Add Account HTTP API (#691)

Extend HTTP API with Account endpoints to configure global peer login expiration. GET /api/accounts PUT /api/account/{id}/ The GET endpoint returns an array of accounts with always one account in the list. No exceptions. The PUT endpoint updates account settings: PeerLoginExpiration and PeerLoginExpirationEnabled. PeerLoginExpiration is a duration in seconds after which peers' logins will expire.
2025-08-16 01:58:16 +02:00 · 2023-02-16 12:00:41 +01:00
parent d31219ba89
commit fe63a64b6e
9 changed files with 527 additions and 0 deletions
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@ -20,8 +20,31 @@ tags:
    description: Interact with and view information about DNS configuration.
  - name: Events
    description: View information about the account and network events.
+  - name: Accounts
+    description: View information about the accounts.
 components:
  schemas:
+    Account:
+      properties:
+        id:
+          description: Account ID
+          type: string
+        settings:
+          $ref: '#/components/schemas/AccountSettings'
+      required:
+        - id
+        - settings
+    AccountSettings:
+      properties:
+        peer_login_expiration_enabled:
+          description: Enables or disables peer login expiration globally. After peer's login has expired the user has to log in (authenticate). Applies only to peers that were added by a user (interactive SSO login).
+          type: boolean
+        peer_login_expiration:
+          description: Period of time after which peer login expires (seconds).
+          type: integer
+      required:
+        - peer_login_expiration_enabled
+        - peer_login_expiration
    User:
      type: object
      properties:
@ -606,6 +629,68 @@ components:
 security:
  - BearerAuth: [ ]
 paths:
+  /api/accounts:
+    get:
+      summary: Returns a list of accounts of a user. Always returns a list of one account. Only available for admin users.
+      tags: [ Accounts ]
+      security:
+        - BearerAuth: [ ]
+      responses:
+        '200':
+          description: A JSON array of accounts
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Account'
+        '400':
+          "$ref": "#/components/responses/bad_request"
+        '401':
+          "$ref": "#/components/responses/requires_authentication"
+        '403':
+          "$ref": "#/components/responses/forbidden"
+        '500':
+          "$ref": "#/components/responses/internal_error"
+  /api/accounts/{id}:
+    put:
+      summary: Update information about an account
+      tags: [ Accounts ]
+      security:
+        - BearerAuth: [ ]
+      parameters:
+        - in: path
+          name: id
+          required: true
+          schema:
+            type: string
+          description: The Account ID
+      requestBody:
+        description: update an account
+        content:
+          'application/json':
+            schema:
+              type: object
+              properties:
+                settings:
+                  $ref: '#/components/schemas/AccountSettings'
+              required:
+                - settings
+      responses:
+        '200':
+          description: An Account object
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Account'
+        '400':
+          "$ref": "#/components/responses/bad_request"
+        '401':
+          "$ref": "#/components/responses/requires_authentication"
+        '403':
+          "$ref": "#/components/responses/forbidden"
+        '500':
+          "$ref": "#/components/responses/internal_error"
  /api/users:
    get:
      summary: Returns a list of all users
--- a/management/server/http/api/types.gen.go
+++ b/management/server/http/api/types.gen.go
@ -134,6 +134,22 @@ const (
 	UserStatusInvited  UserStatus = "invited"
 )

+// Account defines model for Account.
+type Account struct {
+	// Id Account ID
+	Id       string          `json:"id"`
+	Settings AccountSettings `json:"settings"`
+}
+
+// AccountSettings defines model for AccountSettings.
+type AccountSettings struct {
+	// PeerLoginExpiration Period of time after which peer login expires (seconds).
+	PeerLoginExpiration int `json:"peer_login_expiration"`
+
+	// PeerLoginExpirationEnabled Enables or disables peer login expiration globally. After peer's login has expired the user has to log in (authenticate). Applies only to peers that were added by a user (interactive SSO login).
+	PeerLoginExpirationEnabled bool `json:"peer_login_expiration_enabled"`
+}
+
 // DNSSettings defines model for DNSSettings.
 type DNSSettings struct {
 	// DisabledManagementGroups Groups whose DNS management is disabled
@ -617,6 +633,11 @@ type UserRequest struct {
 	Role string `json:"role"`
 }

+// PutApiAccountsIdJSONBody defines parameters for PutApiAccountsId.
+type PutApiAccountsIdJSONBody struct {
+	Settings AccountSettings `json:"settings"`
+}
+
 // PatchApiDnsNameserversIdJSONBody defines parameters for PatchApiDnsNameserversId.
 type PatchApiDnsNameserversIdJSONBody = []NameserverGroupPatchOperation

@ -682,6 +703,9 @@ type PutApiRulesIdJSONBody struct {
 	Sources *[]string `json:"sources,omitempty"`
 }

+// PutApiAccountsIdJSONRequestBody defines body for PutApiAccountsId for application/json ContentType.
+type PutApiAccountsIdJSONRequestBody PutApiAccountsIdJSONBody
+
 // PostApiDnsNameserversJSONRequestBody defines body for PostApiDnsNameservers for application/json ContentType.
 type PostApiDnsNameserversJSONRequestBody = NameserverGroupRequest