2021-03-23 08:43:44 +00:00
|
|
|
package goscrobble
|
|
|
|
|
|
|
|
import (
|
2021-03-24 10:07:46 +00:00
|
|
|
"encoding/json"
|
2021-03-25 05:15:01 +00:00
|
|
|
"errors"
|
2021-03-23 08:43:44 +00:00
|
|
|
"fmt"
|
|
|
|
"log"
|
|
|
|
"net/http"
|
2021-03-24 03:29:35 +00:00
|
|
|
"os"
|
|
|
|
"path/filepath"
|
2021-03-23 08:43:44 +00:00
|
|
|
|
|
|
|
"github.com/gorilla/mux"
|
2021-03-26 08:06:28 +00:00
|
|
|
"github.com/rs/cors"
|
2021-03-23 08:43:44 +00:00
|
|
|
)
|
|
|
|
|
2021-03-24 09:28:05 +00:00
|
|
|
// spaHandler - Handles Single Page Applications (React)
|
2021-03-24 03:29:35 +00:00
|
|
|
type spaHandler struct {
|
|
|
|
staticPath string
|
|
|
|
indexPath string
|
|
|
|
}
|
|
|
|
|
2021-03-25 05:15:01 +00:00
|
|
|
type jsonResponse struct {
|
2021-03-25 10:24:21 +00:00
|
|
|
Err string `json:"error,omitempty"`
|
|
|
|
Msg string `json:"message,omitempty"`
|
2021-03-25 05:15:01 +00:00
|
|
|
}
|
|
|
|
|
2021-03-25 10:24:21 +00:00
|
|
|
// Limits to 1 req / 10 sec
|
2021-03-25 10:30:35 +00:00
|
|
|
var heavyLimiter = NewIPRateLimiter(0.1, 1)
|
|
|
|
|
|
|
|
// Limits to 5 req / sec
|
|
|
|
var standardLimiter = NewIPRateLimiter(5, 5)
|
2021-03-25 10:24:21 +00:00
|
|
|
|
2021-03-25 23:21:28 +00:00
|
|
|
// List of Reverse proxies
|
|
|
|
var ReverseProxies []string
|
|
|
|
|
2021-03-26 08:06:28 +00:00
|
|
|
func enableCors(w *http.ResponseWriter) {
|
|
|
|
(*w).Header().Set("Access-Control-Allow-Origin", "*")
|
|
|
|
}
|
|
|
|
|
2021-03-24 09:28:05 +00:00
|
|
|
// HandleRequests - Boot HTTP!
|
2021-03-27 06:33:27 +00:00
|
|
|
func HandleRequests(port string) {
|
2021-03-24 09:28:05 +00:00
|
|
|
// Create a new router
|
2021-03-24 10:07:46 +00:00
|
|
|
r := mux.NewRouter().StrictSlash(true)
|
2021-03-24 03:29:35 +00:00
|
|
|
|
2021-03-24 10:07:46 +00:00
|
|
|
v1 := r.PathPrefix("/api/v1").Subrouter()
|
2021-03-24 03:29:35 +00:00
|
|
|
|
2021-03-25 05:15:01 +00:00
|
|
|
// Static Token for /ingress
|
|
|
|
v1.HandleFunc("/ingress/jellyfin", tokenMiddleware(serveEndpoint))
|
2021-03-24 09:28:05 +00:00
|
|
|
|
2021-03-25 05:15:01 +00:00
|
|
|
// JWT Auth
|
|
|
|
v1.HandleFunc("/profile/{id}", jwtMiddleware(serveEndpoint))
|
|
|
|
|
|
|
|
// No Auth
|
2021-03-25 10:30:35 +00:00
|
|
|
v1.HandleFunc("/register", limitMiddleware(handleRegister, heavyLimiter)).Methods("POST")
|
2021-03-25 23:21:28 +00:00
|
|
|
v1.HandleFunc("/login", limitMiddleware(handleLogin, standardLimiter)).Methods("POST")
|
2021-03-24 10:07:46 +00:00
|
|
|
v1.HandleFunc("/logout", serveEndpoint).Methods("POST")
|
|
|
|
|
2021-03-25 05:15:01 +00:00
|
|
|
// This just prevents it serving frontend stuff over /api
|
2021-03-24 10:07:46 +00:00
|
|
|
r.PathPrefix("/api")
|
2021-03-24 09:28:05 +00:00
|
|
|
|
|
|
|
// SERVE FRONTEND - NO AUTH
|
2021-03-24 04:24:53 +00:00
|
|
|
spa := spaHandler{staticPath: "web/build", indexPath: "index.html"}
|
2021-03-24 10:07:46 +00:00
|
|
|
r.PathPrefix("/").Handler(spa)
|
2021-03-24 03:29:35 +00:00
|
|
|
|
2021-03-26 08:06:28 +00:00
|
|
|
c := cors.New(cors.Options{
|
|
|
|
// Grrrr CORS
|
|
|
|
AllowedOrigins: []string{"*"},
|
|
|
|
AllowCredentials: true,
|
|
|
|
})
|
|
|
|
handler := c.Handler(r)
|
|
|
|
|
2021-03-24 09:28:05 +00:00
|
|
|
// Serve it up!
