scripte/archivmail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(PROJ-24): Mandanten-Logo Upload

Browse Source 
- DB: logo_data (BYTEA) + logo_content_type Spalten in tenants-Tabelle
- Backend: SetLogo/GetLogo/DeleteLogo im tenantstore
- API: Logo-Endpunkte für superadmin (beliebiger Mandant) und
  domain_admin (eigener Mandant), max. 2 MB, PNG/JPEG/GIF/WebP/SVG
- Frontend: Logo-Dialog in Mandantentabelle (superadmin),
  Logo-Upload-Sektion im LDAP-Tab (domain_admin)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sysops
2026-03-20 03:15:34 +01:00
parent cd2781bdff
commit 30c6694dff
4 changed files with 595 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/ldap_tenants.go
+262 -1
View File
@@ -1,7 +1,11 @@
package api
import (
"crypto/rand"
"encoding/hex"
"encoding/json"
"fmt"
"io"
"net/http"
"strconv"
@@ -12,6 +16,8 @@ import (
"github.com/archivmail/internal/userstore"
)
const maxLogoSize = 2 * 1024 * 1024 // 2 MB
// ── Server extension fields and wiring ──────────────────────────────────────
// ldapStore and tenantStore are added to the Server struct via SetLDAP / SetTenants.
@@ -41,6 +47,16 @@ func (s *Server) SetTenants(store *tenantstore.Store) {
s.mux.HandleFunc("POST /api/tenants/{id}/domains", s.authMiddleware(s.requireRole(userstore.RoleAdmin, s.handleAddTenantDomain)))
s.mux.HandleFunc("DELETE /api/tenants/{id}/domains/{did}", s.authMiddleware(s.requireRole(userstore.RoleAdmin, s.handleRemoveTenantDomain)))
s.mux.HandleFunc("GET /api/tenants/{id}/users", s.authMiddleware(s.requireRole(userstore.RoleAdmin, s.handleListTenantUsers)))
// Logo routes: any auth can read; admin can write
s.mux.HandleFunc("GET /api/tenants/{id}/logo", s.auth(s.handleGetTenantLogo))
s.mux.HandleFunc("POST /api/tenants/{id}/logo", s.authMiddleware(s.requireRole(userstore.RoleAdmin, s.handleUploadTenantLogo)))
s.mux.HandleFunc("DELETE /api/tenants/{id}/logo", s.authMiddleware(s.requireRole(userstore.RoleAdmin, s.handleDeleteTenantLogo)))
// Logo routes for domain_admin (own tenant)
s.mux.HandleFunc("GET /api/tenant/logo", s.authAdmin(s.handleGetOwnTenantLogo))
s.mux.HandleFunc("POST /api/tenant/logo", s.authAdmin(s.handleUploadOwnTenantLogo))
s.mux.HandleFunc("DELETE /api/tenant/logo", s.authAdmin(s.handleDeleteOwnTenantLogo))
}
// ── LDAP handlers ────────────────────────────────────────────────────────────
@@ -215,6 +231,50 @@ func (s *Server) handleCreateTenant(w http.ResponseWriter, r *http.Request) {
return
}
// Create default users for the new tenant.
type defaultUserCreds struct {
Username string `json:"username"`
Password string `json:"password"`
Role string `json:"role"`
}
type createTenantResponse struct {
*tenantstore.Tenant
DefaultUsers []defaultUserCreds `json:"default_users"`
}
resp := createTenantResponse{Tenant: tenant}
for _, spec := range []struct {
suffix string
role string
}{
{suffix: "admin", role: userstore.RoleDomainAdmin},
{suffix: "auditor", role: userstore.RoleAuditor},
} {
pw, pwErr := tenantRandomPassword()
if pwErr != nil {
writeError(w, http.StatusInternalServerError, "failed to generate password")
return
}
username := req.Slug + "-" + spec.suffix
email := fmt.Sprintf("%s@%s.local", username, req.Slug)
u, uErr := s.users.Create(userstore.CreateUserRequest{
Username: username,
Email: email,
Password: pw,
Role: spec.role,
TenantID: &tenant.ID,
})
if uErr != nil {
writeError(w, http.StatusInternalServerError, "failed to create default user")
return
}
resp.DefaultUsers = append(resp.DefaultUsers, defaultUserCreds{
Username: u.Username,
Password: pw,
Role: spec.role,
})
}
sess := sessionFromCtx(r.Context())
s.audlog.Log(audit.Entry{
EventType: "tenant_created",
@@ -224,7 +284,7 @@ func (s *Server) handleCreateTenant(w http.ResponseWriter, r *http.Request) {
Detail: "Mandant erstellt: " + req.Name,
})
writeJSON(w, http.StatusCreated, tenant)
writeJSON(w, http.StatusCreated, resp)
}
func (s *Server) handleGetTenant(w http.ResponseWriter, r *http.Request) {
@@ -744,3 +804,204 @@ func parseTenantID(r *http.Request) (int64, error) {
return strconv.ParseInt(r.PathValue("id"), 10, 64)
}
// tenantRandomPassword generates a cryptographically random 16-byte hex password.
