the big refactor
This commit is contained in:
11
internal/httpserver/debug.go
Normal file
11
internal/httpserver/debug.go
Normal file
@@ -0,0 +1,11 @@
|
||||
//go:build !prod
|
||||
// +build !prod
|
||||
|
||||
package httpserver
|
||||
|
||||
import "github.com/gorilla/mux"
|
||||
|
||||
// Since we dont have the static directory when developing we replace the function with an empty one
|
||||
func initStatic(r *mux.Router) {
|
||||
// NOOP
|
||||
}
|
||||
285
internal/httpserver/httpServer.go
Normal file
285
internal/httpserver/httpServer.go
Normal file
@@ -0,0 +1,285 @@
|
||||
package httpserver
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"mime"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt"
|
||||
jwtRequest "github.com/golang-jwt/jwt/request"
|
||||
"github.com/gorilla/mux"
|
||||
"github.com/graphql-go/graphql"
|
||||
"github.com/graphql-go/graphql/gqlerrors"
|
||||
"github.com/graphql-go/handler"
|
||||
"github.com/minio/minio-go/v7"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
helper "git.kapelle.org/niklas/s3browser/internal/helper"
|
||||
types "git.kapelle.org/niklas/s3browser/internal/types"
|
||||
)
|
||||
|
||||
type cookieExtractor struct {
|
||||
Name string
|
||||
}
|
||||
|
||||
func (c *cookieExtractor) ExtractToken(req *http.Request) (string, error) {
|
||||
cookie, err := req.Cookie(c.Name)
|
||||
|
||||
if err == nil && len(cookie.Value) != 0 {
|
||||
return cookie.Value, nil
|
||||
}
|
||||
|
||||
return "", jwtRequest.ErrNoTokenInRequest
|
||||
}
|
||||
|
||||
// InitHttp setup and start the http server. Blocking
|
||||
func InitHttp(resolveContext context.Context, schema graphql.Schema, address string) error {
|
||||
r := mux.NewRouter()
|
||||
|
||||
gqlHandler := handler.New(&handler.Config{
|
||||
Schema: &schema,
|
||||
Pretty: true,
|
||||
GraphiQL: false,
|
||||
Playground: true,
|
||||
FormatErrorFn: func(err error) gqlerrors.FormattedError {
|
||||
switch err := err.(type) {
|
||||
case gqlerrors.FormattedError:
|
||||
log.Error("GQL: ", err.Message)
|
||||
case *gqlerrors.Error:
|
||||
log.Errorf("GQL: '%s' at '%v'", err.Message, err.Path)
|
||||
}
|
||||
return gqlerrors.FormatError(err)
|
||||
},
|
||||
})
|
||||
|
||||
r.Use(func(h http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||
|
||||
parsedToken, err := jwtRequest.ParseFromRequestWithClaims(r, jwtRequest.MultiExtractor{
|
||||
jwtRequest.AuthorizationHeaderExtractor,
|
||||
&cookieExtractor{Name: "jwt"},
|
||||
}, &types.JWTClaims{}, jwtKeyFunc)
|
||||
|
||||
if err == nil && parsedToken.Valid {
|
||||
newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
|
||||
h.ServeHTTP(rw, newRequest)
|
||||
return
|
||||
}
|
||||
|
||||
h.ServeHTTP(rw, r)
|
||||
})
|
||||
})
|
||||
|
||||
r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
|
||||
token := r.Context().Value("jwt")
|
||||
gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
|
||||
})
|
||||
|
||||
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
|
||||
httpGetFile(resolveContext, rw, r)
|
||||
}).Methods("GET")
|
||||
|
||||
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
|
||||
httpPostFile(resolveContext, rw, r)
|
||||
}).Methods("POST")
|
||||
|
||||
r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")
|
||||
|
||||
r.HandleFunc("/api/logout", logout).Methods("POST")
|
||||
|
||||
r.HandleFunc("/api/refresh", refreshToken).Methods("POST")
|
||||
|
||||
// Init the embedded static files
|
||||
initStatic(r)
|
||||
|
||||
return http.ListenAndServe(address, r)
|
||||
}
|
||||
|
||||
func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
|
||||
if is, _ := helper.IsAuth(r.Context()); !is {
|
||||
rw.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
s3Client := ctx.Value("s3Client").(*minio.Client)
|
||||
id := r.URL.Query().Get("id")
|
||||
|
||||
log.Debug("S3 call 'StatObject': ", id)
|
||||
objInfo, err := s3Client.StatObject(context.Background(), "dev", id, minio.GetObjectOptions{})
|
||||
|
||||
if err != nil {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
reqEtag := r.Header.Get("If-None-Match")
|
||||
if reqEtag == objInfo.ETag {
|
||||
rw.WriteHeader(http.StatusNotModified)
|
||||
return
|
||||
}
|
||||
|
||||
log.Debug("S3 call 'GetObject': ", id)
|
||||
obj, err := s3Client.GetObject(context.Background(), "dev", id, minio.GetObjectOptions{})
|
||||
|
||||
if err != nil {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
rw.Header().Set("Cache-Control", "must-revalidate")
|
||||
rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filepath.Base((objInfo.Key))))
|
||||
rw.Header().Set("Content-Type", objInfo.ContentType)
|
||||
rw.Header().Set("ETag", objInfo.ETag)
|
||||
|
||||
_, err = io.Copy(rw, obj)
|
||||
|
||||
if err != nil {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
|
||||
if is, _ := helper.IsAuth(r.Context()); !is {
|
||||
rw.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
s3Client := ctx.Value("s3Client").(*minio.Client)
|
||||
|
||||
id := r.URL.Query().Get("id")
|
||||
|
||||
log.Debug("Upload file: ", id)
|
||||
|
||||
contentType := r.Header.Get("Content-Type")
|
||||
mimeType, _, _ := mime.ParseMediaType(contentType)
|
||||
|
||||
log.Debug("S3 call 'PutObject': ", id)
|
||||
info, err := s3Client.PutObject(context.Background(), "dev", id, r.Body, r.ContentLength, minio.PutObjectOptions{
|
||||
ContentType: mimeType,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
// Invalidate cache
|
||||
helper.InvalidateCache(ctx, info.Key)
|
||||
|
||||
rw.WriteHeader(http.StatusCreated)
|
||||
}
|
||||
|
||||
func jwtKeyFunc(t *jwt.Token) (interface{}, error) {
|
||||
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"])
|
||||
}
|
||||
return []byte("TODO"), nil
|
||||
}
|
||||
|
||||
//setLoginCookie if provieded a valid JWT in the body then set a httpOnly cookie with the token
|
||||
func setLoginCookie(rw http.ResponseWriter, r *http.Request) {
|
||||
body, err := io.ReadAll(r.Body)
|
||||
defer r.Body.Close()
|
||||
|
||||
if err != nil {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
tokenString := string(body)
|
||||
|
||||
token, err := jwt.ParseWithClaims(tokenString, &types.JWTClaims{}, jwtKeyFunc)
|
||||
|
||||
if err != nil {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
if !token.Valid {
|
||||
rw.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
claims, ok := token.Claims.(*types.JWTClaims)
|
||||
|
||||
if !ok {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
cookie := &http.Cookie{
|
||||
Name: "jwt",
|
||||
Value: tokenString,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Path: "/api",
|
||||
Expires: time.Unix(claims.ExpiresAt, 0),
|
||||
}
|
||||
|
||||
http.SetCookie(rw, cookie)
|
||||
|
||||
rw.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
//logout removes the jwt cookie
|
||||
func logout(rw http.ResponseWriter, r *http.Request) {
|
||||
cookie := &http.Cookie{
|
||||
Name: "jwt",
|
||||
Value: "",
|
||||
Path: "/api",
|
||||
Expires: time.Unix(0, 0),
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
}
|
||||
|
||||
http.SetCookie(rw, cookie)
|
||||
|
||||
rw.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
func refreshToken(rw http.ResponseWriter, r *http.Request) {
|
||||
if is, _ := helper.IsAuth(r.Context()); !is {
|
||||
rw.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
oldToken, ok := r.Context().Value("jwt").(*jwt.Token)
|
||||
|
||||
if !ok {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
claims, ok := oldToken.Claims.(*types.JWTClaims)
|
||||
|
||||
if !ok {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
token := helper.CreateJWT(claims)
|
||||
|
||||
tokenString, err := token.SignedString([]byte("TODO"))
|
||||
|
||||
if err != nil {
|
||||
rw.WriteHeader(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
cookie := &http.Cookie{
|
||||
Name: "jwt",
|
||||
Value: tokenString,
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
Path: "/api",
|
||||
Expires: time.Unix(int64(claims.ExpiresAt), 0),
|
||||
}
|
||||
|
||||
http.SetCookie(rw, cookie)
|
||||
}
|
||||
32
internal/httpserver/staticFiles.go
Normal file
32
internal/httpserver/staticFiles.go
Normal file
@@ -0,0 +1,32 @@
|
||||
//go:build prod
|
||||
// +build prod
|
||||
|
||||
package httpserver
|
||||
|
||||
import (
|
||||
"embed"
|
||||
"io/fs"
|
||||
"net/http"
|
||||
"os"
|
||||
)
|
||||
|
||||
// content holds our static web server content.
|
||||
//go:embed static
|
||||
var staticFiles embed.FS
|
||||
|
||||
type spaFileSystem struct {
|
||||
root http.FileSystem
|
||||
}
|
||||
|
||||
func (spa *spaFileSystem) Open(name string) (http.File, error) {
|
||||
f, err := spa.root.Open(name)
|
||||
if os.IsNotExist(err) {
|
||||
return spa.root.Open("index.html")
|
||||
}
|
||||
return f, err
|
||||
}
|
||||
|
||||
func initStatic(e *mux.Router) {
|
||||
staticFS, _ := fs.Sub(staticFiles, "static")
|
||||
r.Handle("/", http.FileServer(&spaFileSystem{http.FS(staticFS)}))
|
||||
}
|
||||
Reference in New Issue
Block a user