Biukop
/
SFM-loan-Rest-Api
Seguir 1
Destacar 0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
83 Commits
1 Rama
973KB
Árbol: abad453b31
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'abad453b31'
${ noResults }
SFM-loan-Rest-Api/apiv1.go

517 líneas
15KB
Original Blame Histórico 

  1. package main

  2. 

  3. import (

  4. 	"biukop.com/sfm/loan"

  5. 	"database/sql"

  6. 	"encoding/json"

  7. 	"errors"

  8. 	"fmt"

  9. 	"github.com/brianvoe/gofakeit/v6"

  10. 	log "github.com/sirupsen/logrus"

  11. 	"net/http"

  12. 	"net/http/httputil"

  13. 	"strings"

  14. 	"time"

  15. )

  16. 

  17. const apiV1Prefix = "/api/v1/"

  18. const apiV1WebSocket = apiV1Prefix + "ws"

  19. 

  20. type apiV1HandlerMap struct {

  21. 	Method  string

  22. 	Path    string //regex

  23. 	Handler func(http.ResponseWriter, *http.Request, *loan.Session)

  24. }

  25. 

  26. var apiV1Handler = setupApiV1Handler()

  27. 

  28. func setupApiV1Handler() []apiV1HandlerMap {

  29. 	if config.Debug { //debug only

  30. 		return []apiV1HandlerMap{

  31. 			{"POST", "login", apiV1Login},

  32. 			{"*", "logout", apiV1Logout},

  33. 			{"GET", "chart/type-of-loans", apiV1ChartTypeOfLoans},

  34. 			{"GET", "chart/amount-of-loans", apiV1ChartTypeOfLoans},

  35. 			{"GET", "chart/past-year-monthly", apiV1ChartPastYearMonthly},

  36. 			{"GET", "chart/recent-10-loans", apiV1ChartRecent10Loans},

  37. 			{"GET", "chart/top-broker", apiV1ChartTopBroker},

  38. 			{"POST", "grid/loan/full-loan-overview", apiV1GridLoanFullOverview},

  39. 			{"GET", "chart/reward-vs-income-monthly", apiV1ChartRewardVsIncomeMonthly},

  40. 			{"GET", "loan/", apiV1LoanSingleGet},

  41. 			{"DELETE", "loan/", apiV1LoanSingleDelete},

  42. 			{"GET", "loan-by-client/", apiV1LoanByClient},

  43. 

  44. 			{"GET", "people/", apiV1PeopleGet},

  45. 			{"POST", "people/", apiV1PeoplePost},

  46. 			{"PUT", "people/", apiV1PeoplePut},

  47. 			{"DELETE", "people/", apiV1PeopleDelete},

  48. 			{"GET", "people-extra/", apiV1PeopleExtraGet},

  49. 

  50. 			{"POST", "user/", apiV1UserPost},

  51. 			{"PUT", "user/", apiV1UserPut},

  52. 			{"DELETE", "user/", apiV1UserDelete},

  53. 			{"POST", "user-enable/", apiV1UserEnable},

  54. 

  55. 			{"GET", "user-ex/", apiV1UserExGet},

  56. 

  57. 			{"GET", "broker/", apiV1BrokerGet},

  58. 			{"POST", "broker/", apiV1BrokerPost},

  59. 			{"PUT", "broker/", apiV1BrokerPut},

  60. 			{"DELETE", "broker/", apiV1BrokerDelete},

  61. 

  62. 			{"POST", "change-pass/", apiV1ChangePass},

  63. 			{"POST", "loan/basic/", apiV1LoanSinglePostBasic},

  64. 			{"GET", "avatar/", apiV1Avatar},

  65. 			{"POST", "avatar/", apiV1AvatarPost},

  66. 			{"POST", "reward/", apiV1RewardPost},

  67. 			{"DELETE", "reward/", apiV1RewardDelete},

  68. 			{"GET", "people-list/", apiV1PeopleList},

  69. 			{"GET", "broker-list/", apiV1BrokerList},

  70. 			{"POST", "sync-people/", apiV1SyncPeople},

  71. 

