feat!: allow disable user (close #3241)

From this commit, the guest user will be disabled by default
2023-02-04 11:44:17 +08:00
parent 7bf8071095
commit 3d0065bdcf
4 changed files with 16 additions and 0 deletions
--- a/server/handles/user.go
+++ b/server/handles/user.go
@ -67,6 +67,10 @@ func UpdateUser(c *gin.Context) {
 	if req.OtpSecret == "" {
 		req.OtpSecret = user.OtpSecret
 	}
+	if req.Disabled && req.IsAdmin() {
+		common.ErrorStrResp(c, "admin user can not be disabled", 400)
+		return
+	}
 	if err := op.UpdateUser(&req); err != nil {
 		common.ErrorResp(c, err, 500)
 	} else {
--- a/server/middlewares/auth.go
+++ b/server/middlewares/auth.go
@ -33,6 +33,11 @@ func Auth(c *gin.Context) {
 			c.Abort()
 			return
 		}
+		if guest.Disabled {
+			common.ErrorStrResp(c, "Guest user is disabled, login please", 401)
+			c.Abort()
+			return
+		}
 		c.Set("user", guest)
 		log.Debugf("use empty token: %+v", guest)
 		c.Next()
@ -50,6 +55,11 @@ func Auth(c *gin.Context) {
 		c.Abort()
 		return
 	}
+	if user.Disabled {
+		common.ErrorStrResp(c, "Current user is disabled, replace please", 401)
+		c.Abort()
+		return
+	}
 	c.Set("user", user)
 	log.Debugf("use login token: %+v", user)
 	c.Next()