package main import ( "encoding/json" "errors" "fmt" "io/ioutil" "net/http" "net/http/httptest" "os" "strconv" "strings" "time" "github.com/thermokarst/bactdb/Godeps/_workspace/src/github.com/gorilla/context" "github.com/thermokarst/bactdb/Godeps/_workspace/src/github.com/gorilla/mux" "github.com/thermokarst/bactdb/Godeps/_workspace/src/github.com/nytimes/gziphandler" "github.com/thermokarst/bactdb/Godeps/_workspace/src/github.com/thermokarst/jwt" ) var ( config *jwt.Config j *jwt.Middleware ) type Claims struct { Name string Iss string Sub int64 Role string Iat int64 Exp int64 Ref string } func verifyClaims(claims []byte, r *http.Request) error { currentTime := time.Now() var c Claims err := json.Unmarshal(claims, &c) if err != nil { return err } if currentTime.After(time.Unix(c.Exp, 0)) { return errors.New("this token has expired") } context.Set(r, "claims", c) return nil } func Handler() http.Handler { claimsFunc := func(email string) (map[string]interface{}, error) { currentTime := time.Now() user, err := dbGetUserByEmail(email) if err != nil { return nil, err } return map[string]interface{}{ "name": user.Name, "iss": "bactdb", "sub": user.Id, "role": user.Role, "iat": currentTime.Unix(), "exp": currentTime.Add(time.Minute * 60).Unix(), "ref": "", }, nil } config = &jwt.Config{ Secret: os.Getenv("SECRET"), Auth: dbAuthenticate, Claims: claimsFunc, } var err error j, err = jwt.New(config) if err != nil { panic(err) } m := mux.NewRouter() userService := UserService{} strainService := StrainService{} speciesService := SpeciesService{} characteristicService := CharacteristicService{} measurementService := MeasurementService{} m.Handle("/authenticate", tokenHandler(j.Authenticate())).Methods("POST") m.Handle("/refresh", j.Secure(errorHandler(tokenRefresh(j)), verifyClaims)).Methods("POST") // Everything past here is lumped under a genus s := m.PathPrefix("/{genus}").Subrouter() s.Handle("/users", errorHandler(handleCreater(userService))).Methods("POST") s.Handle("/users/verify/{Nonce}", errorHandler(handleUserVerify)).Methods("GET") s.Handle("/users/lockout", errorHandler(handleUserLockout)).Methods("POST") s.Handle("/compare", j.Secure(errorHandler(handleCompare), verifyClaims)).Methods("GET") type r struct { f errorHandler m string p string } // Everything past this point requires a valid token routes := []r{ r{handleLister(userService), "GET", "/users"}, r{handleGetter(userService), "GET", "/users/{Id:.+}"}, r{handleUpdater(userService), "PUT", "/users/{Id:.+}"}, r{handleLister(speciesService), "GET", "/species"}, r{handleCreater(speciesService), "POST", "/species"}, r{handleGetter(speciesService), "GET", "/species/{Id:.+}"}, r{handleUpdater(speciesService), "PUT", "/species/{Id:.+}"}, r{handleLister(strainService), "GET", "/strains"}, r{handleCreater(strainService), "POST", "/strains"}, r{handleGetter(strainService), "GET", "/strains/{Id:.+}"}, r{handleUpdater(strainService), "PUT", "/strains/{Id:.+}"}, r{handleLister(characteristicService), "GET", "/characteristics"}, r{handleCreater(characteristicService), "POST", "/characteristics"}, r{handleGetter(characteristicService), "GET", "/characteristics/{Id:.+}"}, r{handleUpdater(characteristicService), "PUT", "/characteristics/{Id:.+}"}, r{handleLister(measurementService), "GET", "/measurements"}, r{handleGetter(measurementService), "GET", "/measurements/{Id:.+}"}, r{handleUpdater(measurementService), "PUT", "/measurements/{Id:.+}"}, r{handleDeleter(measurementService), "DELETE", "/measurements/{Id:.+}"}, } for _, route := range routes { s.Handle(route.p, j.Secure(errorHandler(route.f), verifyClaims)).Methods(route.m) } return jsonHandler(gziphandler.GzipHandler(corsHandler(m))) } func handleGetter(g getter) errorHandler { return func(w http.ResponseWriter, r *http.Request) *appError { id, err := strconv.ParseInt(mux.Vars(r)["Id"], 10, 0) if err != nil { return newJSONError(err, http.StatusInternalServerError) } claims := getClaims(r) e, appErr := g.get(id, mux.Vars(r)["genus"], &claims) if appErr != nil { return appErr } data, err := e.marshal() if err != nil { return newJSONError(err, http.StatusInternalServerError) } w.Write(data) return nil } } func