s3browser-backend/internal/httpserver/httpServer.go

307 lines
7.1 KiB
Go
Raw Permalink Normal View History

2021-09-24 13:39:23 +00:00
package httpserver
2021-08-03 21:10:23 +00:00
import (
"context"
"fmt"
"io"
"net/http"
2021-09-14 13:16:37 +00:00
"time"
2021-08-03 21:10:23 +00:00
2021-09-14 13:16:37 +00:00
"github.com/golang-jwt/jwt"
2021-09-23 23:27:19 +00:00
jwtRequest "github.com/golang-jwt/jwt/request"
2021-09-11 20:17:22 +00:00
"github.com/gorilla/mux"
2021-08-03 21:10:23 +00:00
"github.com/graphql-go/graphql"
2021-08-13 23:33:42 +00:00
"github.com/graphql-go/graphql/gqlerrors"
2021-08-03 21:10:23 +00:00
"github.com/graphql-go/handler"
2021-08-12 15:48:28 +00:00
log "github.com/sirupsen/logrus"
2021-08-03 21:10:23 +00:00
2021-09-24 13:39:23 +00:00
helper "git.kapelle.org/niklas/s3browser/internal/helper"
2021-10-14 17:00:11 +00:00
"git.kapelle.org/niklas/s3browser/internal/loader"
2021-11-23 19:12:24 +00:00
"git.kapelle.org/niklas/s3browser/internal/s3"
2021-09-24 13:39:23 +00:00
types "git.kapelle.org/niklas/s3browser/internal/types"
)
2021-09-14 13:16:37 +00:00
2021-09-26 14:56:32 +00:00
var (
tokenExp = int64((time.Hour * 23).Seconds())
)
2021-09-24 13:39:23 +00:00
type cookieExtractor struct {
2021-09-23 23:27:19 +00:00
Name string
}
2021-09-24 13:39:23 +00:00
func (c *cookieExtractor) ExtractToken(req *http.Request) (string, error) {
2021-09-23 23:27:19 +00:00
cookie, err := req.Cookie(c.Name)
if err == nil && len(cookie.Value) != 0 {
return cookie.Value, nil
}
return "", jwtRequest.ErrNoTokenInRequest
}
2021-09-24 13:39:23 +00:00
// InitHttp setup and start the http server. Blocking
func InitHttp(resolveContext context.Context, schema graphql.Schema, address string) error {
2021-09-11 20:17:22 +00:00
r := mux.NewRouter()
gqlHandler := handler.New(&handler.Config{
2021-08-03 21:10:23 +00:00
Schema: &schema,
Pretty: true,
GraphiQL: false,
Playground: true,
2021-08-13 23:33:42 +00:00
FormatErrorFn: func(err error) gqlerrors.FormattedError {
switch err := err.(type) {
case gqlerrors.FormattedError:
log.Error("GQL: ", err.Message)
case *gqlerrors.Error:
log.Errorf("GQL: '%s' at '%v'", err.Message, err.Path)
}
return gqlerrors.FormatError(err)
},
2021-08-03 21:10:23 +00:00
})
2021-09-11 20:17:22 +00:00
r.Use(func(h http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
2021-09-14 13:16:37 +00:00
2021-09-23 23:27:19 +00:00
parsedToken, err := jwtRequest.ParseFromRequestWithClaims(r, jwtRequest.MultiExtractor{
jwtRequest.AuthorizationHeaderExtractor,
2021-09-24 13:39:23 +00:00
&cookieExtractor{Name: "jwt"},
}, &types.JWTClaims{}, jwtKeyFunc)
2021-09-14 13:16:37 +00:00
2021-09-23 23:27:19 +00:00
if err == nil && parsedToken.Valid {
newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
h.ServeHTTP(rw, newRequest)
return
2021-09-14 13:16:37 +00:00
}
2021-09-11 20:17:22 +00:00
h.ServeHTTP(rw, r)
})
2021-08-03 21:10:23 +00:00
})
2021-09-11 20:17:22 +00:00
r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
2021-09-14 14:51:01 +00:00
token := r.Context().Value("jwt")
2021-09-26 14:56:32 +00:00
refreshTokenIfNeeded(rw, r)
2021-09-14 14:51:01 +00:00
gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
2021-08-03 21:10:23 +00:00
})
2021-09-11 20:17:22 +00:00
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
