api_utils.go 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780
  1. package httpd
  2. import (
  3. "bytes"
  4. "context"
  5. "encoding/json"
  6. "errors"
  7. "fmt"
  8. "io"
  9. "io/ioutil"
  10. "net/http"
  11. "net/url"
  12. "os"
  13. "path"
  14. "path/filepath"
  15. "strconv"
  16. "strings"
  17. "github.com/go-chi/render"
  18. "github.com/drakkan/sftpgo/dataprovider"
  19. "github.com/drakkan/sftpgo/httpclient"
  20. "github.com/drakkan/sftpgo/sftpd"
  21. "github.com/drakkan/sftpgo/utils"
  22. "github.com/drakkan/sftpgo/version"
  23. "github.com/drakkan/sftpgo/vfs"
  24. )
  25. var (
  26. httpBaseURL = "http://127.0.0.1:8080"
  27. authUsername = ""
  28. authPassword = ""
  29. )
  30. // SetBaseURLAndCredentials sets the base url and the optional credentials to use for HTTP requests.
  31. // Default URL is "http://127.0.0.1:8080" with empty credentials
  32. func SetBaseURLAndCredentials(url, username, password string) {
  33. httpBaseURL = url
  34. authUsername = username
  35. authPassword = password
  36. }
  37. func sendHTTPRequest(method, url string, body io.Reader, contentType string) (*http.Response, error) {
  38. req, err := http.NewRequest(method, url, body)
  39. if err != nil {
  40. return nil, err
  41. }
  42. if len(contentType) > 0 {
  43. req.Header.Set("Content-Type", "application/json")
  44. }
  45. if len(authUsername) > 0 || len(authPassword) > 0 {
  46. req.SetBasicAuth(authUsername, authPassword)
  47. }
  48. return httpclient.GetHTTPClient().Do(req)
  49. }
  50. func buildURLRelativeToBase(paths ...string) string {
  51. // we need to use path.Join and not filepath.Join
  52. // since filepath.Join will use backslash separator on Windows
  53. p := path.Join(paths...)
  54. return fmt.Sprintf("%s/%s", strings.TrimRight(httpBaseURL, "/"), strings.TrimLeft(p, "/"))
  55. }
  56. func sendAPIResponse(w http.ResponseWriter, r *http.Request, err error, message string, code int) {
  57. var errorString string
  58. if err != nil {
  59. errorString = err.Error()
  60. }
  61. resp := apiResponse{
  62. Error: errorString,
  63. Message: message,
  64. HTTPStatus: code,
  65. }
  66. ctx := context.WithValue(r.Context(), render.StatusCtxKey, code)
  67. render.JSON(w, r.WithContext(ctx), resp)
  68. }
  69. func getRespStatus(err error) int {
  70. if _, ok := err.(*dataprovider.ValidationError); ok {
  71. return http.StatusBadRequest
  72. }
  73. if _, ok := err.(*dataprovider.MethodDisabledError); ok {
  74. return http.StatusForbidden
  75. }
  76. if os.IsNotExist(err) {
  77. return http.StatusBadRequest
  78. }
  79. return http.StatusInternalServerError
  80. }
  81. // AddUser adds a new user and checks the received HTTP Status code against expectedStatusCode.
  82. func AddUser(user dataprovider.User, expectedStatusCode int) (dataprovider.User, []byte, error) {
  83. var newUser dataprovider.User
  84. var body []byte
  85. userAsJSON, _ := json.Marshal(user)
  86. resp, err := sendHTTPRequest(http.MethodPost, buildURLRelativeToBase(userPath), bytes.NewBuffer(userAsJSON),
  87. "application/json")
  88. if err != nil {
  89. return newUser, body, err
  90. }
  91. defer resp.Body.Close()
  92. err = checkResponse(resp.StatusCode, expectedStatusCode)
  93. if expectedStatusCode != http.StatusOK {
  94. body, _ = getResponseBody(resp)
  95. return newUser, body, err
  96. }
  97. if err == nil {
  98. err = render.DecodeJSON(resp.Body, &newUser)
  99. } else {
  100. body, _ = getResponseBody(resp)
  101. }
  102. if err == nil {
  103. err = checkUser(&user, &newUser)
  104. }
  105. return newUser, body, err
  106. }
  107. // UpdateUser updates an existing user and checks the received HTTP Status code against expectedStatusCode.
