Acasă Explorează Ajutor
Autentificare
fszontagh
/
stable-diffusion.cpp-rest
1
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: f6b678331d
Ramuri Etichete
stable-diffusio...
/
src
/
user_manager.cpp

user_manager.cpp 30 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982 
  1. #include "user_manager.h"
    2. 

  2. #include "jwt_auth.h"
    3. 

  3. #include <nlohmann/json.hpp>
    4. 

  4. #include <fstream>
    5. 

  5. #include <filesystem>
    6. 

  6. #include <sstream>
    7. 

  7. #include <iomanip>
    8. 

  8. #include <algorithm>
    9. 

  9. #include <regex>
    10. 

  10. #include <crypt.h>
    11. 

  11. #include <unistd.h>
    12. 

  12. #include <pwd.h>
    13. 

  13. #include <shadow.h>
    14. 

  14. #include <sys/types.h>
    15. 

  15. #include <openssl/sha.h>
    16. 

  16. 

  17. using json = nlohmann::json;
    18. 

  18. 

  19. // Define static permission constants
    20. 

  20. const std::string UserManager::Permissions::READ = "read";
    21. 

  21. const std::string UserManager::Permissions::GENERATE = "generate";
    22. 

  22. const std::string UserManager::Permissions::QUEUE_MANAGE = "queue_manage";
    23. 

  23. const std::string UserManager::Permissions::MODEL_MANAGE = "model_manage";
    24. 

  24. const std::string UserManager::Permissions::USER_MANAGE = "user_manage";
    25. 

  25. const std::string UserManager::Permissions::ADMIN = "admin";
    26. 

  26. 

  27. UserManager::UserManager(const std::string& dataDir,
    28. 

  28.                          AuthMethod authMethod,
    29. 

  29.                          bool enableUnixAuth)
    30. 

  30.     : m_dataDir(dataDir)
    31. 

  31.     , m_authMethod(authMethod)
    32. 

  32.     , m_unixAuthEnabled(enableUnixAuth)
    33. 

  33. {
    34. 

  34. }
    35. 

  35. 

  36. UserManager::~UserManager() {
    37. 

  37.     shutdown();
    38. 

  38. }
    39. 

  39. 

  40. bool UserManager::initialize() {
    41. 

  41.     try {
    42. 

  42.         // Create data directory if it doesn't exist
    43. 

  43.         std::filesystem::create_directories(m_dataDir);
    44. 

  44. 

  45.         // Load existing user data
    46. 

  46.         if (!loadUserData()) {
    47. 

  47.             // Create default admin user if no users exist
    48. 

  48.             if (m_users.empty()) {
    49. 

  49.                 auto [success, adminId] = createUser("admin", "admin123", "admin@localhost", UserRole::ADMIN, "system");
    50. 

  50.                 if (!success) {
    51. 

  51.                     return false;
    52. 

  52.                 }
    53. 

  53.             }
    54. 

  54.         }
    55. 

  55. 

  56.         // Load existing API key data
    57. 

  57.         loadApiKeyData();
    58. 

  58. 

  59.         return true;
    60. 

  60.     } catch (const std::exception& e) {
    61. 

  61.         return false;
    62. 

  62.     }
    63. 

  63. }
    64. 

  64. 

  65. void UserManager::shutdown() {
    66. 

  66.     // Save data before shutdown
    67. 

  67.     saveUserData();
    68. 

  68.     saveApiKeyData();
    69. 

  69. }
    70. 

  70. 

  71. AuthResult UserManager::authenticateUser(const std::string& username, const std::string& password) {
    72. 

  72.     AuthResult result;
    73. 

  73.     result.success = false;
    74. 

  74. 

  75.     try {
    76. 

  76.         // Find user by username
    77. 

  77.         auto it = m_users.find(username);
    78. 

  78.         if (it == m_users.end()) {
    79. 

  79.             result.errorMessage = "User not found";
    80. 

  80.             result.errorCode = "USER_NOT_FOUND";
    81. 

  81.             return result;
    82. 

  82.         }
    83. 

  83. 

  84.         const UserInfo& user = it->second;
    85. 

  85. 

  86.         // Check if user is active
    87. 

  87.         if (!user.active) {
    88. 

  88.             result.errorMessage = "User account is disabled";
    89. 

  89.             result.errorCode = "ACCOUNT_DISABLED";
    90. 

  90.             return result;
    91. 

  91.         }
    92. 

  92. 

  93.         // Verify password
    94. 

  94.         if (!verifyPassword(password, user.passwordHash)) {
    95. 

  95.             result.errorMessage = "Invalid password";
    96. 

  96.             result.errorCode = "INVALID_PASSWORD";
    97. 

  97.             return result;
    98. 

  98.         }
    99. 

  99. 

  100.         // Authentication successful
    101. 

  101.         result.success = true;
    102. 

  102.         result.userId = user.id;
    103. 

  103.         result.username = user.username;
    104. 

  104.         result.role = user.role;
    105. 

  105.         result.permissions = user.permissions;
    106. 

  106. 

  107.         // Update last login time
    108. 

  108.         m_users[username].lastLoginAt = getCurrentTimestamp();
    109. 

  109.         saveUserData();
    110. 

  110. 

  111.     } catch (const std::exception& e) {
    112. 

  112.         result.errorMessage = "Authentication failed: " + std::string(e.what());
    113. 

  113.         result.errorCode = "AUTH_ERROR";
    114. 

  114.     }
    115. 

  115. 

  116.     return result;
    117. 

  117. }
    118. 

  118. 

  119. AuthResult UserManager::authenticateUnix(const std::string& username) {
    120. 

  120.     AuthResult result;
    121. 

  121.     result.success = false;
    122. 

  122. 

  123.     if (!m_unixAuthEnabled) {
    124. 

  124.         result.errorMessage = "Unix authentication is disabled";
    125. 

