s3browser-backend/internal/httpserver/httpServer.go

292 lines
6.8 KiB
Go
Raw Normal View History

2021-09-24 13:39:23 +00:00
package httpserver
2021-08-03 21:10:23 +00:00
import (
"context"
"fmt"
"io"
"mime"
"net/http"
"path/filepath"
2021-09-14 13:16:37 +00:00
"time"
2021-08-03 21:10:23 +00:00
2021-09-14 13:16:37 +00:00
"github.com/golang-jwt/jwt"
2021-09-23 23:27:19 +00:00
jwtRequest "github.com/golang-jwt/jwt/request"
2021-09-11 20:17:22 +00:00
"github.com/gorilla/mux"
2021-08-03 21:10:23 +00:00
"github.com/graphql-go/graphql"
2021-08-13 23:33:42 +00:00
"github.com/graphql-go/graphql/gqlerrors"
2021-08-03 21:10:23 +00:00
"github.com/graphql-go/handler"
"github.com/minio/minio-go/v7"
2021-08-12 15:48:28 +00:00
log "github.com/sirupsen/logrus"
2021-08-03 21:10:23 +00:00
2021-09-24 13:39:23 +00:00
helper "git.kapelle.org/niklas/s3browser/internal/helper"
types "git.kapelle.org/niklas/s3browser/internal/types"
)
2021-09-14 13:16:37 +00:00
2021-09-26 14:56:32 +00:00
var (
tokenExp = int64((time.Hour * 23).Seconds())
)
2021-09-24 13:39:23 +00:00
type cookieExtractor struct {
2021-09-23 23:27:19 +00:00
Name string
}
2021-09-24 13:39:23 +00:00
func (c *cookieExtractor) ExtractToken(req *http.Request) (string, error) {
2021-09-23 23:27:19 +00:00
cookie, err := req.Cookie(c.Name)
if err == nil && len(cookie.Value) != 0 {
return cookie.Value, nil
}
return "", jwtRequest.ErrNoTokenInRequest
}
2021-09-24 13:39:23 +00:00
// InitHttp setup and start the http server. Blocking
func InitHttp(resolveContext context.Context, schema graphql.Schema, address string) error {
2021-09-11 20:17:22 +00:00
r := mux.NewRouter()
gqlHandler := handler.New(&handler.Config{
2021-08-03 21:10:23 +00:00
Schema: &schema,
Pretty: true,
GraphiQL: false,
Playground: true,
2021-08-13 23:33:42 +00:00
FormatErrorFn: func(err error) gqlerrors.FormattedError {
switch err := err.(type) {
case gqlerrors.FormattedError:
log.Error("GQL: ", err.Message)
case *gqlerrors.Error:
log.Errorf("GQL: '%s' at '%v'", err.Message, err.Path)
}
return gqlerrors.FormatError(err)
},
2021-08-03 21:10:23 +00:00
})
2021-09-11 20:17:22 +00:00
r.Use(func(h http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
2021-09-14 13:16:37 +00:00
2021-09-23 23:27:19 +00:00
parsedToken, err := jwtRequest.ParseFromRequestWithClaims(r, jwtRequest.MultiExtractor{
jwtRequest.AuthorizationHeaderExtractor,
2021-09-24 13:39:23 +00:00
&cookieExtractor{Name: "jwt"},
}, &types.JWTClaims{}, jwtKeyFunc)
2021-09-14 13:16:37 +00:00
2021-09-23 23:27:19 +00:00
if err == nil && parsedToken.Valid {
newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
h.ServeHTTP(rw, newRequest)
return
2021-09-14 13:16:37 +00:00
}
2021-09-11 20:17:22 +00:00
h.ServeHTTP(rw, r)
})
2021-08-03 21:10:23 +00:00
})
2021-09-11 20:17:22 +00:00
r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
2021-09-14 14:51:01 +00:00
token := r.Context().Value("jwt")
2021-09-26 14:56:32 +00:00
refreshTokenIfNeeded(rw, r)
2021-09-14 14:51:01 +00:00
gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
2021-08-03 21:10:23 +00:00
})
2021-09-11 20:17:22 +00:00
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
2021-09-26 14:56:32 +00:00