|
2021-03-27 06:33:27 +00:00
|
|
|
fmt.Printf("Goscrobble listening on port %s", port)
|
|
|
|
log.Fatal(http.ListenAndServe(":"+port, handler))
|
2021-03-23 08:43:44 +00:00
|
|
|
}
|
|
|
|
|
2021-03-25 05:15:01 +00:00
|
|
|
// MIDDLEWARE
|
2021-03-25 10:09:17 +00:00
|
|
|
// throwUnauthorized - Throws a 403
|
|
|
|
func throwUnauthorized(w http.ResponseWriter, m string) {
|
|
|
|
jr := jsonResponse{
|
|
|
|
Err: m,
|
|
|
|
}
|
|
|
|
js, _ := json.Marshal(&jr)
|
|
|
|
err := errors.New(string(js))
|
|
|
|
http.Error(w, err.Error(), http.StatusUnauthorized)
|
|
|
|
}
|
|
|
|
|
2021-03-25 10:24:21 +00:00
|
|
|
// throwUnauthorized - Throws a 403
|
2021-03-25 10:09:17 +00:00
|
|
|
func throwBadReq(w http.ResponseWriter, m string) {
|
|
|
|
jr := jsonResponse{
|
|
|
|
Err: m,
|
|
|
|
}
|
|
|
|
js, _ := json.Marshal(&jr)
|
|
|
|
err := errors.New(string(js))
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
}
|
2021-03-25 05:15:01 +00:00
|
|
|
|
2021-03-26 08:06:28 +00:00
|
|
|
// throwUnauthorized - Throws a 403
|
|
|
|
func throwOkMessage(w http.ResponseWriter, m string) {
|
|
|
|
jr := jsonResponse{
|
|
|
|
Err: m,
|
|
|
|
}
|
|
|
|
js, _ := json.Marshal(&jr)
|
|
|
|
err := errors.New(string(js))
|
|
|
|
http.Error(w, err.Error(), http.StatusOK)
|
|
|
|
}
|
|
|
|
|
2021-03-25 10:24:21 +00:00
|
|
|
// generateJsonMessage - Generates a message:str response
|
|
|
|
func generateJsonMessage(m string) []byte {
|
|
|
|
jr := jsonResponse{
|
|
|
|
Msg: m,
|
|
|
|
}
|
|
|
|
js, _ := json.Marshal(&jr)
|
|
|
|
return js
|
|
|
|
}
|
|
|
|
|
2021-03-26 22:51:03 +00:00
|
|
|
// generateJsonError - Generates a err:str response
|
|
|
|
func generateJsonError(m string) []byte {
|
|
|
|
jr := jsonResponse{
|
|
|
|
Err: m,
|
|
|
|
}
|
|
|
|
js, _ := json.Marshal(&jr)
|
|
|
|
return js
|
|
|
|
}
|
|
|
|
|
2021-03-25 05:15:01 +00:00
|
|
|
// tokenMiddleware - Validates token to a user
|
|
|
|
func tokenMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
2021-03-25 10:09:17 +00:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
throwUnauthorized(w, "Invalid API Token")
|
2021-03-25 05:15:01 +00:00
|
|
|
return
|
|
|
|
// next(res, req)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// jwtMiddleware - Validates middleware to a user
|
|
|
|
func jwtMiddleware(next http.HandlerFunc) http.HandlerFunc {
|
2021-03-25 10:09:17 +00:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
throwUnauthorized(w, "Invalid JWT Token")
|
2021-03-25 05:15:01 +00:00
|
|
|
return
|
|
|
|
// next(res, req)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-03-25 10:24:21 +00:00
|
|
|
// limitMiddleware - Rate limits important stuff
|
2021-03-25 10:30:35 +00:00
|
|
|
func limitMiddleware(next http.HandlerFunc, limiter *IPRateLimiter) http.HandlerFunc {
|
2021-03-25 10:24:21 +00:00
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
limiter := limiter.GetLimiter(r.RemoteAddr)
|
|
|
|
if !limiter.Allow() {
|
2021-03-26 23:29:11 +00:00
|
|
|
msg := generateJsonMessage("Too many requests")
|
2021-03-25 10:30:35 +00:00
|
|
|
w.WriteHeader(http.StatusTooManyRequests)
|
|
|
|
w.Write(msg)
|
2021-03-25 10:24:21 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
next(w, r)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2021-03-25 10:09:17 +00:00
|
|
|
// API ENDPOINT HANDLING
|
|
|
|
|
|
|
|
// handleRegister - Does as it says!