2021-09-26 14:56:32 +00:00
refreshTokenIfNeeded(rw, r)
2021-09-11 20:17:22 +00:00
httpGetFile(resolveContext, rw, r)
}).Methods("GET")
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
2021-09-26 14:56:32 +00:00
refreshTokenIfNeeded(rw, r)
2021-09-11 20:17:22 +00:00
httpPostFile(resolveContext, rw, r)
}).Methods("POST")
2021-09-14 13:16:37 +00:00
r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")
2021-09-18 17:33:45 +00:00
r.HandleFunc("/api/logout", logout).Methods("POST")
2021-09-03 21:23:06 +00:00
// Init the embedded static files
2021-09-11 20:17:22 +00:00
initStatic(r)
2021-09-03 21:23:06 +00:00
2021-09-11 20:17:22 +00:00
return http.ListenAndServe(address, r)
2021-08-03 21:10:23 +00:00
}
2021-08-06 12:13:08 +00:00
func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
2021-09-24 15:57:01 +00:00
if !helper.IsAuthenticated(r.Context()) {
2021-09-14 14:51:01 +00:00
rw.WriteHeader(http.StatusUnauthorized)
return
}
2021-11-23 19:12:24 +00:00
s3Client := ctx.Value("s3Client").(s3.S3Service)
2021-09-28 14:04:18 +00:00
idString := r.URL.Query().Get("id")
id := types.ParseID(idString)
if id == nil {
// Failed to parse ID
rw.WriteHeader(http.StatusBadRequest)
return
}
2021-08-12 15:48:28 +00:00
2021-11-04 18:41:50 +00:00
log.Debug("S3 'StatObject': ", id)
2021-11-23 19:12:24 +00:00
objInfo, err := s3Client.StatObject(context.Background(), *id)
2021-08-03 21:10:23 +00:00
if err != nil {
2021-09-28 14:04:18 +00:00
log.Error("Failed to get object info: ", err)
2021-08-06 14:31:07 +00:00
rw.WriteHeader(http.StatusInternalServerError)
2021-08-03 21:10:23 +00:00
return
}
reqEtag := r.Header.Get("If-None-Match")
if reqEtag == objInfo.ETag {
2021-08-06 14:31:07 +00:00
rw.WriteHeader(http.StatusNotModified)
2021-08-03 21:10:23 +00:00
return
}
2021-11-04 18:41:50 +00:00
log.Debug("S3 'GetObject': ", id)
2021-11-23 19:12:24 +00:00
obj, err := s3Client.GetObject(context.Background(), *id)
2021-08-03 21:10:23 +00:00
if err != nil {
2021-09-28 14:04:18 +00:00
log.Error("Failed to get object: ", err)
2021-08-06 14:31:07 +00:00
rw.WriteHeader(http.StatusInternalServerError)
2021-08-03 21:10:23 +00:00
return
}
rw.Header().Set("Cache-Control", "must-revalidate")
2021-11-23 19:12:24 +00:00
rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", id.Name()))
2021-08-03 21:10:23 +00:00
rw.Header().Set("Content-Type", objInfo.ContentType)
rw.Header().Set("ETag", objInfo.ETag)
2021-08-06 14:31:07 +00:00
_, err = io.Copy(rw, obj)
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
2021-08-03 21:10:23 +00:00
}
2021-08-06 12:13:08 +00:00
func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
2021-09-24 15:57:01 +00:00
if !helper.IsAuthenticated(r.Context()) {
2021-09-14 14:51:01 +00:00
rw.WriteHeader(http.StatusUnauthorized)
return
}
2021-11-23 19:12:24 +00:00
s3Client := ctx.Value("s3Client").(s3.S3Service)
2021-08-03 21:10:23 +00:00
idString := r.URL.Query().Get("id")
id := types.ParseID(idString)
if id == nil {
// Failed to parse ID
rw.WriteHeader(http.StatusBadRequest)
return
}
id.Normalize()
2021-08-06 11:49:00 +00:00
2021-11-23 19:12:24 +00:00
// contentType := r.Header.Get("Content-Type")
// mimeType, _, _ := mime.ParseMediaType(contentType)
2021-08-03 21:10:23 +00:00
2021-11-04 18:41:50 +00:00
log.Debug("S3 'PutObject': ", id)
2021-11-23 19:12:24 +00:00