  72. 			{"POST", "payIn/", apiV1PayInPost},

  73. 			{"DELETE", "payIn/", apiV1PayInDelete},

  74. 			{"POST", "pay-in-list/", apiV1PayInList},

  75. 

  76. 			{"GET", "user-reward/", apiV1UserReward},

  77. 			{"GET", "login-available/", apiV1LoginAvailable},

  78. 

  79. 			{"POST", "lender-upload/", apiV1UploadsPost},

  80. 

  81. 			{"GET", "upload-analysis/", apiV1UploadAnalysis},

  82. 			{"PUT", "upload-analysis/", apiV1UploadCreateAnalysis},

  83. 			{"GET", "upload-as-image/", apiV1UploadAsImage},

  84. 			{"PUT", "upload-as-image/", apiV1UploadCreateImage},

  85. 			{"GET", "upload-as-thumbnail/", apiV1UploadAsThumbnail},

  86. 			{"PUT", "upload-as-thumbnail/", apiV1UploadCreateThumbnail},

  87. 			{"GET", "upload-as-pdf/", apiV1UploadAsPDF},

  88. 			{"PUT", "upload-as-pdf/", apiV1UploadCreatePDF},

  89. 			{"GET", "upload-original/", apiV1UploadOriginalFileGet},

  90. 			{"GET", "upload/", apiV1UploadMetaGet},

  91. 			{"DELETE", "upload/", apiV1UploadDelete},

  92. 			{"POST", "upload-meta-list/", apiV1UploadMetaList},

  93. 

  94. 			{"GET", "lender-list/", apiV1LenderList},

  95. 

  96. 			{"GET", "payout-ex/", apiV1PayOutExGet},

  97. 

  98. 			{"GET", "login", apiV1DumpRequest},

  99. 		}

  100. 	} else { //production

  101. 		return []apiV1HandlerMap{

  102. 			{"POST", "login", apiV1Login},

  103. 			{"*", "logout", apiV1Logout},

  104. 			{"GET", "chart/type-of-loans", apiV1ChartTypeOfLoans},

  105. 			{"GET", "chart/amount-of-loans", apiV1ChartTypeOfLoans},

  106. 			{"GET", "chart/past-year-monthly", apiV1ChartPastYearMonthly},

  107. 			{"GET", "chart/recent-10-loans", apiV1ChartRecent10Loans},

  108. 			{"GET", "chart/top-broker", apiV1ChartTopBroker},

  109. 			{"POST", "grid/loan/full-loan-overview", apiV1GridLoanFullOverview},

  110. 			{"GET", "chart/reward-vs-income-monthly", apiV1ChartRewardVsIncomeMonthly},

  111. 			{"GET", "loan/", apiV1LoanSingleGet},

  112. 			{"DELETE", "loan/", apiV1LoanSingleDelete},

  113. 			{"GET", "loan-by-client/", apiV1LoanByClient},

  114. 

  115. 			{"GET", "people/", apiV1PeopleGet},

  116. 			{"POST", "people/", apiV1PeoplePost},

  117. 			{"PUT", "people/", apiV1PeoplePut},

  118. 			{"DELETE", "people/", apiV1PeopleDelete},

  119. 			{"GET", "people-extra/", apiV1PeopleExtraGet},

  120. 

  121. 			{"POST", "user/", apiV1UserPost},

  122. 			{"PUT", "user/", apiV1UserPut},

  123. 			{"DELETE", "user/", apiV1UserDelete},

  124. 			{"POST", "user-enable/", apiV1UserEnable},

  125. 

  126. 			{"GET", "user-ex/", apiV1UserExGet},

  127. 

  128. 			{"GET", "broker/", apiV1BrokerGet},

  129. 			{"POST", "broker/", apiV1BrokerPost},

  130. 			{"PUT", "broker/", apiV1BrokerPut},

  131. 			{"DELETE", "broker/", apiV1BrokerDelete},

  132. 

  133. 			{"POST", "change-pass/", apiV1ChangePass},

  134. 			{"POST", "loan/basic/", apiV1LoanSinglePostBasic},

  135. 

