267 lines
7.4 KiB
Go
267 lines
7.4 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"syscall"
|
|
"time"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/chi/v5/middleware"
|
|
"github.com/go-chi/httprate"
|
|
|
|
// "git.ewellenr.ca/receipt_indexer/backend/internal/auth"
|
|
"git.ewellenr.ca/receipt_indexer/backend/internal/env"
|
|
"git.ewellenr.ca/receipt_indexer/backend/internal/logger"
|
|
"git.ewellenr.ca/receipt_indexer/backend/internal/ratelimiter"
|
|
"git.ewellenr.ca/receipt_indexer/backend/internal/storage"
|
|
auth_storage "git.ewellenr.ca/receipt_indexer/backend/internal/storage/auth"
|
|
"git.ewellenr.ca/receipt_indexer/backend/internal/storage/cache"
|
|
)
|
|
|
|
type application struct {
|
|
// set up the configs stuff here
|
|
config config
|
|
auth auth_storage.AuthStorage
|
|
store storage.Storage
|
|
logger logger.Logger
|
|
cacheStorage cache.Storage
|
|
rateLimiter ratelimiter.Limiter
|
|
environment env.Environment
|
|
}
|
|
|
|
type config struct {
|
|
addr string
|
|
rateLimiter ratelimiter.Config
|
|
redisCfg redisConfig
|
|
|
|
// holds the different stuff like rate limiter, store, authenticator
|
|
}
|
|
|
|
type redisConfig struct {
|
|
addr string
|
|
pw string
|
|
db int
|
|
enabled bool
|
|
}
|
|
|
|
func (app *application) mount() http.Handler {
|
|
r := chi.NewRouter()
|
|
|
|
r.Use(middleware.Logger)
|
|
r.Use(middleware.RequestID)
|
|
r.Use(middleware.RealIP)
|
|
r.Use(middleware.CleanPath)
|
|
r.Use(middleware.Recoverer)
|
|
|
|
r.Use(middleware.Throttle(100)) // temporary or removable. throttles the whole thing to 1000 concurrent requests
|
|
// r.Use(cors.Handler(cors.Options{
|
|
// AllowedOrigins: []string{env.GetString("CORS_ALLOWED_ORIGIN", "http://localhost:5174")},
|
|
// AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
|
|
// AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
|
|
// ExposedHeaders: []string{"Link"},
|
|
// AllowCredentials: false,
|
|
// MaxAge: 300, // Maximum value not ignored by any of major browsers
|
|
// }))
|
|
|
|
// use either the chi built rate limiter or the custom built one
|
|
if app.config.rateLimiter.Enabled {
|
|
// r.Use(app.RateLimiterMiddleware)
|
|
r.Use(httprate.LimitByRealIP(app.config.rateLimiter.RequestsPerTimeFrame, app.config.rateLimiter.TimeFrame))
|
|
}
|
|
// Set a timeout value on the request context (ctx), that will signal
|
|
// through ctx.Done() that the request has timed out and further
|
|
// processing should be stopped.
|
|
r.Use(middleware.Timeout(60 * time.Second))
|
|
|
|
r.Use(middleware.Heartbeat("/ping"))
|
|
|
|
// v1 of api
|
|
r.Route("/v1", func(r chi.Router) {
|
|
|
|
// SEPERATE STUFF FOR THE LOGIN RELATED STUFF. CONSIDER A GROUP
|
|
|
|
// FIX API. NEED TO ALSO CONSIDER GROUPS AND STUFF
|
|
// Operations
|
|
// r.Get("/health", app.healthCheckHandler)
|
|
// r.With(app.BasicAuthMiddleware()).Get("/debug/vars", expvar.Handler().ServeHTTP)
|
|
|
|
// docsURL := fmt.Sprintf("%s/swagger/doc.json", app.config.addr)
|
|
// r.Get("/swagger/*", httpSwagger.Handler(httpSwagger.URL(docsURL)))
|
|
|
|
// Need to sign in as a user. Then, you can see the groups you're in, your role in the groups,
|
|
|
|
r.Route("/user", func(r chi.Router) {
|
|
r.Route("/{userID}", func(r chi.Router) {
|
|
r.Use(app.AuthSessionMiddleware, app.CSRFCheckMiddleware, app.CheckUserMatchingMiddleware)
|
|
|
|
r.Get("/", app.getUserHandler)
|
|
|
|
r.Route("/groups", func(r chi.Router) {
|
|
r.Get("/", app.getUsersGroupsHandler)
|
|
|
|
r.Route("/{groupID}", func(r chi.Router) {
|
|
r.Get("/", app.getUsersGroupHandler)
|
|
r.Delete("/", app.removeUserGroupHandler) // maybe this should expect authentication headers to reverify the password when deleting a group you own.
