Biukop
/
SFM-loan-Rest-Api
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 Commits
1 Branch
973KB
Tree: 516f070621
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '516f070621'
${ noResults }
SFM-loan-Rest-Api/apiv1.go

365 lines
11KB
Raw Blame History 

  1. package main

  2. 

  3. import (

  4. 	"biukop.com/sfm/loan"

  5. 	"database/sql"

  6. 	"encoding/json"

  7. 	"errors"

  8. 	"fmt"

  9. 	"github.com/brianvoe/gofakeit/v6"

  10. 	log "github.com/sirupsen/logrus"

  11. 	"net/http"

  12. 	"net/http/httputil"

  13. 	"strings"

  14. 	"time"

  15. )

  16. 

  17. const apiV1Prefix = "/api/v1/"

  18. const apiV1WebSocket = apiV1Prefix + "ws"

  19. 

  20. type apiV1HandlerMap struct {

  21. 	Method  string

  22. 	Path    string //regex

  23. 	Handler func(http.ResponseWriter, *http.Request, *loan.Session)

  24. }

  25. 

  26. var apiV1Handler = setupApiV1Handler()

  27. 

  28. func setupApiV1Handler() []apiV1HandlerMap {

  29. 	if config.Debug { //debug only

  30. 		return []apiV1HandlerMap{

  31. 			{"POST", "login", apiV1Login},

  32. 			{"*", "logout", apiV1Logout},

  33. 			{"GET", "chart/type-of-loans", apiV1ChartTypeOfLoans},

  34. 			{"GET", "chart/amount-of-loans", apiV1ChartTypeOfLoans},

  35. 			{"GET", "chart/past-year-monthly", apiV1ChartPastYearMonthly},

  36. 			{"GET", "chart/recent-10-loans", apiV1ChartRecent10Loans},

  37. 			{"GET", "chart/top-broker", apiV1ChartTopBroker},

  38. 			{"POST", "grid/loan/full-loan-overview", apiV1GridLoanFullOverview},

  39. 			{"GET", "chart/reward-vs-income-monthly", apiV1ChartRewardVsIncomeMonthly},

  40. 			{"GET", "loan/", apiV1LoanSingleGet},

  41. 			{"DELETE", "loan/", apiV1LoanSingleDelete},

  42. 			{"GET", "loan-by-client/", apiV1LoanByClient},

  43. 

  44. 			{"GET", "people/", apiV1PeopleGet},

  45. 			{"POST", "people/", apiV1PeoplePost},

  46. 			{"PUT", "people/", apiV1PeoplePut},

  47. 			{"DELETE", "people/", apiV1PeopleDelete},

  48. 			{"GET", "people-extra/", apiV1PeopleExtraGet},

  49. 

  50. 			{"POST", "user/", apiV1UserPost},

  51. 			{"PUT", "user/", apiV1UserPut},

  52. 			{"DELETE", "user/", apiV1UserDelete},

  53. 

  54. 			{"GET", "broker/", apiV1BrokerGet},

  55. 			{"POST", "broker/", apiV1BrokerPost},

  56. 			{"PUT", "broker/", apiV1BrokerPut},

  57. 			{"DELETE", "broker/", apiV1BrokerDelete},

  58. 

