CHAI
/
chtech-anythingllm
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22 Commits
1 Branch
0 Tags
235 MiB
Tree: cbbf5e2877
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cbbf5e2877'
${ noResults }
chtech-anythingllm/server/endpoints/api/admin/index.js

775 lines
21 KiB
Raw Normal View History

first commit
11 months ago
  1. const { EventLogs } = require("../../../models/eventLogs");
  2. const { Invite } = require("../../../models/invite");
  3. const { SystemSettings } = require("../../../models/systemSettings");
  4. const { User } = require("../../../models/user");
  5. const { Workspace } = require("../../../models/workspace");
  6. const { WorkspaceChats } = require("../../../models/workspaceChats");
  7. const { WorkspaceUser } = require("../../../models/workspaceUsers");
  8. const { canModifyAdmin } = require("../../../utils/helpers/admin");
  9. const { multiUserMode, reqBody } = require("../../../utils/http");
  10. const { validApiKey } = require("../../../utils/middleware/validApiKey");
  12. function apiAdminEndpoints(app) {
  13. if (!app) return;
  15. app.get("/v1/admin/is-multi-user-mode", [validApiKey], (_, response) => {
  16. /*
  17. #swagger.tags = ['Admin']
  18. #swagger.description = 'Check to see if the instance is in multi-user-mode first. Methods are disabled until multi user mode is enabled via the UI.'
  19. #swagger.responses[200] = {
  20. content: {
  21. "application/json": {
  22. schema: {
  23. type: 'object',
  24. example: {
  25. "isMultiUser": true
  26. }
  27. }
  28. }
  29. }
  30. }
  31. #swagger.responses[403] = {
  32. schema: {
  33. "$ref": "#/definitions/InvalidAPIKey"
  34. }
  35. }
  36. */
  37. const isMultiUser = multiUserMode(response);
  38. response.status(200).json({ isMultiUser });
  39. });
  41. app.get("/v1/admin/users", [validApiKey], async (request, response) => {
  42. /*
  43. #swagger.tags = ['Admin']
  44. #swagger.description = 'Check to see if the instance is in multi-user-mode first. Methods are disabled until multi user mode is enabled via the UI.'
  45. #swagger.responses[200] = {
  46. content: {
  47. "application/json": {
  48. schema: {
  49. type: 'object',
  50. example: {
  51. "users": [
  52. {
  53. username: "sample-sam",
  54. role: 'default',
  55. }
  56. ]
  57. }
  58. }
  59. }
  60. }
  61. }
  62. #swagger.responses[403] = {
  63. schema: {
  64. "$ref": "#/definitions/InvalidAPIKey"
  65. }
  66. }
  67. #swagger.responses[401] = {
  68. description: "Instance is not in Multi-User mode. Method denied",
  69. }
  70. */
  71. try {
  72. if (!multiUserMode(response)) {
  73. response.sendStatus(401).end();
  74. return;
  75. }
  77. const users = await User.where();
  78. response.status(200).json({ users });
  79. } catch (e) {
  80. console.error(e);
  81. response.sendStatus(500).end();
  82. }
  83. });
  85. app.post("/v1/admin/users/new", [validApiKey], async (request, response) => {
  86. /*
  87. #swagger.tags = ['Admin']
  88. #swagger.description = 'Create a new user with username and password. Methods are disabled until multi user mode is enabled via the UI.'
  89. #swagger.requestBody = {
  90. description: 'Key pair object that will define the new user to add to the system.',
  91. required: true,
  92. content: {
  93. "application/json": {
  94. example: {
  95. username: "sample-sam",
  96. password: 'hunter2',
  97. role: 'default | admin'
  98. }
  99. }
  100. }
  101. }
  102. #swagger.responses[200] = {
  103. content: {
  104. "application/json": {
  105. schema: {
  106. type: 'object',
  107. example: {
  108. user: {
  109. id: 1,
  110. username: 'sample-sam',
  111. role: 'default',
  112. },
  113. error: null,
  114. }
  115. }
  116. }
  117. }
  118. }
  119. #swagger.responses[403] = {
  120. schema: {
  121. "$ref": "#/definitions/InvalidAPIKey"
  122. }
  123. }
  124. #swagger.responses[401] = {
  125. description: "Instance is not in Multi-User mode. Method denied",
  126. }
  127. */
  128. try {
  129. if (!multiUserMode(response)) {
  130. response.sendStatus(401).end();
  131. return;
  132. }
  134. const newUserParams = reqBody(request);
  135. const { user: newUser, error } = await User.create(newUserParams);
  136. response.status(newUser ? 200 : 400).json({ user: newUser, error });
  137. } catch (e) {
  138. console.error(e);
  139. response.sendStatus(500).end();
  140. }
  141. });
  143. app.post("/v1/admin/users/:id", [validApiKey], async (request, response) => {
  144. /*
  145. #swagger.tags = ['Admin']
  146. #swagger.parameters['id'] = {
  147. in: 'path',
  148. description: 'id of the user in the database.',
  149. required: true,
  150. type: 'string'
  151. }
  152. #swagger.description = 'Update existing user settings. Methods are disabled until multi user mode is enabled via the UI.'