  136. 			{"GET", "avatar/", apiV1Avatar},

  137. 			{"POST", "avatar/", apiV1AvatarPost},

  138. 			{"POST", "reward/", apiV1RewardPost},

  139. 			{"DELETE", "reward/", apiV1RewardDelete},

  140. 			{"GET", "people-list", apiV1PeopleList},

  141. 			{"GET", "broker-list/", apiV1BrokerList},

  142. 			{"POST", "sync-people/", apiV1SyncPeople},

  143. 

  144. 			{"POST", "payIn/", apiV1PayInPost},

  145. 			{"DELETE", "payIn/", apiV1PayInDelete},

  146. 			{"POST", "pay-in-list/", apiV1PayInList},

  147. 

  148. 			{"GET", "user-reward/", apiV1UserReward},

  149. 			{"GET", "login-available/", apiV1LoginAvailable},

  150. 

  151. 			{"POST", "lender-upload/", apiV1UploadsPost},

  152. 

  153. 			{"GET", "upload-analysis/", apiV1UploadAnalysis},

  154. 			{"PUT", "upload-analysis/", apiV1UploadCreateAnalysis},

  155. 			{"GET", "upload-as-image/", apiV1UploadAsImage},

  156. 			{"PUT", "upload-as-image/", apiV1UploadCreateImage},

  157. 			{"GET", "upload-as-thumbnail/", apiV1UploadAsThumbnail},

  158. 			{"PUT", "upload-as-thumbnail/", apiV1UploadCreateThumbnail},

  159. 			{"GET", "upload-as-pdf/", apiV1UploadAsPDF},

  160. 			{"PUT", "upload-as-pdf/", apiV1UploadCreatePDF},

  161. 			{"GET", "upload-original/", apiV1UploadOriginalFileGet},

  162. 			{"GET", "upload-meta/", apiV1UploadMetaGet},

  163. 			{"DELETE", "upload/", apiV1UploadDelete},

  164. 			{"POST", "upload-meta-list/", apiV1UploadMetaList},

  165. 

  166. 			{"GET", "lender-list/", apiV1LenderList},

  167. 

  168. 			{"GET", "payout-ex/", apiV1PayOutExGet},

  169. 

  170. 			{"GET", "login", apiV1EmptyResponse},

  171. 		}

  172. 	}

  173. }

  174. 

  175. //

  176. //apiV1Main  version 1 main entry for all REST API

  177. //

  178. func apiV1Main(w http.ResponseWriter, r *http.Request) {

  179. 

  180. 	//CORS setup

  181. 	setupCrossOriginResponse(&w, r)

  182. 

  183. 	//if its options then we don't bother with other issues

  184. 	if r.Method == "OPTIONS" {

  185. 		apiV1EmptyResponse(w, r, nil)

  186. 		return //stop processing

  187. 	}

  188. 

  189. 	if config.Debug {

  190. 		logRequestDebug(httputil.DumpRequest(r, true))

  191. 	}

  192. 

  193. 	session := loan.Session{}

  194. 	session.MarkEmpty()

  195. 	bypassSession := apiV1NoNeedSession(r)

  196. 	if !bypassSession { // no point to create session for preflight

  197. 		session = apiV1InitSession(r)

  198. 		if config.Debug {

  199. 			log.Debugf("session : %+v", session)

  200. 		}

  201. 	}

  202. 

  203. 	//search through handler

  204. 	path := r.URL.Path[len(apiV1Prefix):] //strip API prefix

  205. 	handled := false

  206. 	for _, node := range apiV1Handler {

  207. 		if (strings.ToUpper(r.Method) == node.Method || node.Method == "*") && strings.HasPrefix(path, node.Path) {

  208. 			handled = true

  209. 			node.Handler(w, r, &session)

  210. 			break //stop search handler further

  211. 		}

  212. 	}

  213. 

  214. 	if !bypassSession { // no point to write session for preflight

  215. 		e := session.Write() //finish this session to DB

  216. 		if e != nil {

  217. 			log.Warnf("Failed to Save Session %+v \n reason \n%s\n", session, e.Error())

  218. 		}

  219. 	}

  220. 

  221. 	//Catch for all UnHandled Request

  222. 	if !handled {

  223. 		if config.Debug {

  224. 			apiV1DumpRequest(w, r, &session)

  225. 		} else {

  226. 			apiV1EmptyResponse(w, r, &session)

  227. 		}

  228. 	}

  229. }

  230. 