  108. func UpdateUser(user dataprovider.User, expectedStatusCode int) (dataprovider.User, []byte, error) {
  109. var newUser dataprovider.User
  110. var body []byte
  111. userAsJSON, _ := json.Marshal(user)
  112. resp, err := sendHTTPRequest(http.MethodPut, buildURLRelativeToBase(userPath, strconv.FormatInt(user.ID, 10)),
  113. bytes.NewBuffer(userAsJSON), "application/json")
  114. if err != nil {
  115. return user, body, err
  116. }
  117. defer resp.Body.Close()
  118. body, _ = getResponseBody(resp)
  119. err = checkResponse(resp.StatusCode, expectedStatusCode)
  120. if expectedStatusCode != http.StatusOK {
  121. return newUser, body, err
  122. }
  123. if err == nil {
  124. newUser, body, err = GetUserByID(user.ID, expectedStatusCode)
  125. }
  126. if err == nil {
  127. err = checkUser(&user, &newUser)
  128. }
  129. return newUser, body, err
  130. }
  131. // RemoveUser removes an existing user and checks the received HTTP Status code against expectedStatusCode.
  132. func RemoveUser(user dataprovider.User, expectedStatusCode int) ([]byte, error) {
  133. var body []byte
  134. resp, err := sendHTTPRequest(http.MethodDelete, buildURLRelativeToBase(userPath, strconv.FormatInt(user.ID, 10)), nil, "")
  135. if err != nil {
  136. return body, err
  137. }
  138. defer resp.Body.Close()
  139. body, _ = getResponseBody(resp)
  140. return body, checkResponse(resp.StatusCode, expectedStatusCode)
  141. }
  142. // GetUserByID gets a user by database id and checks the received HTTP Status code against expectedStatusCode.
  143. func GetUserByID(userID int64, expectedStatusCode int) (dataprovider.User, []byte, error) {
  144. var user dataprovider.User
  145. var body []byte
  146. resp, err := sendHTTPRequest(http.MethodGet, buildURLRelativeToBase(userPath, strconv.FormatInt(userID, 10)), nil, "")
  147. if err != nil {
  148. return user, body, err
  149. }
  150. defer resp.Body.Close()
  151. err = checkResponse(resp.StatusCode, expectedStatusCode)
  152. if err == nil && expectedStatusCode == http.StatusOK {
  153. err = render.DecodeJSON(resp.Body, &user)
  154. } else {
  155. body, _ = getResponseBody(resp)
  156. }
  157. return user, body, err
  158. }
  159. // GetUsers returns a list of users and checks the received HTTP Status code against expectedStatusCode.
  160. // The number of results can be limited specifying a limit.
  161. // Some results can be skipped specifying an offset.
  162. // The results can be filtered specifying a username, the username filter is an exact match
  163. func GetUsers(limit, offset int64, username string, expectedStatusCode int) ([]dataprovider.User, []byte, error) {
  164. var users []dataprovider.User
  165. var body []byte
  166. url, err := addLimitAndOffsetQueryParams(buildURLRelativeToBase(userPath), limit, offset)
  167. if err != nil {
  168. return users, body, err
  169. }
  170. if len(username) > 0 {
  171. q := url.Query()
  172. q.Add("username", username)
  173. url.RawQuery = q.Encode()
  174. }
  175. resp, err := sendHTTPRequest(http.MethodGet, url.String(), nil, "")
  176. if err != nil {
  177. return users, body, err
  178. }
  179. defer resp.Body.Close()
  180. err = checkResponse(resp.StatusCode, expectedStatusCode)
  181. if err == nil && expectedStatusCode == http.StatusOK {
  182. err = render.DecodeJSON(resp.Body, &users)
  183. } else {
  184. body, _ = getResponseBody(resp)
  185. }
  186. return users, body, err
  187. }
  188. // GetQuotaScans gets active quota scans for users and checks the received HTTP Status code against expectedStatusCode.