handleLister(l lister) errorHandler { return func(w http.ResponseWriter, r *http.Request) *appError { opt := r.URL.Query() opt.Add("Genus", mux.Vars(r)["genus"]) claims := getClaims(r) es, appErr := l.list(&opt, &claims) if appErr != nil { return appErr } data, err := es.marshal() if err != nil { return newJSONError(err, http.StatusInternalServerError) } w.Write(data) return nil } } func handleUpdater(u updater) errorHandler { return func(w http.ResponseWriter, r *http.Request) *appError { id, err := strconv.ParseInt(mux.Vars(r)["Id"], 10, 0) if err != nil { return newJSONError(err, http.StatusInternalServerError) } bodyBytes, err := ioutil.ReadAll(r.Body) if err != nil { return newJSONError(err, http.StatusInternalServerError) } e, err := u.unmarshal(bodyBytes) if err != nil { return newJSONError(err, http.StatusInternalServerError) } claims := getClaims(r) appErr := u.update(id, &e, mux.Vars(r)["genus"], &claims) if appErr != nil { return appErr } data, err := e.marshal() if err != nil { return newJSONError(err, http.StatusInternalServerError) } w.Write(data) return nil } } func handleCreater(c creater) errorHandler { return func(w http.ResponseWriter, r *http.Request) *appError { bodyBytes, err := ioutil.ReadAll(r.Body) if err != nil { return newJSONError(err, http.StatusInternalServerError) } e, err := c.unmarshal(bodyBytes) if err != nil { return newJSONError(err, http.StatusInternalServerError) } claims := getClaims(r) appErr := c.create(&e, mux.Vars(r)["genus"], &claims) if appErr != nil { return appErr } data, err := e.marshal() if err != nil { return newJSONError(err, http.StatusInternalServerError) } w.Write(data) return nil } } func handleDeleter(d deleter) errorHandler { return func(w http.ResponseWriter, r *http.Request) *appError { id, err := strconv.ParseInt(mux.Vars(r)["Id"], 10, 0) if err != nil { return newJSONError(err, http.StatusInternalServerError) } claims := getClaims(r) appErr := d.delete(id, mux.Vars(r)["genus"], &claims) if appErr != nil { return appErr } return nil } } func tokenHandler(h http.Handler) http.Handler { token := func(w http.ResponseWriter, r *http.Request) { recorder := httptest.NewRecorder() h.ServeHTTP(recorder, r) for key, val := range recorder.Header() { w.Header()[key] = val } w.Header().Set("Content-Type", "application/json; charset=UTF-8") w.WriteHeader(recorder.Code) tokenData := string(recorder.Body.Bytes()) var data []byte if recorder.Code != 200 { data, _ = json.Marshal(struct { Error string `json:"error"` }{ Error: tokenData, }) } else { data, _ = json.Marshal(struct { Token string `json:"token"` }{ Token: tokenData, }) } w.Write(data) return } return http.HandlerFunc(token) } func corsHandler(h http.Handler) http.Handler { cors := func(w http.ResponseWriter, r *http.Request) { domains := os.Getenv("DOMAINS") allowedDomains := strings.Split(domains, ",") if origin := r.Header.Get("Origin"); origin != "" { for _, s := range allowedDomains { if s == origin { w.Header().Set("Access-Control-Allow-Origin", origin) w.Header().Set("Access-Control-Allow-Headers", r.Header.Get("Access-Control-Request-Headers")) w.Header().Set("Access-Control-Allow-Methods", r.Header.Get("Access-Control-Request-Method")) } } } if r.Method != "OPTIONS" { h.ServeHTTP(w, r) } } return http.HandlerFunc(cors) } func jsonHandler(h http.Handler) http.Handler { j := func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json; charset=UTF-8") h.ServeHTTP(w, r) } return http.HandlerFunc(j) } type errorHandler func(http.ResponseWriter, *http.Request) *appError func (fn errorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { if err := fn(w, r); err != nil { w.WriteHeader(err.Status) fmt.Fprintln(w, err.Error.Error()) } } func tokenRefresh(j *jwt.Middleware) errorHandler { t := func(w http.ResponseWriter, r *http.Request) *appError { claims := getClaims(r) user, err := dbGetUserById(claims.Sub) if err != nil { return newJSONError(err, http.StatusInternalServerError) } token, err := j.CreateToken(user.Email) if err != nil { return newJSONError(err, http.StatusInternalServerError) } data, _ := json.Marshal(struct { Token string `json:"token"` }{ Token: token, }) w.Write(data) return nil } return t }