  231. func apiV1NoNeedSession(r *http.Request) bool {

  232. 	if r.Method == "OPTIONS" {

  233. 		return true

  234. 	}

  235. 

  236. 	path := r.URL.Path[len(apiV1Prefix):] //strip API prefix

  237. 

  238. 	if r.Method == "GET" {

  239. 		if strings.HasPrefix(path, "avatar/") ||

  240. 			strings.HasPrefix(path, "upload-original/") ||

  241. 			strings.HasPrefix(path, "upload-as-image/") ||

  242. 			strings.HasPrefix(path, "upload-as-analysis/") ||

  243. 			strings.HasPrefix(path, "upload-as-thumbnail/") ||

  244. 			strings.HasPrefix(path, "upload-as-pdf/") {

  245. 			return true

  246. 		}

  247. 	}

  248. 	return false

  249. }

  250. 

  251. func apiV1InitSession(r *http.Request) (session loan.Session) {

  252. 	session.MarkEmpty()

  253. 

  254. 	//track browser, and take session from cookie

  255. 	cookieSession, e := apiV1InitSessionByCookie(r)

  256. 	if e == nil {

  257. 		session = cookieSession

  258. 	}

  259. 

  260. 	//try session login first, if not an empty session will be created

  261. 	headerSession, e := apiV1InitSessionByHttpHeader(r)

  262. 	if e == nil {

  263. 		session = headerSession

  264. 	}

  265. 

  266. 	if session.IsEmpty() {

  267. 		session.InitGuest(time.Now().Add(loan.DefaultSessionDuration))

  268. 	} else {

  269. 		session.RenewIfExpireSoon()

  270. 	}

  271. 	//we have a session anyway

  272. 	session.Add("Biukop-Mid", apiV1GetMachineId(r)) //set machine id

  273. 	session.SetRemote(r)                            //make sure they are using latest remote

  274. 	return

  275. }

  276. 

  277. func setupCrossOriginResponse(w *http.ResponseWriter, r *http.Request) {

  278. 	origin := r.Header.Get("Origin")

  279. 	if origin == "" {

  280. 		origin = "*"

  281. 	}

  282. 	requestedHeaders := r.Header.Get("Access-control-Request-Headers")

  283. 	method := r.Header.Get("Access-Control-Request-Method")

  284. 	(*w).Header().Set("Access-Control-Allow-Origin", origin) //for that specific origin

  285. 	(*w).Header().Set("Access-Control-Allow-Credentials", "true")

  286. 	(*w).Header().Set("Access-Control-Allow-Methods", removeDupHeaderOptions("POST, GET, OPTIONS, PUT, DELETE, "+method))

  287. 	(*w).Header().Set("Access-Control-Allow-Headers", removeDupHeaderOptions("Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Cookie, Biukop-Session, Biukop-Session-Token, Biukop-Session-Expire, "+requestedHeaders))

  288. }

  289. 

  290. func apiV1GetMachineId(r *http.Request) string {

  291. 	var mid string

  292. 	inCookie, e := r.Cookie("Biukop-Mid")

  293. 	if e == nil {

  294. 		mid = inCookie.Value

  295. 	} else {

  296. 		mid = gofakeit.UUID()

  297. 	}

  298. 

  299. 	headerMid := r.Header.Get("Biukop-Mid")

  300. 	if headerMid != "" {

  301. 		mid = headerMid

  302. 	}

  303. 	return mid

  304. }

  305. 

  306. func apiV1GetCORSHeaders(r *http.Request) (ret string) {

  307. 	requestedHeaders := r.Header.Get("Access-control-Request-Headers")

  308. 	ret = "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Cookie, Biukop-Session, Biukop-Session-Token, Biukop-Session-Expire," + requestedHeaders

  309. 	return removeDupHeaderOptions(ret)

  310. }

  311. 