  189. func GetQuotaScans(expectedStatusCode int) ([]sftpd.ActiveQuotaScan, []byte, error) {
  190. var quotaScans []sftpd.ActiveQuotaScan
  191. var body []byte
  192. resp, err := sendHTTPRequest(http.MethodGet, buildURLRelativeToBase(quotaScanPath), nil, "")
  193. if err != nil {
  194. return quotaScans, body, err
  195. }
  196. defer resp.Body.Close()
  197. err = checkResponse(resp.StatusCode, expectedStatusCode)
  198. if err == nil && expectedStatusCode == http.StatusOK {
  199. err = render.DecodeJSON(resp.Body, &quotaScans)
  200. } else {
  201. body, _ = getResponseBody(resp)
  202. }
  203. return quotaScans, body, err
  204. }
  205. // StartQuotaScan start a new quota scan for the given user and checks the received HTTP Status code against expectedStatusCode.
  206. func StartQuotaScan(user dataprovider.User, expectedStatusCode int) ([]byte, error) {
  207. var body []byte
  208. userAsJSON, _ := json.Marshal(user)
  209. resp, err := sendHTTPRequest(http.MethodPost, buildURLRelativeToBase(quotaScanPath), bytes.NewBuffer(userAsJSON), "")
  210. if err != nil {
  211. return body, err
  212. }
  213. defer resp.Body.Close()
  214. body, _ = getResponseBody(resp)
  215. return body, checkResponse(resp.StatusCode, expectedStatusCode)
  216. }
  217. // GetConnections returns status and stats for active SFTP/SCP connections
  218. func GetConnections(expectedStatusCode int) ([]sftpd.ConnectionStatus, []byte, error) {
  219. var connections []sftpd.ConnectionStatus
  220. var body []byte
  221. resp, err := sendHTTPRequest(http.MethodGet, buildURLRelativeToBase(activeConnectionsPath), nil, "")
  222. if err != nil {
  223. return connections, body, err
  224. }
  225. defer resp.Body.Close()
  226. err = checkResponse(resp.StatusCode, expectedStatusCode)
  227. if err == nil && expectedStatusCode == http.StatusOK {
  228. err = render.DecodeJSON(resp.Body, &connections)
  229. } else {
  230. body, _ = getResponseBody(resp)
  231. }
  232. return connections, body, err
  233. }
  234. // CloseConnection closes an active connection identified by connectionID
  235. func CloseConnection(connectionID string, expectedStatusCode int) ([]byte, error) {
  236. var body []byte
  237. resp, err := sendHTTPRequest(http.MethodDelete, buildURLRelativeToBase(activeConnectionsPath, connectionID), nil, "")
  238. if err != nil {
  239. return body, err
  240. }
  241. defer resp.Body.Close()
  242. err = checkResponse(resp.StatusCode, expectedStatusCode)
  243. body, _ = getResponseBody(resp)
  244. return body, err
  245. }
  246. // AddFolder adds a new folder and checks the received HTTP Status code against expectedStatusCode
  247. func AddFolder(folder vfs.BaseVirtualFolder, expectedStatusCode int) (vfs.BaseVirtualFolder, []byte, error) {
  248. var newFolder vfs.BaseVirtualFolder
  249. var body []byte
  250. folderAsJSON, _ := json.Marshal(folder)
  251. resp, err := sendHTTPRequest(http.MethodPost, buildURLRelativeToBase(folderPath), bytes.NewBuffer(folderAsJSON),
  252. "application/json")
  253. if err != nil {
  254. return newFolder, body, err
  255. }
  256. defer resp.Body.Close()
  257. err = checkResponse(resp.StatusCode, expectedStatusCode)
  258. if expectedStatusCode != http.StatusOK {
  259. body, _ = getResponseBody(resp)
  260. return newFolder, body, err
  261. }
  262. if err == nil {
  263. err = render.DecodeJSON(resp.Body, &newFolder)
  264. } else {
  265. body, _ = getResponseBody(resp)
  266. }
  267. if err == nil {
  268. err = checkFolder(&folder, &newFolder)
  269. }
  270. return newFolder, body, err
  271. }
  272. // RemoveFolder removes an existing user and checks the received HTTP Status code against expectedStatusCode.
