Compare commits
4 Commits
28ff9006df
...
024948b8ff
| Author | SHA1 | Date | |
|---|---|---|---|
| 024948b8ff | |||
| 20f95b8ea4 | |||
| 9f280caafc | |||
| af488ab5fe |
25
internal/errors.go
Normal file
25
internal/errors.go
Normal file
@@ -0,0 +1,25 @@
|
||||
package s3browser
|
||||
|
||||
import "fmt"
|
||||
|
||||
type extendedError struct {
|
||||
Message string
|
||||
Code string
|
||||
}
|
||||
|
||||
func (err *extendedError) Error() string {
|
||||
return err.Message
|
||||
}
|
||||
|
||||
func (err *extendedError) Extensions() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"code": err.Code,
|
||||
}
|
||||
}
|
||||
|
||||
func extendError(code, format string, a ...interface{}) *extendedError {
|
||||
return &extendedError{
|
||||
Message: fmt.Sprintf(format, a...),
|
||||
Code: code,
|
||||
}
|
||||
}
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/golang-jwt/jwt"
|
||||
"github.com/graph-gophers/dataloader"
|
||||
"github.com/minio/minio-go/v7"
|
||||
log "github.com/sirupsen/logrus"
|
||||
@@ -108,3 +109,17 @@ func getParentDir(id string) string {
|
||||
|
||||
return nomalizeID(parent)
|
||||
}
|
||||
|
||||
func isAuth(ctx context.Context) (bool, error) {
|
||||
token, ok := ctx.Value("jwt").(*jwt.Token)
|
||||
|
||||
if !ok {
|
||||
return false, extendError("UNAUTHORIZED", "Unauthorized")
|
||||
}
|
||||
|
||||
if token.Valid {
|
||||
return true, nil
|
||||
} else {
|
||||
return false, extendError("UNAUTHORIZED", "Unauthorized")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -53,7 +53,9 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
|
||||
parsedToken, err := parseJWT(token)
|
||||
|
||||
if err == nil && parsedToken.Valid {
|
||||
r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
|
||||
newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
|
||||
h.ServeHTTP(rw, newRequest)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
@@ -62,7 +64,8 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
|
||||
})
|
||||
|
||||
r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
|
||||
gqlHandler.ContextHandler(resolveContext, rw, r)
|
||||
token := r.Context().Value("jwt")
|
||||
gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
|
||||
})
|
||||
|
||||
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
|
||||
@@ -75,6 +78,8 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
|
||||
|
||||
r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")
|
||||
|
||||
r.HandleFunc("/api/logout", logout).Methods("POST")
|
||||
|
||||
// Init the embedded static files
|
||||
initStatic(r)
|
||||
|
||||
@@ -82,6 +87,11 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
|
||||
}
|
||||
|
||||
func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
|
||||
if is, _ := isAuth(r.Context()); !is {
|
||||
rw.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
s3Client := ctx.Value("s3Client").(*minio.Client)
|
||||
id := r.URL.Query().Get("id")
|
||||
|
||||
@@ -121,6 +131,11 @@ func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
|
||||
if is, _ := isAuth(r.Context()); !is {
|
||||
rw.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
s3Client := ctx.Value("s3Client").(*minio.Client)
|
||||
|
||||
id := r.URL.Query().Get("id")
|
||||
@@ -229,3 +244,19 @@ func setLoginCookie(rw http.ResponseWriter, r *http.Request) {
|
||||
|
||||
rw.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
//logout removes the jwt cookie
|
||||
func logout(rw http.ResponseWriter, r *http.Request) {
|
||||
cookie := &http.Cookie{
|
||||
Name: "jwt",
|
||||
Value: "",
|
||||
Path: "/api",
|
||||
Expires: time.Unix(0, 0),
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteStrictMode,
|
||||
}
|
||||
|
||||
http.SetCookie(rw, cookie)
|
||||
|
||||
rw.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
|
||||
@@ -21,6 +21,10 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
},
|
||||
},
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
if is, err := isAuth(p.Context); !is {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
path, ok := p.Args["path"].(string)
|
||||
|
||||
if !ok {
|
||||
@@ -42,6 +46,10 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
},
|
||||
},
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
if is, err := isAuth(p.Context); !is {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
path, ok := p.Args["path"].(string)
|
||||
|
||||
if !ok {
|
||||
@@ -63,6 +71,10 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
},
|
||||
},
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
if is, err := isAuth(p.Context); !is {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
id, ok := p.Args["id"].(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("Failed to parse args")
|
||||
@@ -75,6 +87,16 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
}, nil
|
||||
},
|
||||
},
|
||||
"authorized": &graphql.Field{
|
||||
Name: "authorized",
|
||||
Type: graphql.NewNonNull(graphql.Boolean),
|
||||
Description: "True if the user is authorized",
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
auth, _ := isAuth(p.Context)
|
||||
|
||||
return auth, nil
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
mutationFields := graphql.Fields{
|
||||
@@ -86,6 +108,10 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
},
|
||||
},
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
if is, err := isAuth(p.Context); !is {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
id, ok := p.Args["id"].(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("Failed to parse args")
|
||||
@@ -107,6 +133,10 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
},
|
||||
},
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
if is, err := isAuth(p.Context); !is {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
src, ok := p.Args["src"].(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("Failed to parse args")
|
||||
@@ -132,6 +162,10 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
},
|
||||
},
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
if is, err := isAuth(p.Context); !is {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
src, ok := p.Args["src"].(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("Failed to parse args")
|
||||
@@ -154,6 +188,10 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
},
|
||||
},
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
if is, err := isAuth(p.Context); !is {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
path, ok := p.Args["path"].(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("Failed to parse args")
|
||||
@@ -172,6 +210,10 @@ func graphqlSchema() (graphql.Schema, error) {
|
||||
},
|
||||
},
|
||||
Resolve: func(p graphql.ResolveParams) (interface{}, error) {
|
||||
if is, err := isAuth(p.Context); !is {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
path, ok := p.Args["path"].(string)
|
||||
|
||||
if !ok {
|
||||
|
||||
Reference in New Issue
Block a user