Biukop
/
SFM-loan-Rest-Api
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 Commits
1 Branch
973KB
Tree: 0614363e6f
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van '0614363e6f'
${ noResults }
SFM-loan-Rest-Api/apiv1.go

254 lines
6.9KB
Ruw Blame Geschiedenis 

  1. package main

  2. 

  3. import (

  4. 	"biukop.com/sfm/loan"

  5. 	"database/sql"

  6. 	"encoding/json"

  7. 	"errors"

  8. 	"fmt"

  9. 	"github.com/brianvoe/gofakeit/v6"

  10. 	log "github.com/sirupsen/logrus"

  11. 	"net/http"

  12. 	"net/http/httputil"

  13. 	"strings"

  14. 	"time"

  15. )

  16. 

  17. const apiV1Prefix = "/api/v1/"

  18. 

  19. type apiV1HandlerMap struct {

  20. 	Method  string

  21. 	Path    string //regex

  22. 	Handler func(http.ResponseWriter, *http.Request, *loan.Session)

  23. }

  24. 

  25. var apiV1Handler = setupApiV1Handler()

  26. 

  27. func setupApiV1Handler() []apiV1HandlerMap {

  28. 	if config.Debug {

  29. 		return []apiV1HandlerMap{

  30. 			{"POST", "login", apiV1Login},

  31. 			{"GET", "login", apiV1DumpRequest},

  32. 		}

  33. 	} else {

  34. 		return []apiV1HandlerMap{

  35. 			{"POST", "login", apiV1Login},

  36. 			{"GET", "login", apiV1EmptyResponse},

  37. 		}

  38. 	}

  39. }

  40. 

  41. //

  42. //apiV1Main  version 1 main entry for all REST API

  43. //

  44. func apiV1Main(w http.ResponseWriter, r *http.Request) {

  45. 	//general setup

  46. 	w.Header().Set("Content-Type", "application/json;charset=UTF-8")

  47. 

  48. 	//CORS setup

  49. 	setupCrossOriginResponse(&w, r)

  50. 

  51. 	//if its options then we don't bother with other issues

  52. 	if r.Method == "OPTIONS" {

  53. 		apiV1EmptyResponse(w, r, nil)

  54. 		return //stop processing

  55. 	}

  56. 

  57. 	if config.Debug {

  58. 		logRequestDebug(httputil.DumpRequest(r, true))

  59. 	}

  60. 

  61. 	session := apiV1InitSession(r)

  62. 	if config.Debug {

  63. 		log.Debugf("session : %+v", session)

  64. 	}

  65. 

  66. 	//search through handler

  67. 	path := r.URL.Path[len(apiV1Prefix):] //strip API prefix

  68. 	for _, node := range apiV1Handler {

  69. 		if (r.Method == node.Method || node.Method == "*") && path == node.Path {

  70. 			node.Handler(w, r, &session)

  71. 			e := session.Write() //finish this session to DB

  72. 			if e != nil {

  73. 				log.Warnf("Failed to Save Session %+v \n reason \n%s\n", session, e.Error())

  74. 			}

  75. 			return

  76. 		}

  77. 	}

  78. 

  79. 	//Catch for all Uhandled Request

  80. 	e := session.Write() //finish this session to DB

  81. 	if e != nil {

  82. 		log.Warnf("Failed to Save Session %+v \n reason \n%s\n", session, e.Error())

  83. 	}

  84. 	if config.Debug {

  85. 		apiV1DumpRequest(w, r, &session)

  86. 	} else {

  87. 		apiV1EmptyResponse(w, r, &session)

  88. 	}

  89. 

  90. }

  91. 

  92. func apiV1InitSession(r *http.Request) (session loan.Session) {

  93. 	session.MarkEmpty()

  94. 

  95. 	//track browser, and take session from cookie

  96. 	cookieSession, e := apiV1InitSessionByBrowserId(r)

  97. 	if e == nil {

  98. 		session = cookieSession

  99. 	}

  100. 

  101. 	//try session login first, if not an empty session will be created

  102. 	headerSession, e := apiV1InitSessionByHttpHeader(r)

  103. 	if e == nil {

  104. 		session = headerSession

  105. 	}

  106. 

  107. 	if session.IsEmpty() {

  108. 		session.InitGuest(time.Now().Add(loan.DefaultSessionDuration))

  109. 	} else {

  110. 		session.RenewIfExpireSoon()

  111. 	}

  112. 	//we have a session anyway

  113. 	session.Add("Biukop-Mid", apiV1GetMachineId(r)) //set machine id

  114. 	session.SetRemote(r)                            //make sure they are using latest remote

  115. 	return

  116. }

  117. 

  118. func setupCrossOriginResponse(w *http.ResponseWriter, r *http.Request) {

  119. 	origin := r.Header.Get("Origin")

  120. 	if origin == "" {

  121. 		origin = "*"

  122. 	}

  123. 	requestedHeaders := r.Header.Get("Access-control-Request-Headers")

  124. 	method := r.Header.Get("Access-Control-Request-Method")

  125. 	(*w).Header().Set("Access-Control-Allow-Origin", origin) //for that specific origin

  126. 	(*w).Header().Set("Access-Control-Allow-Credentials", "true")

  127. 	(*w).Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, "+method)

  128. 	(*w).Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Cookie, Biukop-Session, Biukop-Session-Token, Biukop-Session-Expire, "+requestedHeaders)

  129. }

  130. 

