alex/triggerssmith
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some changes

Browse Source
This commit is contained in:
Alexey
2025-12-21 00:00:03 +02:00
parent 904f446447
commit 85f8ac60e7
14 changed files with 678 additions and 1475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
api/acl_admin/errors.go
View File

@@ -1,5 +1,11 @@
package api_acladmin
import (
"encoding/json"
"log/slog"
"net/http"
)
const (
ErrorInvalidRequestBody = "INVALID_REQUEST_BODY"
ErrorInternalServerError = "INTERNAL_SERVER_ERROR"
@@ -26,3 +32,28 @@ const (
const (
ErrorACLServiceNotInitialized = "ACL service is not initialized"
)
// RFC-7807 (Problem Details)
type ProblemDetails struct {
Type string `json:"type" example:"https://api.triggerssmith.com/errors/role-not-found"`
Title string `json:"title" example:"Role not found"`
Status int `json:"status" example:"404"`
Detail string `json:"detail" example:"No role with ID 42"`
Instance string `json:"instance" example:"/api/acl/roles/42"`
}
var typeDomain = "https://api.triggerssmith.com"
func writeProblem(w http.ResponseWriter, status int, typ, title, detail string, r *http.Request) {
w.Header().Set("Content-Type", "application/problem+json")
w.WriteHeader(status)
prob := ProblemDetails{
Type: typeDomain + typ,
Title: title,
Status: status,
Detail: detail,
Instance: r.URL.Path,
}
slog.Warn("new problem", "type", typ, "title", title, "detail", detail, "instance", r.URL.Path, "status", status)
_ = json.NewEncoder(w).Encode(prob)
}

11
api/acl_admin/handle.go
View File

@@ -51,11 +51,12 @@ func MustRoute(config *config.Config, aclService *acl.Service, authService *auth
// DELETE /roles/{roleId}/resources/{resId} — убрать ресурс
return func(r chi.Router) {
// Roles
r.Get("/roles", h.getRoles) // list all roles
r.Post("/roles", h.createRole) // create a new role
r.Get("/roles/{roleId}", h.getRole) // get a role by ID
r.Patch("/roles/{roleId}", h.updateRole) // update a role by ID
r.Delete("/roles/{roleId}", h.deleteRole) // delete a role by ID
r.Get("/roles", h.getRoles) // list all roles
r.Post("/roles", h.createRole) // create a new role
r.Get("/roles/{roleId}", h.getRole) // get a role by ID
r.Get("/roles/{roleId}/users", h.getRoleUsers) // get all assigned users to a role
r.Patch("/roles/{roleId}", h.updateRole) // update a role by ID
r.Delete("/roles/{roleId}", h.deleteRole) // delete a role by ID
// // Resources
r.Get("/resources", h.getResources) // list all resources

