Adding upstream version 0.28.1.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-22 10:57:38 +02:00 · 2025-05-22 10:57:38 +02:00 · e28c88ef14
commit e28c88ef14
parent 88f1d47ab6
933 changed files with 194711 additions and 0 deletions
--- a/cmd/serve.go
+++ b/cmd/serve.go
@ -0,0 +1,77 @@
+package cmd
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/pocketbase/pocketbase/apis"
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/spf13/cobra"
+)
+
+// NewServeCommand creates and returns new command responsible for
+// starting the default PocketBase web server.
+func NewServeCommand(app core.App, showStartBanner bool) *cobra.Command {
+	var allowedOrigins []string
+	var httpAddr string
+	var httpsAddr string
+
+	command := &cobra.Command{
+		Use:          "serve [domain(s)]",
+		Args:         cobra.ArbitraryArgs,
+		Short:        "Starts the web server (default to 127.0.0.1:8090 if no domain is specified)",
+		SilenceUsage: true,
+		RunE: func(command *cobra.Command, args []string) error {
+			// set default listener addresses if at least one domain is specified
+			if len(args) > 0 {
+				if httpAddr == "" {
+					httpAddr = "0.0.0.0:80"
+				}
+				if httpsAddr == "" {
+					httpsAddr = "0.0.0.0:443"
+				}
+			} else {
+				if httpAddr == "" {
+					httpAddr = "127.0.0.1:8090"
+				}
+			}
+
+			err := apis.Serve(app, apis.ServeConfig{
+				HttpAddr:           httpAddr,
+				HttpsAddr:          httpsAddr,
+				ShowStartBanner:    showStartBanner,
+				AllowedOrigins:     allowedOrigins,
+				CertificateDomains: args,
+			})
+
+			if errors.Is(err, http.ErrServerClosed) {
+				return nil
+			}
+
+			return err
+		},
+	}
+
+	command.PersistentFlags().StringSliceVar(
+		&allowedOrigins,
+		"origins",
+		[]string{"*"},
+		"CORS allowed domain origins list",
+	)
+
+	command.PersistentFlags().StringVar(
+		&httpAddr,
+		"http",
+		"",
+		"TCP address to listen for the HTTP server\n(if domain args are specified - default to 0.0.0.0:80, otherwise - default to 127.0.0.1:8090)",
+	)
+
+	command.PersistentFlags().StringVar(
+		&httpsAddr,
+		"https",
+		"",
+		"TCP address to listen for the HTTPS server\n(if domain args are specified - default to 0.0.0.0:443, otherwise - default to empty string, aka. no TLS)\nThe incoming HTTP traffic also will be auto redirected to the HTTPS version",
+	)
+
+	return command
+}
--- a/cmd/superuser.go
+++ b/cmd/superuser.go
@ -0,0 +1,211 @@
+package cmd
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/fatih/color"
+	"github.com/go-ozzo/ozzo-validation/v4/is"
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/spf13/cobra"
+)
+
+// NewSuperuserCommand creates and returns new command for managing
+// superuser accounts (create, update, upsert, delete).
+func NewSuperuserCommand(app core.App) *cobra.Command {
+	command := &cobra.Command{
+		Use:   "superuser",
+		Short: "Manage superusers",
+	}
+
+	command.AddCommand(superuserUpsertCommand(app))
+	command.AddCommand(superuserCreateCommand(app))
+	command.AddCommand(superuserUpdateCommand(app))
+	command.AddCommand(superuserDeleteCommand(app))
+	command.AddCommand(superuserOTPCommand(app))
+
+	return command
+}
+
+func superuserUpsertCommand(app core.App) *cobra.Command {
+	command := &cobra.Command{
+		Use:          "upsert",
+		Example:      "superuser upsert test@example.com 1234567890",
+		Short:        "Creates, or updates if email exists, a single superuser",
+		SilenceUsage: true,
+		RunE: func(command *cobra.Command, args []string) error {
+			if len(args) != 2 {
+				return errors.New("missing email and password arguments")
+			}
+
+			if args[0] == "" || is.EmailFormat.Validate(args[0]) != nil {
+				return errors.New("missing or invalid email address")
+			}
+
+			superusersCol, err := app.FindCachedCollectionByNameOrId(core.CollectionNameSuperusers)
+			if err != nil {
+				return fmt.Errorf("failed to fetch %q collection: %w", core.CollectionNameSuperusers, err)
+			}
+
+			superuser, err := app.FindAuthRecordByEmail(superusersCol, args[0])
+			if err != nil {
+				superuser = core.NewRecord(superusersCol)
+			}
+
+			superuser.SetEmail(args[0])