  125.         result.errorCode = "UNIX_AUTH_DISABLED";
    126. 

  126.         return result;
    127. 

  127.     }
    128. 

  128. 

  129.     try {
    130. 

  130.         // Get user information from system
    131. 

  131.         struct passwd* pw = getpwnam(username.c_str());
    132. 

  132.         if (!pw) {
    133. 

  133.             result.errorMessage = "Unix user not found";
    134. 

  134.             result.errorCode = "UNIX_USER_NOT_FOUND";
    135. 

  135.             return result;
    136. 

  136.         }
    137. 

  137. 

  138.         // Check if user exists in our system or create guest user
    139. 

  139.         UserInfo user;
    140. 

  140.         auto it = m_users.find(username);
    141. 

  141.         if (it != m_users.end()) {
    142. 

  142.             user = it->second;
    143. 

  143.         } else {
    144. 

  144.             // Create guest user for Unix authentication
    145. 

  145.             user.id = generateUserId();
    146. 

  146.             user.username = username;
    147. 

  147.             user.email = username + "@localhost";
    148. 

  148.             user.role = roleToString(UserRole::USER);
    149. 

  149.             user.permissions = getDefaultPermissions(UserRole::USER);
    150. 

  150.             user.active = true;
    151. 

  151.             user.createdAt = getCurrentTimestamp();
    152. 

  152.             user.createdBy = "system";
    153. 

  153. 

  154.             m_users[username] = user;
    155. 

  155.             saveUserData();
    156. 

  156.         }
    157. 

  157. 

  158.         // Authentication successful
    159. 

  159.         result.success = true;
    160. 

  160.         result.userId = user.id;
    161. 

  161.         result.username = user.username;
    162. 

  162.         result.role = user.role;
    163. 

  163.         result.permissions = user.permissions;
    164. 

  164. 

  165.     } catch (const std::exception& e) {
    166. 

  166.         result.errorMessage = "Unix authentication failed: " + std::string(e.what());
    167. 

  167.         result.errorCode = "UNIX_AUTH_ERROR";
    168. 

  168.     }
    169. 

  169. 

  170.     return result;
    171. 

  171. }
    172. 

  172. 

  173. AuthResult UserManager::authenticateApiKey(const std::string& apiKey) {
    174. 

  174.     AuthResult result;
    175. 

  175.     result.success = false;
    176. 

  176. 

  177.     try {
    178. 

  178.         // Hash the API key to compare with stored hashes
    179. 

  179.         std::string keyHash = hashApiKey(apiKey);
    180. 

  180. 

  181.         auto it = m_apiKeyMap.find(keyHash);
    182. 

  182.         if (it == m_apiKeyMap.end()) {
    183. 

  183.             result.errorMessage = "Invalid API key";
    184. 

  184.             result.errorCode = "INVALID_API_KEY";
    185. 

  185.             return result;
    186. 

  186.         }
    187. 

  187. 

  188.         const std::string& keyId = it->second;
    189. 

  189.         const ApiKeyInfo& keyInfo = m_apiKeys[keyId];
    190. 

  190. 

  191.         // Check if key is active
    192. 

  192.         if (!keyInfo.active) {
    193. 

  193.             result.errorMessage = "API key is disabled";
    194. 

  194.             result.errorCode = "API_KEY_DISABLED";
    195. 

  195.             return result;
    196. 

  196.         }
    197. 

  197. 

  198.         // Check expiration
    199. 

  199.         if (keyInfo.expiresAt > 0 && getCurrentTimestamp() >= keyInfo.expiresAt) {
    200. 

  200.             result.errorMessage = "API key has expired";
    201. 

  201.             result.errorCode = "API_KEY_EXPIRED";
    202. 

  202.             return result;
    203. 

  203.         }
    204. 

  204. 

  205.         // Get user information
    206. 

  206.         auto userIt = m_users.find(keyInfo.userId);
    207. 

  207.         if (userIt == m_users.end()) {
    208. 

  208.             result.errorMessage = "API key owner not found";
    209. 

  209.             result.errorCode = "USER_NOT_FOUND";
    210. 

  210.             return result;
    211. 

  211.         }
    212. 

  212. 

  213.         const UserInfo& user = userIt->second;
    214. 

  214.         if (!user.active) {
    215. 

  215.             result.errorMessage = "API key owner account is disabled";
    216. 

  216.             result.errorCode = "ACCOUNT_DISABLED";
    217. 

  217.             return result;
    218. 

  218.         }
    219. 

  219. 

  220.         // Authentication successful
    221. 

  221.         result.success = true;
    222. 

  222.         result.userId = user.id;
    223. 

  223.         result.username = user.username;
    224. 

  224.         result.role = user.role;
    225. 

  225.         result.permissions = keyInfo.permissions.empty() ? user.permissions : keyInfo.permissions;
    226. 

  226. 

  227.         // Update last used timestamp
    228. 

  228.         m_apiKeys[keyId].lastUsedAt = getCurrentTimestamp();
    229. 

  229.         saveApiKeyData();
    230. 

  230. 

  231.     } catch (const std::exception& e) {
    232. 

  232.         result.errorMessage = "API key authentication failed: " + std::string(e.what());
    233. 

  233.         result.errorCode = "API_KEY_AUTH_ERROR";
    234. 

  234.     }
    235. 

  235. 

  236.     return result;
    237. 

  237. }
    238. 

  238. 

  239. std::pair<bool, std::string> UserManager::createUser(const std::string& username,
    240. 

  240.                                                      const std::string& password,
    241. 

  241.                                                      const std::string& email,
    242. 

  242.                                                      UserRole role,
    243. 

  243.                                                      const std::string& createdBy) {
    244. 

  244.     try {
    245. 

  245.         // Validate inputs
    246. 