  153. #swagger.requestBody = {
  154. description: 'Key pair object that will update the found user. All fields are optional and will not update unless specified.',
  155. required: true,
  156. content: {
  157. "application/json": {
  158. example: {
  159. username: "sample-sam",
  160. password: 'hunter2',
  161. role: 'default | admin',
  162. suspended: 0,
  163. }
  164. }
  165. }
  166. }
  167. #swagger.responses[200] = {
  168. content: {
  169. "application/json": {
  170. schema: {
  171. type: 'object',
  172. example: {
  173. success: true,
  174. error: null,
  175. }
  176. }
  177. }
  178. }
  179. }
  180. #swagger.responses[403] = {
  181. schema: {
  182. "$ref": "#/definitions/InvalidAPIKey"
  183. }
  184. }
  185. #swagger.responses[401] = {
  186. description: "Instance is not in Multi-User mode. Method denied",
  187. }
  188. */
  189. try {
  190. if (!multiUserMode(response)) {
  191. response.sendStatus(401).end();
  192. return;
  193. }
  195. const { id } = request.params;
  196. const updates = reqBody(request);
  197. const user = await User.get({ id: Number(id) });
  198. const validAdminRoleModification = await canModifyAdmin(user, updates);
  200. if (!validAdminRoleModification.valid) {
  201. response
  202. .status(200)
  203. .json({ success: false, error: validAdminRoleModification.error });
  204. return;
  205. }
  207. const { success, error } = await User.update(id, updates);
  208. response.status(200).json({ success, error });
  209. } catch (e) {
  210. console.error(e);
  211. response.sendStatus(500).end();
  212. }
  213. });
  215. app.delete(
  216. "/v1/admin/users/:id",
  217. [validApiKey],
  218. async (request, response) => {
  219. /*
  220. #swagger.tags = ['Admin']
  221. #swagger.description = 'Delete existing user by id. Methods are disabled until multi user mode is enabled via the UI.'
  222. #swagger.parameters['id'] = {
  223. in: 'path',
  224. description: 'id of the user in the database.',
  225. required: true,
  226. type: 'string'
  227. }
  228. #swagger.responses[200] = {
  229. content: {
  230. "application/json": {
  231. schema: {
  232. type: 'object',
  233. example: {
  234. success: true,
  235. error: null,
  236. }
  237. }
  238. }
  239. }
  240. }
  241. #swagger.responses[403] = {
  242. schema: {
  243. "$ref": "#/definitions/InvalidAPIKey"
  244. }
  245. }
  246. #swagger.responses[401] = {
  247. description: "Instance is not in Multi-User mode. Method denied",
  248. }
  249. */
  250. try {
  251. if (!multiUserMode(response)) {
  252. response.sendStatus(401).end();
  253. return;
  254. }
  256. const { id } = request.params;
  257. const user = await User.get({ id: Number(id) });
  258. await User.delete({ id: user.id });
  259. await EventLogs.logEvent("api_user_deleted", {
  260. userName: user.username,
  261. });
  262. response.status(200).json({ success: true, error: null });
  263. } catch (e) {
  264. console.error(e);
  265. response.sendStatus(500).end();
  266. }
  267. }
  268. );
  270. app.get("/v1/admin/invites", [validApiKey], async (request, response) => {
  271. /*
  272. #swagger.tags = ['Admin']
  273. #swagger.description = 'List all existing invitations to instance regardless of status. Methods are disabled until multi user mode is enabled via the UI.'