  312. func removeDupHeaderOptions(inStr string) (out string) {

  313. 	headers := map[string]struct{}{}

  314. 	strings.ReplaceAll(inStr, " ", "")       // remove space

  315. 	headerArray := strings.Split(inStr, ",") // split

  316. 	for _, v := range headerArray {

  317. 		headers[v] = struct{}{} // same key will overwrite each other

  318. 	}

  319. 	out = ""

  320. 	for k, _ := range headers {

  321. 		if out != "" {

  322. 			out += ", "

  323. 		}

  324. 		out += k

  325. 	}

  326. 	return

  327. }

  328. 

  329. func apiV1GetMachineIdFromSession(ss *loan.Session) string {

  330. 	return ss.GetStr("Biukop-Mid")

  331. }

  332. func apiV1InitSessionByCookie(r *http.Request) (session loan.Session, e error) {

  333. 	var sid string

  334. 	session.MarkEmpty()

  335. 	mid := apiV1GetMachineId(r)

  336. 	inCookie, e := r.Cookie("Biukop-Session")

  337. 	if e == nil {

  338. 		sid = inCookie.Value

  339. 		if sid != "" {

  340. 			e = session.Read(sid)

  341. 			if e == nil {

  342. 				if mid != session.Get("Biukop-Mid") {

  343. 					session.MarkEmpty()

  344. 				}

  345. 			}

  346. 		}

  347. 	}

  348. 	return

  349. }

  350. 

  351. func apiV1AddTrackingCookie(w http.ResponseWriter, r *http.Request, session *loan.Session) {

  352. 	if strings.ToUpper(r.Method) == "OPTION" {

  353. 		return

  354. 	}

  355. 	w.Header().Add("Access-Control-Expose-Headers", apiV1GetCORSHeaders(r))

  356. 	apiV1AddTrackingSession(w, r, session)

  357. 	apiV1AddTrackingMachineId(w, r, session)

  358. }

  359. 

  360. func apiV1AddTrackingSession(w http.ResponseWriter, r *http.Request, session *loan.Session) {

  361. 	sessionId := ""

  362. 	if session == nil {

  363. 		log.Warn("non-exist session, empty Id sent", session)

  364. 		w.Header().Add("Biukop-Session", "")

  365. 	} else {

  366. 		if session.Id == "" {

  367. 			log.Warn("empty session, empty Id sent", session)

  368. 		} else {

  369. 			w.Header().Add("Biukop-Session", session.Id)

  370. 			sessionId = session.Id

  371. 		}

  372. 

  373. 	}

  374. 

  375. 	cookie := http.Cookie{

  376. 		Name:     "Biukop-Session",

  377. 		Value:    sessionId, // may be ""

  378. 		Expires:  time.Now().Add(365 * 24 * time.Hour),

  379. 		Path:     "/",

  380. 		Secure:   true,

  381. 		SameSite: http.SameSiteNoneMode}

  382. 	http.SetCookie(w, &cookie)

  383. 

  384. }

  385. func apiV1AddTrackingMachineId(w http.ResponseWriter, r *http.Request, session *loan.Session) {

  386. 	mid := apiV1GetMachineId(r)

  387. 	expiration := time.Now().Add(365 * 24 * time.Hour)

  388. 

  389. 	w.Header().Add("Biukop-Mid", mid)

  390. 

  391. 	cookie := http.Cookie{

  392. 		Name:     "Biukop-Mid",

  393. 		Value:    mid,

  394. 		Expires:  expiration,

  395. 		Path:     "/",

  396. 		Secure:   true,

  397. 		SameSite: http.SameSiteNoneMode}

  398. 	http.SetCookie(w, &cookie)

  399. 

  400. }

  401. 

  402. func apiV1InitSessionByHttpHeader(r *http.Request) (ss loan.Session, e error) {

  403. 	ss.MarkEmpty()

  404. 	sid := apiV1GetSessionIdFromRequest(r)

  405. 

  406. 	//make sure session id is given

  407. 	if sid != "" {

  408. 		e = ss.Retrieve(r)

  409. 		if e == sql.ErrNoRows { //db does not have required session.

  410. 			log.Warn("DB has no corresponding session ", sid)

  411. 		} else if e != nil { // retrieve DB has error

  412. 			log.Errorf("Retrieve Session %s encountered error %s", sid, e.Error())

  413. 		}

  414. 	} else {

  415. 		e = errors.New("session not found: " + sid)

  416. 	}

  417. 	return

  418. }

  419. 