  273. func RemoveFolder(folder vfs.BaseVirtualFolder, expectedStatusCode int) ([]byte, error) {
  274. var body []byte
  275. baseURL := buildURLRelativeToBase(folderPath)
  276. url, err := url.Parse(baseURL)
  277. if err != nil {
  278. return body, err
  279. }
  280. q := url.Query()
  281. q.Add("folder_path", folder.MappedPath)
  282. url.RawQuery = q.Encode()
  283. resp, err := sendHTTPRequest(http.MethodDelete, url.String(), nil, "")
  284. if err != nil {
  285. return body, err
  286. }
  287. defer resp.Body.Close()
  288. body, _ = getResponseBody(resp)
  289. return body, checkResponse(resp.StatusCode, expectedStatusCode)
  290. }
  291. // GetFolders returns a list of folders and checks the received HTTP Status code against expectedStatusCode.
  292. // The number of results can be limited specifying a limit.
  293. // Some results can be skipped specifying an offset.
  294. // The results can be filtered specifying a folder path, the folder path filter is an exact match
  295. func GetFolders(limit int64, offset int64, mappedPath string, expectedStatusCode int) ([]vfs.BaseVirtualFolder, []byte, error) {
  296. var folders []vfs.BaseVirtualFolder
  297. var body []byte
  298. url, err := addLimitAndOffsetQueryParams(buildURLRelativeToBase(folderPath), limit, offset)
  299. if err != nil {
  300. return folders, body, err
  301. }
  302. if len(mappedPath) > 0 {
  303. q := url.Query()
  304. q.Add("folder_path", mappedPath)
  305. url.RawQuery = q.Encode()
  306. }
  307. resp, err := sendHTTPRequest(http.MethodGet, url.String(), nil, "")
  308. if err != nil {
  309. return folders, body, err
  310. }
  311. defer resp.Body.Close()
  312. err = checkResponse(resp.StatusCode, expectedStatusCode)
  313. if err == nil && expectedStatusCode == http.StatusOK {
  314. err = render.DecodeJSON(resp.Body, &folders)
  315. } else {
  316. body, _ = getResponseBody(resp)
  317. }
  318. return folders, body, err
  319. }
  320. // GetFoldersQuotaScans gets active quota scans for folders and checks the received HTTP Status code against expectedStatusCode.
  321. func GetFoldersQuotaScans(expectedStatusCode int) ([]sftpd.ActiveVirtualFolderQuotaScan, []byte, error) {
  322. var quotaScans []sftpd.ActiveVirtualFolderQuotaScan
  323. var body []byte
  324. resp, err := sendHTTPRequest(http.MethodGet, buildURLRelativeToBase(quotaScanVFolderPath), nil, "")
  325. if err != nil {
  326. return quotaScans, body, err
  327. }
  328. defer resp.Body.Close()
  329. err = checkResponse(resp.StatusCode, expectedStatusCode)
  330. if err == nil && expectedStatusCode == http.StatusOK {
  331. err = render.DecodeJSON(resp.Body, &quotaScans)
  332. } else {
  333. body, _ = getResponseBody(resp)
  334. }
  335. return quotaScans, body, err
  336. }
  337. // StartFolderQuotaScan start a new quota scan for the given folder and checks the received HTTP Status code against expectedStatusCode.
  338. func StartFolderQuotaScan(folder vfs.BaseVirtualFolder, expectedStatusCode int) ([]byte, error) {
  339. var body []byte
  340. folderAsJSON, _ := json.Marshal(folder)
  341. resp, err := sendHTTPRequest(http.MethodPost, buildURLRelativeToBase(quotaScanVFolderPath), bytes.NewBuffer(folderAsJSON), "")
  342. if err != nil {
  343. return body, err
  344. }
  345. defer resp.Body.Close()
  346. body, _ = getResponseBody(resp)
  347. return body, checkResponse(resp.StatusCode, expectedStatusCode)
  348. }
  349. // GetVersion returns version details
  350. func GetVersion(expectedStatusCode int) (version.Info, []byte, error) {
  351. var appVersion version.Info
  352. var body []byte
  353. resp, err := sendHTTPRequest(http.MethodGet, buildURLRelativeToBase(versionPath), nil, "")
  354. if err != nil {
  355. return appVersion, body, err
  356. }
  357. defer resp.Body.Close()
  358. err = checkResponse(resp.StatusCode, expectedStatusCode)
  359. if err == nil && expectedStatusCode == http.StatusOK {
  360. err = render.DecodeJSON(resp.Body, &appVersion)
  361. } else {
  362. body, _ = getResponseBody(resp)
  363. }
  364. return appVersion, body, err
  365. }
  366. // GetProviderStatus returns provider status
  367. func GetProviderStatus(expectedStatusCode int) (map[string]interface{}, []byte, error) {
  368. var response map[string]interface{}
  369. var body []byte
  370. resp, err := sendHTTPRequest(http.MethodGet, buildURLRelativeToBase(providerStatusPath), nil, "")
  371. if err != nil {
  372. return response, body, err
  373. }
  374. defer resp.Body.Close()
  375. err = checkResponse(resp.StatusCode, expectedStatusCode)
  376. if err == nil && (expectedStatusCode == http.StatusOK || expectedStatusCode == http.StatusInternalServerError) {
  377. err = render.DecodeJSON(resp.Body, &response)
  378. } else {
  379. body, _ = getResponseBody(resp)
  380. }
  381. return response, body, err
  382. }
  383. // Dumpdata requests a backup to outputFile.
