GoScrobble/internal/goscrobble/server.go

package goscrobble

import (
	"encoding/json"
	"errors"
	"fmt"
	"log"
	"net/http"
	"os"
	"path/filepath"

	"github.com/gorilla/mux"
)

// spaHandler - Handles Single Page Applications (React)
type spaHandler struct {
	staticPath string
	indexPath  string
}

type jsonResponse struct {
	Err string `json:"error,omitempty"`
	Msg string `json:"message,omitempty"`
}

// Limits to 1 req / 10 sec
var heavyLimiter = NewIPRateLimiter(0.1, 1)

// Limits to 5 req / sec
var standardLimiter = NewIPRateLimiter(5, 5)

// HandleRequests - Boot HTTP!
func HandleRequests() {
	// Create a new router
	r := mux.NewRouter().StrictSlash(true)

	v1 := r.PathPrefix("/api/v1").Subrouter()

	// Static Token for /ingress
	v1.HandleFunc("/ingress/jellyfin", tokenMiddleware(serveEndpoint))

	// JWT Auth
	v1.HandleFunc("/profile/{id}", jwtMiddleware(serveEndpoint))

	// No Auth
	v1.HandleFunc("/register", limitMiddleware(handleRegister, heavyLimiter)).Methods("POST")
	v1.HandleFunc("/login", limitMiddleware(serveEndpoint, standardLimiter)).Methods("POST")
	v1.HandleFunc("/logout", serveEndpoint).Methods("POST")

	// This just prevents it serving frontend stuff over /api
	r.PathPrefix("/api")

	// SERVE FRONTEND - NO AUTH
	spa := spaHandler{staticPath: "web/build", indexPath: "index.html"}
	r.PathPrefix("/").Handler(spa)

	// Serve it up!
	log.Fatal(http.ListenAndServe(":42069", r))
}

// MIDDLEWARE
// throwUnauthorized - Throws a 403
func throwUnauthorized(w http.ResponseWriter, m string) {
	jr := jsonResponse{
		Err: m,
	}
	js, _ := json.Marshal(&jr)
	err := errors.New(string(js))
	http.Error(w, err.Error(), http.StatusUnauthorized)
}

// throwUnauthorized - Throws a 403
func throwBadReq(w http.ResponseWriter, m string) {
	jr := jsonResponse{
		Err: m,
	}
	js, _ := json.Marshal(&jr)
	err := errors.New(string(js))
	http.Error(w, err.Error(), http.StatusBadRequest)
}

// generateJsonMessage - Generates a message:str response
func generateJsonMessage(m string) []byte {
	jr := jsonResponse{
		Msg: m,
	}
	js, _ := json.Marshal(&jr)
	return js
}

// tokenMiddleware - Validates token to a user
func tokenMiddleware(next http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		throwUnauthorized(w, "Invalid API Token")
		return
		// next(res, req)
	}
}

// jwtMiddleware - Validates middleware to a user
func jwtMiddleware(next http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		throwUnauthorized(w, "Invalid JWT Token")
		return
		// next(res, req)
	}
}

// limitMiddleware - Rate limits important stuff
func limitMiddleware(next http.HandlerFunc, limiter *IPRateLimiter) http.HandlerFunc {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		limiter := limiter.GetLimiter(r.RemoteAddr)
		if !limiter.Allow() {
			msg := generateJsonMessage("Too many requests")
			w.WriteHeader(http.StatusTooManyRequests)
			w.Write(msg)
			return
		}

		next(w, r)
	})
}

// API ENDPOINT HANDLING

// handleRegister - Does as it says!
func handleRegister(w http.ResponseWriter, r *http.Request) {
	regReq := RegisterRequest{}
	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&regReq)
	if err != nil {
		throwBadReq(w, err.Error())
		return
	}

	err = createUser(&regReq)
	if err != nil {
		throwBadReq(w, err.Error())
		return
	}

	msg := generateJsonMessage("User created succesfully")
	w.WriteHeader(http.StatusCreated)
	w.Write(msg)
}

// serveEndpoint - API stuffs
func serveEndpoint(w http.ResponseWriter, r *http.Request) {
	json, err := decodeJson(r.Body)
	if err != nil {
		// If we can't decode. Lets tell them nicely.
		http.Error(w, "{\"error\":\"Invalid JSON\"}", http.StatusBadRequest)
		return
	}

	log.Printf("%v", json)
	// Lets trick 'em for now ;) ;)
	fmt.Fprintf(w, "{}")
}

// FRONTEND HANDLING

// ServerHTTP - Frontend server
func (h spaHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	// Get the absolute path to prevent directory traversal
	path, err := filepath.Abs(r.URL.Path)
	if err != nil {
		// If we failed to get the absolute path respond with a 400 bad request and return
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	// prepend the path with the path to the static directory
	path = filepath.Join(h.staticPath, path)