  246.         if (!validateUsername(username)) {
    247. 

  247.             return {false, "Invalid username format"};
    248. 

  248.         }
    249. 

  249. 

  250.         if (!validatePassword(password)) {
    251. 

  251.             return {false, "Password does not meet requirements"};
    252. 

  252.         }
    253. 

  253. 

  254.         if (!validateEmail(email)) {
    255. 

  255.             return {false, "Invalid email format"};
    256. 

  256.         }
    257. 

  257. 

  258.         // Check if user already exists
    259. 

  259.         if (m_users.find(username) != m_users.end()) {
    260. 

  260.             return {false, "User already exists"};
    261. 

  261.         }
    262. 

  262. 

  263.         // Create user
    264. 

  264.         UserInfo user;
    265. 

  265.         user.id = generateUserId();
    266. 

  266.         user.username = username;
    267. 

  267.         user.email = email;
    268. 

  268.         user.passwordHash = hashPassword(password);
    269. 

  269.         user.role = roleToString(role);
    270. 

  270.         user.permissions = getDefaultPermissions(role);
    271. 

  271.         user.active = true;
    272. 

  272.         user.createdAt = getCurrentTimestamp();
    273. 

  273.         user.passwordChangedAt = getCurrentTimestamp();
    274. 

  274.         user.createdBy = createdBy;
    275. 

  275. 

  276.         m_users[username] = user;
    277. 

  277.         saveUserData();
    278. 

  278. 

  279.         return {true, user.id};
    280. 

  280. 

  281.     } catch (const std::exception& e) {
    282. 

  282.         return {false, "Failed to create user: " + std::string(e.what())};
    283. 

  283.     }
    284. 

  284. }
    285. 

  285. 

  286. std::pair<bool, std::string> UserManager::updateUser(const std::string& userId,
    287. 

  287.                                                      const std::map<std::string, std::string>& updates) {
    288. 

  288.     try {
    289. 

  289.         // Find user by ID
    290. 

  290.         std::string username;
    291. 

  291.         for (const auto& pair : m_users) {
    292. 

  292.             if (pair.second.id == userId) {
    293. 

  293.                 username = pair.first;
    294. 

  294.                 break;
    295. 

  295.             }
    296. 

  296.         }
    297. 

  297. 

  298.         if (username.empty()) {
    299. 

  299.             return {false, "User not found"};
    300. 

  300.         }
    301. 

  301. 

  302.         UserInfo& user = m_users[username];
    303. 

  303. 

  304.         // Update allowed fields
    305. 

  305.         for (const auto& update : updates) {
    306. 

  306.             const std::string& field = update.first;
    307. 

  307.             const std::string& value = update.second;
    308. 

  308. 

  309.             if (field == "email") {
    310. 

  310.                 if (!validateEmail(value)) {
    311. 

  311.                     return {false, "Invalid email format"};
    312. 

  312.                 }
    313. 

  313.                 user.email = value;
    314. 

  314.             } else if (field == "role") {
    315. 

  315.                 user.role = value;
    316. 

  316.                 user.permissions = getDefaultPermissions(stringToRole(value));
    317. 

  317.             } else if (field == "active") {
    318. 

  318.                 user.active = (value == "true" || value == "1");
    319. 

  319.             }
    320. 

  320.         }
    321. 

  321. 

  322.         saveUserData();
    323. 

  323.         return {true, "User updated successfully"};
    324. 

  324. 

  325.     } catch (const std::exception& e) {
    326. 

  326.         return {false, "Failed to update user: " + std::string(e.what())};
    327. 

  327.     }
    328. 

  328. }
    329. 

  329. 

  330. std::pair<bool, std::string> UserManager::deleteUser(const std::string& userId,
    331. 

  331.                                                      const std::string& requestingUserId) {
    332. 

  332.     try {
    333. 

  333.         // Find user by ID
    334. 

  334.         std::string username;
    335. 

  335.         for (const auto& pair : m_users) {
    336. 

  336.             if (pair.second.id == userId) {
    337. 

  337.                 username = pair.first;
    338. 

  338.                 break;
    339. 

  339.             }
    340. 

  340.         }
    341. 

  341. 

  342.         if (username.empty()) {
    343. 

  343.             return {false, "User not found"};
    344. 

  344.         }
    345. 

  345. 

  346.         // Check permissions
    347. 

  347.         if (!canManageUser(requestingUserId, userId)) {
    348. 

  348.             return {false, "Insufficient permissions to delete user"};
    349. 

  349.         }
    350. 

  350. 

  351.         // Delete user's API keys
    352. 

  352.         auto it = m_apiKeys.begin();
    353. 

  353.         while (it != m_apiKeys.end()) {
    354. 

  354.             if (it->second.userId == userId) {
    355. 

  355.                 m_apiKeyMap.erase(it->second.keyHash);
    356. 

  356.                 it = m_apiKeys.erase(it);
    357. 

  357.             } else {
    358. 

  358.                 ++it;
    359. 

  359.             }
    360. 

  360.         }
    361. 

  361. 

  362.         // Delete user
    363. 

  363.         m_users.erase(username);
    364. 

  364.         saveUserData();
    365. 

  365.         saveApiKeyData();
    366. 

  366. 

  367.         return {true, "User deleted successfully"};
    368. 

  368. 

  369.     } catch (const std::exception& e) {
    370. 

  370.         return {false, "Failed to delete user: " + std::string(e.what())};
    371. 

  371.     }
    372. 

  372. }
    373. 

  373. 

  374. std::pair<bool, std::string> UserManager::changePassword(const std::string& userId,
    375. 

  375.                                                           const std::string& oldPassword,
    376. 

  376.                                                           const std::string& newPassword,
    377. 

  377.                                                           const std::string& requestingUserId) {
    378. 

  378.     try {
    379. 

  379.         // Find user by ID
    380. 

