplayName implements GET /profile/{userID}/displayname
func GetDisplayName(
req *http.Request, accountDB *accounts.Database, userID string,
) util.JSONResponse {
if req.Method != "GET" {
return util.JSONResponse{
Code: 405,
JSON: jsonerror.NotFound("Bad method"),
}
}
localpart := getLocalPart(userID)
if profile, err := accountDB.GetProfileByLocalpart(localpart); err == nil {
res := displayName{
DisplayName: profile.DisplayName,
}
return util.JSONResponse{
Code: 200,
JSON: res,
}
}
return util.JSONResponse{
Code: 500,
JSON: jsonerror.Unknown("Failed to load display name"),
}
}
// SetDisplayName implements PUT /profile/{userID}/displayname
func SetDisplayName(
req *http.Request, accountDB *accounts.Database, userID string,
) util.JSONResponse {
if req.Method != "PUT" {
return util.JSONResponse{
Code: 405,
JSON: jsonerror.NotFound("Bad method"),
}
}
var r displayName
if resErr := httputil.UnmarshalJSONRequest(req, &r); resErr != nil {
return *resErr
}
if r.DisplayName == "" {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("'displayname' must be supplied."),
}
}
localpart := getLocalPart(userID)
if err := accountDB.SetDisplayName(localpart, r.DisplayName); err != nil {
return util.JSONResponse{
Code: 500,
JSON: jsonerror.Unknown("Failed to set display name"),
}
}
return util.JSONResponse{
Code: 200,
JSON: struct{}{},
} }
} }

26
src/github.com/matrix-org/dendrite/clientapi/routing/routing.go
View file

@ -171,16 +171,34 @@ func Setup(
r0mux.Handle("/profile/{userID}/avatar_url", r0mux.Handle("/profile/{userID}/avatar_url",
common.MakeAPI("profile_avatar_url", func(req *http.Request) util.JSONResponse { common.MakeAPI("profile_avatar_url", func(req *http.Request) util.JSONResponse {
vars := mux.Vars(req) vars := mux.Vars(req)
return readers.AvatarURL(req, accountDB, vars["userID"]) return readers.GetAvatarURL(req, accountDB, vars["userID"])
}), }),
) ).Methods("GET")
r0mux.Handle("/profile/{userID}/avatar_url",
common.MakeAuthAPI("profile_avatar_url", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
vars := mux.Vars(req)
return readers.SetAvatarURL(req, accountDB, vars["userID"])
}),
).Methods("PUT", "OPTIONS")
// Browsers use the OPTIONS HTTP method to check if the CORS policy allows
// PUT requests, so we need to allow this method
r0mux.Handle("/profile/{userID}/displayname", r0mux.Handle("/profile/{userID}/displayname",
common.MakeAPI("profile_displayname", func(req *http.Request) util.JSONResponse { common.MakeAPI("profile_displayname", func(req *http.Request) util.JSONResponse {
vars := mux.Vars(req) vars := mux.Vars(req)
return readers.DisplayName(req, accountDB, vars["userID"]) return readers.GetDisplayName(req, accountDB, vars["userID"])
}), }),
) ).Methods("GET")
r0mux.Handle("/profile/{userID}/displayname",
common.MakeAuthAPI("profile_displayname", deviceDB, func(req *http.Request, device *authtypes.Device) util.JSONResponse {
vars := mux.Vars(req)
return readers.SetDisplayName(req, accountDB, vars["userID"])
}),
).Methods("PUT", "OPTIONS")
// Browsers use the OPTIONS HTTP method to check if the CORS policy allows
// PUT requests, so we need to allow this method
r0mux.Handle("/account/3pid", r0mux.Handle("/account/3pid",
common.MakeAPI("account_3pid", func(req *http.Request) util.JSONResponse { common.MakeAPI("account_3pid", func(req *http.Request) util.JSONResponse {