err := s3Client.PutObject(context.Background(), *id, r.Body, r.ContentLength) // TODO: put content type
2021-08-03 21:10:23 +00:00
2021-08-06 14:31:07 +00:00
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
2021-10-14 21:46:48 +00:00
loader := ctx.Value("loader").(*loader.Loader)
2021-11-22 00:34:22 +00:00
loader.InvalidedCacheForId(ctx, *id)
2021-08-06 12:13:08 +00:00
2021-08-06 14:31:07 +00:00
rw.WriteHeader(http.StatusCreated)
2021-08-03 21:10:23 +00:00
}
2021-09-14 13:16:37 +00:00
2021-09-23 23:27:19 +00:00
func jwtKeyFunc(t *jwt.Token) (interface{}, error) {
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"])
2021-09-14 13:16:37 +00:00
}
2021-09-23 23:27:19 +00:00
return []byte("TODO"), nil
2021-09-14 13:16:37 +00:00
}
//setLoginCookie if provieded a valid JWT in the body then set a httpOnly cookie with the token
func setLoginCookie(rw http.ResponseWriter, r *http.Request) {
body, err := io.ReadAll(r.Body)
defer r.Body.Close()
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
tokenString := string(body)
2021-09-24 13:39:23 +00:00
token, err := jwt.ParseWithClaims(tokenString, &types.JWTClaims{}, jwtKeyFunc)
2021-09-14 13:16:37 +00:00
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
if !token.Valid {
rw.WriteHeader(http.StatusUnauthorized)
return
}
2021-09-24 13:39:23 +00:00
claims, ok := token.Claims.(*types.JWTClaims)
2021-09-14 13:16:37 +00:00
if !ok {
rw.WriteHeader(http.StatusInternalServerError)
return
}
cookie := &http.Cookie{
Name: "jwt",
Value: tokenString,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/api",
2021-09-23 23:27:19 +00:00
Expires: time.Unix(claims.ExpiresAt, 0),
2021-09-14 13:16:37 +00:00
}
http.SetCookie(rw, cookie)
rw.WriteHeader(http.StatusNoContent)
}
2021-09-18 17:33:45 +00:00
//logout removes the jwt cookie
func logout(rw http.ResponseWriter, r *http.Request) {
cookie := &http.Cookie{
Name: "jwt",
Value: "",
Path: "/api",
Expires: time.Unix(0, 0),
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}
http.SetCookie(rw, cookie)
rw.WriteHeader(http.StatusNoContent)
}
2021-09-23 23:27:19 +00:00
2021-09-26 14:56:32 +00:00
func refreshTokenIfNeeded(rw http.ResponseWriter, r *http.Request) {
currentToken, ok := r.Context().Value("jwt").(*jwt.Token)
if !ok && currentToken == nil {
2021-09-23 23:27:19 +00:00
return
}
2021-09-26 14:56:32 +00:00
claims, ok := currentToken.Claims.(*types.JWTClaims)
2021-09-23 23:27:19 +00:00
if !ok {
2021-09-26 14:56:32 +00:00
log.Error("Failed to refresh JWT")
2021-09-23 23:27:19 +00:00
return
}
2021-09-26 14:56:32 +00:00
// Refresh only if token older than 1 hour
if (claims.ExpiresAt - time.Now().Unix()) > tokenExp {
2021-09-23 23:27:19 +00:00
return
}
2021-09-26 14:56:32 +00:00
newToken := helper.CreateJWT(claims)
2021-09-23 23:27:19 +00:00
2021-09-26 14:56:32 +00:00
tokenString, err := newToken.SignedString([]byte("TODO"))
2021-09-23 23:27:19 +00:00
if err != nil {
2021-09-26 14:56:32 +00:00
log.Error("Failed to refresh JWT")
2021-09-23 23:27:19 +00:00
return
}
cookie := &http.Cookie{
Name: "jwt",
Value: tokenString,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/api",
Expires: time.Unix(int64(claims.ExpiresAt), 0),
}
http.SetCookie(rw, cookie)
2021-09-26 14:56:32 +00:00
log.Debug("Refreshed JWT")
2021-09-23 23:27:19 +00:00
}