  380.         std::string username;
    381. 

  381.         for (const auto& pair : m_users) {
    382. 

  382.             if (pair.second.id == userId) {
    383. 

  383.                 username = pair.first;
    384. 

  384.                 break;
    385. 

  385.             }
    386. 

  386.         }
    387. 

  387. 

  388.         if (username.empty()) {
    389. 

  389.             return {false, "User not found"};
    390. 

  390.         }
    391. 

  391. 

  392.         UserInfo& user = m_users[username];
    393. 

  393. 

  394.         // Check permissions (admin can change without old password)
    395. 

  395.         if (requestingUserId != userId) {
    396. 

  396.             if (!canManageUser(requestingUserId, userId)) {
    397. 

  397.                 return {false, "Insufficient permissions to change password"};
    398. 

  398.             }
    399. 

  399.         } else {
    400. 

  400.             // User changing own password - verify old password
    401. 

  401.             if (!verifyPassword(oldPassword, user.passwordHash)) {
    402. 

  402.                 return {false, "Current password is incorrect"};
    403. 

  403.             }
    404. 

  404.         }
    405. 

  405. 

  406.         // Validate new password
    407. 

  407.         if (!validatePassword(newPassword)) {
    408. 

  408.             return {false, "New password does not meet requirements"};
    409. 

  409.         }
    410. 

  410. 

  411.         // Update password
    412. 

  412.         user.passwordHash = hashPassword(newPassword);
    413. 

  413.         user.passwordChangedAt = getCurrentTimestamp();
    414. 

  414.         saveUserData();
    415. 

  415. 

  416.         return {true, "Password changed successfully"};
    417. 

  417. 

  418.     } catch (const std::exception& e) {
    419. 

  419.         return {false, "Failed to change password: " + std::string(e.what())};
    420. 

  420.     }
    421. 

  421. }
    422. 

  422. 

  423. UserInfo UserManager::getUserInfo(const std::string& userId) {
    424. 

  424.     for (const auto& pair : m_users) {
    425. 

  425.         if (pair.second.id == userId) {
    426. 

  426.             return pair.second;
    427. 

  427.         }
    428. 

  428.     }
    429. 

  429.     return UserInfo{};
    430. 

  430. }
    431. 

  431. 

  432. UserInfo UserManager::getUserInfoByUsername(const std::string& username) {
    433. 

  433.     auto it = m_users.find(username);
    434. 

  434.     if (it != m_users.end()) {
    435. 

  435.         return it->second;
    436. 

  436.     }
    437. 

  437.     return UserInfo{};
    438. 

  438. }
    439. 

  439. 

  440. std::vector<UserInfo> UserManager::listUsers(const std::string& requestingUserId) {
    441. 

  441.     std::vector<UserInfo> users;
    442. 

  442. 

  443.     // Check if requester is admin
    444. 

  444.     UserInfo requester = getUserInfo(requestingUserId);
    445. 

  445.     bool isAdmin = (requester.role == roleToString(UserRole::ADMIN));
    446. 

  446. 

  447.     for (const auto& pair : m_users) {
    448. 

  448.         const UserInfo& user = pair.second;
    449. 

  449. 

  450.         // Non-admins can only see themselves
    451. 

  451.         if (!isAdmin && user.id != requestingUserId) {
    452. 

  452.             continue;
    453. 

  453.         }
    454. 

  454. 

  455.         // Don't include sensitive information for non-admins
    456. 

  456.         UserInfo userInfo = user;
    457. 

  457.         if (!isAdmin) {
    458. 

  458.             userInfo.passwordHash = "";
    459. 

  459.             userInfo.apiKeys.clear();
    460. 

  460.         }
    461. 

  461. 

  462.         users.push_back(userInfo);
    463. 

  463.     }
    464. 

  464. 

  465.     return users;
    466. 

  466. }
    467. 

  467. 

  468. std::pair<bool, std::string> UserManager::createApiKey(const std::string& userId,
    469. 

  469.                                                         const std::string& name,
    470. 

  470.                                                         const std::vector<std::string>& permissions,
    471. 

  471.                                                         int64_t expiresAt,
    472. 

  472.                                                         const std::string& createdBy) {
    473. 

  473.     try {
    474. 

  474.         // Check if user exists
    475. 

  475.         bool userExists = false;
    476. 

  476.         for (const auto& pair : m_users) {
    477. 

  477.             if (pair.second.id == userId) {
    478. 

  478.                 userExists = true;
    479. 

  479.                 break;
    480. 

  480.             }
    481. 

  481.         }
    482. 

  482. 

  483.         if (!userExists) {
    484. 

  484.             return {false, "User not found"};
    485. 

  485.         }
    486. 

  486. 

  487.         // Generate API key
    488. 

  488.         std::string apiKey = JWTAuth::generateApiKey(32);
    489. 

  489.         std::string keyId = generateKeyId();
    490. 

  490.         std::string keyHash = hashApiKey(apiKey);
    491. 

  491. 

  492.         // Create API key info
    493. 

  493.         ApiKeyInfo keyInfo;
    494. 

  494.         keyInfo.keyId = keyId;
    495. 

  495.         keyInfo.keyHash = keyHash;
    496. 

  496.         keyInfo.name = name;
    497. 

  497.         keyInfo.userId = userId;
    498. 

  498.         keyInfo.permissions = permissions;
    499. 

  499.         keyInfo.active = true;
    500. 

  500.         keyInfo.createdAt = getCurrentTimestamp();
    501. 

  501.         keyInfo.lastUsedAt = 0;
    502. 

  502.         keyInfo.expiresAt = expiresAt;
    503. 

  503.         keyInfo.createdBy = createdBy;
    504. 

  504. 

  505.         m_apiKeys[keyId] = keyInfo;
    506. 

  506.         m_apiKeyMap[keyHash] = keyId;
    507. 