  420. func apiV1GetSessionIdFromRequest(r *http.Request) string {

  421. 	sid := ""

  422. 	inCookie, e := r.Cookie("Biukop-Session")

  423. 	if e == nil {

  424. 		sid = inCookie.Value

  425. 	}

  426. 

  427. 	headerSid := r.Header.Get("Biukop-Session")

  428. 	if headerSid != "" {

  429. 		sid = headerSid

  430. 	}

  431. 	return sid

  432. }

  433. 

  434. func apiV1Server500Error(w http.ResponseWriter, r *http.Request) {

  435. 	//general setup

  436. 	w.Header().Set("Content-Type", "application/json;charset=UTF-8")

  437. 

  438. 	w.WriteHeader(500)

  439. 	apiV1AddTrackingCookie(w, r, nil) //always the last one to set cookies

  440. 	fmt.Fprintf(w, "Server Internal Error  "+time.Now().Format(time.RFC1123))

  441. 

  442. 	//write log

  443. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  444. 	dump = strings.TrimSpace(dump)

  445. 	log.Warnf("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path)

  446. }

  447. 

  448. func apiV1Client403Error(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  449. 	//general setup

  450. 	w.Header().Set("Content-Type", "application/json;charset=UTF-8")

  451. 

  452. 	w.WriteHeader(403)

  453. 	type struct403 struct {

  454. 		Error    int

  455. 		ErrorMsg string

  456. 	}

  457. 	e403 := struct403{Error: 403, ErrorMsg: "Not Authorized " + time.Now().Format(time.RFC1123)}

  458. 	msg403, _ := json.Marshal(e403)

  459. 

  460. 	//before send out

  461. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  462. 	fmt.Fprintln(w, string(msg403))

  463. 

  464. 	//write log

  465. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  466. 	dump = strings.TrimSpace(dump)

  467. 	log.Warnf("Not authorized   http(%s) path= %s, %s", r.Method, r.URL.Path, dump)

  468. }

  469. 

  470. func apiV1Client404Error(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  471. 	//general setup

  472. 	w.Header().Set("Content-Type", "application/json;charset=UTF-8")

  473. 

  474. 	w.WriteHeader(404)

  475. 	type struct404 struct {

  476. 		Error    int

  477. 		ErrorMsg string

  478. 	}

  479. 	e404 := struct404{Error: 404, ErrorMsg: "Not Found " + time.Now().Format(time.RFC1123)}

  480. 	msg404, _ := json.Marshal(e404)

  481. 

  482. 	//before send out

  483. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  484. 	fmt.Fprintln(w, string(msg404))

  485. 

  486. 	//write log

  487. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  488. 	dump = strings.TrimSpace(dump)

  489. 	log.Warnf("Not found   http(%s) path= %s, %s", r.Method, r.URL.Path, dump)

  490. }

  491. 

  492. func apiV1DumpRequest(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  493. 	dump := logRequestDebug(httputil.DumpRequest(r, true))

  494. 	dump = strings.TrimSpace(dump)

  495. 	msg := fmt.Sprintf("Unhandled Protocol = %s path= %s", r.Method, r.URL.Path)

  496. 	dumpLines := strings.Split(dump, "\r\n")

  497. 	ar := apiV1ResponseBlank()

  498. 	ar.Env.Msg = msg

  499. 	ar.Env.Session = *ss

  500. 	ar.Env.Session.Bin = []byte("masked data") //clear

  501. 	ar.Env.Session.Secret = "***********"

  502. 	ar.add("Body", dumpLines)

  503. 	ar.add("Biukop-Mid", ss.Get("Biukop-Mid"))

  504. 	b, _ := ar.toJson()

  505. 

  506. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  507. 	fmt.Fprintf(w, "%s\n", b)

  508. }

  509. 

  510. func apiV1EmptyResponse(w http.ResponseWriter, r *http.Request, ss *loan.Session) {

  511. 	//general setup

  512. 	w.Header().Set("Content-Type", "application/json;charset=UTF-8")

  513. 

  514. 	apiV1AddTrackingCookie(w, r, ss) //always the last one to set cookies

  515. 	fmt.Fprintf(w, "")

  516. }