refreshTokenIfNeeded(rw, r)
2021-09-11 20:17:22 +00:00
httpGetFile(resolveContext, rw, r)
}).Methods("GET")
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
2021-09-26 14:56:32 +00:00
refreshTokenIfNeeded(rw, r)
2021-09-11 20:17:22 +00:00
httpPostFile(resolveContext, rw, r)
}).Methods("POST")
2021-09-14 13:16:37 +00:00
r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")
2021-09-18 17:33:45 +00:00
r.HandleFunc("/api/logout", logout).Methods("POST")
2021-09-03 21:23:06 +00:00
// Init the embedded static files
2021-09-11 20:17:22 +00:00
initStatic(r)
2021-09-03 21:23:06 +00:00
2021-09-11 20:17:22 +00:00
return http.ListenAndServe(address, r)
2021-08-03 21:10:23 +00:00
}
2021-08-06 12:13:08 +00:00
func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
2021-09-24 15:57:01 +00:00
if !helper.IsAuthenticated(r.Context()) {
2021-09-14 14:51:01 +00:00
rw.WriteHeader(http.StatusUnauthorized)
return
}
2021-08-06 12:13:08 +00:00
s3Client := ctx.Value("s3Client").(*minio.Client)
2021-08-03 21:10:23 +00:00
id := r.URL.Query().Get("id")
2021-08-12 15:48:28 +00:00
log.Debug("S3 call 'StatObject': ", id)
2021-09-24 13:39:23 +00:00
objInfo, err := s3Client.StatObject(context.Background(), "dev", id, minio.GetObjectOptions{})
2021-08-03 21:10:23 +00:00
if err != nil {
2021-08-06 14:31:07 +00:00
rw.WriteHeader(http.StatusInternalServerError)
2021-08-03 21:10:23 +00:00
return
}
reqEtag := r.Header.Get("If-None-Match")
if reqEtag == objInfo.ETag {
2021-08-06 14:31:07 +00:00
rw.WriteHeader(http.StatusNotModified)
2021-08-03 21:10:23 +00:00
return
}
2021-08-12 15:48:28 +00:00
log.Debug("S3 call 'GetObject': ", id)
2021-09-24 13:39:23 +00:00
obj, err := s3Client.GetObject(context.Background(), "dev", id, minio.GetObjectOptions{})
2021-08-03 21:10:23 +00:00
if err != nil {
2021-08-06 14:31:07 +00:00
rw.WriteHeader(http.StatusInternalServerError)
2021-08-03 21:10:23 +00:00
return
}
rw.Header().Set("Cache-Control", "must-revalidate")
rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filepath.Base((objInfo.Key))))
rw.Header().Set("Content-Type", objInfo.ContentType)
rw.Header().Set("ETag", objInfo.ETag)
2021-08-06 14:31:07 +00:00
_, err = io.Copy(rw, obj)
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
2021-08-03 21:10:23 +00:00
}
2021-08-06 12:13:08 +00:00
func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
2021-09-24 15:57:01 +00:00
if !helper.IsAuthenticated(r.Context()) {
2021-09-14 14:51:01 +00:00
rw.WriteHeader(http.StatusUnauthorized)
return
}
2021-08-06 12:13:08 +00:00
s3Client := ctx.Value("s3Client").(*minio.Client)
2021-08-03 21:10:23 +00:00
2021-08-06 12:13:08 +00:00
id := r.URL.Query().Get("id")
2021-08-06 11:49:00 +00:00
2021-08-12 15:48:28 +00:00
log.Debug("Upload file: ", id)
2021-08-03 21:10:23 +00:00
contentType := r.Header.Get("Content-Type")
2021-08-06 11:49:00 +00:00
mimeType, _, _ := mime.ParseMediaType(contentType)
2021-08-03 21:10:23 +00:00
2021-08-12 15:48:28 +00:00
log.Debug("S3 call 'PutObject': ", id)
2021-09-24 13:39:23 +00:00
info, err := s3Client.PutObject(context.Background(), "dev", id, r.Body, r.ContentLength, minio.PutObjectOptions{
2021-08-06 11:49:00 +00:00
