s3browser-backend/internal/httpserver/httpServer.go

286 lines
6.7 KiB
Go

package httpserver
import (
"context"
"fmt"
"io"
"mime"
"net/http"
"path/filepath"
"time"
"github.com/golang-jwt/jwt"
jwtRequest "github.com/golang-jwt/jwt/request"
"github.com/gorilla/mux"
"github.com/graphql-go/graphql"
"github.com/graphql-go/graphql/gqlerrors"
"github.com/graphql-go/handler"
"github.com/minio/minio-go/v7"
log "github.com/sirupsen/logrus"
helper "git.kapelle.org/niklas/s3browser/internal/helper"
types "git.kapelle.org/niklas/s3browser/internal/types"
)
type cookieExtractor struct {
Name string
}
func (c *cookieExtractor) ExtractToken(req *http.Request) (string, error) {
cookie, err := req.Cookie(c.Name)
if err == nil && len(cookie.Value) != 0 {
return cookie.Value, nil
}
return "", jwtRequest.ErrNoTokenInRequest
}
// InitHttp setup and start the http server. Blocking
func InitHttp(resolveContext context.Context, schema graphql.Schema, address string) error {
r := mux.NewRouter()
gqlHandler := handler.New(&handler.Config{
Schema: &schema,
Pretty: true,
GraphiQL: false,
Playground: true,
FormatErrorFn: func(err error) gqlerrors.FormattedError {
switch err := err.(type) {
case gqlerrors.FormattedError:
log.Error("GQL: ", err.Message)
case *gqlerrors.Error:
log.Errorf("GQL: '%s' at '%v'", err.Message, err.Path)
}
return gqlerrors.FormatError(err)
},
})
r.Use(func(h http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
parsedToken, err := jwtRequest.ParseFromRequestWithClaims(r, jwtRequest.MultiExtractor{
jwtRequest.AuthorizationHeaderExtractor,
&cookieExtractor{Name: "jwt"},
}, &types.JWTClaims{}, jwtKeyFunc)
if err == nil && parsedToken.Valid {
newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
h.ServeHTTP(rw, newRequest)
return
}
h.ServeHTTP(rw, r)
})
})
r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
token := r.Context().Value("jwt")
gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
})
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
httpGetFile(resolveContext, rw, r)
}).Methods("GET")
r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
httpPostFile(resolveContext, rw, r)
}).Methods("POST")
r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")
r.HandleFunc("/api/logout", logout).Methods("POST")
r.HandleFunc("/api/refresh", refreshToken).Methods("POST")
// Init the embedded static files
initStatic(r)
return http.ListenAndServe(address, r)
}
func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
if helper.IsAuthenticated(r.Context()) {
rw.WriteHeader(http.StatusUnauthorized)
return
}
s3Client := ctx.Value("s3Client").(*minio.Client)
id := r.URL.Query().Get("id")
log.Debug("S3 call 'StatObject': ", id)
objInfo, err := s3Client.StatObject(context.Background(), "dev", id, minio.GetObjectOptions{})
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
reqEtag := r.Header.Get("If-None-Match")
if reqEtag == objInfo.ETag {
rw.WriteHeader(http.StatusNotModified)
return
}
log.Debug("S3 call 'GetObject': ", id)
obj, err := s3Client.GetObject(context.Background(), "dev", id, minio.GetObjectOptions{})
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
rw.Header().Set("Cache-Control", "must-revalidate")
rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filepath.Base((objInfo.Key))))
rw.Header().Set("Content-Type", objInfo.ContentType)
rw.Header().Set("ETag", objInfo.ETag)
_, err = io.Copy(rw, obj)
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
}
func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
if helper.IsAuthenticated(r.Context()) {
rw.WriteHeader(http.StatusUnauthorized)
return
}
s3Client := ctx.Value("s3Client").(*minio.Client)
id := r.URL.Query().Get("id")
log.Debug("Upload file: ", id)
contentType := r.Header.Get("Content-Type")
mimeType, _, _ := mime.ParseMediaType(contentType)
log.Debug("S3 call 'PutObject': ", id)
info, err := s3Client.PutObject(context.Background(), "dev", id, r.Body, r.ContentLength, minio.PutObjectOptions{
ContentType: mimeType,
})
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
// Invalidate cache
helper.InvalidateCache(ctx, info.Key)
rw.WriteHeader(http.StatusCreated)
}
func jwtKeyFunc(t *jwt.Token) (interface{}, error) {
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"])
}
return []byte("TODO"), nil
}
//setLoginCookie if provieded a valid JWT in the body then set a httpOnly cookie with the token
func setLoginCookie(rw http.ResponseWriter, r *http.Request) {
body, err := io.ReadAll(r.Body)
defer r.Body.Close()
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
tokenString := string(body)
token, err := jwt.ParseWithClaims(tokenString, &types.JWTClaims{}, jwtKeyFunc)
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
if !token.Valid {
rw.WriteHeader(http.StatusUnauthorized)
return
}
claims, ok := token.Claims.(*types.JWTClaims)
if !ok {
rw.WriteHeader(http.StatusInternalServerError)
return
}
cookie := &http.Cookie{
Name: "jwt",
Value: tokenString,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/api",
Expires: time.Unix(claims.ExpiresAt, 0),
}
http.SetCookie(rw, cookie)
rw.WriteHeader(http.StatusNoContent)
}
//logout removes the jwt cookie
func logout(rw http.ResponseWriter, r *http.Request) {
cookie := &http.Cookie{
Name: "jwt",
Value: "",
Path: "/api",
Expires: time.Unix(0, 0),
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
}
http.SetCookie(rw, cookie)
rw.WriteHeader(http.StatusNoContent)
}
func refreshToken(rw http.ResponseWriter, r *http.Request) {
if helper.IsAuthenticated(r.Context()) {
rw.WriteHeader(http.StatusUnauthorized)
return
}
oldToken, ok := r.Context().Value("jwt").(*jwt.Token)
if !ok {
rw.WriteHeader(http.StatusInternalServerError)
return
}
claims, ok := oldToken.Claims.(*types.JWTClaims)
if !ok {
rw.WriteHeader(http.StatusInternalServerError)
return
}
token := helper.CreateJWT(claims)
tokenString, err := token.SignedString([]byte("TODO"))
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
return
}
cookie := &http.Cookie{
Name: "jwt",
Value: tokenString,
HttpOnly: true,
SameSite: http.SameSiteStrictMode,
Path: "/api",
Expires: time.Unix(int64(claims.ExpiresAt), 0),
}
http.SetCookie(rw, cookie)
}