  507.         saveApiKeyData();
    508. 

  508. 

  509.         return {true, apiKey};
    510. 

  510. 

  511.     } catch (const std::exception& e) {
    512. 

  512.         return {false, "Failed to create API key: " + std::string(e.what())};
    513. 

  513.     }
    514. 

  514. }
    515. 

  515. 

  516. std::pair<bool, std::string> UserManager::revokeApiKey(const std::string& keyId,
    517. 

  517.                                                        const std::string& requestingUserId) {
    518. 

  518.     try {
    519. 

  519.         auto it = m_apiKeys.find(keyId);
    520. 

  520.         if (it == m_apiKeys.end()) {
    521. 

  521.             return {false, "API key not found"};
    522. 

  522.         }
    523. 

  523. 

  524.         const ApiKeyInfo& keyInfo = it->second;
    525. 

  525. 

  526.         // Check permissions
    527. 

  527.         if (keyInfo.userId != requestingUserId) {
    528. 

  528.             if (!canManageUser(requestingUserId, keyInfo.userId)) {
    529. 

  529.                 return {false, "Insufficient permissions to revoke API key"};
    530. 

  530.             }
    531. 

  531.         }
    532. 

  532. 

  533.         // Remove API key
    534. 

  534.         m_apiKeyMap.erase(keyInfo.keyHash);
    535. 

  535.         m_apiKeys.erase(it);
    536. 

  536.         saveApiKeyData();
    537. 

  537. 

  538.         return {true, "API key revoked successfully"};
    539. 

  539. 

  540.     } catch (const std::exception& e) {
    541. 

  541.         return {false, "Failed to revoke API key: " + std::string(e.what())};
    542. 

  542.     }
    543. 

  543. }
    544. 

  544. 

  545. std::vector<ApiKeyInfo> UserManager::listApiKeys(const std::string& userId,
    546. 

  546.                                                   const std::string& requestingUserId) {
    547. 

  547.     std::vector<ApiKeyInfo> apiKeys;
    548. 

  548. 

  549.     // Check if requester is admin or owner
    550. 

  550.     UserInfo requester = getUserInfo(requestingUserId);
    551. 

  551.     bool isAdmin = (requester.role == roleToString(UserRole::ADMIN));
    552. 

  552.     bool isOwner = (requestingUserId == userId);
    553. 

  553. 

  554.     for (const auto& pair : m_apiKeys) {
    555. 

  555.         const ApiKeyInfo& keyInfo = pair.second;
    556. 

  556. 

  557.         // Filter by user ID if specified
    558. 

  558.         if (!userId.empty() && keyInfo.userId != userId) {
    559. 

  559.             continue;
    560. 

  560.         }
    561. 

  561. 

  562.         // Check permissions
    563. 

  563.         if (!isAdmin && keyInfo.userId != requestingUserId) {
    564. 

  564.             continue;
    565. 

  565.         }
    566. 

  566. 

  567.         // Don't include hash for non-owners
    568. 

  568.         ApiKeyInfo keyInfoCopy = keyInfo;
    569. 

  569.         if (!isOwner && !isAdmin) {
    570. 

  570.             keyInfoCopy.keyHash = "";
    571. 

  571.         }
    572. 

  572. 

  573.         apiKeys.push_back(keyInfoCopy);
    574. 

  574.     }
    575. 

  575. 

  576.     return apiKeys;
    577. 

  577. }
    578. 

  578. 

  579. ApiKeyInfo UserManager::getApiKeyInfo(const std::string& keyId,
    580. 

  580.                                        const std::string& requestingUserId) {
    581. 

  581.     auto it = m_apiKeys.find(keyId);
    582. 

  582.     if (it == m_apiKeys.end()) {
    583. 

  583.         return ApiKeyInfo{};
    584. 

  584.     }
    585. 

  585. 

  586.     const ApiKeyInfo& keyInfo = it->second;
    587. 

  587. 

  588.     // Check permissions
    589. 

  589.     UserInfo requester = getUserInfo(requestingUserId);
    590. 

  590.     bool isAdmin = (requester.role == roleToString(UserRole::ADMIN));
    591. 

  591.     bool isOwner = (keyInfo.userId == requestingUserId);
    592. 

  592. 

  593.     if (!isAdmin && !isOwner) {
    594. 

  594.         return ApiKeyInfo{};
    595. 

  595.     }
    596. 

  596. 

  597.     // Don't include hash for non-owners
    598. 

  598.     ApiKeyInfo keyInfoCopy = keyInfo;
    599. 

  599.     if (!isOwner) {
    600. 

  600.         keyInfoCopy.keyHash = "";
    601. 

  601.     }
    602. 

  602. 

  603.     return keyInfoCopy;
    604. 

  604. }
    605. 

  605. 

  606. void UserManager::updateApiKeyLastUsed(const std::string& keyId) {
    607. 

  607.     auto it = m_apiKeys.find(keyId);
    608. 

  608.     if (it != m_apiKeys.end()) {
    609. 

  609.         it->second.lastUsedAt = getCurrentTimestamp();
    610. 

  610.         saveApiKeyData();
    611. 

  611.     }
    612. 

  612. }
    613. 

  613. 

  614. bool UserManager::hasPermission(const std::string& userId, const std::string& permission) {
    615. 

  615.     UserInfo user = getUserInfo(userId);
    616. 

  616.     if (user.id.empty()) {
    617. 

  617.         return false;
    618. 

  618.     }
    619. 

  619. 

  620.     return JWTAuth::hasPermission(user.permissions, permission);
    621. 

  621. }
    622. 

  622. 

  623. bool UserManager::hasAnyPermission(const std::string& userId,
    624. 

  624.                                    const std::vector<std::string>& permissions) {
    625. 

  625.     UserInfo user = getUserInfo(userId);
    626. 

  626.     if (user.id.empty()) {
    627. 

