GoScrobble/internal/goscrobble/server.go

282 lines
6.8 KiB
Go
Raw Normal View History

2021-03-23 08:43:44 +00:00
package goscrobble
import (
2021-03-24 10:07:46 +00:00
"encoding/json"
2021-03-25 05:15:01 +00:00
"errors"
2021-03-23 08:43:44 +00:00
"fmt"
"log"
"net/http"
2021-03-24 03:29:35 +00:00
"os"
"path/filepath"
2021-03-28 08:52:34 +00:00
"strings"
2021-03-23 08:43:44 +00:00
"github.com/gorilla/mux"
2021-03-26 08:06:28 +00:00
"github.com/rs/cors"
2021-03-23 08:43:44 +00:00
)
2021-03-24 09:28:05 +00:00
// spaHandler - Handles Single Page Applications (React)
2021-03-24 03:29:35 +00:00
type spaHandler struct {
staticPath string
indexPath string
}
2021-03-25 05:15:01 +00:00
type jsonResponse struct {
2021-03-25 10:24:21 +00:00
Err string `json:"error,omitempty"`
Msg string `json:"message,omitempty"`
2021-03-25 05:15:01 +00:00
}
2021-03-25 10:24:21 +00:00
// Limits to 1 req / 10 sec
2021-03-28 08:52:34 +00:00
var heavyLimiter = NewIPRateLimiter(0.25, 2)
2021-03-25 10:30:35 +00:00
// Limits to 5 req / sec
2021-03-28 08:52:34 +00:00
var standardLimiter = NewIPRateLimiter(1, 5)
2021-03-25 10:24:21 +00:00
2021-03-25 23:21:28 +00:00
// List of Reverse proxies
var ReverseProxies []string
2021-03-26 08:06:28 +00:00
func enableCors(w *http.ResponseWriter) {
(*w).Header().Set("Access-Control-Allow-Origin", "*")
}
2021-03-24 09:28:05 +00:00
// HandleRequests - Boot HTTP!
func HandleRequests(port string) {
2021-03-24 09:28:05 +00:00
// Create a new router
2021-03-24 10:07:46 +00:00
r := mux.NewRouter().StrictSlash(true)
2021-03-24 03:29:35 +00:00
2021-03-24 10:07:46 +00:00
v1 := r.PathPrefix("/api/v1").Subrouter()
2021-03-24 03:29:35 +00:00
2021-03-25 05:15:01 +00:00
// Static Token for /ingress
2021-03-28 08:52:34 +00:00
v1.HandleFunc("/ingress/jellyfin", tokenMiddleware(handleIngress))
2021-03-24 09:28:05 +00:00
2021-03-25 05:15:01 +00:00
// JWT Auth
2021-03-28 08:52:34 +00:00
// v1.HandleFunc("/profile/{id}", jwtMiddleware(handleIngress))
2021-03-25 05:15:01 +00:00
// No Auth
2021-03-25 10:30:35 +00:00
v1.HandleFunc("/register", limitMiddleware(handleRegister, heavyLimiter)).Methods("POST")
2021-03-25 23:21:28 +00:00
v1.HandleFunc("/login", limitMiddleware(handleLogin, standardLimiter)).Methods("POST")
2021-03-28 08:52:34 +00:00
// For now just trash JWT in frontend until we have full state management "Good enough"
// v1.HandleFunc("/logout", handleIngress).Methods("POST")
2021-03-24 10:07:46 +00:00
2021-03-25 05:15:01 +00:00
// This just prevents it serving frontend stuff over /api
2021-03-24 10:07:46 +00:00
r.PathPrefix("/api")
2021-03-24 09:28:05 +00:00
// SERVE FRONTEND - NO AUTH
2021-03-24 04:24:53 +00:00
spa := spaHandler{staticPath: "web/build", indexPath: "index.html"}
2021-03-24 10:07:46 +00:00
r.PathPrefix("/").Handler(spa)
2021-03-24 03:29:35 +00:00
2021-03-26 08:06:28 +00:00
c := cors.New(cors.Options{
// Grrrr CORS
AllowedOrigins: []string{"*"},
AllowCredentials: true,
})
handler := c.Handler(r)
2021-03-24 09:28:05 +00:00
// Serve it up!
