lumin/phoenix
1
0
Fork 0
mirror of https://github.com/ordinary-dev/phoenix synced 2024-09-19 19:30:28 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refactor API handlers

Browse source
This commit is contained in:
Ivan R. 2023-11-01 22:40:15 +05:00
parent e7fe2939cf
commit 77ddb3747b
No known key found for this signature in database
GPG key ID: 56C7BAAE859B302C
7 changed files with 247 additions and 249 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

164
views/auth.go
View file

@ -15,22 +15,24 @@ import (
const TOKEN_LIFETIME_IN_SECONDS = 60 * 60 * 24 * 30 const TOKEN_LIFETIME_IN_SECONDS = 60 * 60 * 24 * 30
func ShowRegistrationForm(c *gin.Context, db *gorm.DB) { func ShowRegistrationForm(db *gorm.DB) gin.HandlerFunc {
if database.CountAdmins(db) > 0 { return func(ctx *gin.Context) {
ShowError(c, errors.New("At least 1 user already exists")) if database.CountAdmins(db) > 0 {
return ShowError(ctx, errors.New("At least 1 user already exists"))
} return
}
c.HTML(http.StatusOK, "auth.html.tmpl", gin.H{ ctx.HTML(http.StatusOK, "auth.html.tmpl", gin.H{
"title": "Create an account", "title": "Create an account",
"description": "To prevent other people from seeing your links, create an account.", "description": "To prevent other people from seeing your links, create an account.",
"button": "Create", "button": "Create",
"formAction": "/api/users", "formAction": "/api/users",
}) })
}
} }
func ShowLoginForm(c *gin.Context) { func ShowLoginForm(ctx *gin.Context) {
c.HTML(http.StatusOK, "auth.html.tmpl", gin.H{ ctx.HTML(http.StatusOK, "auth.html.tmpl", gin.H{
"title": "Sign in", "title": "Sign in",
"description": "Authorization is required to view this page.", "description": "Authorization is required to view this page.",
"button": "Sign in", "button": "Sign in",
@ -69,37 +71,39 @@ func RequireAuth(c *gin.Context, cfg *config.Config) (*jwt.RegisteredClaims, err
return claims, nil return claims, nil
} }
func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) { func AuthMiddleware(db *gorm.DB, cfg *config.Config) gin.HandlerFunc {
claims, err := RequireAuth(c, cfg) return func(ctx *gin.Context) {
if err != nil { claims, err := RequireAuth(ctx, cfg)
if cfg.HeaderAuth && c.Request.Header.Get("Remote-User") != "" { if err != nil {
// Generate access token. if cfg.HeaderAuth && ctx.Request.Header.Get("Remote-User") != "" {
token, err := GetJWTToken(cfg) // Generate access token.
if err != nil { token, err := GetJWTToken(cfg)
ShowError(c, err) if err != nil {
ShowError(ctx, err)
return
}
SetTokenCookie(ctx, token, cfg)
return return
} }
SetTokenCookie(c, token, cfg)
if database.CountAdmins(db) < 1 {
ctx.Redirect(http.StatusFound, "/registration")
} else {
ctx.Redirect(http.StatusFound, "/signin")
}
ctx.Abort()
return return
} }
if database.CountAdmins(db) < 1 { // Create a new token if the old one is about to expire
c.Redirect(http.StatusFound, "/registration") if time.Now().Add(time.Second * (TOKEN_LIFETIME_IN_SECONDS / 2)).After(claims.ExpiresAt.Time) {
} else { newToken, err := GetJWTToken(cfg)
c.Redirect(http.StatusFound, "/signin") if err != nil {
ShowError(ctx, err)
return
}
SetTokenCookie(ctx, newToken, cfg)
} }
c.Abort()
return
}
// Create a new token if the old one is about to expire
if time.Now().Add(time.Second * (TOKEN_LIFETIME_IN_SECONDS / 2)).After(claims.ExpiresAt.Time) {
newToken, err := GetJWTToken(cfg)
if err != nil {
ShowError(c, err)
return
}
SetTokenCookie(c, newToken, cfg)
} }
} }
@ -111,53 +115,57 @@ func GetJWTToken(cfg *config.Config) (string, error) {
return token.SignedString([]byte(cfg.SecretKey)) return token.SignedString([]byte(cfg.SecretKey))
} }
func CreateUser(c *gin.Context, db *gorm.DB, cfg *config.Config) { func CreateUser(db *gorm.DB, cfg *config.Config) gin.HandlerFunc {
if database.CountAdmins(db) > 0 { return func(ctx *gin.Context) {
ShowError(c, errors.New("At least 1 user already exists")) if database.CountAdmins(db) > 0 {
return ShowError(ctx, errors.New("At least 1 user already exists"))
} return
}
// Try to create a user. // Try to create a user.
username := c.PostForm("username") username := ctx.PostForm("username")
password := c.PostForm("password") password := ctx.PostForm("password")
_, err := database.CreateAdmin(db, username, password) _, err := database.CreateAdmin(db, username, password)
if err != nil { if err != nil {
ShowError(c, err) ShowError(ctx, err)
return return
} }
// Generate access token. // Generate access token.
token, err := GetJWTToken(cfg) token, err := GetJWTToken(cfg)
if err != nil { if err != nil {
ShowError(c, err) ShowError(ctx, err)
return return
} }
SetTokenCookie(c, token, cfg) SetTokenCookie(ctx, token, cfg)
// Redirect to homepage. // Redirect to homepage.
c.Redirect(http.StatusFound, "/") ctx.Redirect(http.StatusFound, "/")
}
} }
func AuthorizeUser(c *gin.Context, db *gorm.DB, cfg *config.Config) { func AuthorizeUser(db *gorm.DB, cfg *config.Config) gin.HandlerFunc {
// Check credentials. return func(ctx *gin.Context) {
username := c.PostForm("username") // Check credentials.
password := c.PostForm("password") username := ctx.PostForm("username")
_, err := database.AuthorizeAdmin(db, username, password) password := ctx.PostForm("password")
if err != nil { _, err := database.AuthorizeAdmin(db, username, password)
ShowError(c, err) if err != nil {
return ShowError(ctx, err)
} return
}
// Generate an access token. // Generate an access token.
token, err := GetJWTToken(cfg) token, err := GetJWTToken(cfg)
if err != nil { if err != nil {
ShowError(c, err) ShowError(ctx, err)
return return
} }
SetTokenCookie(c, token, cfg) SetTokenCookie(ctx, token, cfg)
// Redirect to homepage. // Redirect to homepage.
c.Redirect(http.StatusFound, "/") ctx.Redirect(http.StatusFound, "/")
}
} }
// Save token in cookies // Save token in cookies