  59. 			{"POST", "change-pass/", apiV1ChangePass},

  60. 			{"POST", "loan/basic/", apiV1LoanSinglePostBasic},

  61. 			{"GET", "avatar/", apiV1Avatar},

  62. 			{"POST", "avatar/", apiV1AvatarPost},

  63. 			{"POST", "reward/", apiV1RewardPost},

  64. 			{"DELETE", "reward/", apiV1RewardDelete},

  65. 			{"GET", "people-list/", apiV1PeopleList},

  66. 			{"GET", "broker-list/", apiV1BrokerList},

  67. 			{"POST", "sync-people/", apiV1SyncPeople},

  68. 			{"POST", "payIn/", apiV1PayInPost},

  69. 			{"DELETE", "payIn/", apiV1PayInDelete},

  70. 			{"GET", "user-reward/", apiV1UserReward},

  71. 			{"GET", "login-available/", apiV1LoginAvailable},

  72. 			{"GET", "login", apiV1DumpRequest},

  73. 		}

  74. 	} else { //production

  75. 		return []apiV1HandlerMap{

  76. 			{"POST", "login", apiV1Login},

  77. 			{"*", "logout", apiV1Logout},

  78. 			{"GET", "chart/type-of-loans", apiV1ChartTypeOfLoans},

  79. 			{"GET", "chart/amount-of-loans", apiV1ChartTypeOfLoans},

  80. 			{"GET", "chart/past-year-monthly", apiV1ChartPastYearMonthly},

  81. 			{"GET", "chart/recent-10-loans", apiV1ChartRecent10Loans},

  82. 			{"GET", "chart/top-broker", apiV1ChartTopBroker},

  83. 			{"POST", "grid/loan/full-loan-overview", apiV1GridLoanFullOverview},

  84. 			{"GET", "chart/reward-vs-income-monthly", apiV1ChartRewardVsIncomeMonthly},

  85. 			{"GET", "loan/", apiV1LoanSingleGet},

  86. 			{"DELETE", "loan/", apiV1LoanSingleDelete},

  87. 			{"GET", "loan-by-client/", apiV1LoanByClient},

  88. 

  89. 			{"GET", "people/", apiV1PeopleGet},

  90. 			{"POST", "people/", apiV1PeoplePost},

  91. 			{"PUT", "people/", apiV1PeoplePut},

  92. 			{"DELETE", "people/", apiV1PeopleDelete},

  93. 			{"GET", "people-extra/", apiV1PeopleExtraGet},

  94. 

  95. 			{"POST", "user/", apiV1UserPost},

  96. 			{"PUT", "user/", apiV1UserPut},

  97. 			{"DELETE", "user/", apiV1UserDelete},

  98. 

  99. 			{"GET", "broker/", apiV1BrokerGet},

  100. 			{"POST", "broker/", apiV1BrokerPost},

  101. 			{"PUT", "broker/", apiV1BrokerPut},

  102. 			{"DELETE", "broker/", apiV1BrokerDelete},

  103. 

  104. 			{"POST", "change-pass/", apiV1ChangePass},

  105. 			{"POST", "loan/basic/", apiV1LoanSinglePostBasic},

  106. 

  107. 			{"GET", "avatar/", apiV1Avatar},

  108. 			{"POST", "avatar/", apiV1AvatarPost},

  109. 			{"POST", "reward/", apiV1RewardPost},

  110. 			{"DELETE", "reward/", apiV1RewardDelete},

  111. 			{"GET", "people-list", apiV1PeopleList},

  112. 			{"GET", "broker-list/", apiV1BrokerList},

  113. 			{"POST", "sync-people/", apiV1SyncPeople},

  114. 			{"POST", "payIn/", apiV1PayInPost},

  115. 			{"DELETE", "payIn/", apiV1PayInDelete},

  116. 			{"GET", "user-reward/", apiV1UserReward},

  117. 			{"GET", "login-available/", apiV1LoginAvailable},

  118. 			{"GET", "login", apiV1EmptyResponse},

  119. 		}

  120. 	}

  121. }

  122. 

  123. //

  124. //apiV1Main  version 1 main entry for all REST API

  125. //

  126. func apiV1Main(w http.ResponseWriter, r *http.Request) {

  127. 	//general setup

  128. 	w.Header().Set("Content-Type", "application/json;charset=UTF-8")

  129. 

  130. 	//CORS setup

  131. 	setupCrossOriginResponse(&w, r)

  132. 

  133. 	//if its options then we don't bother with other issues

  134. 	if r.Method == "OPTIONS" {

  135. 		apiV1EmptyResponse(w, r, nil)

  136. 		return //stop processing

  137. 	}

  138. 

  139. 	if config.Debug {

  140. 		logRequestDebug(httputil.DumpRequest(r, true))

  141. 	}

  142. 

  143. 	session := apiV1InitSession(r)

  144. 	if config.Debug {

  145. 		log.Debugf("session : %+v", session)

  146. 	}

  147. 

  148. 	//search through handler

  149. 	path := r.URL.Path[len(apiV1Prefix):] //strip API prefix

  150. 	for _, node := range apiV1Handler {

  151. 		//log.Println(node, path, strings.HasPrefix(path, node.Path))

  152. 		if (r.Method == node.Method || node.Method == "*") && strings.HasPrefix(path, node.Path) {

  153. 			node.Handler(w, r, &session)

  154. 			e := session.Write() //finish this session to DB

  155. 			if e != nil {

  156. 				log.Warnf("Failed to Save Session %+v \n reason \n%s\n", session, e.Error())

  157. 			}

  158. 			return

  159. 		}

  160. 	}

  161. 

