core/handlers/handlers.go

package api

import (
	"encoding/json"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"path/filepath"
	"runtime/debug"

	"gogs.carducci-dante.gov.it/karmen/core/orm"
	"gogs.carducci-dante.gov.it/karmen/core/renderer"

	jwtmiddleware "github.com/auth0/go-jwt-middleware"
	jwt "github.com/dgrijalva/jwt-go"
	"github.com/gorilla/mux"
	"github.com/gorilla/sessions"
)

type User struct {
	Name  string
	Admin bool
}

type PathPattern struct {
	Path         string
	RedirectPath string
	Methods      []string
}

var (
	signingKey = []byte("secret")
	store      = sessions.NewCookieStore([]byte("something-very-secret"))

	jwtCookie = jwtmiddleware.New(jwtmiddleware.Options{
		ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
			return signingKey, nil
		},
		SigningMethod: jwt.SigningMethodHS256,
		Extractor:     fromCookie,
		ErrorHandler:  onError,
	})

	jwtHeader = jwtmiddleware.New(jwtmiddleware.Options{
		ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
			return signingKey, nil
		},
		SigningMethod: jwt.SigningMethodHS256,
	})

	patterns []PathPattern = []PathPattern{
		PathPattern{"/%s", "", []string{"GET"}},
		PathPattern{"/%s/{id}", "", []string{"GET"}},
		PathPattern{"/%s/add/", "/%s/%d?format=html&tpl_layout=base&tpl_content=%s_show", []string{"GET", "POST"}},
		PathPattern{"/%s/{id}/update", "/%s/%d?format=html&tpl_layout=base&tpl_content=%s_show", []string{"GET", "POST"}},
		PathPattern{"/%s/{id}/delete", "/%s?format=html&tpl_layout=base&tpl_content=%s", []string{"DELETE"}},
	}

	jsonPatterns []PathPattern = []PathPattern{
		PathPattern{"/api/%s", "", []string{"GET"}},
		PathPattern{"/api/%s/{id}", "", []string{"GET"}},
		PathPattern{"/api/%s/add/", "/%s/%d?format=json&tpl_layout=base&tpl_content=%s_show", []string{"GET", "POST"}},
		PathPattern{"/api/%s/{id}/update", "/%s/%d?format=json&tpl_layout=base&tpl_content=%s_show", []string{"GET", "POST"}},
		PathPattern{"/api/%s/{id}/delete", "/%s?format=json&tpl_layout=base&tpl_content=%s", []string{"DELETE"}},
	}
)

// Generate CRUD handlers
func generateHandler(r *mux.Router, base string) {
	for _, pattern := range patterns {
		r.Handle(
			fmt.Sprintf(pattern.Path, base),
			jwtCookie.Handler(recoverHandler(modelHandler(
				base,
				fmt.Sprintf(pattern.Path, base),
				pattern.RedirectPath)))).Methods(pattern.Methods...)
	}
}

func generateAPIHandler(r *mux.Router, base string) {
	for _, pattern := range jsonPatterns {
		r.Handle(fmt.Sprintf(pattern.Path, base), recoverHandler(modelHandler(base, fmt.Sprintf(pattern.Path, base), pattern.RedirectPath))).Methods(pattern.Methods...)
	}
}

func Handlers() *mux.Router {
	r := mux.NewRouter()

	// Authentication

	r.Handle("/login", loginHandler())
	r.Handle("/logout", logoutHandler())

	// Dashboard

	r.Handle("/", jwtCookie.Handler(recoverHandler(dashboardHandler())))

	// Generate model handlers

	for _, model := range []string{"teachers", "classes", "subjects", "activities"} {
		generateHandler(r, model)
	}

	for _, model := range []string{"teachers", "classes", "subjects", "activities"} {
		generateAPIHandler(r, model)
	}

	// Token handling
	r.Handle("/get_token", getTokenHandler())

	// Static file server

	r.PathPrefix("/").Handler(http.FileServer(http.Dir("./dist/")))

	return r
}

func onError(w http.ResponseWriter, r *http.Request, err string) {
	http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
}

func respondWithStaticFile(w http.ResponseWriter, filename string) error {
	f, err := ioutil.ReadFile(filepath.Join("public/html", filename))
	if err != nil {
		return err
	}
	w.Write(f)
	return nil
}

func fromCookie(r *http.Request) (string, error) {
	session, err := store.Get(r, "login-session")
	if err != nil {
		return "", nil
	}

	if session.Values["token"] == nil {
		return "", nil
	}

	token := session.Values["token"].([]uint8)

	return string(token), nil
}

func recoverHandler(next http.Handler) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		defer func() {
			if err := recover(); err != nil {
				panicMsg := fmt.Sprintf("PANIC: %v\n\n== STACKTRACE ==\n%s", err, debug.Stack())
				log.Print(panicMsg)
				http.Error(w, panicMsg, http.StatusInternalServerError)
			}
		}()
		next.ServeHTTP(w, r)
	}
	return http.HandlerFunc(fn)
}

func modelHandler(base, path, redirectPath string) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		var (
			ok     bool
			getFn  orm.GetFn
			postFn orm.PostFn
		)

		switch r.Method {

		case "GET":
			getFn, ok = orm.Get[path]
			if !ok {
				renderer.Render[r.URL.Query()["format"][0]](w, r, fmt.Errorf("Can't find ORM function for path %s!", path))
			}
			data, err := getFn(mux.Vars(r))
			if err != nil {
				renderer.Render[r.URL.Query()["format"][0]](w, r, err)
			} else {
				renderer.Render[r.URL.Query()["format"][0]](w, r, data, r.URL.Query())
			}

		case "POST":
			postFn, ok = orm.Post[path]
			if !ok {
				renderer.Render[r.URL.Query()["format"][0]](w, r, fmt.Errorf("Can't find ORM function for path %s!", path))
			}
			data, err := postFn(mux.Vars(r), r)
			if err != nil {
				renderer.Render["html"](w, r, err)
			} else {
				if mux.Vars(r)["id"] != "" {
					http.Redirect(w, r,
						fmt.Sprintf(
							"/%s/%s?format=html&tpl_layout=base&tpl_content=%s_show",
							base,
							mux.Vars(r)["id"],
							base,
						),
						http.StatusSeeOther,
					)
				} else {
					http.Redirect(w, r,
						fmt.Sprintf(
							"/%s/%d?format=html&tpl_layout=base&tpl_content=%s_show",
							base,
							data.GetID(),
							base,
						),
						http.StatusSeeOther,
					)
				}

			}

		case "DELETE":
			postFn, ok = orm.Post[path]
			if !ok {
				renderer.Render[r.URL.Query().Get("format")](w, r, fmt.Errorf("Can't find ORM function for path %s!", path))
			}
			_, err := postFn(mux.Vars(r), r)
			if err != nil {
				renderer.Render["html"](w, r, err)
			} else {
				var data struct {
					RedirectUrl string `json:"redirect_url"`
				}
				data.RedirectUrl = fmt.Sprintf(redirectPath, base, base)

				w.Header().Set("Content-Type", "application/json")
				json.NewEncoder(w).Encode(data)
			}

		}
	}

	return http.HandlerFunc(fn)
}