+			superuser.SetPassword(args[1])
+
+			if err := app.Save(superuser); err != nil {
+				return fmt.Errorf("failed to upsert superuser account: %w", err)
+			}
+
+			color.Green("Successfully saved superuser %q!", superuser.Email())
+			return nil
+		},
+	}
+
+	return command
+}
+
+func superuserCreateCommand(app core.App) *cobra.Command {
+	command := &cobra.Command{
+		Use:          "create",
+		Example:      "superuser create test@example.com 1234567890",
+		Short:        "Creates a new superuser",
+		SilenceUsage: true,
+		RunE: func(command *cobra.Command, args []string) error {
+			if len(args) != 2 {
+				return errors.New("missing email and password arguments")
+			}
+
+			if args[0] == "" || is.EmailFormat.Validate(args[0]) != nil {
+				return errors.New("missing or invalid email address")
+			}
+
+			superusersCol, err := app.FindCachedCollectionByNameOrId(core.CollectionNameSuperusers)
+			if err != nil {
+				return fmt.Errorf("failed to fetch %q collection: %w", core.CollectionNameSuperusers, err)
+			}
+
+			superuser := core.NewRecord(superusersCol)
+			superuser.SetEmail(args[0])
+			superuser.SetPassword(args[1])
+
+			if err := app.Save(superuser); err != nil {
+				return fmt.Errorf("failed to create new superuser account: %w", err)
+			}
+
+			color.Green("Successfully created new superuser %q!", superuser.Email())
+			return nil
+		},
+	}
+
+	return command
+}
+
+func superuserUpdateCommand(app core.App) *cobra.Command {
+	command := &cobra.Command{
+		Use:          "update",
+		Example:      "superuser update test@example.com 1234567890",
+		Short:        "Changes the password of a single superuser",
+		SilenceUsage: true,
+		RunE: func(command *cobra.Command, args []string) error {
+			if len(args) != 2 {
+				return errors.New("missing email and password arguments")
+			}
+
+			if args[0] == "" || is.EmailFormat.Validate(args[0]) != nil {
+				return errors.New("missing or invalid email address")
+			}
+
+			superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, args[0])
+			if err != nil {
+				return fmt.Errorf("superuser with email %q doesn't exist", args[0])
+			}
+
+			superuser.SetPassword(args[1])
+
+			if err := app.Save(superuser); err != nil {
+				return fmt.Errorf("failed to change superuser %q password: %w", superuser.Email(), err)
+			}
+
+			color.Green("Successfully changed superuser %q password!", superuser.Email())
+			return nil
+		},
+	}
+
+	return command
+}
+
+func superuserDeleteCommand(app core.App) *cobra.Command {
+	command := &cobra.Command{
+		Use:          "delete",
+		Example:      "superuser delete test@example.com",
+		Short:        "Deletes an existing superuser",
+		SilenceUsage: true,
+		RunE: func(command *cobra.Command, args []string) error {
+			if len(args) == 0 || args[0] == "" || is.EmailFormat.Validate(args[0]) != nil {
+				return errors.New("invalid or missing email address")
+			}
+
+			superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, args[0])
+			if err != nil {
+				color.Yellow("superuser %q is missing or already deleted", args[0])
+				return nil
+			}
+
+			if err := app.Delete(superuser); err != nil {
+				return fmt.Errorf("failed to delete superuser %q: %w", superuser.Email(), err)
+			}
+
+			color.Green("Successfully deleted superuser %q!", superuser.Email())
+			return nil
+		},
+	}
+
+	return command
+}
+
+func superuserOTPCommand(app core.App) *cobra.Command {
+	command := &cobra.Command{
+		Use:          "otp",
+		Example:      "superuser otp test@example.com",
+		Short:        "Creates a new OTP for the specified superuser",
+		SilenceUsage: true,
+		RunE: func(command *cobra.Command, args []string) error {
+			if len(args) == 0 || args[0] == "" || is.EmailFormat.Validate(args[0]) != nil {
+				return errors.New("invalid or missing email address")
+			}
+
+			superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, args[0])
+			if err != nil {
+				return fmt.Errorf("superuser with email %q doesn't exist", args[0])
+			}
+
+			if !superuser.Collection().OTP.Enabled {
+				return errors.New("OTP auth is not enabled for the _superusers collection")