6
views/errors.go
View file

@ -5,13 +5,13 @@ import (
"net/http" "net/http"
) )
func ShowError(c *gin.Context, err error) { func ShowError(ctx *gin.Context, err error) {
c.HTML( ctx.HTML(
http.StatusBadRequest, http.StatusBadRequest,
"error.html.tmpl", "error.html.tmpl",
gin.H{ gin.H{
"error": err.Error(), "error": err.Error(),
}, },
) )
c.Abort() ctx.Abort()
} }

88
views/groups.go
View file

@ -8,55 +8,61 @@ import (
"strconv" "strconv"
) )
func CreateGroup(c *gin.Context, db *gorm.DB) { func CreateGroup(db *gorm.DB) gin.HandlerFunc {
// Save new group to the database. return func(ctx *gin.Context) {
group := database.Group{ // Save new group to the database.
Name: c.PostForm("groupName"), group := database.Group{
} Name: ctx.PostForm("groupName"),
if result := db.Create(&group); result.Error != nil { }
ShowError(c, result.Error) if result := db.Create(&group); result.Error != nil {
return ShowError(ctx, result.Error)
} return
}
// This page is called from the settings, return the user back. // This page is called from the settings, return the user back.
c.Redirect(http.StatusFound, "/settings") ctx.Redirect(http.StatusFound, "/settings")
}
} }
func UpdateGroup(c *gin.Context, db *gorm.DB) { func UpdateGroup(db *gorm.DB) gin.HandlerFunc {
id, err := strconv.ParseUint(c.Param("id"), 10, 64) return func(ctx *gin.Context) {
if err != nil { id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
ShowError(c, err) if err != nil {
return ShowError(ctx, err)
} return
}
var group database.Group var group database.Group
if result := db.First(&group, id); result.Error != nil { if result := db.First(&group, id); result.Error != nil {
ShowError(c, result.Error) ShowError(ctx, result.Error)
return return
} }
group.Name = c.PostForm("groupName") group.Name = ctx.PostForm("groupName")
if result := db.Save(&group); result.Error != nil { if result := db.Save(&group); result.Error != nil {
ShowError(c, result.Error) ShowError(ctx, result.Error)
return return
} }
// This page is called from the settings, return the user back. // This page is called from the settings, return the user back.
c.Redirect(http.StatusFound, "/settings") ctx.Redirect(http.StatusFound, "/settings")
}
} }
func DeleteGroup(c *gin.Context, db *gorm.DB) { func DeleteGroup(db *gorm.DB) gin.HandlerFunc {
id, err := strconv.ParseUint(c.Param("id"), 10, 64) return func(ctx *gin.Context) {
if err != nil { id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
ShowError(c, err) if err != nil {
return ShowError(ctx, err)
} return
}
if result := db.Delete(&database.Group{}, id); result.Error != nil { if result := db.Delete(&database.Group{}, id); result.Error != nil {
ShowError(c, result.Error) ShowError(ctx, result.Error)
return return
} }
// Redirect to settings. // Redirect to settings.
c.Redirect(http.StatusFound, "/settings") ctx.Redirect(http.StatusFound, "/settings")
}
} }

