v0.11.3: Admin Web UI, restricted accounts

Author: redsolver

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.11.3
+
+- Add basic Admin Web UI for account management (`/s5/admin/app`)
+- Accounts can now be restricted to disable all upload endpoints
+- Add some new Admin API methods (`/accounts/full` and `/accounts/set_restricted_status`)
+- Fix Docker image build
+- Fix bug in the `/debug/download_urls` API (thanks @parajbs-dev)
+
 ## 0.11.0
 
 - Add support for WebSocket p2p connections and use them by default if a domain is configured

lib/accounts/account.dart

@@ -2,17 +2,20 @@ class Account {
   final int id;
   final int createdAt;
   final String? email;
+  final bool isRestricted;
   int get tier => 1;
 
   Account({
     required this.id,
     required this.createdAt,
     required this.email,
+    required this.isRestricted,
   });
   toJson() => {
         'id': id,
         'createdAt': createdAt,
         'email': email,
         'tier': tier,
+        'isRestricted': isRestricted,
       };
 }

lib/constants.dart

@@ -1,5 +1,5 @@
 // ! S5 node version
-const nodeVersion = '0.11.0';
+const nodeVersion = '0.11.3';
 
 // ! default chunk size for hashes
 const defaultChunkSize = 256 * 1024;

lib/http_api/admin.dart

@@ -44,13 +44,38 @@ class AdminAPI {
       };
     });
 
+    app.get('/s5/admin/accounts/full', (req, res) async {
+      checkAuth(req);
+      final res = await node.accounts!.getAllAccounts();
+      final accountsFull = <Map>[];
+      for (final account in res) {
+        final map = account.toJson();
+        map['stats'] = await node.accounts!.getStatsForAccount(account.id);
+        accountsFull.add(
+          map,
+        );
+      }
+      return {
+        'accounts': accountsFull,
+      };
+    });
+
     app.post('/s5/admin/accounts', (req, res) async {
       checkAuth(req);
       final id =
           await node.accounts!.createAccount(req.uri.queryParameters['email']!);
       return {'id': id};
     });
 
+    app.post('/s5/admin/accounts/set_restricted_status', (req, res) async {
+      checkAuth(req);
+      await node.accounts!.setRestrictedStatus(
+        int.parse(req.uri.queryParameters['id']!),
+        req.requestedUri.queryParameters['status'] == 'true',
+      );
+      return '';
+    });
+
     app.post('/s5/admin/accounts/new_auth_token', (req, res) async {
       checkAuth(req);
       final accountId = int.parse(req.uri.queryParameters['id']!);

lib/http_api/http_api.dart

@@ -78,7 +78,7 @@ class HttpAPIServer {
 
     app.post('/s5/upload/directory', (req, res) async {
       final auth = await node.checkAuth(req, 's5/upload/directory');
-      if (auth.denied) return res.unauthorized(auth);
+      if (auth.denied || auth.restricted) return res.unauthorized(auth);
 
       if (node.store == null) {
         throw 'No store configured, uploads not possible';
@@ -119,7 +119,7 @@ class HttpAPIServer {
 
     app.post('/s5/upload', (req, res) async {
       final auth = await node.checkAuth(req, 's5/upload');
-      if (auth.denied) return res.unauthorized(auth);
+      if (auth.denied || auth.restricted) return res.unauthorized(auth);
 
       if (node.store == null) {
         throw 'No store configured, uploads not possible';
@@ -223,7 +223,7 @@ class HttpAPIServer {
     // TODO Add ?routingHints=
     app.post('/s5/pin/:cid', (req, res) async {
       final auth = await node.checkAuth(req, 's5/pin');
-      if (auth.denied) return res.unauthorized(auth);
+      if (auth.denied || auth.restricted) return res.unauthorized(auth);
 
       final cid = CID.decode(req.params['cid']);
 