  627.         return false;
    628. 

  628.     }
    629. 

  629. 

  630.     return JWTAuth::hasAnyPermission(user.permissions, permissions);
    631. 

  631. }
    632. 

  632. 

  633. std::string UserManager::roleToString(UserRole role) {
    634. 

  634.     switch (role) {
    635. 

  635.         case UserRole::GUEST: return "guest";
    636. 

  636.         case UserRole::USER: return "user";
    637. 

  637.         case UserRole::ADMIN: return "admin";
    638. 

  638.         case UserRole::SERVICE: return "service";
    639. 

  639.         default: return "unknown";
    640. 

  640.     }
    641. 

  641. }
    642. 

  642. 

  643. UserManager::UserRole UserManager::stringToRole(const std::string& roleStr) {
    644. 

  644.     if (roleStr == "guest") return UserRole::GUEST;
    645. 

  645.     if (roleStr == "user") return UserRole::USER;
    646. 

  646.     if (roleStr == "admin") return UserRole::ADMIN;
    647. 

  647.     if (roleStr == "service") return UserRole::SERVICE;
    648. 

  648.     return UserRole::USER; // Default
    649. 

  649. }
    650. 

  650. 

  651. std::vector<std::string> UserManager::getDefaultPermissions(UserRole role) {
    652. 

  652.     switch (role) {
    653. 

  653.         case UserRole::GUEST:
    654. 

  654.             return {Permissions::READ};
    655. 

  655.         case UserRole::USER:
    656. 

  656.             return {Permissions::READ, Permissions::GENERATE};
    657. 

  657.         case UserRole::ADMIN:
    658. 

  658.             return {Permissions::READ, Permissions::GENERATE, Permissions::QUEUE_MANAGE,
    659. 

  659.                     Permissions::MODEL_MANAGE, Permissions::USER_MANAGE, Permissions::ADMIN};
    660. 

  660.         case UserRole::SERVICE:
    661. 

  661.             return {Permissions::READ, Permissions::GENERATE, Permissions::QUEUE_MANAGE};
    662. 

  662.         default:
    663. 

  663.             return {};
    664. 

  664.     }
    665. 

  665. }
    666. 

  666. 

  667. void UserManager::setAuthMethod(AuthMethod method) {
    668. 

  668.     m_authMethod = method;
    669. 

  669. }
    670. 

  670. 

  671. UserManager::AuthMethod UserManager::getAuthMethod() const {
    672. 

  672.     return m_authMethod;
    673. 

  673. }
    674. 

  674. 

  675. void UserManager::setUnixAuthEnabled(bool enable) {
    676. 

  676.     m_unixAuthEnabled = enable;
    677. 

  677. }
    678. 

  678. 

  679. bool UserManager::isUnixAuthEnabled() const {
    680. 

  680.     return m_unixAuthEnabled;
    681. 

  681. }
    682. 

  682. 

  683. std::map<std::string, int> UserManager::getStatistics() {
    684. 

  684.     std::map<std::string, int> stats;
    685. 

  685. 

  686.     stats["total_users"] = m_users.size();
    687. 

  687.     stats["active_users"] = 0;
    688. 

  688.     stats["admin_users"] = 0;
    689. 

  689.     stats["total_api_keys"] = m_apiKeys.size();
    690. 

  690.     stats["active_api_keys"] = 0;
    691. 

  691.     stats["expired_api_keys"] = 0;
    692. 

  692. 

  693.     int64_t currentTime = getCurrentTimestamp();
    694. 

  694. 

  695.     for (const auto& pair : m_users) {
    696. 

  696.         const UserInfo& user = pair.second;
    697. 

  697.         if (user.active) {
    698. 

  698.             stats["active_users"]++;
    699. 

  699.         }
    700. 

  700.         if (user.role == roleToString(UserRole::ADMIN)) {
    701. 

  701.             stats["admin_users"]++;
    702. 

  702.         }
    703. 

  703.     }
    704. 

  704. 

  705.     for (const auto& pair : m_apiKeys) {
    706. 

  706.         const ApiKeyInfo& keyInfo = pair.second;
    707. 

  707.         if (keyInfo.active) {
    708. 

  708.             stats["active_api_keys"]++;
    709. 

  709.         }
    710. 

  710.         if (keyInfo.expiresAt > 0 && currentTime >= keyInfo.expiresAt) {
    711. 

  711.             stats["expired_api_keys"]++;
    712. 

  712.         }
    713. 

  713.     }
    714. 

  714. 

  715.     return stats;
    716. 

  716. }
    717. 

  717. 

  718. std::string UserManager::hashPassword(const std::string& password) {
    719. 

  719.     // Simple SHA256 hash for now (in production, use proper password hashing like bcrypt/argon2)
    720. 

  720.     unsigned char hash[SHA256_DIGEST_LENGTH];
    721. 

  721.     SHA256((unsigned char*)password.c_str(), password.length(), hash);
    722. 

  722. 

  723.     std::stringstream ss;
    724. 

  724.     for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
    725. 

  725.         ss << std::hex << std::setw(2) << std::setfill('0') << (int)hash[i];
    726. 

  726.     }
    727. 

  727. 

  728.     return "sha256:" + ss.str();
    729. 

  729. }
    730. 

  730. 

  731. bool UserManager::verifyPassword(const std::string& password, const std::string& storedHash) {
    732. 

  732.     // Simple SHA256 verification (in production, use proper password hashing)
    733. 

  733.     if (storedHash.substr(0, 7) != "sha256:") {
    734. 

  734.         return false;
    735. 

  735.     }
    736. 

  736. 

  737.     unsigned char hash[SHA256_DIGEST_LENGTH];
    738. 

  738.     SHA256((unsigned char*)password.c_str(), password.length(), hash);
    739. 

  739. 

