Permissions, shutdown route

2026-03-30 19:53:55 -07:00 · 2026-03-30 19:53:55 -07:00 · ac01c03094
commit ac01c03094
parent 15d0d174a9
4 changed files with 31 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -107,7 +107,8 @@
                        security.polkit.extraConfig = ''
                            polkit.addRule(function(action, subject) {
                                if ((action.id == "org.freedesktop.systemd1.manage-units" ||
-                                     action.id == "org.freedesktop.login1.reboot") &&
+                                     action.id == "org.freedesktop.login1.reboot" ||
+                                     action.id == "org.freedesktop.login1.power-off") &&
                                    subject.user == "server-dash-api") {
                                    return polkit.Result.YES;
                                }
--- a/1
+++ b/1
@ -0,0 +1 @@
+/nix/store/24v5zn615rqab56z2i1vhi27mdisv0l1-server-dash-api-0.1.0
--- a/src/main.rs
+++ b/src/main.rs
@ -28,6 +28,7 @@ async fn main() {
            get(routes::services::service_logs),
        )
        .route("/system/reboot", post(routes::system::system_reboot))
+        .route("/system/shutdown", post(routes::system::system_shutdown))
        .route_layer(middleware::from_fn(auth::require_auth));

    let app = Router::new()
--- a/src/routes/system.rs
+++ b/src/routes/system.rs
@ -4,6 +4,33 @@ use zbus::Connection;
 use crate::auth;
 use crate::models;

+// POST /system/shutdown
+pub async fn system_shutdown(headers: HeaderMap) -> impl IntoResponse {
+    let conn = match Connection::system().await {
+        Ok(c) => c,
+        Err(e) => {
+            return models::ActionResponse::err(StatusCode::INTERNAL_SERVER_ERROR, &e.to_string())
+                .into_response();
+        }
+    };
+
+    let result = conn
+        .call_method(
+            Some("org.freedesktop.login1"),
+            "/org/freedesktop/login1",
+            Some("org.freedesktop.login1.Manager"),
+            "PowerOff",
+            &(false,),
+        )
+        .await;
+
+    match result {
+        Ok(_) => models::ActionResponse::ok("Shutting down...".to_string()).into_response(),
+        Err(e) => models::ActionResponse::err(StatusCode::INTERNAL_SERVER_ERROR, &e.to_string())
+            .into_response(),
+    }
+}
+
 // POST /system/reboot
 pub async fn system_reboot(headers: HeaderMap) -> impl IntoResponse {
    let conn = match Connection::system().await {
				`@ -0,0 +1 @@`
				`/nix/store/24v5zn615rqab56z2i1vhi27mdisv0l1-server-dash-api-0.1.0`