s3browser-backend/internal/httpServer.go

package s3browser

import (
	"context"
	"fmt"
	"io"
	"mime"
	"net/http"
	"path/filepath"
	"strings"
	"time"

	"github.com/golang-jwt/jwt"
	"github.com/gorilla/mux"
	"github.com/graphql-go/graphql"
	"github.com/graphql-go/graphql/gqlerrors"
	"github.com/graphql-go/handler"
	"github.com/minio/minio-go/v7"

	log "github.com/sirupsen/logrus"
)

type JWTClaims struct {
	jwt.StandardClaims
}

// initHttp setup and start the http server. Blocking
func initHttp(resolveContext context.Context, schema graphql.Schema, address string) error {
	r := mux.NewRouter()

	gqlHandler := handler.New(&handler.Config{
		Schema:     &schema,
		Pretty:     true,
		GraphiQL:   false,
		Playground: true,
		FormatErrorFn: func(err error) gqlerrors.FormattedError {
			switch err := err.(type) {
			case gqlerrors.FormattedError:
				log.Error("GQL: ", err.Message)
			case *gqlerrors.Error:
				log.Errorf("GQL: '%s' at '%v'", err.Message, err.Path)
			}
			return gqlerrors.FormatError(err)
		},
	})

	r.Use(func(h http.Handler) http.Handler {
		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {

			token := getTokenFromRequest(r)

			if token != "" {
				parsedToken, err := parseJWT(token)

				if err == nil && parsedToken.Valid {
					newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
					h.ServeHTTP(rw, newRequest)
					return
				}
			}

			h.ServeHTTP(rw, r)
		})
	})

	r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
		token := r.Context().Value("jwt")
		gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
	})

	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
		httpGetFile(resolveContext, rw, r)
	}).Methods("GET")

	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
		httpPostFile(resolveContext, rw, r)
	}).Methods("POST")

	r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")

	// Init the embedded static files
	initStatic(r)

	return http.ListenAndServe(address, r)
}

func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
	if is, _ := isAuth(r.Context()); !is {
		rw.WriteHeader(http.StatusUnauthorized)
		return
	}

	s3Client := ctx.Value("s3Client").(*minio.Client)
	id := r.URL.Query().Get("id")

	log.Debug("S3 call 'StatObject': ", id)
	objInfo, err := s3Client.StatObject(context.Background(), bucketName, id, minio.GetObjectOptions{})

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	reqEtag := r.Header.Get("If-None-Match")
	if reqEtag == objInfo.ETag {
		rw.WriteHeader(http.StatusNotModified)
		return
	}

	log.Debug("S3 call 'GetObject': ", id)
	obj, err := s3Client.GetObject(context.Background(), bucketName, id, minio.GetObjectOptions{})

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	rw.Header().Set("Cache-Control", "must-revalidate")
	rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filepath.Base((objInfo.Key))))
	rw.Header().Set("Content-Type", objInfo.ContentType)
	rw.Header().Set("ETag", objInfo.ETag)

	_, err = io.Copy(rw, obj)

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}
}

func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
	if is, _ := isAuth(r.Context()); !is {
		rw.WriteHeader(http.StatusUnauthorized)
		return
	}

	s3Client := ctx.Value("s3Client").(*minio.Client)

	id := r.URL.Query().Get("id")

	log.Debug("Upload file: ", id)

	contentType := r.Header.Get("Content-Type")
	mimeType, _, _ := mime.ParseMediaType(contentType)

	log.Debug("S3 call 'PutObject': ", id)
	info, err := s3Client.PutObject(context.Background(), bucketName, id, r.Body, r.ContentLength, minio.PutObjectOptions{
		ContentType: mimeType,
	})