  162. 	//Catch for all UnHandled Request

  163. 	e := session.Write() //finish this session to DB

  164. 	if e != nil {

  165. 		log.Warnf("Failed to Save Session %+v \n reason \n%s\n", session, e.Error())

  166. 	}

  167. 	if config.Debug {

  168. 		apiV1DumpRequest(w, r, &session)

  169. 	} else {

  170. 		apiV1EmptyResponse(w, r, &session)

  171. 	}

  172. 

  173. }

  174. 

  175. func apiV1InitSession(r *http.Request) (session loan.Session) {

  176. 	session.MarkEmpty()

  177. 

  178. 	//track browser, and take session from cookie

  179. 	cookieSession, e := apiV1InitSessionByBrowserId(r)

  180. 	if e == nil {

  181. 		session = cookieSession

  182. 	}

  183. 

  184. 	//try session login first, if not an empty session will be created

  185. 	headerSession, e := apiV1InitSessionByHttpHeader(r)

  186. 	if e == nil {

  187. 		session = headerSession

  188. 	}

  189. 

  190. 	if session.IsEmpty() {

  191. 		session.InitGuest(time.Now().Add(loan.DefaultSessionDuration))

  192. 	} else {

  193. 		session.RenewIfExpireSoon()

  194. 	}

  195. 	//we have a session anyway

  196. 	session.Add("Biukop-Mid", apiV1GetMachineId(r)) //set machine id

  197. 	session.SetRemote(r)                            //make sure they are using latest remote

  198. 	return

  199. }

  200. 

  201. func setupCrossOriginResponse(w *http.ResponseWriter, r *http.Request) {

  202. 	origin := r.Header.Get("Origin")

  203. 	if origin == "" {

  204. 		origin = "*"

  205. 	}

  206. 	requestedHeaders := r.Header.Get("Access-control-Request-Headers")

  207. 	method := r.Header.Get("Access-Control-Request-Method")

  208. 	(*w).Header().Set("Access-Control-Allow-Origin", origin) //for that specific origin

  209. 	(*w).Header().Set("Access-Control-Allow-Credentials", "true")

  210. 	(*w).Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, "+method)

  211. 	(*w).Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Cookie, Biukop-Session, Biukop-Session-Token, Biukop-Session-Expire, "+requestedHeaders)

  212. }

  213. 

  214. func apiV1GetMachineId(r *http.Request) string {

  215. 	var mid string

  216. 	inCookie, e := r.Cookie("Biukop-Mid")

  217. 	if e == nil {

  218. 		mid = inCookie.Value

  219. 	} else {

  220. 		mid = gofakeit.UUID()

  221. 	}

  222. 

  223. 	headerMid := r.Header.Get("Biukop-Mid")

  224. 	if headerMid != "" {

  225. 		mid = headerMid

  226. 	}

  227. 	return mid

  228. }

  229. 

  230. func apiV1InitSessionByBrowserId(r *http.Request) (session loan.Session, e error) {

  231. 	var sid string

  232. 	mid := apiV1GetMachineId(r)

  233. 	inCookie, e := r.Cookie("Biukop-Session")

  234. 	if e == nil {

  235. 		sid = inCookie.Value

  236. 		if sid != "" {

  237. 			e = session.Read(sid)

  238. 			if e == nil {

  239. 				if mid != session.Get("Biukop-Mid") {

  240. 					session.MarkEmpty()

  241. 				}

  242. 			}

  243. 		}

  244. 	}

  245. 	return

  246. }

  247. 

  248. func apiV1AddTrackingCookie(w http.ResponseWriter, r *http.Request, session *loan.Session) {

  249. 	//set session header too.

  250. 	w.Header().Add("Access-Control-Expose-Headers", "Biukop-Session")

  251. 	if session == nil {

  252. 		w.Header().Add("Biukop-Session", "")

  253. 	} else {

  254. 		w.Header().Add("Biukop-Session", session.Id)

  255. 	}

  256. 

  257. 	//add tracking cookie

  258. 	expiration := time.Now().Add(365 * 24 * time.Hour)

  259. 	mid := apiV1GetMachineId(r)

  260. 	cookie := http.Cookie{Name: "Biukop-Mid", Value: mid, Expires: expiration, Path: "/", Secure: true, SameSite: http.SameSiteNoneMode}

  261. 	http.SetCookie(w, &cookie)

  262. 