  384. // outputFile is relative to the configured backups_path
  385. func Dumpdata(outputFile, indent string, expectedStatusCode int) (map[string]interface{}, []byte, error) {
  386. var response map[string]interface{}
  387. var body []byte
  388. url, err := url.Parse(buildURLRelativeToBase(dumpDataPath))
  389. if err != nil {
  390. return response, body, err
  391. }
  392. q := url.Query()
  393. q.Add("output_file", outputFile)
  394. if len(indent) > 0 {
  395. q.Add("indent", indent)
  396. }
  397. url.RawQuery = q.Encode()
  398. resp, err := sendHTTPRequest(http.MethodGet, url.String(), nil, "")
  399. if err != nil {
  400. return response, body, err
  401. }
  402. defer resp.Body.Close()
  403. err = checkResponse(resp.StatusCode, expectedStatusCode)
  404. if err == nil && expectedStatusCode == http.StatusOK {
  405. err = render.DecodeJSON(resp.Body, &response)
  406. } else {
  407. body, _ = getResponseBody(resp)
  408. }
  409. return response, body, err
  410. }
  411. // Loaddata restores a backup.
  412. // New users are added, existing users are updated. Users will be restored one by one and the restore is stopped if a
  413. // user cannot be added/updated, so it could happen a partial restore
  414. func Loaddata(inputFile, scanQuota, mode string, expectedStatusCode int) (map[string]interface{}, []byte, error) {
  415. var response map[string]interface{}
  416. var body []byte
  417. url, err := url.Parse(buildURLRelativeToBase(loadDataPath))
  418. if err != nil {
  419. return response, body, err
  420. }
  421. q := url.Query()
  422. q.Add("input_file", inputFile)
  423. if len(scanQuota) > 0 {
  424. q.Add("scan_quota", scanQuota)
  425. }
  426. if len(mode) > 0 {
  427. q.Add("mode", mode)
  428. }
  429. url.RawQuery = q.Encode()
  430. resp, err := sendHTTPRequest(http.MethodGet, url.String(), nil, "")
  431. if err != nil {
  432. return response, body, err
  433. }
  434. defer resp.Body.Close()
  435. err = checkResponse(resp.StatusCode, expectedStatusCode)
  436. if err == nil && expectedStatusCode == http.StatusOK {
  437. err = render.DecodeJSON(resp.Body, &response)
  438. } else {
  439. body, _ = getResponseBody(resp)
  440. }
  441. return response, body, err
  442. }
  443. func checkResponse(actual int, expected int) error {
  444. if expected != actual {
  445. return fmt.Errorf("wrong status code: got %v want %v", actual, expected)
  446. }
  447. return nil
  448. }
  449. func getResponseBody(resp *http.Response) ([]byte, error) {
  450. return ioutil.ReadAll(resp.Body)
  451. }
  452. func checkFolder(expected *vfs.BaseVirtualFolder, actual *vfs.BaseVirtualFolder) error {
  453. if expected.ID <= 0 {
  454. if actual.ID <= 0 {
  455. return errors.New("actual folder ID must be > 0")
  456. }
  457. } else {
  458. if actual.ID != expected.ID {
  459. return errors.New("folder ID mismatch")
  460. }
  461. }
  462. if expected.MappedPath != actual.MappedPath {
  463. return errors.New("mapped path mismatch")
  464. }
  465. if expected.LastQuotaUpdate != actual.LastQuotaUpdate {
  466. return errors.New("last quota update mismatch")
  467. }
  468. if expected.UsedQuotaSize != actual.UsedQuotaSize {
  469. return errors.New("used quota size mismatch")
  470. }
  471. if expected.UsedQuotaFiles != actual.UsedQuotaFiles {
  472. return errors.New("used quota files mismatch")
  473. }
  474. if len(expected.Users) != len(actual.Users) {
  475. return errors.New("folder users mismatch")