	// check whether a file exists at the given path
	_, err = os.Stat(path)
	if os.IsNotExist(err) {
		// file does not exist, serve index.html
		http.ServeFile(w, r, filepath.Join(h.staticPath, h.indexPath))
		return
	} else if err != nil {
		// if we got an error (that wasn't that the file doesn't exist) stating the
		// file, return a 500 internal server error and stop
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// otherwise, use http.FileServer to serve the static dir
	http.FileServer(http.Dir(h.staticPath)).ServeHTTP(w, r)
}
Initial Commit 2021-03-23 08:43:44 +00:00			`package goscrobble`

			`import (`
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`"encoding/json"`
Basic API structure 2021-03-25 05:15:01 +00:00			`"errors"`
Initial Commit 2021-03-23 08:43:44 +00:00			`"fmt"`
			`"log"`
			`"net/http"`
Build basic frontend 2021-03-24 03:29:35 +00:00			`"os"`
			`"path/filepath"`
Initial Commit 2021-03-23 08:43:44 +00:00
			`"github.com/gorilla/mux"`
			`)`

Add user table + funcs 2021-03-24 09:28:05 +00:00			`// spaHandler - Handles Single Page Applications (React)`
Build basic frontend 2021-03-24 03:29:35 +00:00			`type spaHandler struct {`
			`staticPath string`
			`indexPath string`
			`}`

Basic API structure 2021-03-25 05:15:01 +00:00			`type jsonResponse struct {`
Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00			Err string `json:"error,omitempty"`
			Msg string `json:"message,omitempty"`
Basic API structure 2021-03-25 05:15:01 +00:00			`}`

Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00			`// Limits to 1 req / 10 sec`
Tidy up rate limiter 2021-03-25 10:30:35 +00:00			`var heavyLimiter = NewIPRateLimiter(0.1, 1)`

			`// Limits to 5 req / sec`
			`var standardLimiter = NewIPRateLimiter(5, 5)`
Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00
Add user table + funcs 2021-03-24 09:28:05 +00:00			`// HandleRequests - Boot HTTP!`
Initial Commit 2021-03-23 08:43:44 +00:00			`func HandleRequests() {`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`// Create a new router`
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`r := mux.NewRouter().StrictSlash(true)`
Build basic frontend 2021-03-24 03:29:35 +00:00
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`v1 := r.PathPrefix("/api/v1").Subrouter()`
Build basic frontend 2021-03-24 03:29:35 +00:00
Basic API structure 2021-03-25 05:15:01 +00:00			`// Static Token for /ingress`
			`v1.HandleFunc("/ingress/jellyfin", tokenMiddleware(serveEndpoint))`
Add user table + funcs 2021-03-24 09:28:05 +00:00
Basic API structure 2021-03-25 05:15:01 +00:00			`// JWT Auth`
			`v1.HandleFunc("/profile/{id}", jwtMiddleware(serveEndpoint))`

			`// No Auth`
Tidy up rate limiter 2021-03-25 10:30:35 +00:00			`v1.HandleFunc("/register", limitMiddleware(handleRegister, heavyLimiter)).Methods("POST")`
			`v1.HandleFunc("/login", limitMiddleware(serveEndpoint, standardLimiter)).Methods("POST")`
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`v1.HandleFunc("/logout", serveEndpoint).Methods("POST")`

Basic API structure 2021-03-25 05:15:01 +00:00			`// This just prevents it serving frontend stuff over /api`
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`r.PathPrefix("/api")`
Add user table + funcs 2021-03-24 09:28:05 +00:00
			`// SERVE FRONTEND - NO AUTH`
Update path 2021-03-24 04:24:53 +00:00			`spa := spaHandler{staticPath: "web/build", indexPath: "index.html"}`
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`r.PathPrefix("/").Handler(spa)`
Build basic frontend 2021-03-24 03:29:35 +00:00
Add user table + funcs 2021-03-24 09:28:05 +00:00			`// Serve it up!`
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`log.Fatal(http.ListenAndServe(":42069", r))`
Initial Commit 2021-03-23 08:43:44 +00:00			`}`

Basic API structure 2021-03-25 05:15:01 +00:00			`// MIDDLEWARE`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`// throwUnauthorized - Throws a 403`
			`func throwUnauthorized(w http.ResponseWriter, m string) {`
			`jr := jsonResponse{`
			`Err: m,`
			`}`
			`js, _ := json.Marshal(&jr)`
			`err := errors.New(string(js))`
			`http.Error(w, err.Error(), http.StatusUnauthorized)`
			`}`

Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00			`// throwUnauthorized - Throws a 403`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`func throwBadReq(w http.ResponseWriter, m string) {`
			`jr := jsonResponse{`
			`Err: m,`
			`}`
			`js, _ := json.Marshal(&jr)`
			`err := errors.New(string(js))`
			`http.Error(w, err.Error(), http.StatusBadRequest)`
			`}`
Basic API structure 2021-03-25 05:15:01 +00:00
Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00			`// generateJsonMessage - Generates a message:str response`
			`func generateJsonMessage(m string) []byte {`
			`jr := jsonResponse{`
			`Msg: m,`
			`}`
			`js, _ := json.Marshal(&jr)`
			`return js`
			`}`