  131. func apiV1GetMachineId(r *http.Request) string {

  132. 	var mid string

  133. 	inCookie, e := r.Cookie("Biukop-Mid")

  134. 	if e == nil {

  135. 		mid = inCookie.Value

  136. 	} else {

  137. 		mid = gofakeit.UUID()

  138. 	}

  139. 

  140. 	headerMid := r.Header.Get("Biukop-Mid")

  141. 	if headerMid != "" {

  142. 		mid = headerMid

  143. 	}

  144. 	return mid

  145. }

  146. 

  147. func apiV1InitSessionByBrowserId(r *http.Request) (session loan.Session, e error) {

  148. 	var sid string

  149. 	mid := apiV1GetMachineId(r)

  150. 	inCookie, e := r.Cookie("Biukop-Session")

  151. 	if e == nil {

  152. 		sid = inCookie.Value

  153. 		if sid != "" {

  154. 			e = session.Read(sid)

  155. 			if e == nil {

  156. 				if mid != session.Get("Biukop-Mid") {

  157. 					session.MarkEmpty()

  158. 				}

  159. 			}

  160. 		}

  161. 	}

  162. 	return

  163. }

  164. 

  165. func apiV1AddTrackingCookie(w http.ResponseWriter, r *http.Request, session *loan.Session) {

  166. 	//add tracking cookie

  167. 	expiration := time.Now().Add(365 * 24 * time.Hour)

  168. 	mid := apiV1GetMachineId(r)

  169. 	cookie := http.Cookie{Name: "Biukop-Mid", Value: mid, Expires: expiration, Path: "/", Secure: true, SameSite: http.SameSiteNoneMode}

  170. 	http.SetCookie(w, &cookie)

  171. 

  172. 	if session != nil {

  173. 		cookie = http.Cookie{Name: "Biukop-Session", Value: session.Id, Expires: expiration, Path: "/", Secure: true, SameSite: http.SameSiteNoneMode}

  174. 		http.SetCookie(w, &cookie)

  175. 	}

  176. }

  177. 

  178. func apiV1InitSessionByHttpHeader(r *http.Request) (ss loan.Session, e error) {

  179. 	sid := r.Header.Get("Biukop-Session")

  180. 	ss.MarkEmpty()

  181. 	//make sure session id is given

  182. 	if sid != "" {

  183. 		e = ss.Retrieve(r)

  184. 		if e == sql.ErrNoRows { //db does not have required session.

  185. 			log.Warn("DB has no corresponding session ", sid)

  186. 		} else if e != nil { // retrieve DB has error

  187. 			log.Errorf("Retrieve Session %s encountered error %s", sid, e.Error())

  188. 		}

  189. 	} else {

  190. 		e = errors.New("session not found: " + sid)

  191. 	}

  192. 	return

  193. }

  194. 

  195. func apiV1ErrorCheck(e error) {

  196. 	if nil != e {

  197. 		panic(e.Error()) //TODO: detailed error check, truck all caller

  198. 	}

  199. }

  200. 

  201. func apiV1Server500Error(w http.ResponseWriter, r *http.Request) {

  202. 

  203. 	w.WriteHeader(500)

  204. 	apiV1AddTrackingCookie(w, r, nil) //always the last one to set cookies

  205. 	fmt.Fprintf(w, "Server Internal Error  "+time.Now().Format(time.RFC1123))

  206. 

  207. 	//write log

  208. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  209. 	dump = strings.TrimSpace(dump)

  210. 	log.Warnf("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path)

  211. }

  212. 

  213. func apiV1Client403Error(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  214. 	w.WriteHeader(403)

  215. 	type struct403 struct {

  216. 		Error    int

  217. 		ErrorMsg string

  218. 	}

  219. 	e403 := struct403{Error: 403, ErrorMsg: "Not Authorized " + time.Now().Format(time.RFC1123)}

  220. 	msg403, _ := json.Marshal(e403)

  221. 

  222. 	//before send out

  223. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  224. 	fmt.Fprintln(w, string(msg403))

  225. 

  226. 	//write log

  227. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  228. 	dump = strings.TrimSpace(dump)

  229. 	log.Warnf("Not authorized   http(%s) path= %s, %s", r.Method, r.URL.Path, dump)

  230. }

  231. 

  232. func apiV1DumpRequest(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  233. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  234. 	dump = strings.TrimSpace(dump)

  235. 	msg := fmt.Sprintf("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path)

  236. 	dumpLines := strings.Split(dump, "\r\n")

  237. 	ar := apiV1ResponseBlank()

  238. 	ar.Env.Msg = msg

  239. 	ar.Env.Session = *ss

  240. 	ar.Env.Session.Bin = []byte("masked data") //clear

  241. 	ar.Env.Session.Secret = "***********"

  242. 	ar.add("Body", dumpLines)

  243. 	ar.add("Biukop-Mid", ss.Get("Biukop-Mid"))

  244. 	b, _ := ar.toJson()

  245. 

  246. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  247. 	fmt.Fprintf(w, "%s\n", b)

  248. }

  249. 

  250. func apiV1EmptyResponse(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  251. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  252. 	fmt.Fprintf(w, "")

  253. }