  274. #swagger.responses[200] = {
  275. content: {
  276. "application/json": {
  277. schema: {
  278. type: 'object',
  279. example: {
  280. "invites": [
  281. {
  282. id: 1,
  283. status: "pending",
  284. code: 'abc-123',
  285. claimedBy: null
  286. }
  287. ]
  288. }
  289. }
  290. }
  291. }
  292. }
  293. #swagger.responses[403] = {
  294. schema: {
  295. "$ref": "#/definitions/InvalidAPIKey"
  296. }
  297. }
  298. #swagger.responses[401] = {
  299. description: "Instance is not in Multi-User mode. Method denied",
  300. }
  301. */
  302. try {
  303. if (!multiUserMode(response)) {
  304. response.sendStatus(401).end();
  305. return;
  306. }
  308. const invites = await Invite.whereWithUsers();
  309. response.status(200).json({ invites });
  310. } catch (e) {
  311. console.error(e);
  312. response.sendStatus(500).end();
  313. }
  314. });
  316. app.post("/v1/admin/invite/new", [validApiKey], async (request, response) => {
  317. /*
  318. #swagger.tags = ['Admin']
  319. #swagger.description = 'Create a new invite code for someone to use to register with instance. Methods are disabled until multi user mode is enabled via the UI.'
  320. #swagger.requestBody = {
  321. description: 'Request body for creation parameters of the invitation',
  322. required: false,
  323. content: {
  324. "application/json": {
  325. example: {
  326. workspaceIds: [1,2,45],
  327. }
  328. }
  329. }
  330. }
  331. #swagger.responses[200] = {
  332. content: {
  333. "application/json": {
  334. schema: {
  335. type: 'object',
  336. example: {
  337. invite: {
  338. id: 1,
  339. status: "pending",
  340. code: 'abc-123',
  341. },
  342. error: null,
  343. }
  344. }
  345. }
  346. }
  347. }
  348. #swagger.responses[403] = {
  349. schema: {
  350. "$ref": "#/definitions/InvalidAPIKey"
  351. }
  352. }
  353. #swagger.responses[401] = {
  354. description: "Instance is not in Multi-User mode. Method denied",
  355. }
  356. */
  357. try {
  358. if (!multiUserMode(response)) {
  359. response.sendStatus(401).end();
  360. return;
  361. }
  363. const body = reqBody(request);
  364. const { invite, error } = await Invite.create({
  365. workspaceIds: body?.workspaceIds ?? [],
  366. });
  367. response.status(200).json({ invite, error });
  368. } catch (e) {
  369. console.error(e);
  370. response.sendStatus(500).end();
  371. }
  372. });
  374. app.delete(
  375. "/v1/admin/invite/:id",
  376. [validApiKey],
  377. async (request, response) => {
  378. /*
  379. #swagger.tags = ['Admin']
  380. #swagger.description = 'Deactivates (soft-delete) invite by id. Methods are disabled until multi user mode is enabled via the UI.'
  381. #swagger.parameters['id'] = {
  382. in: 'path',
  383. description: 'id of the invite in the database.',
  384. required: true,
  385. type: 'string'
  386. }
  387. #swagger.responses[200] = {
  388. content: {
  389. "application/json": {
  390. schema: {
  391. type: 'object',
  392. example: {
  393. success: true,
  394. error: null,
  395. }
  396. }
  397. }
  398. }
  399. }
  400. #swagger.responses[403] = {
  401. schema: {
  402. "$ref": "#/definitions/InvalidAPIKey"
  403. }
  404. }
  405. #swagger.responses[401] = {
  406. description: "Instance is not in Multi-User mode. Method denied",
  407. }
  408. */
  409. try {
  410. if (!multiUserMode(response)) {
  411. response.sendStatus(401).end();
  412. return;
  413. }
  415. const { id } = request.params;
  416. const { success, error } = await Invite.deactivate(id);
  417. response.status(200).json({ success, error });
  418. } catch (e) {
  419. console.error(e);
  420. response.sendStatus(500).end();
  421. }
  422. }
  423. );
  425. app.get(
  426. "/v1/admin/workspaces/:workspaceId/users",
  427. [validApiKey],
  428. async (request, response) => {
  429. /*
  430. #swagger.tags = ['Admin']
  431. #swagger.parameters['workspaceId'] = {
  432. in: 'path',
  433. description: 'id of the workspace.',
  434. required: true,
  435. type: 'string'
  436. }
  437. #swagger.description = 'Retrieve a list of users with permissions to access the specified workspace.'
