add some new listeners, look up user by token for every auth'd request

2020-04-02 06:28:40 -06:00 · 2020-04-02 06:28:40 -06:00 · aa44137660
commit aa44137660
parent 586f17b588
2 changed files with 84 additions and 37 deletions
--- a/cmd/cromps/handlers.go
+++ b/cmd/cromps/handlers.go
@ -33,17 +33,46 @@ func Auth(w http.ResponseWriter, r *http.Request) {
 	}

 	if user.Authed {
-		authedUsers[user.Token.String()] = user
 		// TODO respond with token
 		json.NewEncoder(w).Encode(user)
 	}
 }

+// ListEntries handles requests to /entries/list
+func ListEntries(w http.ResponseWriter, r *http.Request) {
+	user, err := getUser(r)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	fmt.Println(user.UserID)
+	entries, err := base.GetEntries(ctx, user.UserID)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	json.NewEncoder(w).Encode(entries)
+}
+
 // AddEntry handles requests to /entries/add
 func AddEntry(w http.ResponseWriter, r *http.Request) {
 	var e db.CreateEntryParams

-	json.NewDecoder(r.Body).Decode(&e)
+	err := json.NewDecoder(r.Body).Decode(&e)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	user, err := getUser(r)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	e.UserID = user.UserID

 	entry, err := base.CreateEntry(ctx, e)
 	if err != nil {
@ -60,6 +89,27 @@ func Entries(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintln(w, "The cake is a lie!")
 }

-// SimilarEntries
+// SimilarEntries are entries that match some text
 func SimilarEntries(w http.ResponseWriter, r *http.Request) {
+	var e db.SimilarEntriesParams
+	err := json.NewDecoder(r.Body).Decode(&e)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	user, err := getUser(r)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	e.UserID = user.UserID
+	entries, err := base.SimilarEntries(ctx, e)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	json.NewEncoder(w).Encode(entries)
 }
--- a/cmd/cromps/main.go
+++ b/cmd/cromps/main.go
@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"database/sql"
+	"fmt"
 	"log"
 	"net/http"
 	"time"
@ -16,7 +17,6 @@ var (
 	pd, err     = sql.Open("postgres", "host=localhost dbname=qbit sslmode=disable password=''")
 	ctx, cancel = context.WithCancel(context.Background())
 	base        = db.New(pd)
-	authedUsers = make(map[string]db.AuthUserRow)
 )

 func logger(f http.HandlerFunc) http.HandlerFunc {
@ -26,45 +26,41 @@ func logger(f http.HandlerFunc) http.HandlerFunc {
 	}
 }

+func getUser(r *http.Request) (*db.User, error) {
+	token := r.Header.Get("X-Access-Token")
+	if token == "" {
+		log.Printf("checkAuth: %s received empty token\n", r.URL.Path)
+		return nil, fmt.Errorf("Unauthorized")
+	}
+
+	u, err := uuid.Parse(token)
+	if err != nil {
+		return nil, err
+	}
+
+	user, err := base.GetUserByToken(ctx, u)
+	if err != nil {
+		return nil, err
+	}
+
+	return &user, nil
+}
+
 func checkAuth(f http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		token := r.Header.Get("X-Access-Token")
-		if token == "" {
-			log.Printf("checkAuth: %s received empty token\n", r.URL.Path)
-			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+		user, err := getUser(r)
+		if err != nil {
+			http.Error(w, "Invalid User", http.StatusUnauthorized)
 			return
 		}

-		if user, ok := authedUsers[token]; ok {
-			if time.Now().Before(user.TokenExpires) {
-				log.Printf("checkAuth: %s received valid token\n", r.URL.Path)
-				f(w, r)
-			} else {
-				delete(authedUsers, token)
-				log.Printf("checkAuth: %s received expired token\n", r.URL.Path)
-				http.Error(w, "Token Expired", http.StatusUnauthorized)
-				return
-			}
+		if time.Now().Before(user.TokenExpires) {
+			log.Printf("checkAuth: %s received valid token\n", r.URL.Path)
+			f(w, r)
 		} else {
-			t, err := uuid.Parse(token)
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			user, err := base.GetUserByToken(ctx, t)
-			if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
-				return
-			}
-			if time.Now().Before(user.TokenExpires) {
-				log.Printf("checkAuth: %s received valid token\n", r.URL.Path)
-				f(w, r)
-			} else {
-				delete(authedUsers, token)
-				log.Printf("checkAuth: %s received expired token\n", r.URL.Path)
-				http.Error(w, "Token Expired", http.StatusUnauthorized)
-				return
-			}
+			log.Printf("checkAuth: %s received expired token\n", r.URL.Path)
+			http.Error(w, "Token Expired", http.StatusUnauthorized)
+			return
 		}
 	}
 }
@ -82,6 +78,7 @@ func main() {
 	http.HandleFunc("/user/auth", logger(Auth))

 	http.HandleFunc("/entries/add", checkAuth(logger(AddEntry)))
+	http.HandleFunc("/entries/list", checkAuth(logger(ListEntries)))
 	http.HandleFunc("/entries/delete", checkAuth(logger(Entries)))
 	http.HandleFunc("/entries/get", checkAuth(logger(Entries)))
 	http.HandleFunc("/entries/update", checkAuth(logger(Entries)))