  476. }
  477. for _, u := range actual.Users {
  478. if !utils.IsStringInSlice(u, expected.Users) {
  479. return errors.New("folder users mismatch")
  480. }
  481. }
  482. return nil
  483. }
  484. func checkUser(expected *dataprovider.User, actual *dataprovider.User) error {
  485. if len(actual.Password) > 0 {
  486. return errors.New("User password must not be visible")
  487. }
  488. if expected.ID <= 0 {
  489. if actual.ID <= 0 {
  490. return errors.New("actual user ID must be > 0")
  491. }
  492. } else {
  493. if actual.ID != expected.ID {
  494. return errors.New("user ID mismatch")
  495. }
  496. }
  497. if len(expected.Permissions) != len(actual.Permissions) {
  498. return errors.New("Permissions mismatch")
  499. }
  500. for dir, perms := range expected.Permissions {
  501. if actualPerms, ok := actual.Permissions[dir]; ok {
  502. for _, v := range actualPerms {
  503. if !utils.IsStringInSlice(v, perms) {
  504. return errors.New("Permissions contents mismatch")
  505. }
  506. }
  507. } else {
  508. return errors.New("Permissions directories mismatch")
  509. }
  510. }
  511. if err := compareUserFilters(expected, actual); err != nil {
  512. return err
  513. }
  514. if err := compareUserFsConfig(expected, actual); err != nil {
  515. return err
  516. }
  517. if err := compareUserVirtualFolders(expected, actual); err != nil {
  518. return err
  519. }
  520. return compareEqualsUserFields(expected, actual)
  521. }
  522. func compareUserVirtualFolders(expected *dataprovider.User, actual *dataprovider.User) error {
  523. if len(actual.VirtualFolders) != len(expected.VirtualFolders) {
  524. return errors.New("Virtual folders mismatch")
  525. }
  526. for _, v := range actual.VirtualFolders {
  527. found := false
  528. for _, v1 := range expected.VirtualFolders {
  529. if path.Clean(v.VirtualPath) == path.Clean(v1.VirtualPath) &&
  530. filepath.Clean(v.MappedPath) == filepath.Clean(v1.MappedPath) {
  531. found = true
  532. break
  533. }
  534. }
  535. if !found {
  536. return errors.New("Virtual folders mismatch")
  537. }
  538. }
  539. return nil
  540. }
  541. func compareUserFsConfig(expected *dataprovider.User, actual *dataprovider.User) error {
  542. if expected.FsConfig.Provider != actual.FsConfig.Provider {
  543. return errors.New("Fs provider mismatch")
  544. }
  545. if err := compareS3Config(expected, actual); err != nil {
  546. return err
  547. }
  548. if err := compareGCSConfig(expected, actual); err != nil {
  549. return err
  550. }
  551. return nil
  552. }
  553. func compareS3Config(expected *dataprovider.User, actual *dataprovider.User) error {
  554. if expected.FsConfig.S3Config.Bucket != actual.FsConfig.S3Config.Bucket {
  555. return errors.New("S3 bucket mismatch")
  556. }
  557. if expected.FsConfig.S3Config.Region != actual.FsConfig.S3Config.Region {
  558. return errors.New("S3 region mismatch")
  559. }
  560. if expected.FsConfig.S3Config.AccessKey != actual.FsConfig.S3Config.AccessKey {
  561. return errors.New("S3 access key mismatch")
  562. }
  563. if err := checkS3AccessSecret(expected.FsConfig.S3Config.AccessSecret, actual.FsConfig.S3Config.AccessSecret); err != nil {
  564. return err
  565. }
  566. if expected.FsConfig.S3Config.Endpoint != actual.FsConfig.S3Config.Endpoint {
  567. return errors.New("S3 endpoint mismatch")
  568. }
  569. if expected.FsConfig.S3Config.StorageClass != actual.FsConfig.S3Config.StorageClass {