Basic API structure 2021-03-25 05:15:01 +00:00			`// tokenMiddleware - Validates token to a user`
			`func tokenMiddleware(next http.HandlerFunc) http.HandlerFunc {`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`return func(w http.ResponseWriter, r *http.Request) {`
			`throwUnauthorized(w, "Invalid API Token")`
Basic API structure 2021-03-25 05:15:01 +00:00			`return`
			`// next(res, req)`
			`}`
			`}`

			`// jwtMiddleware - Validates middleware to a user`
			`func jwtMiddleware(next http.HandlerFunc) http.HandlerFunc {`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`return func(w http.ResponseWriter, r *http.Request) {`
			`throwUnauthorized(w, "Invalid JWT Token")`
Basic API structure 2021-03-25 05:15:01 +00:00			`return`
			`// next(res, req)`
			`}`
			`}`

Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00			`// limitMiddleware - Rate limits important stuff`
Tidy up rate limiter 2021-03-25 10:30:35 +00:00			`func limitMiddleware(next http.HandlerFunc, limiter *IPRateLimiter) http.HandlerFunc {`
Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`limiter := limiter.GetLimiter(r.RemoteAddr)`
			`if !limiter.Allow() {`
Tidy up rate limiter 2021-03-25 10:30:35 +00:00			`msg := generateJsonMessage("Too many requests")`
			`w.WriteHeader(http.StatusTooManyRequests)`
			`w.Write(msg)`
Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00			`return`
			`}`

			`next(w, r)`
			`})`
			`}`

Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`// API ENDPOINT HANDLING`

			`// handleRegister - Does as it says!`
			`func handleRegister(w http.ResponseWriter, r *http.Request) {`
			`regReq := RegisterRequest{}`
			`decoder := json.NewDecoder(r.Body)`
			`err := decoder.Decode(&regReq)`
			`if err != nil {`
			`throwBadReq(w, err.Error())`
			`return`
			`}`

			`err = createUser(&regReq)`
			`if err != nil {`
			`throwBadReq(w, err.Error())`
			`return`
			`}`

Add rate limiter to register endpoint 2021-03-25 10:24:21 +00:00			`msg := generateJsonMessage("User created succesfully")`
			`w.WriteHeader(http.StatusCreated)`
			`w.Write(msg)`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`}`
Basic API structure 2021-03-25 05:15:01 +00:00
			`// serveEndpoint - API stuffs`
Initial Commit 2021-03-23 08:43:44 +00:00			`func serveEndpoint(w http.ResponseWriter, r *http.Request) {`
Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`json, err := decodeJson(r.Body)`
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`if err != nil {`
			`// If we can't decode. Lets tell them nicely.`
			`http.Error(w, "{\"error\":\"Invalid JSON\"}", http.StatusBadRequest)`
			`return`
			`}`

Register API complete, email validation too 2021-03-25 10:09:17 +00:00			`log.Printf("%v", json)`
Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`// Lets trick 'em for now ;) ;)`
Initial Commit 2021-03-23 08:43:44 +00:00			`fmt.Fprintf(w, "{}")`
			`}`
Build basic frontend 2021-03-24 03:29:35 +00:00
Basic API structure 2021-03-25 05:15:01 +00:00			`// FRONTEND HANDLING`

Add login/logout/register routes 2021-03-24 10:07:46 +00:00			`// ServerHTTP - Frontend server`
Build basic frontend 2021-03-24 03:29:35 +00:00			`func (h spaHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`// Get the absolute path to prevent directory traversal`
Build basic frontend 2021-03-24 03:29:35 +00:00			`path, err := filepath.Abs(r.URL.Path)`
			`if err != nil {`
Add user table + funcs 2021-03-24 09:28:05 +00:00			`// If we failed to get the absolute path respond with a 400 bad request and return`
Build basic frontend 2021-03-24 03:29:35 +00:00			`http.Error(w, err.Error(), http.StatusBadRequest)`
			`return`
			`}`

			`// prepend the path with the path to the static directory`
			`path = filepath.Join(h.staticPath, path)`

			`// check whether a file exists at the given path`
			`_, err = os.Stat(path)`
			`if os.IsNotExist(err) {`
			`// file does not exist, serve index.html`
			`http.ServeFile(w, r, filepath.Join(h.staticPath, h.indexPath))`
			`return`
			`} else if err != nil {`
			`// if we got an error (that wasn't that the file doesn't exist) stating the`
			`// file, return a 500 internal server error and stop`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`// otherwise, use http.FileServer to serve the static dir`
			`http.FileServer(http.Dir(h.staticPath)).ServeHTTP(w, r)`
			`}`