30
views/index.go
View file

@ -7,20 +7,22 @@ import (
"net/http" "net/http"
) )
func ShowMainPage(c *gin.Context, db *gorm.DB) { func ShowMainPage(db *gorm.DB) gin.HandlerFunc {
// Get a list of groups with links return func(ctx *gin.Context) {
var groups []database.Group // Get a list of groups with links
result := db. var groups []database.Group
Model(&database.Group{}). result := db.
Preload("Links"). Model(&database.Group{}).
Find(&groups) Preload("Links").
Find(&groups)
if result.Error != nil { if result.Error != nil {
ShowError(c, result.Error) ShowError(ctx, result.Error)
return return
}
ctx.HTML(http.StatusOK, "index.html.tmpl", gin.H{
"groups": groups,
})
} }
c.HTML(http.StatusOK, "index.html.tmpl", gin.H{
"groups": groups,
})
} }

126
views/links.go
View file

@ -8,75 +8,81 @@ import (
"strconv" "strconv"
) )
func CreateLink(c *gin.Context, db *gorm.DB) { func CreateLink(db *gorm.DB) gin.HandlerFunc {
groupID, err := strconv.ParseUint(c.PostForm("groupID"), 10, 32) return func(ctx *gin.Context) {
if err != nil { groupID, err := strconv.ParseUint(ctx.PostForm("groupID"), 10, 32)
ShowError(c, err) if err != nil {
return ShowError(ctx, err)
} return
}
link := database.Link{ link := database.Link{
Name: c.PostForm("linkName"), Name: ctx.PostForm("linkName"),
Href: c.PostForm("href"), Href: ctx.PostForm("href"),
GroupID: groupID, GroupID: groupID,
} }
icon := c.PostForm("icon") icon := ctx.PostForm("icon")
if icon == "" { if icon == "" {
link.Icon = nil link.Icon = nil
} else { } else {
link.Icon = &icon link.Icon = &icon
} }
if result := db.Create(&link); result.Error != nil { if result := db.Create(&link); result.Error != nil {
ShowError(c, result.Error) ShowError(ctx, result.Error)
return return
} }
// Redirect to settings. // Redirect to settings.
c.Redirect(http.StatusFound, "/settings") ctx.Redirect(http.StatusFound, "/settings")
}
} }
func UpdateLink(c *gin.Context, db *gorm.DB) { func UpdateLink(db *gorm.DB) gin.HandlerFunc {
id, err := strconv.ParseUint(c.Param("id"), 10, 64) return func(ctx *gin.Context) {
if err != nil { id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
ShowError(c, err) if err != nil {
return ShowError(ctx, err)
} return
}
var link database.Link var link database.Link
if result := db.First(&link, id); result.Error != nil { if result := db.First(&link, id); result.Error != nil {
ShowError(c, err) ShowError(ctx, err)
return return
} }
link.Name = c.PostForm("linkName") link.Name = ctx.PostForm("linkName")
link.Href = c.PostForm("href") link.Href = ctx.PostForm("href")
icon := c.PostForm("icon") icon := ctx.PostForm("icon")
if icon == "" { if icon == "" {
link.Icon = nil link.Icon = nil
} else { } else {
link.Icon = &icon link.Icon = &icon
} }
if result := db.Save(&link); result.Error != nil { if result := db.Save(&link); result.Error != nil {
ShowError(c, result.Error) ShowError(ctx, result.Error)
return return
} }
// Redirect to settings. // Redirect to settings.
c.Redirect(http.StatusFound, "/settings") ctx.Redirect(http.StatusFound, "/settings")
}
} }
func DeleteLink(c *gin.Context, db *gorm.DB) { func DeleteLink(db *gorm.DB) gin.HandlerFunc {
id, err := strconv.ParseUint(c.Param("id"), 10, 64) return func(ctx *gin.Context) {
if err != nil { id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
ShowError(c, err) if err != nil {
return ShowError(ctx, err)
} return
}
if result := db.Delete(&database.Link{}, id); result.Error != nil { if result := db.Delete(&database.Link{}, id); result.Error != nil {
ShowError(c, result.Error) ShowError(ctx, result.Error)
return return
} }
// Redirect to settings. // Redirect to settings.
c.Redirect(http.StatusFound, "/settings") ctx.Redirect(http.StatusFound, "/settings")
}
} }