+			}
+
+			pass := security.RandomStringWithAlphabet(superuser.Collection().OTP.Length, "1234567890")
+
+			otp := core.NewOTP(app)
+			otp.SetCollectionRef(superuser.Collection().Id)
+			otp.SetRecordRef(superuser.Id)
+			otp.SetPassword(pass)
+
+			err = app.Save(otp)
+			if err != nil {
+				return fmt.Errorf("failed to create OTP: %w", err)
+			}
+
+			color.New(color.BgGreen, color.FgBlack).Printf("Successfully created OTP for superuser %q:", superuser.Email())
+			color.Green("\n├─ Id:    %s", otp.Id)
+			color.Green("├─ Pass:  %s", pass)
+			color.Green("└─ Valid: %ds\n\n", superuser.Collection().OTP.Duration)
+			return nil
+		},
+	}
+
+	return command
+}
--- a/cmd/superuser_test.go
+++ b/cmd/superuser_test.go
@ -0,0 +1,403 @@
+package cmd_test
+
+import (
+	"testing"
+
+	"github.com/pocketbase/pocketbase/cmd"
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/tests"
+)
+
+func TestSuperuserUpsertCommand(t *testing.T) {
+	t.Parallel()
+
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	scenarios := []struct {
+		name        string
+		email       string
+		password    string
+		expectError bool
+	}{
+		{
+			"empty email and password",
+			"",
+			"",
+			true,
+		},
+		{
+			"empty email",
+			"",
+			"1234567890",
+			true,
+		},
+		{
+			"invalid email",
+			"invalid",
+			"1234567890",
+			true,
+		},
+		{
+			"empty password",
+			"test@example.com",
+			"",
+			true,
+		},
+		{
+			"short password",
+			"test_new@example.com",
+			"1234567",
+			true,
+		},
+		{
+			"existing user",
+			"test@example.com",
+			"1234567890!",
+			false,
+		},
+		{
+			"new user",
+			"test_new@example.com",
+			"1234567890!",
+			false,
+		},
+	}
+
+	for _, s := range scenarios {
+		t.Run(s.name, func(t *testing.T) {
+			command := cmd.NewSuperuserCommand(app)
+			command.SetArgs([]string{"upsert", s.email, s.password})
+
+			err := command.Execute()
+
+			hasErr := err != nil
+			if s.expectError != hasErr {
+				t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err)
+			}
+
+			if hasErr {
+				return
+			}
+
+			// check whether the superuser account was actually upserted
+			superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, s.email)
+			if err != nil {
+				t.Fatalf("Failed to fetch superuser %s: %v", s.email, err)
+			} else if !superuser.ValidatePassword(s.password) {
+				t.Fatal("Expected the superuser password to match")
+			}
+		})
+	}
+}
+
+func TestSuperuserCreateCommand(t *testing.T) {
+	t.Parallel()
+
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	scenarios := []struct {
+		name        string
+		email       string
+		password    string
+		expectError bool
+	}{
+		{
+			"empty email and password",
+			"",
+			"",
+			true,
+		},
+		{
+			"empty email",
+			"",
+			"1234567890",
+			true,
+		},
+		{
+			"invalid email",
+			"invalid",
+			"1234567890",
+			true,
+		},
+		{
+			"duplicated email",
+			"test@example.com",
+			"1234567890",
+			true,
+		},
+		{
+			"empty password",
+			"test@example.com",
+			"",
+			true,
+		},
+		{
+			"short password",
+			"test_new@example.com",
+			"1234567",
+			true,
+		},
+		{
+			"valid email and password",
+			"test_new@example.com",
+			"12345678",
+			false,
+		},
+	}
+
+	for _, s := range scenarios {
+		t.Run(s.name, func(t *testing.T) {
+			command := cmd.NewSuperuserCommand(app)
+			command.SetArgs([]string{"create", s.email, s.password})
+
+			err := command.Execute()
+
+			hasErr := err != nil
+			if s.expectError != hasErr {
+				t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err)
+			}
+
+			if hasErr {
+				return
+			}
+
+			// check whether the superuser account was actually created
+			superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, s.email)
+			if err != nil {
+				t.Fatalf("Failed to fetch created superuser %s: %v", s.email, err)
+			} else if !superuser.ValidatePassword(s.password) {
+				t.Fatal("Expected the superuser password to match")
+			}
+		})
+	}
+}
+
+func TestSuperuserUpdateCommand(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	scenarios := []struct {
+		name        string
+		email       string
+		password    string