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	// Invalidate cache
	invalidateCache(ctx, info.Key)

	rw.WriteHeader(http.StatusCreated)
}

//parseJWT parse a JWT. does not check if token is valid. Returns error if non was provided
func parseJWT(token string) (*jwt.Token, error) {
	if token == "" {
		return nil, fmt.Errorf("No token provided")
	}

	parsed, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}
		return []byte("TODO"), nil
	})

	if err != nil {
		return nil, err
	}

	return parsed, nil

}

//getTokenFromRequest looks for a JWT in the "Authorization" header or in the cookies
func getTokenFromRequest(r *http.Request) string {
	// get token from header
	authHeader := strings.Split(r.Header.Get("Authorization"), "Bearer ")
	if len(authHeader) == 2 {
		return authHeader[1]
	}

	// Get cookie from cookie
	cookie, err := r.Cookie("jwt") //TODO: change cookie name

	if err == nil && len(cookie.Value) != 0 {
		return cookie.Value
	}

	return ""
}

//setLoginCookie if provieded a valid JWT in the body then set a httpOnly cookie with the token
func setLoginCookie(rw http.ResponseWriter, r *http.Request) {
	body, err := io.ReadAll(r.Body)
	defer r.Body.Close()

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	tokenString := string(body)

	token, err := parseJWT(tokenString)

	if err != nil {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	if !token.Valid {
		rw.WriteHeader(http.StatusUnauthorized)
		return
	}

	claims, ok := token.Claims.(jwt.MapClaims)

	if !ok {
		rw.WriteHeader(http.StatusInternalServerError)
		return
	}

	cookie := &http.Cookie{
		Name:     "jwt",
		Value:    tokenString,
		HttpOnly: true,
		SameSite: http.SameSiteStrictMode,
		Path:     "/api",
		Expires:  time.Unix(int64(claims["exp"].(float64)), 0),
	}

	http.SetCookie(rw, cookie)

	rw.WriteHeader(http.StatusNoContent)
}
MORE CACHES 2021-08-03 21:10:23 +00:00			`package s3browser`

			`import (`
			`"context"`
			`"fmt"`
			`"io"`
			`"mime"`
			`"net/http"`
			`"path/filepath"`
implemented simple login with JWT 2021-09-14 13:16:37 +00:00			`"strings"`
			`"time"`
MORE CACHES 2021-08-03 21:10:23 +00:00
implemented simple login with JWT 2021-09-14 13:16:37 +00:00			`"github.com/golang-jwt/jwt"`
changed http handler to mux 2021-09-11 20:17:22 +00:00			`"github.com/gorilla/mux"`
MORE CACHES 2021-08-03 21:10:23 +00:00			`"github.com/graphql-go/graphql"`
logging on gql errors 2021-08-13 23:33:42 +00:00			`"github.com/graphql-go/graphql/gqlerrors"`
MORE CACHES 2021-08-03 21:10:23 +00:00			`"github.com/graphql-go/handler"`
			`"github.com/minio/minio-go/v7"`
added logging 2021-08-12 15:48:28 +00:00
			`log "github.com/sirupsen/logrus"`
MORE CACHES 2021-08-03 21:10:23 +00:00			`)`

implemented simple login with JWT 2021-09-14 13:16:37 +00:00			`type JWTClaims struct {`
			`jwt.StandardClaims`
			`}`

MORE CACHES 2021-08-03 21:10:23 +00:00			`// initHttp setup and start the http server. Blocking`
implemented CLI interface 2021-09-09 11:41:38 +00:00			`func initHttp(resolveContext context.Context, schema graphql.Schema, address string) error {`
changed http handler to mux 2021-09-11 20:17:22 +00:00			`r := mux.NewRouter()`

			`gqlHandler := handler.New(&handler.Config{`
MORE CACHES 2021-08-03 21:10:23 +00:00			`Schema: &schema,`
			`Pretty: true,`
			`GraphiQL: false,`
			`Playground: true,`
logging on gql errors 2021-08-13 23:33:42 +00:00			`FormatErrorFn: func(err error) gqlerrors.FormattedError {`
			`switch err := err.(type) {`
			`case gqlerrors.FormattedError:`
			`log.Error("GQL: ", err.Message)`
			`case *gqlerrors.Error:`
			`log.Errorf("GQL: '%s' at '%v'", err.Message, err.Path)`
			`}`
			`return gqlerrors.FormatError(err)`
			`},`
MORE CACHES 2021-08-03 21:10:23 +00:00			`})`

changed http handler to mux 2021-09-11 20:17:22 +00:00			`r.Use(func(h http.Handler) http.Handler {`
			`return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {`
implemented simple login with JWT 2021-09-14 13:16:37 +00:00
			`token := getTokenFromRequest(r)`