  570. return errors.New("S3 storage class mismatch")
  571. }
  572. if expected.FsConfig.S3Config.UploadPartSize != actual.FsConfig.S3Config.UploadPartSize {
  573. return errors.New("S3 upload part size mismatch")
  574. }
  575. if expected.FsConfig.S3Config.UploadConcurrency != actual.FsConfig.S3Config.UploadConcurrency {
  576. return errors.New("S3 upload concurrency mismatch")
  577. }
  578. if expected.FsConfig.S3Config.KeyPrefix != actual.FsConfig.S3Config.KeyPrefix &&
  579. expected.FsConfig.S3Config.KeyPrefix+"/" != actual.FsConfig.S3Config.KeyPrefix {
  580. return errors.New("S3 key prefix mismatch")
  581. }
  582. return nil
  583. }
  584. func compareGCSConfig(expected *dataprovider.User, actual *dataprovider.User) error {
  585. if expected.FsConfig.GCSConfig.Bucket != actual.FsConfig.GCSConfig.Bucket {
  586. return errors.New("GCS bucket mismatch")
  587. }
  588. if expected.FsConfig.GCSConfig.StorageClass != actual.FsConfig.GCSConfig.StorageClass {
  589. return errors.New("GCS storage class mismatch")
  590. }
  591. if expected.FsConfig.GCSConfig.KeyPrefix != actual.FsConfig.GCSConfig.KeyPrefix &&
  592. expected.FsConfig.GCSConfig.KeyPrefix+"/" != actual.FsConfig.GCSConfig.KeyPrefix {
  593. return errors.New("GCS key prefix mismatch")
  594. }
  595. if expected.FsConfig.GCSConfig.AutomaticCredentials != actual.FsConfig.GCSConfig.AutomaticCredentials {
  596. return errors.New("GCS automatic credentials mismatch")
  597. }
  598. return nil
  599. }
  600. func checkS3AccessSecret(expectedAccessSecret, actualAccessSecret string) error {
  601. if len(expectedAccessSecret) > 0 {
  602. vals := strings.Split(expectedAccessSecret, "$")
  603. if strings.HasPrefix(expectedAccessSecret, "$aes$") && len(vals) == 4 {
  604. expectedAccessSecret = utils.RemoveDecryptionKey(expectedAccessSecret)
  605. if expectedAccessSecret != actualAccessSecret {
  606. return fmt.Errorf("S3 access secret mismatch, expected: %v", expectedAccessSecret)
  607. }
  608. } else {
  609. // here we check that actualAccessSecret is aes encrypted without the nonce
  610. parts := strings.Split(actualAccessSecret, "$")
  611. if !strings.HasPrefix(actualAccessSecret, "$aes$") || len(parts) != 3 {
  612. return errors.New("Invalid S3 access secret")
  613. }
  614. if len(parts) == len(vals) {
  615. if expectedAccessSecret != actualAccessSecret {
  616. return errors.New("S3 encrypted access secret mismatch")
  617. }
  618. }
  619. }
  620. } else {
  621. if expectedAccessSecret != actualAccessSecret {
  622. return errors.New("S3 access secret mismatch")
  623. }
  624. }
  625. return nil
  626. }
  627. func compareUserFilters(expected *dataprovider.User, actual *dataprovider.User) error {
  628. if len(expected.Filters.AllowedIP) != len(actual.Filters.AllowedIP) {
  629. return errors.New("AllowedIP mismatch")
  630. }
  631. if len(expected.Filters.DeniedIP) != len(actual.Filters.DeniedIP) {
  632. return errors.New("DeniedIP mismatch")
  633. }
  634. if len(expected.Filters.DeniedLoginMethods) != len(actual.Filters.DeniedLoginMethods) {
  635. return errors.New("Denied login methods mismatch")
  636. }
  637. for _, IPMask := range expected.Filters.AllowedIP {
  638. if !utils.IsStringInSlice(IPMask, actual.Filters.AllowedIP) {
  639. return errors.New("AllowedIP contents mismatch")
  640. }
  641. }
  642. for _, IPMask := range expected.Filters.DeniedIP {
  643. if !utils.IsStringInSlice(IPMask, actual.Filters.DeniedIP) {