|
|
|
|
r.Put("/moderator", app.addGroupModeratorHandler)
|
|
r.Delete("/moderator/{secondaryuserID}", app.removeModeratorPriviligesHandler)
|
|
|
|
r.Get("/users", app.getGroupUsersHandler)
|
|
r.Delete("/users/{secondaryuserID}", app.removeUserFromGroupHandler)
|
|
|
|
r.Put("/owner", app.setGroupOwnerHandler)
|
|
})
|
|
})
|
|
|
|
r.Route("/receipts", func(r chi.Router) {
|
|
r.Get("/", app.getReceiptsHandler)
|
|
r.Route("/{receiptID}", func(r chi.Router) {
|
|
r.Get("/", app.getReceiptHandler)
|
|
r.Delete("/", app.deleteReceiptHandler)
|
|
|
|
r.Route("/images", func(r chi.Router) {
|
|
r.Get("/", app.getReceiptImagesHandler)
|
|
r.Put("/", app.addReceiptImageHandler)
|
|
r.Route("/{imageID}", func(r chi.Router) {
|
|
r.Get("/", app.getReceiptImageHandler)
|
|
r.Put("/", app.changeReceiptImageHandler)
|
|
r.Delete("/", app.deleteReceiptImageHandler)
|
|
})
|
|
})
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
r.Use(app.CSRFCheckMiddleware)
|
|
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(app.AuthSessionMiddleware)
|
|
r.Use(app.CSRFCheckMiddleware)
|
|
|
|
r.Route("/groups", func(r chi.Router) {
|
|
r.Get("/", app.getGroupsHandler)
|
|
r.Route("/{groupID}", func(r chi.Router) {
|
|
r.Get("/", app.getGroupHandler)
|
|
})
|
|
})
|
|
|
|
r.Route("/users", func(r chi.Router) {
|
|
r.With(app.CheckRoleMiddleware("admin")).Get("/", app.getUsersHandler)
|
|
|
|
r.Route("/{userID}", func(r chi.Router) {
|
|
|
|
r.With(app.CheckRoleMiddleware("admin")).Delete("/", app.getUserHandler)
|
|
})
|
|
})
|
|
})
|
|
|
|
// r.Route("/users", func(r chi.Router) {
|
|
// // r.Put("/activate/{token}", app.activateUserHandler)
|
|
|
|
// // r.Get("/", app.check)
|
|
|
|
// r.Route("/{userID}", func(r chi.Router) {
|
|
// r.Use(app.AuthSessionMiddleware)
|
|
// r.Use(app.CSRFCheckMiddleware)
|
|
// // r.Use(app.CheckUserMatchingMiddleware)
|
|
|
|
// r.Get("/", app.getUserHandler)
|
|
|
|
// r.Route("/receipts", func(r chi.Router) {
|
|
// r.With(app.Paginate).Get("/", app.getReceiptsHandler)
|
|
|
|
// r.Post("/", app.createReceiptHandler)
|
|
|
|
// r.Route("/{receiptID}", func(r chi.Router) {
|
|
// r.Use(app.receiptsContextMiddleware)
|
|
|
|
// r.Get("/", app.getReceiptHandler)
|
|
// r.Patch("/", app.updateReceiptHandler)
|
|
// r.Delete("/", app.checkReceiptOwnership("admin", app.deleteReceiptHandler))
|
|
|
|
// r.Route("/images", func(r chi.Router) {
|
|
// r.Post("/", app.addImageHandler)
|
|
// r.Delete("/{imageID}", app.deleteImageHandler)
|
|
// })
|
|
// })
|
|
// })
|
|
// })
|
|
|
|
// })
|
|
|
|
// // Admin page routes
|
|
// r.Route("/admin", func(r chi.Router) {
|
|
// r.Use(app.AuthSessionMiddleware)
|
|
// r.Use(app.CheckRoleMiddleware("admin"))
|
|
|
|
// r.Route("/users", func(r chi.Router) {
|
|
// r.Get("/", app.getUsersHandler)
|
|
// r.Delete("/{userID}", app.deleteUserHandler)
|
|
// })
|
|
|
|
// })
|
|
|
|
// Public routes
|
|
r.Route("/auth", func(r chi.Router) {
|
|
r.Post("/login", app.loginHandler)
|
|
r.Post("/newuser", app.registerUserHandler)
|
|
r.Post("/refreshtoken", app.refreshTokenHandler)
|
|
r.Post("/logout", app.logoutHandler)
|
|
})
|
|
})
|
|
|
|
return r
|
|
}
|
|
|
|
func (app *application) run(mux http.Handler) error {
|
|
|
|
srv := &http.Server{
|
|
Addr: app.config.addr,
|
|
Handler: mux,
|
|
WriteTimeout: time.Second * 30,
|
|
ReadTimeout: time.Second * 10,
|
|
IdleTimeout: time.Minute,
|
|
}
|
|
|
|
shutdown := make(chan error)
|
|
|
|
go func() {
|
|
quit := make(chan os.Signal, 1)
|
|
|
|
signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM)
|
|
s := <-quit
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
|
defer cancel()
|
|
|
|
app.logger.Info("signal caught", "signal", s.String())
|
|
|
|
shutdown <- srv.Shutdown(ctx)
|
|
}()
|
|
|
|
app.logger.Info("server has started", "addr", app.config.addr) //, "env", app.config.env)
|
|
|
|
err := srv.ListenAndServe()
|
|
|
|
if !errors.Is(err, http.ErrServerClosed) {
|
|
return err
|
|
}
|
|
|
|
err = <-shutdown
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
app.logger.Info("server has stopped", "addr", app.config.addr) //, "env", app.config.env)
|
|
|
|
return nil
|
|
}
|