ContentType: mimeType,
})
2021-08-03 21:10:23 +00:00
2021-08-06 14:31:07 +00:00
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
2021-08-06 12:13:08 +00:00
// Invalidate cache
2021-09-24 13:39:23 +00:00
helper.InvalidateCache(ctx, info.Key)
2021-08-06 12:13:08 +00:00
2021-08-06 14:31:07 +00:00
rw.WriteHeader(http.StatusCreated)
2021-08-03 21:10:23 +00:00
}
2021-09-14 13:16:37 +00:00
2021-09-23 23:27:19 +00:00
func jwtKeyFunc(t *jwt.Token) (interface{}, error) {
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"])
2021-09-14 13:16:37 +00:00
}
2021-09-23 23:27:19 +00:00
return []byte("TODO"), nil
2021-09-14 13:16:37 +00:00
}
//setLoginCookie if provieded a valid JWT in the body then set a httpOnly cookie with the token
func setLoginCookie(rw http.ResponseWriter, r *http.Request) {
body, err := io.ReadAll(r.Body)
defer r.Body.Close()
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
tokenString := string(body)
2021-09-24 13:39:23 +00:00
token, err := jwt.ParseWithClaims(tokenString, &types.JWTClaims{}, jwtKeyFunc)
2021-09-14 13:16:37 +00:00
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
if !token.Valid {
rw.WriteHeader(http.StatusUnauthorized)
return
}
2021-09-24 13:39:23 +00:00
claims, ok := token.Claims.(*types.JWTClaims)
2021-09-14 13:16:37 +00:00
if !ok {
rw.WriteHeader(http.StatusInternalServerError)
return
}
cookie := &http.Cookie{
Name: "jwt",
Value: tokenString,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/api",
2021-09-23 23:27:19 +00:00
Expires: time.Unix(claims.ExpiresAt, 0),
2021-09-14 13:16:37 +00:00
}
http.SetCookie(rw, cookie)
rw.WriteHeader(http.StatusNoContent)
}
2021-09-18 17:33:45 +00:00
//logout removes the jwt cookie
func logout(rw http.ResponseWriter, r *http.Request) {
cookie := &http.Cookie{
Name: "jwt",
Value: "",
Path: "/api",
Expires: time.Unix(0, 0),
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}
http.SetCookie(rw, cookie)
rw.WriteHeader(http.StatusNoContent)
}
2021-09-23 23:27:19 +00:00
2021-09-26 14:56:32 +00:00
func refreshTokenIfNeeded(rw http.ResponseWriter, r *http.Request) {
currentToken, ok := r.Context().Value("jwt").(*jwt.Token)
if !ok && currentToken == nil {
2021-09-23 23:27:19 +00:00
return
}
2021-09-26 14:56:32 +00:00
claims, ok := currentToken.Claims.(*types.JWTClaims)
2021-09-23 23:27:19 +00:00
if !ok {
2021-09-26 14:56:32 +00:00
log.Error("Failed to refresh JWT")
2021-09-23 23:27:19 +00:00
return
}
2021-09-26 14:56:32 +00:00
// Refresh only if token older than 1 hour
if (claims.ExpiresAt - time.Now().Unix()) > tokenExp {
2021-09-23 23:27:19 +00:00
return
}
2021-09-26 14:56:32 +00:00
newToken := helper.CreateJWT(claims)
2021-09-23 23:27:19 +00:00
2021-09-26 14:56:32 +00:00
tokenString, err := newToken.SignedString([]byte("TODO"))
2021-09-23 23:27:19 +00:00
if err != nil {
2021-09-26 14:56:32 +00:00
log.Error("Failed to refresh JWT")
2021-09-23 23:27:19 +00:00
return
}
cookie := &http.Cookie{
Name: "jwt",
Value: tokenString,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/api",
Expires: time.Unix(int64(claims.ExpiresAt), 0),
}
http.SetCookie(rw, cookie)
2021-09-26 14:56:32 +00:00
log.Debug("Refreshed JWT")
2021-09-23 23:27:19 +00:00
}