func tenantRandomPassword() (string, error) {
b := make([]byte, 16)
if _, err := rand.Read(b); err != nil {
return "", err
}
return hex.EncodeToString(b), nil
}
// ── Logo handlers (admin: any tenant) ───────────────────────────────────────
func (s *Server) handleGetTenantLogo(w http.ResponseWriter, r *http.Request) {
if s.tenantStore == nil {
writeError(w, http.StatusServiceUnavailable, "tenant store not available")
return
}
id, err := parseTenantID(r)
if err != nil {
writeError(w, http.StatusBadRequest, "invalid tenant id")
return
}
data, contentType, err := s.tenantStore.GetLogo(r.Context(), id)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load logo")
return
}
if data == nil {
writeError(w, http.StatusNotFound, "no logo set")
return
}
if contentType == "" {
contentType = "image/png"
}
w.Header().Set("Content-Type", contentType)
w.Header().Set("Cache-Control", "public, max-age=86400")
w.WriteHeader(http.StatusOK)
_, _ = w.Write(data)
}
func (s *Server) handleUploadTenantLogo(w http.ResponseWriter, r *http.Request) {
if s.tenantStore == nil {
writeError(w, http.StatusServiceUnavailable, "tenant store not available")
return
}
id, err := parseTenantID(r)
if err != nil {
writeError(w, http.StatusBadRequest, "invalid tenant id")
return
}
s.saveTenantLogo(w, r, id)
}
func (s *Server) handleDeleteTenantLogo(w http.ResponseWriter, r *http.Request) {
if s.tenantStore == nil {
writeError(w, http.StatusServiceUnavailable, "tenant store not available")
return
}
id, err := parseTenantID(r)
if err != nil {
writeError(w, http.StatusBadRequest, "invalid tenant id")
return
}
if err := s.tenantStore.DeleteLogo(r.Context(), id); err != nil {
writeError(w, http.StatusInternalServerError, "failed to delete logo")
return
}
sess := sessionFromCtx(r.Context())
s.audlog.Log(audit.Entry{
EventType: "tenant_logo_deleted",
Username: sess.Username,
IPAddress: s.remoteIP(r),
Success: true,
Detail: "Mandant-Logo gelöscht (tenant " + strconv.FormatInt(id, 10) + ")",
})
w.WriteHeader(http.StatusNoContent)
}
// ── Logo handlers (domain_admin: own tenant) ─────────────────────────────────
func (s *Server) handleGetOwnTenantLogo(w http.ResponseWriter, r *http.Request) {
if s.tenantStore == nil {
writeError(w, http.StatusServiceUnavailable, "tenant store not available")
return
}
sess := sessionFromCtx(r.Context())
if sess.TenantID == nil {
writeError(w, http.StatusBadRequest, "no tenant context")
return
}
data, contentType, err := s.tenantStore.GetLogo(r.Context(), *sess.TenantID)
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to load logo")
return
}
if data == nil {
writeError(w, http.StatusNotFound, "no logo set")
return
}
if contentType == "" {
contentType = "image/png"
}
w.Header().Set("Content-Type", contentType)
w.Header().Set("Cache-Control", "public, max-age=86400")
w.WriteHeader(http.StatusOK)
_, _ = w.Write(data)
}
func (s *Server) handleUploadOwnTenantLogo(w http.ResponseWriter, r *http.Request) {
if s.tenantStore == nil {
writeError(w, http.StatusServiceUnavailable, "tenant store not available")
return
}
sess := sessionFromCtx(r.Context())
if sess.TenantID == nil {
writeError(w, http.StatusBadRequest, "no tenant context")
return
}
s.saveTenantLogo(w, r, *sess.TenantID)
}
func (s *Server) handleDeleteOwnTenantLogo(w http.ResponseWriter, r *http.Request) {
if s.tenantStore == nil {
writeError(w, http.StatusServiceUnavailable, "tenant store not available")
return
}
sess := sessionFromCtx(r.Context())
if sess.TenantID == nil {
writeError(w, http.StatusBadRequest, "no tenant context")
return
}
if err := s.tenantStore.DeleteLogo(r.Context(), *sess.TenantID); err != nil {
writeError(w, http.StatusInternalServerError, "failed to delete logo")
return
}
s.audlog.Log(audit.Entry{
EventType: "tenant_logo_deleted",
Username: sess.Username,
IPAddress: s.remoteIP(r),
Success: true,
Detail: "Mandant-Logo gelöscht",
})
w.WriteHeader(http.StatusNoContent)
}
// saveTenantLogo is the shared multipart upload logic for logo handlers.