  644. return errors.New("DeniedIP contents mismatch")
  645. }
  646. }
  647. for _, method := range expected.Filters.DeniedLoginMethods {
  648. if !utils.IsStringInSlice(method, actual.Filters.DeniedLoginMethods) {
  649. return errors.New("Denied login methods contents mismatch")
  650. }
  651. }
  652. if err := compareUserFileExtensionsFilters(expected, actual); err != nil {
  653. return err
  654. }
  655. return nil
  656. }
  657. func compareUserFileExtensionsFilters(expected *dataprovider.User, actual *dataprovider.User) error {
  658. if len(expected.Filters.FileExtensions) != len(actual.Filters.FileExtensions) {
  659. return errors.New("file extensions mismatch")
  660. }
  661. for _, f := range expected.Filters.FileExtensions {
  662. found := false
  663. for _, f1 := range actual.Filters.FileExtensions {
  664. if path.Clean(f.Path) == path.Clean(f1.Path) {
  665. if len(f.AllowedExtensions) != len(f1.AllowedExtensions) || len(f.DeniedExtensions) != len(f1.DeniedExtensions) {
  666. return errors.New("file extensions contents mismatch")
  667. }
  668. for _, e := range f.AllowedExtensions {
  669. if !utils.IsStringInSlice(e, f1.AllowedExtensions) {
  670. return errors.New("file extensions contents mismatch")
  671. }
  672. }
  673. for _, e := range f.DeniedExtensions {
  674. if !utils.IsStringInSlice(e, f1.DeniedExtensions) {
  675. return errors.New("file extensions contents mismatch")
  676. }
  677. }
  678. found = true
  679. }
  680. }
  681. if !found {
  682. return errors.New("file extensions contents mismatch")
  683. }
  684. }
  685. return nil
  686. }
  687. func compareEqualsUserFields(expected *dataprovider.User, actual *dataprovider.User) error {
  688. if expected.Username != actual.Username {
  689. return errors.New("Username mismatch")
  690. }
  691. if expected.HomeDir != actual.HomeDir {
  692. return errors.New("HomeDir mismatch")
  693. }
  694. if expected.UID != actual.UID {
  695. return errors.New("UID mismatch")
  696. }
  697. if expected.GID != actual.GID {
  698. return errors.New("GID mismatch")
  699. }
  700. if expected.MaxSessions != actual.MaxSessions {
  701. return errors.New("MaxSessions mismatch")
  702. }
  703. if expected.QuotaSize != actual.QuotaSize {
  704. return errors.New("QuotaSize mismatch")
  705. }
  706. if expected.QuotaFiles != actual.QuotaFiles {
  707. return errors.New("QuotaFiles mismatch")
  708. }
  709. if len(expected.Permissions) != len(actual.Permissions) {
  710. return errors.New("Permissions mismatch")
  711. }
  712. if expected.UploadBandwidth != actual.UploadBandwidth {
  713. return errors.New("UploadBandwidth mismatch")
  714. }
  715. if expected.DownloadBandwidth != actual.DownloadBandwidth {
  716. return errors.New("DownloadBandwidth mismatch")
  717. }
  718. if expected.Status != actual.Status {
  719. return errors.New("Status mismatch")
  720. }
  721. if expected.ExpirationDate != actual.ExpirationDate {
  722. return errors.New("ExpirationDate mismatch")
  723. }
  724. return nil
  725. }
  726. func addLimitAndOffsetQueryParams(rawurl string, limit, offset int64) (*url.URL, error) {
  727. url, err := url.Parse(rawurl)
  728. if err != nil {
  729. return nil, err
  730. }
  731. q := url.Query()
  732. if limit > 0 {
  733. q.Add("limit", strconv.FormatInt(limit, 10))
  734. }
  735. if offset > 0 {
  736. q.Add("offset", strconv.FormatInt(offset, 10))
  737. }
  738. url.RawQuery = q.Encode()
  739. return url, err
  740. }