func getAllApps(ctx context.Context, w http.ResponseWriter, r *http.Request) {
userID, _ := util.GetUserIDFromContext(ctx)
apps, err := data.DB.App.FindAllApps(userID)
if err != nil {
utils.Respond(w, 400, err)
} else {
utils.Respond(w, 200, apps)
}
}
func removeApp(ctx context.Context, w http.ResponseWriter, r *http.Request) {
userID, _ := util.GetUserIDFromContext(ctx)
appID, _ := util.GetParamValueAsID(ctx, "appID")
err := data.DB.App.RemoveApp(appID, userID)
if err == nil {
utils.Respond(w, 200, nil)
} else {
utils.Respond(w, 400, err)
}
}
func createApp(ctx context.Context, w http.ResponseWriter, r *http.Request) {
createAppReq := ctx.Value(constants.CtxKeyParsedBody).(*createAppRequest)
app, err := data.DB.App.CreateNewApp(1, *createAppReq.Name)
if err == nil {
utils.Respond(w, 200, app)
} else {
utils.Respond(w, 400, err)
}
}
func updateApp(ctx context.Context, w http.ResponseWriter, r *http.Request) {
userID, _ := util.GetUserIDFromContext(ctx)
appID, _ := util.GetParamValueAsID(ctx, "appID")
updateAppReq := ctx.Value(constants.CtxKeyParsedBody).(*updateAppRequest)
err := data.DB.App.UpdateApp(appID, updateAppReq.Name, updateAppReq.PublicKey, updateAppReq.PrivateKey, updateAppReq.Private, userID)
if err == nil {
utils.Respond(w, 200, nil)
} else {
utils.Respond(w, 400, err)
}
}
func createRelease(ctx context.Context, w http.ResponseWriter, r *http.Request) {
//get userID and appID
userID, _ := util.GetUserIDFromContext(ctx)
appID, _ := util.GetParamValueAsID(ctx, "appID")
//grabing release request
createReleaseReq := ctx.Value(constants.CtxKeyParsedBody).(*createReleaseRequest)
//try to create release and return created release record
release, err := data.DB.Release.CreateRelease(*createReleaseReq.Version, *createReleaseReq.Platform, createReleaseReq.Note, userID, appID)
if err == nil {
utils.Respond(w, 200, release)
} else {
utils.Respond(w, 400, err)
}
}
func (ja *JwtAuth) Handle(paramAliases ...string) func(chi.Handler) chi.Handler {
return func(next chi.Handler) chi.Handler {
hfn := func(ctx context.Context, w http.ResponseWriter, r *http.Request) {
var tokenStr string
var err error
// Get token from query params
tokenStr = r.URL.Query().Get("jwt")
// Get token from other query param aliases
if tokenStr == "" && paramAliases != nil && len(paramAliases) > 0 {
for _, p := range paramAliases {
tokenStr = r.URL.Query().Get(p)
if tokenStr != "" {
break
}
}
}
// Get token from authorization header
if tokenStr == "" {
bearer := r.Header.Get("Authorization")
if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
tokenStr = bearer[7:]
}
}
// Get token from cookie
if tokenStr == "" {
cookie, err := r.Cookie("jwt")
if err == nil {
tokenStr = cookie.Value
}
}
// Token is required, cya
if tokenStr == "" {
err = errUnauthorized
}
// Verify the token
token, err := ja.Decode(tokenStr)
if err != nil || !token.Valid || token.Method != ja.signer {
utils.Respond(w, 401, errUnauthorized)
return
}
ctx = context.WithValue(ctx, "jwt", token.Raw)
ctx = context.WithValue(ctx, "jwt.token", token)
next.ServeHTTPC(ctx, w, r)
}
return chi.HandlerFunc(hfn)
}
}
//BodyParser loads builder with maxSize and tries to load the message.
//if for some reason it can't parse the message, it will return an error.
//if successful, it will put the processed data into context with key 'json_body'
func BodyParser(builder func() interface{}, maxSize int64) func(chi.Handler) chi.Handler {
return func(next chi.Handler) chi.Handler {
return chi.HandlerFunc(func(ctx context.Context, w http.ResponseWriter, r *http.Request) {
to := builder()
if err := utils.StreamJSONToStructWithLimit(r.Body, to, maxSize); err != nil {
utils.Respond(w, 422, err)
return
}
//check for required fields
if err := utils.JSONValidation(to); err != nil {
utils.Respond(w, 400, err)
return
}
ctx = context.WithValue(ctx, constants.CtxKeyParsedBody, to)
next.ServeHTTPC(ctx, w, r)
})
}
}
func acceptAppToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
userID, _ := util.GetUserIDFromContext(ctx)
appID, _ := util.GetParamValueAsID(ctx, "appID")
appTokenReq := ctx.Value(constants.CtxKeyParsedBody).(*appTokenRequest)
//decode jwt token
token, err := security.TokenAuth.Decode(*appTokenReq.Token)
if err != nil || !token.Valid {
utils.RespondEx(w, nil, 401, errors.ErrorAuthorizeAccess)
return
}
tokenAppID, err := strconv.ParseInt(token.Claims["app_id"].(string), 10, 64)
if err != nil || tokenAppID != appID {
utils.RespondEx(w, nil, 402, errors.ErrorAuthorizeAccess)
return
}
tokenPermission, err := data.GetPermissionByName(token.Claims["permission"].(string))
if err != nil || tokenPermission == data.ANONYMOUSE {
utils.RespondEx(w, nil, 403, errors.ErrorAuthorizeAccess)
return
}
//check if user has already have an access
if data.DB.App.HasPermission(appID, userID, data.ADMIN, data.OWNER, data.MEMBER) {
utils.RespondEx(w, nil, 404, errors.ErrorAlreadyAcceessed)
return
}
//try to grand access to app with authorized permission
if !data.DB.App.GrantAccess(appID, userID, tokenPermission) {
utils.RespondEx(w, nil, 405, errors.ErrorAppNotFound)
return
}
utils.Respond(w, 200, nil)
}
func logout(ctx context.Context, w http.ResponseWriter, r *http.Request) {
security.RemoveJwtCookie(w)
utils.Respond(w, 200, nil)
}