			`if token != "" {`
			`parsedToken, err := parseJWT(token)`

			`if err == nil && parsedToken.Valid {`
added auth check 2021-09-14 14:51:01 +00:00			`newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))`
			`h.ServeHTTP(rw, newRequest)`
			`return`
implemented simple login with JWT 2021-09-14 13:16:37 +00:00			`}`
			`}`

changed http handler to mux 2021-09-11 20:17:22 +00:00			`h.ServeHTTP(rw, r)`
			`})`
MORE CACHES 2021-08-03 21:10:23 +00:00			`})`

changed http handler to mux 2021-09-11 20:17:22 +00:00			`r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {`
added auth check 2021-09-14 14:51:01 +00:00			`token := r.Context().Value("jwt")`
			`gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`})`

changed http handler to mux 2021-09-11 20:17:22 +00:00			`r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {`
			`httpGetFile(resolveContext, rw, r)`
			`}).Methods("GET")`

			`r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {`
			`httpPostFile(resolveContext, rw, r)`
			`}).Methods("POST")`

implemented simple login with JWT 2021-09-14 13:16:37 +00:00			`r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")`

added static files server 2021-09-03 21:23:06 +00:00			`// Init the embedded static files`
changed http handler to mux 2021-09-11 20:17:22 +00:00			`initStatic(r)`
added static files server 2021-09-03 21:23:06 +00:00
changed http handler to mux 2021-09-11 20:17:22 +00:00			`return http.ListenAndServe(address, r)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`}`

file upload cache invalidation 2021-08-06 12:13:08 +00:00			`func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {`
added auth check 2021-09-14 14:51:01 +00:00			`if is, _ := isAuth(r.Context()); !is {`
			`rw.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`

file upload cache invalidation 2021-08-06 12:13:08 +00:00			`s3Client := ctx.Value("s3Client").(*minio.Client)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`id := r.URL.Query().Get("id")`
added logging 2021-08-12 15:48:28 +00:00
			`log.Debug("S3 call 'StatObject': ", id)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`objInfo, err := s3Client.StatObject(context.Background(), bucketName, id, minio.GetObjectOptions{})`

			`if err != nil {`
fixed linter stuff 2021-08-06 14:31:07 +00:00			`rw.WriteHeader(http.StatusInternalServerError)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`return`
			`}`

			`reqEtag := r.Header.Get("If-None-Match")`
			`if reqEtag == objInfo.ETag {`
fixed linter stuff 2021-08-06 14:31:07 +00:00			`rw.WriteHeader(http.StatusNotModified)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`return`
			`}`

added logging 2021-08-12 15:48:28 +00:00			`log.Debug("S3 call 'GetObject': ", id)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`obj, err := s3Client.GetObject(context.Background(), bucketName, id, minio.GetObjectOptions{})`

			`if err != nil {`
fixed linter stuff 2021-08-06 14:31:07 +00:00			`rw.WriteHeader(http.StatusInternalServerError)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`return`
			`}`

			`rw.Header().Set("Cache-Control", "must-revalidate")`
			`rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filepath.Base((objInfo.Key))))`
			`rw.Header().Set("Content-Type", objInfo.ContentType)`
			`rw.Header().Set("ETag", objInfo.ETag)`

fixed linter stuff 2021-08-06 14:31:07 +00:00			`_, err = io.Copy(rw, obj)`

			`if err != nil {`
			`rw.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`
MORE CACHES 2021-08-03 21:10:23 +00:00			`}`

file upload cache invalidation 2021-08-06 12:13:08 +00:00			`func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {`
added auth check 2021-09-14 14:51:01 +00:00			`if is, _ := isAuth(r.Context()); !is {`
			`rw.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`

file upload cache invalidation 2021-08-06 12:13:08 +00:00			`s3Client := ctx.Value("s3Client").(*minio.Client)`
MORE CACHES 2021-08-03 21:10:23 +00:00
file upload cache invalidation 2021-08-06 12:13:08 +00:00			`id := r.URL.Query().Get("id")`
implemented file upload 2021-08-06 11:49:00 +00:00
added logging 2021-08-12 15:48:28 +00:00			`log.Debug("Upload file: ", id)`