  438. #swagger.responses[200] = {
  439. content: {
  440. "application/json": {
  441. schema: {
  442. type: 'object',
  443. example: {
  444. users: [
  445. {"userId": 1, "role": "admin"},
  446. {"userId": 2, "role": "member"}
  447. ]
  448. }
  449. }
  450. }
  451. }
  452. }
  453. #swagger.responses[403] = {
  454. schema: {
  455. "$ref": "#/definitions/InvalidAPIKey"
  456. }
  457. }
  458. #swagger.responses[401] = {
  459. description: "Instance is not in Multi-User mode. Method denied",
  460. }
  461. */
  463. try {
  464. if (!multiUserMode(response)) {
  465. response.sendStatus(401).end();
  466. return;
  467. }
  469. const workspaceId = request.params.workspaceId;
  470. const users = await Workspace.workspaceUsers(workspaceId);
  472. response.status(200).json({ users });
  473. } catch (e) {
  474. console.error(e);
  475. response.sendStatus(500).end();
  476. }
  477. }
  478. );
  480. app.post(
  481. "/v1/admin/workspaces/:workspaceId/update-users",
  482. [validApiKey],
  483. async (request, response) => {
  484. /*
  485. #swagger.tags = ['Admin']
  486. #swagger.deprecated = true
  487. #swagger.parameters['workspaceId'] = {
  488. in: 'path',
  489. description: 'id of the workspace in the database.',
  490. required: true,
  491. type: 'string'
  492. }
  493. #swagger.description = 'Overwrite workspace permissions to only be accessible by the given user ids and admins. Methods are disabled until multi user mode is enabled via the UI.'
  494. #swagger.requestBody = {
  495. description: 'Entire array of user ids who can access the workspace. All fields are optional and will not update unless specified.',
  496. required: true,
  497. content: {
  498. "application/json": {
  499. example: {
  500. userIds: [1,2,4,12],
  501. }
  502. }
  503. }
  504. }
  505. #swagger.responses[200] = {
  506. content: {
  507. "application/json": {
  508. schema: {
  509. type: 'object',
  510. example: {
  511. success: true,
  512. error: null,
  513. }
  514. }
  515. }
  516. }
  517. }
  518. #swagger.responses[403] = {
  519. schema: {
  520. "$ref": "#/definitions/InvalidAPIKey"
  521. }
  522. }
  523. #swagger.responses[401] = {
  524. description: "Instance is not in Multi-User mode. Method denied",
  525. }
  526. */
  527. try {
  528. if (!multiUserMode(response)) {
  529. response.sendStatus(401).end();
  530. return;
  531. }
  533. const { workspaceId } = request.params;
  534. const { userIds } = reqBody(request);
  535. const { success, error } = await Workspace.updateUsers(
  536. workspaceId,
  537. userIds
  538. );
  539. response.status(200).json({ success, error });
  540. } catch (e) {
  541. console.error(e);
  542. response.sendStatus(500).end();
  543. }
  544. }
  545. );
  547. app.post(
  548. "/v1/admin/workspaces/:workspaceSlug/manage-users",
  549. [validApiKey],
  550. async (request, response) => {
  551. /*
  552. #swagger.tags = ['Admin']
  553. #swagger.parameters['workspaceSlug'] = {
  554. in: 'path',
  555. description: 'slug of the workspace in the database',
  556. required: true,
  557. type: 'string'
  558. }
  559. #swagger.description = 'Set workspace permissions to be accessible by the given user ids and admins. Methods are disabled until multi user mode is enabled via the UI.'
  560. #swagger.requestBody = {
  561. description: 'Array of user ids who will be given access to the target workspace. <code>reset</code> will remove all existing users from the workspace and only add the new users - default <code>false</code>.',
  562. required: true,
  563. content: {
  564. "application/json": {
  565. example: {
  566. userIds: [1,2,4,12],
  567. reset: false
  568. }
  569. }
  570. }
  571. }
  572. #swagger.responses[200] = {
  573. content: {
  574. "application/json": {
  575. schema: {
  576. type: 'object',
  577. example: {
  578. success: true,
  579. error: null,
  580. users: [
  581. {"userId": 1, "username": "main-admin", "role": "admin"},
  582. {"userId": 2, "username": "sample-sam", "role": "default"}
  583. ]
  584. }
  585. }
  586. }
  587. }
  588. }
  589. #swagger.responses[403] = {
  590. schema: {
  591. "$ref": "#/definitions/InvalidAPIKey"
  592. }
  593. }
  594. #swagger.responses[401] = {
  595. description: "Instance is not in Multi-User mode. Method denied",
  596. }
  597. */
  598. try {
  599. if (!multiUserMode(response)) {
  600. response.sendStatus(401).end();
  601. return;
  602. }
  604. const { workspaceSlug } = request.params;
  605. const { userIds: _uids, reset = false } = reqBody(request);
  606. const userIds = (