func (s *Server) saveTenantLogo(w http.ResponseWriter, r *http.Request, tenantID int64) {
if err := r.ParseMultipartForm(maxLogoSize); err != nil {
writeError(w, http.StatusBadRequest, "failed to parse multipart form")
return
}
file, header, err := r.FormFile("logo")
if err != nil {
writeError(w, http.StatusBadRequest, "logo file required")
return
}
defer file.Close()
contentType := header.Header.Get("Content-Type")
if contentType == "" {
contentType = "image/png"
}
allowed := map[string]bool{
"image/png": true,
"image/jpeg": true,
"image/jpg": true,
"image/gif": true,
"image/webp": true,
"image/svg+xml": true,
}
if !allowed[contentType] {
writeError(w, http.StatusBadRequest, "unsupported image type (allowed: png, jpeg, gif, webp, svg)")
return
}
data, err := io.ReadAll(io.LimitReader(file, maxLogoSize+1))
if err != nil {
writeError(w, http.StatusInternalServerError, "failed to read logo")
return
}
if int64(len(data)) > maxLogoSize {
writeError(w, http.StatusBadRequest, "logo too large (max 2 MB)")
return
}
if err := s.tenantStore.SetLogo(r.Context(), tenantID, data, contentType); err != nil {
writeError(w, http.StatusInternalServerError, "failed to save logo")
return
}
sess := sessionFromCtx(r.Context())
s.audlog.Log(audit.Entry{
EventType: "tenant_logo_uploaded",
Username: sess.Username,
IPAddress: s.remoteIP(r),
Success: true,
Detail: fmt.Sprintf("Mandant-Logo hochgeladen (%d bytes, %s, tenant %d)", len(data), contentType, tenantID),
})
writeJSON(w, http.StatusOK, map[string]bool{"ok": true})
}
internal/tenantstore/store.go
+51 -7
View File
@@ -24,6 +24,7 @@ type Tenant struct {
UserCount int `json:"user_count,omitempty"`
LDAPEnabled *bool `json:"ldap_enabled,omitempty"`
LDAPURL string `json:"ldap_url,omitempty"`
HasLogo bool `json:"has_logo,omitempty"`
}
// TenantDomain is an e-mail domain assigned to a tenant.
@@ -71,6 +72,8 @@ CREATE TABLE IF NOT EXISTS tenant_ldap (
ALTER TABLE users ADD COLUMN IF NOT EXISTS tenant_id BIGINT REFERENCES tenants(id);
ALTER TABLE audit_log ADD COLUMN IF NOT EXISTS tenant_id BIGINT REFERENCES tenants(id);
ALTER TABLE tenants ADD COLUMN IF NOT EXISTS logo_data BYTEA;
ALTER TABLE tenants ADD COLUMN IF NOT EXISTS logo_content_type VARCHAR(100) NOT NULL DEFAULT '';
`
// New connects to PostgreSQL and initialises the tenant schema.
