Esempio n. 1
0
func getAllApps(ctx context.Context, w http.ResponseWriter, r *http.Request) {
	userID, _ := util.GetUserIDFromContext(ctx)

	apps, err := data.DB.App.FindAllApps(userID)

	if err != nil {
		utils.Respond(w, 400, err)
	} else {
		utils.Respond(w, 200, apps)
	}
}
Esempio n. 2
0
func removeApp(ctx context.Context, w http.ResponseWriter, r *http.Request) {
	userID, _ := util.GetUserIDFromContext(ctx)
	appID, _ := util.GetParamValueAsID(ctx, "appID")

	err := data.DB.App.RemoveApp(appID, userID)
	if err == nil {
		utils.Respond(w, 200, nil)
	} else {
		utils.Respond(w, 400, err)
	}
}
Esempio n. 3
0
func createApp(ctx context.Context, w http.ResponseWriter, r *http.Request) {
	createAppReq := ctx.Value(constants.CtxKeyParsedBody).(*createAppRequest)

	app, err := data.DB.App.CreateNewApp(1, *createAppReq.Name)

	if err == nil {
		utils.Respond(w, 200, app)
	} else {
		utils.Respond(w, 400, err)
	}
}
Esempio n. 4
0
func updateApp(ctx context.Context, w http.ResponseWriter, r *http.Request) {
	userID, _ := util.GetUserIDFromContext(ctx)
	appID, _ := util.GetParamValueAsID(ctx, "appID")
	updateAppReq := ctx.Value(constants.CtxKeyParsedBody).(*updateAppRequest)

	err := data.DB.App.UpdateApp(appID, updateAppReq.Name, updateAppReq.PublicKey, updateAppReq.PrivateKey, updateAppReq.Private, userID)

	if err == nil {
		utils.Respond(w, 200, nil)
	} else {
		utils.Respond(w, 400, err)
	}
}
Esempio n. 5
0
func createRelease(ctx context.Context, w http.ResponseWriter, r *http.Request) {
	//get userID and appID
	userID, _ := util.GetUserIDFromContext(ctx)
	appID, _ := util.GetParamValueAsID(ctx, "appID")

	//grabing release request
	createReleaseReq := ctx.Value(constants.CtxKeyParsedBody).(*createReleaseRequest)

	//try to create release and return created release record
	release, err := data.DB.Release.CreateRelease(*createReleaseReq.Version, *createReleaseReq.Platform, createReleaseReq.Note, userID, appID)
	if err == nil {
		utils.Respond(w, 200, release)
	} else {
		utils.Respond(w, 400, err)
	}
}
Esempio n. 6
0
func (ja *JwtAuth) Handle(paramAliases ...string) func(chi.Handler) chi.Handler {
	return func(next chi.Handler) chi.Handler {
		hfn := func(ctx context.Context, w http.ResponseWriter, r *http.Request) {

			var tokenStr string
			var err error

			// Get token from query params
			tokenStr = r.URL.Query().Get("jwt")

			// Get token from other query param aliases
			if tokenStr == "" && paramAliases != nil && len(paramAliases) > 0 {
				for _, p := range paramAliases {
					tokenStr = r.URL.Query().Get(p)
					if tokenStr != "" {
						break
					}
				}
			}

			// Get token from authorization header
			if tokenStr == "" {
				bearer := r.Header.Get("Authorization")
				if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
					tokenStr = bearer[7:]
				}
			}

			// Get token from cookie
			if tokenStr == "" {
				cookie, err := r.Cookie("jwt")
				if err == nil {
					tokenStr = cookie.Value
				}
			}

			// Token is required, cya
			if tokenStr == "" {
				err = errUnauthorized
			}

			// Verify the token
			token, err := ja.Decode(tokenStr)
			if err != nil || !token.Valid || token.Method != ja.signer {
				utils.Respond(w, 401, errUnauthorized)
				return
			}

			ctx = context.WithValue(ctx, "jwt", token.Raw)
			ctx = context.WithValue(ctx, "jwt.token", token)

			next.ServeHTTPC(ctx, w, r)
		}
		return chi.HandlerFunc(hfn)
	}
}
Esempio n. 7
0
//BodyParser loads builder with maxSize and tries to load the message.
//if for some reason it can't parse the message, it will return an error.
//if successful, it will put the processed data into context with key 'json_body'
func BodyParser(builder func() interface{}, maxSize int64) func(chi.Handler) chi.Handler {
	return func(next chi.Handler) chi.Handler {
		return chi.HandlerFunc(func(ctx context.Context, w http.ResponseWriter, r *http.Request) {
			to := builder()

			if err := utils.StreamJSONToStructWithLimit(r.Body, to, maxSize); err != nil {
				utils.Respond(w, 422, err)
				return
			}

			//check for required fields
			if err := utils.JSONValidation(to); err != nil {
				utils.Respond(w, 400, err)
				return
			}

			ctx = context.WithValue(ctx, constants.CtxKeyParsedBody, to)

			next.ServeHTTPC(ctx, w, r)
		})
	}
}
Esempio n. 8
0
func acceptAppToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
	userID, _ := util.GetUserIDFromContext(ctx)
	appID, _ := util.GetParamValueAsID(ctx, "appID")
	appTokenReq := ctx.Value(constants.CtxKeyParsedBody).(*appTokenRequest)

	//decode jwt token
	token, err := security.TokenAuth.Decode(*appTokenReq.Token)
	if err != nil || !token.Valid {
		utils.RespondEx(w, nil, 401, errors.ErrorAuthorizeAccess)
		return
	}

	tokenAppID, err := strconv.ParseInt(token.Claims["app_id"].(string), 10, 64)
	if err != nil || tokenAppID != appID {
		utils.RespondEx(w, nil, 402, errors.ErrorAuthorizeAccess)
		return
	}

	tokenPermission, err := data.GetPermissionByName(token.Claims["permission"].(string))
	if err != nil || tokenPermission == data.ANONYMOUSE {
		utils.RespondEx(w, nil, 403, errors.ErrorAuthorizeAccess)
		return
	}

	//check if user has already have an access
	if data.DB.App.HasPermission(appID, userID, data.ADMIN, data.OWNER, data.MEMBER) {
		utils.RespondEx(w, nil, 404, errors.ErrorAlreadyAcceessed)
		return
	}

	//try to grand access to app with authorized permission
	if !data.DB.App.GrantAccess(appID, userID, tokenPermission) {
		utils.RespondEx(w, nil, 405, errors.ErrorAppNotFound)
		return
	}

	utils.Respond(w, 200, nil)
}
Esempio n. 9
0
func logout(ctx context.Context, w http.ResponseWriter, r *http.Request) {
	security.RemoveJwtCookie(w)
	utils.Respond(w, 200, nil)
}