qbit/cromp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add some new listeners, look up user by token for every auth'd request

Browse Source
This commit is contained in:
Aaron Bieber 2020-04-02 06:28:40 -06:00
parent 586f17b588
commit aa44137660
2 changed files with 84 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
cmd/cromps/handlers.go
View File

@ -33,17 +33,46 @@ func Auth(w http.ResponseWriter, r *http.Request) {
} }
if user.Authed { if user.Authed {
authedUsers[user.Token.String()] = user
// TODO respond with token // TODO respond with token
json.NewEncoder(w).Encode(user) json.NewEncoder(w).Encode(user)
} }
} }
// ListEntries handles requests to /entries/list
func ListEntries(w http.ResponseWriter, r *http.Request) {
user, err := getUser(r)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
fmt.Println(user.UserID)
entries, err := base.GetEntries(ctx, user.UserID)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
json.NewEncoder(w).Encode(entries)
}
// AddEntry handles requests to /entries/add // AddEntry handles requests to /entries/add
func AddEntry(w http.ResponseWriter, r *http.Request) { func AddEntry(w http.ResponseWriter, r *http.Request) {
var e db.CreateEntryParams var e db.CreateEntryParams
json.NewDecoder(r.Body).Decode(&e) err := json.NewDecoder(r.Body).Decode(&e)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user, err := getUser(r)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
e.UserID = user.UserID
entry, err := base.CreateEntry(ctx, e) entry, err := base.CreateEntry(ctx, e)
if err != nil { if err != nil {
@ -60,6 +89,27 @@ func Entries(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, "The cake is a lie!") fmt.Fprintln(w, "The cake is a lie!")
} }
// SimilarEntries // SimilarEntries are entries that match some text
func SimilarEntries(w http.ResponseWriter, r *http.Request) { func SimilarEntries(w http.ResponseWriter, r *http.Request) {
var e db.SimilarEntriesParams
err := json.NewDecoder(r.Body).Decode(&e)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
user, err := getUser(r)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
e.UserID = user.UserID
entries, err := base.SimilarEntries(ctx, e)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
json.NewEncoder(w).Encode(entries)
} }

65
cmd/cromps/main.go
View File

@ -3,6 +3,7 @@ package main
import ( import (
"context" "context"
"database/sql" "database/sql"
"fmt"
"log" "log"
"net/http" "net/http"
"time" "time"
@ -16,7 +17,6 @@ var (
pd, err = sql.Open("postgres", "host=localhost dbname=qbit sslmode=disable password=''") pd, err = sql.Open("postgres", "host=localhost dbname=qbit sslmode=disable password=''")
ctx, cancel = context.WithCancel(context.Background()) ctx, cancel = context.WithCancel(context.Background())
base = db.New(pd) base = db.New(pd)
authedUsers = make(map[string]db.AuthUserRow)
) )
func logger(f http.HandlerFunc) http.HandlerFunc { func logger(f http.HandlerFunc) http.HandlerFunc {
@ -26,45 +26,41 @@ func logger(f http.HandlerFunc) http.HandlerFunc {
} }
} }
func getUser(r *http.Request) (*db.User, error) {
token := r.Header.Get("X-Access-Token")
if token == "" {
log.Printf("checkAuth: %s received empty token\n", r.URL.Path)
return nil, fmt.Errorf("Unauthorized")
}
u, err := uuid.Parse(token)
if err != nil {
return nil, err
}
user, err := base.GetUserByToken(ctx, u)
if err != nil {
return nil, err
}
return &user, nil
}
func checkAuth(f http.HandlerFunc) http.HandlerFunc { func checkAuth(f http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
token := r.Header.Get("X-Access-Token") user, err := getUser(r)
if token == "" { if err != nil {
log.Printf("checkAuth: %s received empty token\n", r.URL.Path) http.Error(w, "Invalid User", http.StatusUnauthorized)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return return
} }
if user, ok := authedUsers[token]; ok { if time.Now().Before(user.TokenExpires) {
if time.Now().Before(user.TokenExpires) { log.Printf("checkAuth: %s received valid token\n", r.URL.Path)
log.Printf("checkAuth: %s received valid token\n", r.URL.Path) f(w, r)
f(w, r)
} else {
delete(authedUsers, token)
log.Printf("checkAuth: %s received expired token\n", r.URL.Path)
http.Error(w, "Token Expired", http.StatusUnauthorized)
return
}
} else { } else {
t, err := uuid.Parse(token) log.Printf("checkAuth: %s received expired token\n", r.URL.Path)
if err != nil { http.Error(w, "Token Expired", http.StatusUnauthorized)
http.Error(w, err.Error(), http.StatusInternalServerError) return
return
}
user, err := base.GetUserByToken(ctx, t)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if time.Now().Before(user.TokenExpires) {
log.Printf("checkAuth: %s received valid token\n", r.URL.Path)
f(w, r)
} else {
delete(authedUsers, token)
log.Printf("checkAuth: %s received expired token\n", r.URL.Path)
http.Error(w, "Token Expired", http.StatusUnauthorized)
return
}
} }
} }
} }
@ -82,6 +78,7 @@ func main() {
http.HandleFunc("/user/auth", logger(Auth)) http.HandleFunc("/user/auth", logger(Auth))
http.HandleFunc("/entries/add", checkAuth(logger(AddEntry))) http.HandleFunc("/entries/add", checkAuth(logger(AddEntry)))
http.HandleFunc("/entries/list", checkAuth(logger(ListEntries)))
http.HandleFunc("/entries/delete", checkAuth(logger(Entries))) http.HandleFunc("/entries/delete", checkAuth(logger(Entries)))
http.HandleFunc("/entries/get", checkAuth(logger(Entries))) http.HandleFunc("/entries/get", checkAuth(logger(Entries)))
http.HandleFunc("/entries/update", checkAuth(logger(Entries))) http.HandleFunc("/entries/update", checkAuth(logger(Entries)))