  740.     std::stringstream ss;
    741. 

  741.     for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
    742. 

  742.         ss << std::hex << std::setw(2) << std::setfill('0') << (int)hash[i];
    743. 

  743.     }
    744. 

  744. 

  745.     return "sha256:" + ss.str() == storedHash;
    746. 

  746. }
    747. 

  747. 

  748. std::string UserManager::hashApiKey(const std::string& apiKey) {
    749. 

  749.     // Use SHA256 for API key hashing
    750. 

  750.     unsigned char hash[SHA256_DIGEST_LENGTH];
    751. 

  751.     SHA256((unsigned char*)apiKey.c_str(), apiKey.length(), hash);
    752. 

  752. 

  753.     std::stringstream ss;
    754. 

  754.     for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
    755. 

  755.         ss << std::hex << std::setw(2) << std::setfill('0') << (int)hash[i];
    756. 

  756.     }
    757. 

  757. 

  758.     return ss.str();
    759. 

  759. }
    760. 

  760. 

  761. std::string UserManager::generateUserId() {
    762. 

  762.     return "user_" + std::to_string(getCurrentTimestamp()) + "_" +
    763. 

  763.            std::to_string(rand() % 10000);
    764. 

  764. }
    765. 

  765. 

  766. std::string UserManager::generateKeyId() {
    767. 

  767.     return "key_" + std::to_string(getCurrentTimestamp()) + "_" +
    768. 

  768.            std::to_string(rand() % 10000);
    769. 

  769. }
    770. 

  770. 

  771. bool UserManager::saveUserData() {
    772. 

  772.     try {
    773. 

  773.         json usersJson = json::object();
    774. 

  774. 

  775.         for (const auto& pair : m_users) {
    776. 

  776.             const UserInfo& user = pair.second;
    777. 

  777.             json userJson = {
    778. 

  778.                 {"id", user.id},
    779. 

  779.                 {"username", user.username},
    780. 

  780.                 {"email", user.email},
    781. 

  781.                 {"password_hash", user.passwordHash},
    782. 

  782.                 {"role", user.role},
    783. 

  783.                 {"permissions", user.permissions},
    784. 

  784.                 {"api_keys", user.apiKeys},
    785. 

  785.                 {"active", user.active},
    786. 

  786.                 {"created_at", user.createdAt},
    787. 

  787.                 {"last_login_at", user.lastLoginAt},
    788. 

  788.                 {"password_changed_at", user.passwordChangedAt},
    789. 

  789.                 {"created_by", user.createdBy}
    790. 

  790.             };
    791. 

  791.             usersJson[user.username] = userJson;
    792. 

  792.         }
    793. 

  793. 

  794.         std::string filename = m_dataDir + "/users.json";
    795. 

  795.         std::ofstream file(filename);
    796. 

  796.         if (!file.is_open()) {
    797. 

  797.             return false;
    798. 

  798.         }
    799. 

  799. 

  800.         file << usersJson.dump(2);
    801. 

  801.         file.close();
    802. 

  802. 

  803.         return true;
    804. 

  804. 

  805.     } catch (const std::exception& e) {
    806. 

  806.         return false;
    807. 

  807.     }
    808. 

  808. }
    809. 

  809. 

  810. bool UserManager::loadUserData() {
    811. 

  811.     try {
    812. 

  812.         std::string filename = m_dataDir + "/users.json";
    813. 

  813.         std::ifstream file(filename);
    814. 

  814.         if (!file.is_open()) {
    815. 

  815.             return false; // File doesn't exist is OK for first run
    816. 

  816.         }
    817. 

  817. 

  818.         json usersJson;
    819. 

  819.         file >> usersJson;
    820. 

  820.         file.close();
    821. 

  821. 

  822.         m_users.clear();
    823. 

  823. 

  824.         for (auto& item : usersJson.items()) {
    825. 

  825.             const std::string& username = item.key();
    826. 

  826.             json& userJson = item.value();
    827. 

  827. 

  828.             UserInfo user;
    829. 

  829.             user.id = userJson.value("id", "");
    830. 

  830.             user.username = userJson.value("username", username);
    831. 

  831.             user.email = userJson.value("email", "");
    832. 

  832.             user.passwordHash = userJson.value("password_hash", "");
    833. 

  833.             user.role = userJson.value("role", "user");
    834. 

  834.             user.permissions = userJson.value("permissions", std::vector<std::string>{});
    835. 

  835.             user.apiKeys = userJson.value("api_keys", std::vector<std::string>{});
    836. 

  836.             user.active = userJson.value("active", true);
    837. 

  837.             user.createdAt = userJson.value("created_at", 0);
    838. 

  838.             user.lastLoginAt = userJson.value("last_login_at", 0);
    839. 

  839.             user.passwordChangedAt = userJson.value("password_changed_at", 0);
    840. 

  840.             user.createdBy = userJson.value("created_by", "system");
    841. 

  841. 

  842.             m_users[username] = user;
    843. 

  843.         }
    844. 

  844. 

  845.         return true;
    846. 

  846. 

  847.     } catch (const std::exception& e) {
    848. 

  848.         return false;
    849. 

  849.     }
    850. 

  850. }
    851. 

  851. 

  852. bool UserManager::saveApiKeyData() {
    853. 

  853.     try {
    854. 

  854.         json apiKeysJson = json::object();
    855. 

  855. 

  856.         for (const auto& pair : m_apiKeys) {
    857. 

  857.             const ApiKeyInfo& keyInfo = pair.second;
    858. 

  858.             json keyJson = {
    859. 

  859.                 {"key_id", keyInfo.keyId},
    860. 

  860.                 {"key_hash", keyInfo.keyHash},
    861. 

  861.                 {"name", keyInfo.name},
    862. 

  862.                 {"user_id", keyInfo.userId},
    863. 