  263. 	if session != nil {

  264. 		cookie = http.Cookie{Name: "Biukop-Session", Value: session.Id, Expires: expiration, Path: "/", Secure: true, SameSite: http.SameSiteNoneMode}

  265. 		http.SetCookie(w, &cookie)

  266. 	}

  267. }

  268. 

  269. func apiV1InitSessionByHttpHeader(r *http.Request) (ss loan.Session, e error) {

  270. 	sid := r.Header.Get("Biukop-Session")

  271. 	ss.MarkEmpty()

  272. 	//make sure session id is given

  273. 	if sid != "" {

  274. 		e = ss.Retrieve(r)

  275. 		if e == sql.ErrNoRows { //db does not have required session.

  276. 			log.Warn("DB has no corresponding session ", sid)

  277. 		} else if e != nil { // retrieve DB has error

  278. 			log.Errorf("Retrieve Session %s encountered error %s", sid, e.Error())

  279. 		}

  280. 	} else {

  281. 		e = errors.New("session not found: " + sid)

  282. 	}

  283. 	return

  284. 	return

  285. }

  286. 

  287. func apiV1ErrorCheck(e error) {

  288. 	if nil != e {

  289. 		panic(e.Error()) //TODO: detailed error check, truck all caller

  290. 	}

  291. }

  292. 

  293. func apiV1Server500Error(w http.ResponseWriter, r *http.Request) {

  294. 

  295. 	w.WriteHeader(500)

  296. 	apiV1AddTrackingCookie(w, r, nil) //always the last one to set cookies

  297. 	fmt.Fprintf(w, "Server Internal Error  "+time.Now().Format(time.RFC1123))

  298. 

  299. 	//write log

  300. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  301. 	dump = strings.TrimSpace(dump)

  302. 	log.Warnf("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path)

  303. }

  304. 

  305. func apiV1Client403Error(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  306. 	w.WriteHeader(403)

  307. 	type struct403 struct {

  308. 		Error    int

  309. 		ErrorMsg string

  310. 	}

  311. 	e403 := struct403{Error: 403, ErrorMsg: "Not Authorized " + time.Now().Format(time.RFC1123)}

  312. 	msg403, _ := json.Marshal(e403)

  313. 

  314. 	//before send out

  315. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  316. 	fmt.Fprintln(w, string(msg403))

  317. 

  318. 	//write log

  319. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  320. 	dump = strings.TrimSpace(dump)

  321. 	log.Warnf("Not authorized   http(%s) path= %s, %s", r.Method, r.URL.Path, dump)

  322. }

  323. 

  324. func apiV1Client404Error(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  325. 	w.WriteHeader(404)

  326. 	type struct404 struct {

  327. 		Error    int

  328. 		ErrorMsg string

  329. 	}

  330. 	e404 := struct404{Error: 404, ErrorMsg: "Not Found " + time.Now().Format(time.RFC1123)}

  331. 	msg404, _ := json.Marshal(e404)

  332. 

  333. 	//before send out

  334. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  335. 	fmt.Fprintln(w, string(msg404))

  336. 

  337. 	//write log

  338. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  339. 	dump = strings.TrimSpace(dump)

  340. 	log.Warnf("Not found   http(%s) path= %s, %s", r.Method, r.URL.Path, dump)

  341. }

  342. 

  343. func apiV1DumpRequest(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  344. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  345. 	dump = strings.TrimSpace(dump)

  346. 	msg := fmt.Sprintf("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path)

  347. 	dumpLines := strings.Split(dump, "\r\n")

  348. 	ar := apiV1ResponseBlank()

  349. 	ar.Env.Msg = msg

  350. 	ar.Env.Session = *ss

  351. 	ar.Env.Session.Bin = []byte("masked data") //clear

  352. 	ar.Env.Session.Secret = "***********"

  353. 	ar.add("Body", dumpLines)

  354. 	ar.add("Biukop-Mid", ss.Get("Biukop-Mid"))

  355. 	b, _ := ar.toJson()

  356. 

  357. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  358. 	fmt.Fprintf(w, "%s\n", b)

  359. }

  360. 

  361. func apiV1EmptyResponse(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  362. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  363. 	fmt.Fprintf(w, "")

  364. }