@@ -330,7 +330,7 @@ class HttpAPIServer {
 
     app.post('/s5/upload/tus', (req, res) async {
       final auth = await node.checkAuth(req, 's5/upload/tus');
-      if (auth.denied) return res.unauthorized(auth);
+      if (auth.denied || auth.restricted) return res.unauthorized(auth);
 
       final uploadLength = int.parse(req.headers.value('upload-length')!);
 
@@ -380,7 +380,7 @@ class HttpAPIServer {
 
     app.post('/s5/import/http', (req, res) async {
       final auth = await node.checkAuth(req, 's5/import/http');
-      if (auth.denied) return res.unauthorized(auth);
+      if (auth.denied || auth.restricted) return res.unauthorized(auth);
 
       if (node.store == null) {
         throw 'No store configured, uploads not possible';
@@ -708,6 +708,8 @@ class HttpAPIServer {
 
       final map = node.getCachedStorageLocations(hash, [
         storageLocationTypeFull,
+        storageLocationTypeFile,
+        storageLocationTypeBridge,
       ]);
 
       final availableNodes = map.keys.toList();
@@ -914,6 +916,11 @@ class HttpAPIServer {
           }
         }
 
+        if (cid == null && request.uri.path.startsWith('/s5/admin/app')) {
+          // ! Admin Web UI
+          cid = CID.decode('zrjD3HKdKj56sTsHcFd5XhcVf72SGFVZQnMDq2RuYCe7Hiw');
+        }
+
         if (cid == null) {
           try {
             cid = CID.decode(parts[0]);

lib/service/accounts.dart

@@ -16,6 +16,8 @@ class AuthResponse {
   final bool denied;
   final String? error;
 
+  bool get restricted => account?.isRestricted ?? false;
+
   AuthResponse({
     required this.account,
     required this.denied,
@@ -357,6 +359,7 @@ class AccountsService {
         "createdAt": auth.account!.createdAt,
         "quotaExceeded": false,
         "emailConfirmed": false,
+        "isRestricted": auth.account!.isRestricted,
         "tier": tiers[auth.account!.tier],
       };
     });
@@ -372,6 +375,7 @@ class AccountsService {
         "createdAt": auth.account!.createdAt,
         "quotaExceeded": false,
         "emailConfirmed": false,
+        "isRestricted": auth.account!.isRestricted,
         "tier": tiers[auth.account!.tier],
         "stats": stats,
       };
@@ -527,10 +531,12 @@ WHERE object_hash = ?''',
       whereArgs: [id],
     );
     final account = res.first;
+
     return Account(
       id: id,
       createdAt: account['created_at'] as int,
       email: account['email'] as String?,
+      isRestricted: account['is_restricted'] == 1,
     );
   }
 
@@ -543,6 +549,7 @@ WHERE object_hash = ?''',
               id: account['id'] as int,
               createdAt: account['created_at'] as int,
               email: account['email'] as String?,
+              isRestricted: account['is_restricted'] == 1,
             ))
         .toList();
   }
@@ -565,6 +572,7 @@ WHERE ID = (
       id: account['id'] as int,
       createdAt: account['created_at'] as int,
       email: account['email'] as String?,
+      isRestricted: account['is_restricted'] == 1,
     );
   }
 
@@ -589,6 +597,15 @@ WHERE ID = (
     });
     return authToken;
   }
+
+  Future<void> setRestrictedStatus(int id, bool restricted) async {
+    await sql.db.update(
+      'Account',
+      {'is_restricted': restricted ? 1 : 0},
+      where: 'id = ?',
+      whereArgs: [id],
+    );
+  }
 }
 
 extension UnauthorizedExtension on HttpResponse {

pubspec.yaml

@@ -1,7 +1,7 @@
 name: s5_server
 description: Decentralized content-addressed storage network
 publish_to: none
-version: 0.11.0
+version: 0.11.3
 
 environment:
   sdk: ^3.0.0