package api import ( "encoding/json" "fmt" "io/ioutil" "log" "net/http" "path/filepath" "runtime/debug" "gogs.carducci-dante.gov.it/karmen/core/config" "gogs.carducci-dante.gov.it/karmen/core/orm" "gogs.carducci-dante.gov.it/karmen/core/renderer" jwtmiddleware "github.com/auth0/go-jwt-middleware" jwt "github.com/dgrijalva/jwt-go" "github.com/gorilla/mux" "github.com/gorilla/sessions" ) type User struct { Name string Admin bool } type PathPattern struct { Path string RedirectPath string Methods []string } var ( signingKey = []byte(config.Config.Keys.JWTSigningKey) store = sessions.NewCookieStore([]byte(config.Config.Keys.CookieStoreKey)) jwtCookie = jwtmiddleware.New(jwtmiddleware.Options{ ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) { return signingKey, nil }, SigningMethod: jwt.SigningMethodHS256, Extractor: fromCookie, ErrorHandler: onError, }) jwtHeader = jwtmiddleware.New(jwtmiddleware.Options{ ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) { return signingKey, nil }, SigningMethod: jwt.SigningMethodHS256, }) patterns []PathPattern = []PathPattern{ PathPattern{"/%s", "", []string{"GET"}}, PathPattern{"/%s/{id}", "", []string{"GET"}}, PathPattern{"/%s/add/", "/%s/%d?format=html&tpl_layout=base&tpl_content=%s_show", []string{"GET", "POST"}}, PathPattern{"/%s/{id}/update", "/%s/%d?format=html&tpl_layout=base&tpl_content=%s_show", []string{"GET", "POST"}}, PathPattern{"/%s/{id}/delete", "/%s?format=html&tpl_layout=base&tpl_content=%s", []string{"DELETE"}}, } jsonPatterns []PathPattern = []PathPattern{ PathPattern{"/api/%s", "", []string{"GET"}}, PathPattern{"/api/%s/{id}", "", []string{"GET"}}, PathPattern{"/api/%s/add/", "/%s/%d?format=json&tpl_layout=base&tpl_content=%s_show", []string{"GET", "POST"}}, PathPattern{"/api/%s/{id}/update", "/%s/%d?format=json&tpl_layout=base&tpl_content=%s_show", []string{"GET", "POST"}}, PathPattern{"/api/%s/{id}/delete", "/%s?format=json&tpl_layout=base&tpl_content=%s", []string{"DELETE"}}, } ) // Generate CRUD handlers func generateHandler(r *mux.Router, base string) { for _, pattern := range patterns { r.Handle( fmt.Sprintf(pattern.Path, base), jwtCookie.Handler(recoverHandler(modelHandler( base, fmt.Sprintf(pattern.Path, base), pattern.RedirectPath)))).Methods(pattern.Methods...) } for _, pattern := range jsonPatterns { r.Handle(fmt.Sprintf(pattern.Path, base), recoverHandler(modelHandler(base, fmt.Sprintf(pattern.Path, base), pattern.RedirectPath))).Methods(pattern.Methods...) } } func Handlers() *mux.Router { r := mux.NewRouter() // Authentication r.Handle("/login", loginHandler()) r.Handle("/logout", logoutHandler()) // Dashboard r.Handle("/", jwtCookie.Handler(recoverHandler(dashboardHandler()))) // Generate model handlers for _, model := range []string{"teachers", "classes", "subjects", "activities"} { generateHandler(r, model) } // Token handling r.Handle("/get_token", tokenHandler()) // Static file server r.PathPrefix("/").Handler(http.FileServer(http.Dir("./dist/"))) return r } func onError(w http.ResponseWriter, r *http.Request, err string) { http.Redirect(w, r, "/login", http.StatusTemporaryRedirect) } func respondWithStaticFile(w http.ResponseWriter, filename string) error { f, err := ioutil.ReadFile(filepath.Join("public/html", filename)) if err != nil { return err } w.Write(f) return nil } func fromCookie(r *http.Request) (string, error) { session, err := store.Get(r, "login-session") if err != nil { return "", nil } if session.Values["token"] == nil { return "", nil } token := session.Values["token"].([]uint8) return string(token), nil } func recoverHandler(next http.Handler) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { defer func() { if err := recover(); err != nil { panicMsg := fmt.Sprintf("PANIC: %v\n\n== STACKTRACE ==\n%s", err, debug.Stack()) log.Print(panicMsg) http.Error(w, panicMsg, http.StatusInternalServerError) } }() next.ServeHTTP(w, r) } return http.HandlerFunc(fn) } func modelHandler(base, path, redirectPath string) http.Handler { fn := func(w http.ResponseWriter, r *http.Request) { var ( ok bool getFn orm.GetFn postFn orm.PostFn ) switch r.Method { case "GET": getFn, ok = orm.Get[path] if !ok { renderer.Render[r.URL.Query()["format"][0]](w, r, fmt.Errorf("Can't find ORM function for path %s!", path)) } data, err := getFn(mux.Vars(r)) if err != nil { renderer.Render[r.URL.Query()["format"][0]](w, r, err) } else { renderer.Render[r.URL.Query()["format"][0]](w, r, data, r.URL.Query()) } case "POST": postFn, ok = orm.Post[path] if !ok { renderer.Render[r.URL.Query()["format"][0]](w, r, fmt.Errorf("Can't find ORM function for path %s!", path)) } data, err := postFn(mux.Vars(r), r) if err != nil { renderer.Render["html"](w, r, err) } else { if mux.Vars(r)["id"] != "" { http.Redirect(w, r, fmt.Sprintf( "/%s/%s?format=html&tpl_layout=base&tpl_content=%s_show", base, mux.Vars(r)["id"], base, ), http.StatusSeeOther, ) } else { http.Redirect(w, r, fmt.Sprintf( "/%s/%d?format=html&tpl_layout=base&tpl_content=%s_show", base, data.GetID(), base, ), http.StatusSeeOther, ) } } case "DELETE": postFn, ok = orm.Post[path] if !ok { renderer.Render[r.URL.Query().Get("format")](w, r, fmt.Errorf("Can't find ORM function for path %s!", path)) } _, err := postFn(mux.Vars(r), r) if err != nil { renderer.Render["html"](w, r, err) } else { var data struct { RedirectUrl string `json:"redirect_url"` } data.RedirectUrl = fmt.Sprintf(redirectPath, base, base) w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(data) } } } return http.HandlerFunc(fn) }