func routes(w *web.Web) {
// Create a new app group which will be for internal functions that may have
// an optional layer of auth added to it.
internal := w.Group()
// Now we will load in the public key from the config. If found, we'll add a
// middleware to all internal endpoints that will ensure that we validate the
// requests coming in.
publicKey, err := cfg.String(cfgAuthPublicKey)
if err != nil || publicKey == "" {
log.User("startup", "Init", "%s is missing, internal authentication is disabled", cfgAuthPublicKey)
}
// If the public key is provided then add the auth middleware or fail using
// the provided public key.
if publicKey != "" {
log.Dev("startup", "Init", "Initializing Auth")
// We are allowing the query string to act as the access token provider
// because this service has endpoints that are accessed directly currently
// and we need someway to authenticate to these endpoints.
authmOpts := auth.MidwareOpts{
AllowQueryString: true,
}
authm, err := auth.Midware(publicKey, authmOpts)
if err != nil {
log.Error("startup", "Init", err, "Initializing Auth")
os.Exit(1)
}
// Apply the authentication middleware on top of the application as the
// first middleware.
internal.Use(authm)
}
// global
internal.Handle("GET", "/v1/version", handlers.Version.List)
// forms
internal.Handle("POST", "/v1/form", handlers.Form.Upsert)
internal.Handle("GET", "/v1/form", handlers.Form.List)
internal.Handle("PUT", "/v1/form/:id", handlers.Form.Upsert)
internal.Handle("PUT", "/v1/form/:id/status/:status", handlers.Form.UpdateStatus)
internal.Handle("GET", "/v1/form/:id", handlers.Form.Retrieve)
internal.Handle("DELETE", "/v1/form/:id", handlers.Form.Delete)
// form aggregations
internal.Handle("GET", "/v1/form/:form_id/digest", handlers.Aggregation.Digest)
internal.Handle("GET", "/v1/form/:form_id/aggregate", handlers.Aggregation.Aggregate)
internal.Handle("GET", "/v1/form/:form_id/aggregate/:group_id", handlers.Aggregation.AggregateGroup)
internal.Handle("GET", "/v1/form/:form_id/aggregate/:group_id/submission", handlers.Aggregation.SubmissionGroup)
// form submissions
internal.Handle("GET", "/v1/form/:form_id/submission", handlers.FormSubmission.Search)
internal.Handle("GET", "/v1/form/:form_id/submission/:id", handlers.FormSubmission.Retrieve)
internal.Handle("PUT", "/v1/form/:form_id/submission/:id/status/:status", handlers.FormSubmission.UpdateStatus)
internal.Handle("POST", "/v1/form/:form_id/submission/:id/flag/:flag", handlers.FormSubmission.AddFlag)
internal.Handle("DELETE", "/v1/form/:form_id/submission/:id/flag/:flag", handlers.FormSubmission.RemoveFlag)
internal.Handle("PUT", "/v1/form/:form_id/submission/:id/answer/:answer_id", handlers.FormSubmission.UpdateAnswer)
internal.Handle("DELETE", "/v1/form/:form_id/submission/:id", handlers.FormSubmission.Delete)
// temporal route to get CSV file - TO DO : move into a different service
internal.Handle("GET", "/v1/form/:form_id/submission/export", handlers.FormSubmission.Download)
// form form galleries
internal.Handle("GET", "/v1/form/:form_id/gallery", handlers.FormGallery.RetrieveForForm)
// form galleries
internal.Handle("GET", "/v1/form_gallery/:id", handlers.FormGallery.Retrieve)
internal.Handle("PUT", "/v1/form_gallery/:id", handlers.FormGallery.Update)
internal.Handle("POST", "/v1/form_gallery/:id/submission/:submission_id/:answer_id", handlers.FormGallery.AddAnswer)
internal.Handle("DELETE", "/v1/form_gallery/:id/submission/:submission_id/:answer_id", handlers.FormGallery.RemoveAnswer)
// Create a new app group which will be for external functions that will need
// to be publically exposed.
external := w.Group()
external.Handle("POST", "/v1/form/:form_id/submission", handlers.FormSubmission.Create)
}