|
|
|
|
func handleRegister(w http.ResponseWriter, r *http.Request) {
|
|
|
|
regReq := RegisterRequest{}
|
|
|
|
decoder := json.NewDecoder(r.Body)
|
|
|
|
err := decoder.Decode(®Req)
|
|
|
|
if err != nil {
|
|
|
|
throwBadReq(w, err.Error())
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-03-25 23:21:28 +00:00
|
|
|
ip := getUserIp(r)
|
|
|
|
err = createUser(®Req, ip)
|
2021-03-25 10:09:17 +00:00
|
|
|
if err != nil {
|
2021-03-26 08:06:28 +00:00
|
|
|
throwOkMessage(w, err.Error())
|
2021-03-25 10:09:17 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-03-25 10:24:21 +00:00
|
|
|
msg := generateJsonMessage("User created succesfully")
|
|
|
|
w.WriteHeader(http.StatusCreated)
|
|
|
|
w.Write(msg)
|
2021-03-25 10:09:17 +00:00
|
|
|
}
|
2021-03-25 05:15:01 +00:00
|
|
|
|
2021-03-25 23:21:28 +00:00
|
|
|
// handleLogin - Does as it says!
|
|
|
|
func handleLogin(w http.ResponseWriter, r *http.Request) {
|
|
|
|
logReq := LoginRequest{}
|
|
|
|
decoder := json.NewDecoder(r.Body)
|
|
|
|
err := decoder.Decode(&logReq)
|
|
|
|
if err != nil {
|
|
|
|
throwBadReq(w, err.Error())
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ip := getUserIp(r)
|
|
|
|
data, err := loginUser(&logReq, ip)
|
|
|
|
if err != nil {
|
2021-03-26 22:51:03 +00:00
|
|
|
throwOkMessage(w, err.Error())
|
2021-03-25 23:21:28 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
w.WriteHeader(http.StatusOK)
|
|
|
|
w.Write(data)
|
|
|
|
}
|
|
|
|
|
2021-03-25 05:15:01 +00:00
|
|
|
// serveEndpoint - API stuffs
|
2021-03-23 08:43:44 +00:00
|
|
|
func serveEndpoint(w http.ResponseWriter, r *http.Request) {
|
2021-03-25 23:21:28 +00:00
|
|
|
_, err := decodeJson(r.Body)
|
2021-03-24 10:07:46 +00:00
|
|
|
if err != nil {
|
|
|
|
// If we can't decode. Lets tell them nicely.
|
|
|
|
http.Error(w, "{\"error\":\"Invalid JSON\"}", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Lets trick 'em for now ;) ;)
|
2021-03-23 08:43:44 +00:00
|
|
|
fmt.Fprintf(w, "{}")
|
|
|
|
}
|
2021-03-24 03:29:35 +00:00
|
|
|
|
2021-03-25 05:15:01 +00:00
|
|
|
// FRONTEND HANDLING
|
|
|
|
|
2021-03-24 10:07:46 +00:00
|
|
|
// ServerHTTP - Frontend server
|
2021-03-24 03:29:35 +00:00
|
|
|
func (h spaHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
2021-03-24 09:28:05 +00:00
|
|
|
// Get the absolute path to prevent directory traversal
|
2021-03-24 03:29:35 +00:00
|
|
|
path, err := filepath.Abs(r.URL.Path)
|
|
|
|
if err != nil {
|
2021-03-24 09:28:05 +00:00
|
|
|
// If we failed to get the absolute path respond with a 400 bad request and return
|
2021-03-24 03:29:35 +00:00
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// prepend the path with the path to the static directory
|
|
|
|
path = filepath.Join(h.staticPath, path)
|
|
|
|
|
|
|
|
// check whether a file exists at the given path
|
|
|
|
_, err = os.Stat(path)
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
// file does not exist, serve index.html
|
|
|
|
http.ServeFile(w, r, filepath.Join(h.staticPath, h.indexPath))
|
|
|
|
return
|
|
|
|
} else if err != nil {
|
|
|
|
// if we got an error (that wasn't that the file doesn't exist) stating the
|
|
|
|
// file, return a 500 internal server error and stop
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// otherwise, use http.FileServer to serve the static dir
|
|
|
|
http.FileServer(http.Dir(h.staticPath)).ServeHTTP(w, r)
|
|
|
|
}
|