52
views/main.go
View file

@ -22,68 +22,42 @@ func GetGinEngine(cfg *config.Config, db *gorm.DB) *gin.Engine {
engine.Use(SecurityHeadersMiddleware) engine.Use(SecurityHeadersMiddleware)
engine.GET("/signin", func(c *gin.Context) { engine.GET("/signin", ShowLoginForm)
ShowLoginForm(c) engine.POST("/api/users/signin", AuthorizeUser(db, cfg))
})
engine.POST("/api/users/signin", func(c *gin.Context) {
AuthorizeUser(c, db, cfg)
})
engine.GET("/registration", func(c *gin.Context) { engine.GET("/registration", ShowRegistrationForm(db))
ShowRegistrationForm(c, db) engine.POST("/api/users", CreateUser(db, cfg))
})
engine.POST("/api/users", func(c *gin.Context) {
CreateUser(c, db, cfg)
})
// This group requires authorization before viewing. // This group requires authorization before viewing.
protected := engine.Group("/") protected := engine.Group("/")
protected.Use(func(c *gin.Context) { protected.Use(AuthMiddleware(db, cfg))
AuthMiddleware(c, db, cfg)
})
// Main page // Main page
protected.GET("/", func(c *gin.Context) { protected.GET("/", ShowMainPage(db))
ShowMainPage(c, db)
})
protected.GET("/settings", func(c *gin.Context) { protected.GET("/settings", ShowSettings(db))
ShowSettings(c, db)
})
// Create new group // Create new group
protected.POST("/api/groups", func(c *gin.Context) { protected.POST("/api/groups", CreateGroup(db))
CreateGroup(c, db)
})
// Update group // Update group
// HTML forms cannot be submitted using PUT or PATCH methods without javascript. // HTML forms cannot be submitted using PUT or PATCH methods without javascript.
protected.POST("/api/groups/:id/put", func(c *gin.Context) { protected.POST("/api/groups/:id/put", UpdateGroup(db))
UpdateGroup(c, db)
})
// Delete group // Delete group
// HTML forms cannot be submitted using the DELETE method without javascript. // HTML forms cannot be submitted using the DELETE method without javascript.
protected.POST("/api/groups/:id/delete", func(c *gin.Context) { protected.POST("/api/groups/:id/delete", DeleteGroup(db))
DeleteGroup(c, db)
})
// Create new link // Create new link
protected.POST("/api/links", func(c *gin.Context) { protected.POST("/api/links", CreateLink(db))
CreateLink(c, db)
})
// Update link. // Update link.
// HTML forms cannot be submitted using PUT or PATCH methods without javascript. // HTML forms cannot be submitted using PUT or PATCH methods without javascript.
protected.POST("/api/links/:id/put", func(c *gin.Context) { protected.POST("/api/links/:id/put", UpdateLink(db))
UpdateLink(c, db)
})
// Delete link // Delete link
// HTML forms cannot be submitted using the DELETE method without javascript. // HTML forms cannot be submitted using the DELETE method without javascript.
protected.POST("/api/links/:id/delete", func(c *gin.Context) { protected.POST("/api/links/:id/delete", DeleteLink(db))
DeleteLink(c, db)
})
return engine return engine
} }

30
views/settings.go
View file

@ -7,20 +7,22 @@ import (
"net/http" "net/http"
) )
func ShowSettings(c *gin.Context, db *gorm.DB) { func ShowSettings(db *gorm.DB) gin.HandlerFunc {
// Get a list of groups with links return func(ctx *gin.Context) {
var groups []database.Group // Get a list of groups with links
result := db. var groups []database.Group
Model(&database.Group{}). result := db.
Preload("Links"). Model(&database.Group{}).
Find(&groups) Preload("Links").
Find(&groups)
if result.Error != nil { if result.Error != nil {
ShowError(c, result.Error) ShowError(ctx, result.Error)
return return
}
ctx.HTML(http.StatusOK, "settings.html.tmpl", gin.H{
"groups": groups,
})
} }
c.HTML(http.StatusOK, "settings.html.tmpl", gin.H{
"groups": groups,
})
} }