  607. await User.where({ id: { in: _uids.map(Number) } })
  608. ).map((user) => user.id);
  609. const workspace = await Workspace.get({ slug: String(workspaceSlug) });
  610. const workspaceUsers = await Workspace.workspaceUsers(workspace.id);
  612. if (!workspace) {
  613. response.status(404).json({
  614. success: false,
  615. error: `Workspace ${workspaceSlug} not found`,
  616. users: workspaceUsers,
  617. });
  618. return;
  619. }
  621. if (userIds.length === 0) {
  622. response.status(404).json({
  623. success: false,
  624. error: `No valid user IDs provided.`,
  625. users: workspaceUsers,
  626. });
  627. return;
  628. }
  630. // Reset all users in the workspace and add the new users as the only users in the workspace
  631. if (reset) {
  632. const { success, error } = await Workspace.updateUsers(
  633. workspace.id,
  634. userIds
  635. );
  636. return response.status(200).json({
  637. success,
  638. error,
  639. users: await Workspace.workspaceUsers(workspace.id),
  640. });
  641. }
  643. // Add new users to the workspace if they are not already in the workspace
  644. const existingUserIds = workspaceUsers.map((user) => user.userId);
  645. const usersToAdd = userIds.filter(
  646. (userId) => !existingUserIds.includes(userId)
  647. );
  648. if (usersToAdd.length > 0)
  649. await WorkspaceUser.createManyUsers(usersToAdd, workspace.id);
  650. response.status(200).json({
  651. success: true,
  652. error: null,
  653. users: await Workspace.workspaceUsers(workspace.id),
  654. });
  655. } catch (e) {
  656. console.error(e);
  657. response.sendStatus(500).end();
  658. }
  659. }
  660. );
  662. app.post(
  663. "/v1/admin/workspace-chats",
  664. [validApiKey],
  665. async (request, response) => {
  666. /*
  667. #swagger.tags = ['Admin']
  668. #swagger.description = 'All chats in the system ordered by most recent. Methods are disabled until multi user mode is enabled via the UI.'
  669. #swagger.requestBody = {
  670. description: 'Page offset to show of workspace chats. All fields are optional and will not update unless specified.',
  671. required: false,
  672. content: {
  673. "application/json": {
  674. example: {
  675. offset: 2,
  676. }
  677. }
  678. }
  679. }
  680. #swagger.responses[200] = {
  681. content: {
  682. "application/json": {
  683. schema: {
  684. type: 'object',
  685. example: {
  686. success: true,
  687. error: null,
  688. }
  689. }
  690. }
  691. }
  692. }
  693. #swagger.responses[403] = {
  694. schema: {
  695. "$ref": "#/definitions/InvalidAPIKey"
  696. }
  697. }
  698. */
  699. try {
  700. const pgSize = 20;
  701. const { offset = 0 } = reqBody(request);
  702. const chats = await WorkspaceChats.whereWithData(
  703. {},
  704. pgSize,
  705. offset * pgSize,
  706. { id: "desc" }
  707. );
  709. const hasPages = (await WorkspaceChats.count()) > (offset + 1) * pgSize;
  710. response.status(200).json({ chats: chats, hasPages });
  711. } catch (e) {
  712. console.error(e);
  713. response.sendStatus(500).end();
  714. }
  715. }
  716. );
  718. app.post(
  719. "/v1/admin/preferences",
  720. [validApiKey],
  721. async (request, response) => {
  722. /*
  723. #swagger.tags = ['Admin']
  724. #swagger.description = 'Update multi-user preferences for instance. Methods are disabled until multi user mode is enabled via the UI.'
  725. #swagger.requestBody = {
  726. description: 'Object with setting key and new value to set. All keys are optional and will not update unless specified.',
  727. required: true,
  728. content: {
  729. "application/json": {
  730. example: {
  731. support_email: "support@example.com",
  732. }
  733. }
  734. }
  735. }
  736. #swagger.responses[200] = {
  737. content: {
  738. "application/json": {
  739. schema: {
  740. type: 'object',
  741. example: {
  742. success: true,
  743. error: null,
  744. }
  745. }
  746. }
  747. }
  748. }
  749. #swagger.responses[403] = {
  750. schema: {
  751. "$ref": "#/definitions/InvalidAPIKey"
  752. }
  753. }
  754. #swagger.responses[401] = {
  755. description: "Instance is not in Multi-User mode. Method denied",
  756. }
  757. */
  758. try {
  759. if (!multiUserMode(response)) {
  760. response.sendStatus(401).end();
  761. return;
  762. }
  764. const updates = reqBody(request);
  765. await SystemSettings.updateSettings(updates);
  766. response.status(200).json({ success: true, error: null });
  767. } catch (e) {
  768. console.error(e);
  769. response.sendStatus(500).end();
  770. }
  771. }
  772. );
  773. }
  775. module.exports = { apiAdminEndpoints };