#include #include "server_internal.hxx" #define check_admin_response() check_user_response(); if (!user->admin) return { .e = "Forbidden" }; #define check_admin_optional() check_user_optional(); if (!user->admin) return "Forbidden"; // TODO Log admin action mrpc::Response> Server::Admin_list_users(std::string &&token) { check_admin_response(); { std::shared_lock lock{user_lock}; std::vector info; info.reserve(users.size()); for (const auto &us : users) { const auto u = us.second.get(); info.push_back(mrpc::UserInfo { .id = u->id, .name = u->name, .tfa = u->tfa_enabled, .admin = u->admin, .enabled = u->enabled }); } return { .o = std::move(info) }; } } std::optional Server::Admin_delete_user(std::string &&token, std::uint64_t &&user_id) { check_admin_optional(); auto target = get_user(user_id); if (!target) return "Invalid user"; delete_user(target); save(); return std::nullopt; } std::optional Server::Admin_logout(std::string &&token, std::uint64_t &&user_id) { check_admin_optional(); logout_user(user_id); return std::nullopt; } std::optional Server::Admin_disable_tfa(std::string &&token, std::uint64_t &&user_id) { check_admin_optional(); auto u = get_user(user_id); if (u) u->tfa_enabled = false; save(); return std::nullopt; } std::optional Server::Admin_set_admin(std::string &&token, std::uint64_t &&user_id, bool &&admin) { check_admin_optional(); auto u = get_user(user_id); if (u) u->admin = admin; save(); return std::nullopt; } std::optional Server::Admin_set_enabled(std::string &&token, std::uint64_t &&user_id, bool &&enabled) { check_admin_optional(); auto u = get_user(user_id); if (u) u->enabled = enabled; save(); return std::nullopt; } std::optional Server::Admin_sudo(std::string &&token, std::uint64_t &&user_id) { check_admin_optional(); auto u = get_user(user_id); if (!u) return "Invalid user"; { std::unique_lock tlock{token_lock}; auto &t = tokens.at(token); t->sudo_original_user = user; t->user = u; t->refresh(); } return std::nullopt; } std::optional Server::Admin_unsudo(std::string &&token) { check_user_optional(); { std::unique_lock lock{token_lock}; auto &t = tokens.at(token); if (t->sudo_original_user == nullptr) return "Unauthorized"; t->user = t->sudo_original_user; t->sudo_original_user = nullptr; t->refresh(); } return std::nullopt; } std::optional Server::Admin_shutdown(std::string &&token) { check_admin_optional(); spdlog::info("Received rpc shutdown request from admin user {}", user->name); g_stop_service(); return std::nullopt; }