MORE CACHES 2021-08-03 21:10:23 +00:00			`contentType := r.Header.Get("Content-Type")`
implemented file upload 2021-08-06 11:49:00 +00:00			`mimeType, _, _ := mime.ParseMediaType(contentType)`
MORE CACHES 2021-08-03 21:10:23 +00:00
added logging 2021-08-12 15:48:28 +00:00			`log.Debug("S3 call 'PutObject': ", id)`
fixed linter stuff 2021-08-06 14:31:07 +00:00			`info, err := s3Client.PutObject(context.Background(), bucketName, id, r.Body, r.ContentLength, minio.PutObjectOptions{`
implemented file upload 2021-08-06 11:49:00 +00:00			`ContentType: mimeType,`
			`})`
MORE CACHES 2021-08-03 21:10:23 +00:00
fixed linter stuff 2021-08-06 14:31:07 +00:00			`if err != nil {`
			`rw.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`

file upload cache invalidation 2021-08-06 12:13:08 +00:00			`// Invalidate cache`
moved stuff to helper 2021-08-14 12:13:49 +00:00			`invalidateCache(ctx, info.Key)`
file upload cache invalidation 2021-08-06 12:13:08 +00:00
fixed linter stuff 2021-08-06 14:31:07 +00:00			`rw.WriteHeader(http.StatusCreated)`
MORE CACHES 2021-08-03 21:10:23 +00:00			`}`
implemented simple login with JWT 2021-09-14 13:16:37 +00:00
			`//parseJWT parse a JWT. does not check if token is valid. Returns error if non was provided`
			`func parseJWT(token string) (*jwt.Token, error) {`
			`if token == "" {`
			`return nil, fmt.Errorf("No token provided")`
			`}`

			`parsed, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {`
			`if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {`
			`return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])`
			`}`
			`return []byte("TODO"), nil`
			`})`

			`if err != nil {`
			`return nil, err`
			`}`

			`return parsed, nil`

			`}`

			`//getTokenFromRequest looks for a JWT in the "Authorization" header or in the cookies`
			`func getTokenFromRequest(r *http.Request) string {`
			`// get token from header`
			`authHeader := strings.Split(r.Header.Get("Authorization"), "Bearer ")`
			`if len(authHeader) == 2 {`
			`return authHeader[1]`
			`}`

			`// Get cookie from cookie`
			`cookie, err := r.Cookie("jwt") //TODO: change cookie name`

			`if err == nil && len(cookie.Value) != 0 {`
			`return cookie.Value`
			`}`

			`return ""`
			`}`

			`//setLoginCookie if provieded a valid JWT in the body then set a httpOnly cookie with the token`
			`func setLoginCookie(rw http.ResponseWriter, r *http.Request) {`
			`body, err := io.ReadAll(r.Body)`
			`defer r.Body.Close()`

			`if err != nil {`
			`rw.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`

			`tokenString := string(body)`

			`token, err := parseJWT(tokenString)`

			`if err != nil {`
			`rw.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`

			`if !token.Valid {`
			`rw.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`

			`claims, ok := token.Claims.(jwt.MapClaims)`

			`if !ok {`
			`rw.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`

			`cookie := &http.Cookie{`
			`Name: "jwt",`
			`Value: tokenString,`
			`HttpOnly: true,`
			`SameSite: http.SameSiteStrictMode,`
			`Path: "/api",`
			`Expires: time.Unix(int64(claims["exp"].(float64)), 0),`
			`}`

			`http.SetCookie(rw, cookie)`

			`rw.WriteHeader(http.StatusNoContent)`
			`}`