fmt.Printf("Goscrobble listening on port %s", port)
log.Fatal(http.ListenAndServe(":"+port, handler))
2021-03-23 08:43:44 +00:00
}
2021-03-25 05:15:01 +00:00
// MIDDLEWARE
// throwUnauthorized - Throws a 403
func throwUnauthorized(w http.ResponseWriter, m string) {
jr := jsonResponse{
Err: m,
}
js, _ := json.Marshal(&jr)
err := errors.New(string(js))
http.Error(w, err.Error(), http.StatusUnauthorized)
}
2021-03-25 10:24:21 +00:00
// throwUnauthorized - Throws a 403
func throwBadReq(w http.ResponseWriter, m string) {
jr := jsonResponse{
Err: m,
}
js, _ := json.Marshal(&jr)
err := errors.New(string(js))
http.Error(w, err.Error(), http.StatusBadRequest)
}
2021-03-25 05:15:01 +00:00
2021-03-28 09:24:18 +00:00
// throwOkMessage - Throws a happy 200
2021-03-26 08:06:28 +00:00
func throwOkMessage(w http.ResponseWriter, m string) {
jr := jsonResponse{
2021-03-28 09:24:18 +00:00
Msg: m,
2021-03-26 08:06:28 +00:00
}
js, _ := json.Marshal(&jr)
err := errors.New(string(js))
http.Error(w, err.Error(), http.StatusOK)
}
2021-03-25 10:24:21 +00:00
// generateJsonMessage - Generates a message:str response
func generateJsonMessage(m string) []byte {
jr := jsonResponse{
Msg: m,
}
js, _ := json.Marshal(&jr)
return js
}
2021-03-26 22:51:03 +00:00
// generateJsonError - Generates a err:str response
func generateJsonError(m string) []byte {
jr := jsonResponse{
Err: m,
}
js, _ := json.Marshal(&jr)
return js
}
2021-03-25 05:15:01 +00:00
// tokenMiddleware - Validates token to a user
func tokenMiddleware(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
2021-03-28 08:52:34 +00:00
fullToken := r.Header.Get("Authorization")
authToken := strings.Replace(fullToken, "Bearer ", "", 1)
if authToken == "" {
throwUnauthorized(w, "A token is required")
}
userUuid, err := getUserForToken(authToken)
if err != nil {
throwUnauthorized(w, err.Error())
return
}
// Lets tack this on the request for now..
r.Header.Set("UserUUID", userUuid)
next(w, r)
2021-03-25 05:15:01 +00:00
}
}
// jwtMiddleware - Validates middleware to a user
func jwtMiddleware(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
throwUnauthorized(w, "Invalid JWT Token")
2021-03-28 08:52:34 +00:00
next(w, r)
2021-03-25 05:15:01 +00:00
}
}
2021-03-25 10:24:21 +00:00
// limitMiddleware - Rate limits important stuff
2021-03-25 10:30:35 +00:00
func limitMiddleware(next http.HandlerFunc, limiter *IPRateLimiter) http.HandlerFunc {
2021-03-25 10:24:21 +00:00
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
limiter := limiter.GetLimiter(r.RemoteAddr)
if !limiter.Allow() {
2021-03-26 23:29:11 +00:00
msg := generateJsonMessage("Too many requests")
2021-03-25 10:30:35 +00:00
w.WriteHeader(http.StatusTooManyRequests)
w.Write(msg)
2021-03-25 10:24:21 +00:00
return
}
next(w, r)
})
}
// API ENDPOINT HANDLING
// handleRegister - Does as it says!