+		expectError bool
+	}{
+		{
+			"empty email and password",
+			"",
+			"",
+			true,
+		},
+		{
+			"empty email",
+			"",
+			"1234567890",
+			true,
+		},
+		{
+			"invalid email",
+			"invalid",
+			"1234567890",
+			true,
+		},
+		{
+			"nonexisting superuser",
+			"test_missing@example.com",
+			"1234567890",
+			true,
+		},
+		{
+			"empty password",
+			"test@example.com",
+			"",
+			true,
+		},
+		{
+			"short password",
+			"test_new@example.com",
+			"1234567",
+			true,
+		},
+		{
+			"valid email and password",
+			"test@example.com",
+			"12345678",
+			false,
+		},
+	}
+
+	for _, s := range scenarios {
+		t.Run(s.name, func(t *testing.T) {
+			command := cmd.NewSuperuserCommand(app)
+			command.SetArgs([]string{"update", s.email, s.password})
+
+			err := command.Execute()
+
+			hasErr := err != nil
+			if s.expectError != hasErr {
+				t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err)
+			}
+
+			if hasErr {
+				return
+			}
+
+			// check whether the superuser password was actually changed
+			superuser, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, s.email)
+			if err != nil {
+				t.Fatalf("Failed to fetch superuser %s: %v", s.email, err)
+			} else if !superuser.ValidatePassword(s.password) {
+				t.Fatal("Expected the superuser password to match")
+			}
+		})
+	}
+}
+
+func TestSuperuserDeleteCommand(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	scenarios := []struct {
+		name        string
+		email       string
+		expectError bool
+	}{
+		{
+			"empty email",
+			"",
+			true,
+		},
+		{
+			"invalid email",
+			"invalid",
+			true,
+		},
+		{
+			"nonexisting superuser",
+			"test_missing@example.com",
+			false,
+		},
+		{
+			"existing superuser",
+			"test@example.com",
+			false,
+		},
+	}
+
+	for _, s := range scenarios {
+		t.Run(s.name, func(t *testing.T) {
+			command := cmd.NewSuperuserCommand(app)
+			command.SetArgs([]string{"delete", s.email})
+
+			err := command.Execute()
+
+			hasErr := err != nil
+			if s.expectError != hasErr {
+				t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err)
+			}
+
+			if hasErr {
+				return
+			}
+
+			if _, err := app.FindAuthRecordByEmail(core.CollectionNameSuperusers, s.email); err == nil {
+				t.Fatal("Expected the superuser account to be deleted")
+			}
+		})
+	}
+}
+
+func TestSuperuserOTPCommand(t *testing.T) {
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	superusersCollection, err := app.FindCollectionByNameOrId(core.CollectionNameSuperusers)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// remove all existing otps
+	otps, err := app.FindAllOTPsByCollection(superusersCollection)
+	if err != nil {
+		t.Fatal(err)
+	}
+	for _, otp := range otps {
+		err = app.Delete(otp)
+		if err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	scenarios := []struct {
+		name        string
+		email       string
+		enabled     bool
+		expectError bool
+	}{
+		{
+			"empty email",
+			"",
+			true,
+			true,
+		},
+		{
+			"invalid email",
+			"invalid",
+			true,
+			true,
+		},
+		{
+			"nonexisting superuser",
+			"test_missing@example.com",
+			true,
+			true,
+		},
+		{
+			"existing superuser",
+			"test@example.com",
+			true,
+			false,
+		},
+		{
+			"existing superuser with disabled OTP",
+			"test@example.com",
+			false,
+			true,
+		},
+	}
+
+	for _, s := range scenarios {
+		t.Run(s.name, func(t *testing.T) {
+			command := cmd.NewSuperuserCommand(app)
+			command.SetArgs([]string{"otp", s.email})
+
+			superusersCollection.OTP.Enabled = s.enabled
+			if err = app.SaveNoValidate(superusersCollection); err != nil {
+				t.Fatal(err)
+			}
+
+			err := command.Execute()
+
+			hasErr := err != nil
+			if s.expectError != hasErr {
+				t.Fatalf("Expected hasErr %v, got %v (%v)", s.expectError, hasErr, err)
+			}
+
+			if hasErr {
+				return
+			}
+
+			superuser, err := app.FindAuthRecordByEmail(superusersCollection, s.email)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			otps, _ := app.FindAllOTPsByRecord(superuser)
+			if total := len(otps); total != 1 {
+				t.Fatalf("Expected 1 OTP, got %d", total)
+			}
+		})
+	}
+}