@@ -117,10 +120,11 @@ func (s *Store) Create(ctx context.Context, name, slug string) (*Tenant, error)
func (s *Store) List(ctx context.Context) ([]Tenant, error) {
rows, err := s.pool.Query(ctx, `
SELECT t.id, t.name, t.slug, t.active, t.created_at,
COUNT(DISTINCT td.id) AS domain_count,
COUNT(DISTINCT u.id) AS user_count,
tl.enabled AS ldap_enabled,
tl.url AS ldap_url
COUNT(DISTINCT td.id) AS domain_count,
COUNT(DISTINCT u.id) AS user_count,
tl.enabled AS ldap_enabled,
tl.url AS ldap_url,
(t.logo_data IS NOT NULL) AS has_logo
FROM tenants t
LEFT JOIN tenant_domains td ON td.tenant_id = t.id
LEFT JOIN users u ON u.tenant_id = t.id
@@ -136,7 +140,7 @@ func (s *Store) List(ctx context.Context) ([]Tenant, error) {
var tenants []Tenant
for rows.Next() {
var t Tenant
if err := rows.Scan(&t.ID, &t.Name, &t.Slug, &t.Active, &t.CreatedAt, &t.DomainCount, &t.UserCount, &t.LDAPEnabled, &t.LDAPURL); err != nil {
if err := rows.Scan(&t.ID, &t.Name, &t.Slug, &t.Active, &t.CreatedAt, &t.DomainCount, &t.UserCount, &t.LDAPEnabled, &t.LDAPURL, &t.HasLogo); err != nil {
return nil, fmt.Errorf("tenantstore: scan: %w", err)
}
tenants = append(tenants, t)
@@ -150,10 +154,10 @@ func (s *Store) List(ctx context.Context) ([]Tenant, error) {
// Get returns a single tenant by ID.
func (s *Store) Get(ctx context.Context, id int64) (*Tenant, error) {
row := s.pool.QueryRow(ctx,
`SELECT id, name, slug, active, created_at FROM tenants WHERE id = $1`, id,
`SELECT id, name, slug, active, created_at, (logo_data IS NOT NULL) AS has_logo FROM tenants WHERE id = $1`, id,
)
var t Tenant
if err := row.Scan(&t.ID, &t.Name, &t.Slug, &t.Active, &t.CreatedAt); err == pgx.ErrNoRows {
if err := row.Scan(&t.ID, &t.Name, &t.Slug, &t.Active, &t.CreatedAt, &t.HasLogo); err == pgx.ErrNoRows {
return nil, fmt.Errorf("tenantstore: not found: %d", id)
} else if err != nil {
return nil, fmt.Errorf("tenantstore: get: %w", err)
@@ -161,6 +165,46 @@ func (s *Store) Get(ctx context.Context, id int64) (*Tenant, error) {
return &t, nil
}
// SetLogo stores a logo image for a tenant (replaces any existing logo).
func (s *Store) SetLogo(ctx context.Context, tenantID int64, data []byte, contentType string) error {
_, err := s.pool.Exec(ctx,
`UPDATE tenants SET logo_data = $1, logo_content_type = $2 WHERE id = $3`,
data, contentType, tenantID,
)
if err != nil {
return fmt.Errorf("tenantstore: set logo: %w", err)
}
return nil
}
// GetLogo returns the raw logo bytes and content type for a tenant.
// Returns nil data if no logo is set.
func (s *Store) GetLogo(ctx context.Context, tenantID int64) ([]byte, string, error) {
var data []byte
var contentType string
err := s.pool.QueryRow(ctx,
`SELECT logo_data, logo_content_type FROM tenants WHERE id = $1`, tenantID,
).Scan(&data, &contentType)
if err == pgx.ErrNoRows {
return nil, "", nil
}
if err != nil {
return nil, "", fmt.Errorf("tenantstore: get logo: %w", err)
}
return data, contentType, nil
}
// DeleteLogo removes the logo from a tenant.
func (s *Store) DeleteLogo(ctx context.Context, tenantID int64) error {
_, err := s.pool.Exec(ctx,
`UPDATE tenants SET logo_data = NULL, logo_content_type = '' WHERE id = $1`, tenantID,
)
if err != nil {
return fmt.Errorf("tenantstore: delete logo: %w", err)
}
return nil
}
// Update sets name and active for a tenant.
func (s *Store) Update(ctx context.Context, id int64, name string, active bool) (*Tenant, error) {
_, err := s.pool.Exec(ctx,