func handleRegister(w http.ResponseWriter, r *http.Request) {
regReq := RegisterRequest{}
decoder := json.NewDecoder(r.Body)
err := decoder.Decode(&regReq)
if err != nil {
throwBadReq(w, err.Error())
return
}
2021-03-25 23:21:28 +00:00
ip := getUserIp(r)
err = createUser(&regReq, ip)
if err != nil {
2021-03-26 08:06:28 +00:00
throwOkMessage(w, err.Error())
return
}
2021-03-28 08:52:34 +00:00
msg := generateJsonMessage("User created succesfully. You may now login")
2021-03-25 10:24:21 +00:00
w.WriteHeader(http.StatusCreated)
w.Write(msg)
}
2021-03-25 05:15:01 +00:00
2021-03-25 23:21:28 +00:00
// handleLogin - Does as it says!
func handleLogin(w http.ResponseWriter, r *http.Request) {
logReq := LoginRequest{}
decoder := json.NewDecoder(r.Body)
err := decoder.Decode(&logReq)
if err != nil {
throwBadReq(w, err.Error())
return
}
ip := getUserIp(r)
data, err := loginUser(&logReq, ip)
if err != nil {
2021-03-26 22:51:03 +00:00
throwOkMessage(w, err.Error())
2021-03-25 23:21:28 +00:00
return
}
w.WriteHeader(http.StatusOK)
w.Write(data)
}
2021-03-25 05:15:01 +00:00
// serveEndpoint - API stuffs
2021-03-28 08:52:34 +00:00
func handleIngress(w http.ResponseWriter, r *http.Request) {
bodyJson, err := decodeJson(r.Body)
2021-03-24 10:07:46 +00:00
if err != nil {
// If we can't decode. Lets tell them nicely.
http.Error(w, "{\"error\":\"Invalid JSON\"}", http.StatusBadRequest)
return
}
2021-03-28 08:52:34 +00:00
ingressType := strings.Replace(r.URL.Path, "/api/v1/ingress/", "", 1)
2021-03-28 09:17:39 +00:00
2021-03-28 08:52:34 +00:00
switch ingressType {
case "jellyfin":
tx, _ := db.Begin()
ip := getUserIp(r)
err := ParseJellyfinInput(r.Header.Get("UserUUID"), bodyJson, ip, tx)
if err != nil {
log.Printf("Error inserting track: %+v", err)
tx.Rollback()
throwBadReq(w, err.Error())
return
}
err = tx.Commit()
if err != nil {
throwBadReq(w, err.Error())
return
}
2021-03-24 10:07:46 +00:00
2021-03-28 09:24:18 +00:00
throwOkMessage(w, "success")
2021-03-28 08:52:34 +00:00
return
}
2021-03-28 09:24:18 +00:00
throwBadReq(w, "Unknown ingress type")
2021-03-23 08:43:44 +00:00
}
2021-03-24 03:29:35 +00:00
2021-03-25 05:15:01 +00:00
// FRONTEND HANDLING
2021-03-24 10:07:46 +00:00
// ServerHTTP - Frontend server
2021-03-24 03:29:35 +00:00
func (h spaHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
2021-03-24 09:28:05 +00:00
// Get the absolute path to prevent directory traversal
2021-03-24 03:29:35 +00:00
path, err := filepath.Abs(r.URL.Path)
if err != nil {
2021-03-24 09:28:05 +00:00
// If we failed to get the absolute path respond with a 400 bad request and return
2021-03-24 03:29:35 +00:00
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// prepend the path with the path to the static directory
path = filepath.Join(h.staticPath, path)
// check whether a file exists at the given path
_, err = os.Stat(path)
if os.IsNotExist(err) {
// file does not exist, serve index.html
http.ServeFile(w, r, filepath.Join(h.staticPath, h.indexPath))
return
} else if err != nil {
// if we got an error (that wasn't that the file doesn't exist) stating the
// file, return a 500 internal server error and stop
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// otherwise, use http.FileServer to serve the static dir
http.FileServer(http.Dir(h.staticPath)).ServeHTTP(w, r)
}