  863.                 {"permissions", keyInfo.permissions},
    864. 

  864.                 {"active", keyInfo.active},
    865. 

  865.                 {"created_at", keyInfo.createdAt},
    866. 

  866.                 {"last_used_at", keyInfo.lastUsedAt},
    867. 

  867.                 {"expires_at", keyInfo.expiresAt},
    868. 

  868.                 {"created_by", keyInfo.createdBy}
    869. 

  869.             };
    870. 

  870.             apiKeysJson[keyInfo.keyId] = keyJson;
    871. 

  871.         }
    872. 

  872. 

  873.         std::string filename = m_dataDir + "/api_keys.json";
    874. 

  874.         std::ofstream file(filename);
    875. 

  875.         if (!file.is_open()) {
    876. 

  876.             return false;
    877. 

  877.         }
    878. 

  878. 

  879.         file << apiKeysJson.dump(2);
    880. 

  880.         file.close();
    881. 

  881. 

  882.         return true;
    883. 

  883. 

  884.     } catch (const std::exception& e) {
    885. 

  885.         return false;
    886. 

  886.     }
    887. 

  887. }
    888. 

  888. 

  889. bool UserManager::loadApiKeyData() {
    890. 

  890.     try {
    891. 

  891.         std::string filename = m_dataDir + "/api_keys.json";
    892. 

  892.         std::ifstream file(filename);
    893. 

  893.         if (!file.is_open()) {
    894. 

  894.             return false; // File doesn't exist is OK for first run
    895. 

  895.         }
    896. 

  896. 

  897.         json apiKeysJson;
    898. 

  898.         file >> apiKeysJson;
    899. 

  899.         file.close();
    900. 

  900. 

  901.         m_apiKeys.clear();
    902. 

  902.         m_apiKeyMap.clear();
    903. 

  903. 

  904.         for (auto& item : apiKeysJson.items()) {
    905. 

  905.             const std::string& keyId = item.key();
    906. 

  906.             json& keyJson = item.value();
    907. 

  907. 

  908.             ApiKeyInfo keyInfo;
    909. 

  909.             keyInfo.keyId = keyJson.value("key_id", keyId);
    910. 

  910.             keyInfo.keyHash = keyJson.value("key_hash", "");
    911. 

  911.             keyInfo.name = keyJson.value("name", "");
    912. 

  912.             keyInfo.userId = keyJson.value("user_id", "");
    913. 

  913.             keyInfo.permissions = keyJson.value("permissions", std::vector<std::string>{});
    914. 

  914.             keyInfo.active = keyJson.value("active", true);
    915. 

  915.             keyInfo.createdAt = keyJson.value("created_at", 0);
    916. 

  916.             keyInfo.lastUsedAt = keyJson.value("last_used_at", 0);
    917. 

  917.             keyInfo.expiresAt = keyJson.value("expires_at", 0);
    918. 

  918.             keyInfo.createdBy = keyJson.value("created_by", "system");
    919. 

  919. 

  920.             m_apiKeys[keyId] = keyInfo;
    921. 

  921.             m_apiKeyMap[keyInfo.keyHash] = keyId;
    922. 

  922.         }
    923. 

  923. 

  924.         return true;
    925. 

  925. 

  926.     } catch (const std::exception& e) {
    927. 

  927.         return false;
    928. 

  928.     }
    929. 

  929. }
    930. 

  930. 

  931. int64_t UserManager::getCurrentTimestamp() {
    932. 

  932.     return std::chrono::duration_cast<std::chrono::seconds>(
    933. 

  933.         std::chrono::system_clock::now().time_since_epoch()).count();
    934. 

  934. }
    935. 

  935. 

  936. bool UserManager::validateUsername(const std::string& username) {
    937. 

  937.     if (username.length() < 3 || username.length() > 32) {
    938. 

  938.         return false;
    939. 

  939.     }
    940. 

  940. 

  941.     // Username should contain only alphanumeric characters, underscores, and hyphens
    942. 

  942.     std::regex pattern("^[a-zA-Z0-9_-]+$");
    943. 

  943.     return std::regex_match(username, pattern);
    944. 

  944. }
    945. 

  945. 

  946. bool UserManager::validatePassword(const std::string& password) {
    947. 

  947.     if (password.length() < 8 || password.length() > 128) {
    948. 

  948.         return false;
    949. 

  949.     }
    950. 

  950. 

  951.     // Password should contain at least one letter and one digit
    952. 

  952.     bool hasLetter = false;
    953. 

  953.     bool hasDigit = false;
    954. 

  954. 

  955.     for (char c : password) {
    956. 

  956.         if (std::isalpha(c)) hasLetter = true;
    957. 

  957.         if (std::isdigit(c)) hasDigit = true;
    958. 

  958.     }
    959. 

  959. 

  960.     return hasLetter && hasDigit;
    961. 

  961. }
    962. 

  962. 

  963. bool UserManager::validateEmail(const std::string& email) {
    964. 

  964.     if (email.length() < 5 || email.length() > 254) {
    965. 

  965.         return false;
    966. 

  966.     }
    967. 

  967. 

  968.     // Basic email validation
    969. 

  969.     std::regex pattern("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$");
    970. 

  970.     return std::regex_match(email, pattern);
    971. 

  971. }
    972. 

  972. 

  973. bool UserManager::canManageUser(const std::string& requestingUserId, const std::string& targetUserId) {
    974. 

  974.     // Users can always manage themselves
    975. 

  975.     if (requestingUserId == targetUserId) {
    976. 

  976.         return true;
    977. 

  977.     }
    978. 

  978. 

  979.     // Check if requester is admin
    980. 

  980.     UserInfo requester = getUserInfo(requestingUserId);
    981. 

  981.     return requester.role == roleToString(UserRole::ADMIN);
    982. 

  982. }
    983.