diff --git a/modules/database/database.go b/modules/database/database.go index 1d0b3cb..a3a9e05 100644 --- a/modules/database/database.go +++ b/modules/database/database.go @@ -91,8 +91,6 @@ func handleMasterRolePermissions() (roleId string) { DB.Where("role_id = ?", foundRole.Id).Find(&foundRolePermissions) - log.Debug().Msgf("init database %v", cache.GetSystemPermissions()) - systemPermissions := cache.GetSystemPermissions() if len(foundRolePermissions) > 0 { diff --git a/modules/systempermissions/systempermissions.go b/modules/systempermissions/systempermissions.go index af6890f..60efc01 100644 --- a/modules/systempermissions/systempermissions.go +++ b/modules/systempermissions/systempermissions.go @@ -10,7 +10,7 @@ func InitSystemPermissions() { cache.AddSystemPermissions([]string{ utils.PermissionGroupTasksHistory, utils.PermissionAllUsersActionChangeRole, - utils.PermissionAllUsersCreateUser, + utils.PermissionAllUsersCreateNewUser, utils.PermissionScannerUseScanners, utils.PermissionAdminAreaCreateNewRole, utils.PermissionAdminAreaUpdateRole, diff --git a/modules/utils/globals.go b/modules/utils/globals.go index 7be4ade..63a1c77 100644 --- a/modules/utils/globals.go +++ b/modules/utils/globals.go @@ -25,6 +25,9 @@ const ( GroupTaskLockedTime = 3 SessionExpiresAtTime = 7 * 24 * 60 * 60 // 1 week + + ConnectionStateOffline = 0 + ConnectionStateOnline = 1 ) // commands sent to web clients @@ -51,9 +54,10 @@ const ( SentCmdAdminAreaRoleUpdated = 20 SentCmdAdminAreaUpdateRoleSortingOrder = 21 SentCmdAdminAreaRoleDeleted = 22 - SentCmdUserRoleUpdated = 23 + SentCmdAllUsersUserRoleUpdated = 23 SentCmdRolePermissionsUpdated = 24 SentCmdErrorNoPermissions = 25 + SentCmdAllUsersNewUserCreated = 26 ) // commands received from web clients @@ -68,7 +72,8 @@ const ( ReceivedCmdAdminAreaUpdateRole = 8 ReceivedCmdAdminAreaUpdateRoleSortingOrder = 9 ReceivedCmdAdminAreaDeleteRole = 10 - ReceivedCmdUpdateUserRole = 11 + ReceivedCmdAllUsersUpdateUserRole = 11 + ReceivedCmdAllUsersCreateNewUser = 12 ) const ( @@ -95,7 +100,7 @@ const ( PermissionGroupTasksOverviewXYView = _groupTasks + "overview.XY.view" PermissionGroupTasksHistory = _groupTasks + "history" - PermissionAllUsersCreateUser = "all_users.create_user" + PermissionAllUsersCreateNewUser = "all_users.create_new_user" PermissionAllUsersActionChangeRole = "all_users.action.change_role" PermissionScannerUseScanners = "scanner.use_scanners" diff --git a/socketclients/socketclients.go b/socketclients/socketclients.go index f601244..dd40f99 100644 --- a/socketclients/socketclients.go +++ b/socketclients/socketclients.go @@ -10,6 +10,7 @@ import ( "time" "github.com/gofiber/websocket/v2" + "github.com/google/uuid" "github.com/rs/zerolog/log" "golang.org/x/crypto/bcrypt" "gorm.io/gorm" @@ -153,11 +154,11 @@ func isUserSessionConnected(userSessionId string, socketClients []*structs.Socke func isUserGenerallyConnected(userId string) uint8 { for _, socketClient := range cache.GetSocketClients() { if socketClient.UserId == userId { - return 1 + return utils.ConnectionStateOnline } } - return 0 + return utils.ConnectionStateOffline } // Get all users from database. @@ -530,7 +531,6 @@ func AdminAreaMoveRoleToSortingOrder(body map[string]interface{}) { return } - // TODO: check permissions BroadcastMessage(structs.SendSocketMessage{ Cmd: utils.SentCmdAdminAreaUpdateRoleSortingOrder, Body: body, @@ -559,14 +559,12 @@ func AdminAreaDeleteRole(body map[string]interface{}) { } func UpdateUserRole(userId string, roleId string) { - log.Debug().Msgf("userId %s roleId %s", userId, roleId) - database.DB.Model(&structs.User{}).Where("id = ?", userId).Updates(structs.User{ RoleId: roleId, }) SendMessageToUser(userId, "", structs.SendSocketMessage{ - Cmd: utils.SentCmdUserRoleUpdated, + Cmd: utils.SentCmdAllUsersUserRoleUpdated, Body: struct { UserId string RoleId string @@ -579,7 +577,7 @@ func UpdateUserRole(userId string, roleId string) { }) BroadcastMessageExceptUserId(userId, structs.SendSocketMessage{ - Cmd: utils.SentCmdUserRoleUpdated, + Cmd: utils.SentCmdAllUsersUserRoleUpdated, Body: struct { UserId string RoleId string @@ -611,3 +609,87 @@ func SendErrorMessageNoPermissions(sessionId string) { Cmd: utils.SentCmdErrorNoPermissions, }) } + +func AllUsersCreateNewUser(sessionId string, body map[string]interface{}) { + if body["Username"] == nil || + body["Email"] == nil || + body["Password"] == nil || + body["RoleId"] == nil { + log.Error().Msgf("Invalid body provided for user creation: %v", body) + return + } + + username := body["Username"].(string) + email := body["Email"].(string) + password := body["Password"].(string) + roleId := body["RoleId"].(string) + + if !isValueLenValid(username, utils.MinUsername, utils.MaxUsername) { + log.Error().Msgf("Invalid username length: %s", username) + return + } + + if !isUsernameAvailable(username) { + SendMessageOnlyToSessionId(sessionId, structs.SendSocketMessage{ + Cmd: utils.SentCmdAllUsersNewUserCreated, + Body: struct { + Result uint8 + }{ + Result: 0, + }, + }) + return + } + + if !isEmailAvailable(email) { + SendMessageOnlyToSessionId(sessionId, structs.SendSocketMessage{ + Cmd: utils.SentCmdAllUsersNewUserCreated, + Body: struct { + Result uint8 + }{ + Result: 1, + }, + }) + return + } + + decodedPassword, err := base64.StdEncoding.DecodeString(password) + + if err != nil { + log.Error().Msgf("Failed to decode base64 password, err: %s", err.Error()) + return + } + + hashedPassword, err := bcrypt.GenerateFromPassword(decodedPassword, bcrypt.DefaultCost) + + if err != nil { + log.Error().Msgf("Failed to generate password: %s", err.Error()) + return + } + + newUser := structs.User{ + Id: uuid.New().String(), + RoleId: roleId, + Username: username, + Email: email, + Password: string(hashedPassword), + CreatedAt: time.Now(), + } + + database.DB.Create(&newUser) + + BroadcastMessage(structs.SendSocketMessage{ + Cmd: utils.SentCmdAllUsersNewUserCreated, + Body: struct { + Id string + Username string + RoleId string + ConnectionStatus uint8 + }{ + Id: newUser.Id, + Username: username, + RoleId: roleId, + ConnectionStatus: utils.ConnectionStateOffline, + }, + }) +} diff --git a/socketserver/hub.go b/socketserver/hub.go index efb5763..3fac5ea 100644 --- a/socketserver/hub.go +++ b/socketserver/hub.go @@ -251,7 +251,7 @@ func RunHub() { socketclients.AdminAreaDeleteRole(receivedMessage.Body) break - case utils.ReceivedCmdUpdateUserRole: + case utils.ReceivedCmdAllUsersUpdateUserRole: if !socketclients.HasPermission(data.Conn.Locals("userId").(string), utils.PermissionAllUsersActionChangeRole) { socketclients.SendErrorMessageNoPermissions(data.Conn.Locals("sessionId").(string)) break @@ -259,6 +259,15 @@ func RunHub() { socketclients.UpdateUserRole(receivedMessage.Body["UserId"].(string), receivedMessage.Body["RoleId"].(string)) break + case utils.ReceivedCmdAllUsersCreateNewUser: + if !socketclients.HasPermission(data.Conn.Locals("userId").(string), utils.PermissionAllUsersCreateNewUser) { + socketclients.SendErrorMessageNoPermissions(data.Conn.Locals("sessionId").(string)) + break + } + + socketclients.AllUsersCreateNewUser(data.Conn.Locals("sessionId").(string), receivedMessage.Body) + break + default: log.Error().Msgf("Received unknown message: %v", receivedMessage) break