302
api/acl_admin/resources.go
View File

@@ -10,68 +10,56 @@ import (
"github.com/go-chi/chi/v5"
)
// @Summary Get all resources
// @Tags resources
// @Produce json
// @Success 200 {object} getResourcesResponse
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources [get]
// @Summary Get all resources
// @Tags resources
// @Produce json
// @Success 200 {array} getResourcesResponse
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/resources [get]
func (h *aclAdminHandler) getResources(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
resources, err := h.a.GetResources()
if err != nil {
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to get resources",
})
return
slog.Error("unexpected server error", "error", err.Error())
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
_ = json.NewEncoder(w).Encode(func() getResourcesResponse {
resp := make(getResourcesResponse, 0, len(resources))
for _, res := range resources {
resp = append(resp, struct {
ID uint `json:"id" example:"1"`
Key string `json:"key" example:"html.view"`
}{
ID: res.ID,
Key: res.Key,
})
}
return resp
}())
type R struct {
ID uint `json:"id" example:"1"`
Key string `json:"key" example:"html.view"`
}
resp := make([]R, 0, len(resources))
for _, res := range resources {
resp = append(resp, R{ID: res.ID, Key: res.Key})
}
_ = json.NewEncoder(w).Encode(resp)
}
// @Summary Get resource by ID
// @Tags resources
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Success 200 {object} getResourceResponse
// @Failure 400 {object} getResourceErrorInvalidResourceID
// @Failure 404 {object} getResourceErrorResourceNotFound
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources/{resourceId} [get]
// @Summary Get resource by ID
// @Tags resources
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Success 200 {object} getResourceResponse
// @Failure 400 {object} ProblemDetails
// @Failure 404 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/resources/{resourceId} [get]
func (h *aclAdminHandler) getResource(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
resourceIDStr := chi.URLParam(r, "resourceId")
resourceID, err := strconv.Atoi(resourceIDStr)
if err != nil || resourceID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(getResourceErrorInvalidResourceID{
Error: ErrorInvalidResourceID,
Details: "Resource ID must be positive integer",
})
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
return
}
@@ -79,27 +67,14 @@ func (h *aclAdminHandler) getResource(w http.ResponseWriter, r *http.Request) {
if err != nil {
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
case acl.ErrResourceNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(getResourceErrorResourceNotFound{
Error: ErrorResourceNotFound,
Details: "No resource with ID " + resourceIDStr,
})
return
writeProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to get resource with ID " + resourceIDStr,
})
return
slog.Error("unexpected server error", "error", err.Error())
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
_ = json.NewEncoder(w).Encode(getResourceResponse{
@@ -108,62 +83,41 @@ func (h *aclAdminHandler) getResource(w http.ResponseWriter, r *http.Request) {
})
}
// @Summary Create resource
// @Tags resources
// @Accept json
// @Produce json
// @Param request body createResourceRequest true "Resource"
// @Success 201 {object} createResourceResponse
// @Failure 400 {object} errorInvalidRequestBody
// @Failure 400 {object} createResourceErrorInvalidResourceKey
// @Failure 409 {object} createResourceErrorResourceAlreadyExists
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources [post]
// @Summary Create resource
// @Tags resources
// @Accept json
// @Produce json
// @Param request body createResourceRequest true "Resource"
// @Success 201 {object} createResourceResponse
// @Failure 400 {object} ProblemDetails
// @Failure 409 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/resources [post]
func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var req createResourceRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(errorInvalidRequestBody{
Error: ErrorInvalidRequestBody,
Details: "Request body is not valid JSON",
})
writeProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
return
}
resourceID, err := h.a.CreateResource(req.Key)
if err != nil {
slog.Error("Failed to create resource", "error", err.Error())
slog.Error("Failed to create resource", "error", err)
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
case acl.ErrInvalidResourceKey:
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(createResourceErrorInvalidResourceKey{
Error: ErrorFailedToCreateResource,
Details: "Resource key must be non-empty",
})
return
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-key", "Invalid resource key", "Resource key must be non-empty", r)
case acl.ErrResourceAlreadyExists:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(createResourceErrorResourceAlreadyExists{
Error: ErrorFailedToCreateResource,
Details: "Resource with key '" + req.Key + "' already exists",
})
return
writeProblem(w, http.StatusConflict, "/errors/acl/resource-already-exists", "Resource already exists", "Resource '"+req.Key+"' already exists", r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to create resource with key '" + req.Key + "'",
})
return
slog.Error("unexpected server error", "error", err.Error())
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
w.WriteHeader(http.StatusCreated)
@@ -173,148 +127,96 @@ func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request)
})
}
// @Summary Update resource
// @Tags resources
// @Accept json
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Param request body updateResourceRequest true "Resource"
// @Success 200 {object} updateResourceResponse
// @Failure 400 {object} errorInvalidRequestBody
// @Failure 400 {object} updateResourceErrorInvalidResourceID
// @Failure 400 {object} updateResourceErrorInvalidResourceKey
// @Failure 404 {object} updateResourceErrorResourceNotFound
// @Failure 409 {object} updateResourceErrorResourceKeyAlreadyExists
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources/{resourceId} [patch]
// @Summary Update resource
// @Tags resources
// @Accept json
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Param request body updateResourceRequest true "Resource"
// @Success 200 {object} updateResourceResponse
// @Failure 400 {object} ProblemDetails
// @Failure 404 {object} ProblemDetails
// @Failure 409 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/resources/{resourceId} [patch]
func (h *aclAdminHandler) updateResource(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var req updateResourceRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(errorInvalidRequestBody{
Error: ErrorInvalidRequestBody,
Details: "Request body is not valid JSON",
})
writeProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
return
}
resourceIDStr := chi.URLParam(r, "resourceId")
resourceID, err := strconv.Atoi(resourceIDStr)
if err != nil || resourceID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(updateResourceErrorInvalidResourceID{
Error: ErrorInvalidResourceID,
Details: "Resource ID must be positive integer",
})
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
return
}
err = h.a.UpdateResource(uint(resourceID), req.Key)
if err != nil {
slog.Error("Failed to update resource", "error", err.Error())
slog.Error("Failed to update resource", "error", err)
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
case acl.ErrInvalidResourceKey:
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(updateResourceErrorInvalidResourceKey{
Error: ErrorFailedToUpdateResource,
Details: "Invalid resource key",
})
return
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-key", "Invalid resource key", "Resource key must be non-empty", r)
case acl.ErrResourceNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(updateResourceErrorResourceNotFound{
Error: ErrorFailedToUpdateResource,
Details: "No resource with ID " + resourceIDStr,
})
return
writeProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
case acl.ErrSameResourceKey:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(updateResourceErrorResourceKeyAlreadyExists{
Error: ErrorFailedToUpdateResource,
Details: "Resource with key '" + req.Key + "' already exists",
})
return
writeProblem(w, http.StatusConflict, "/errors/acl/resource-key-already-exists", "Resource key already exists", "Resource key '"+req.Key+"' already exists", r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to update resource with key '" + req.Key + "'",
})
return
slog.Error("unexpected server error", "error", err.Error())
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
w.WriteHeader(http.StatusOK)
_ = json.NewEncoder(w).Encode(updateResourceResponse{
ID: uint(resourceID),
Key: req.Key,
})
}
// @Summary Delete resource
// @Tags resources
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Success 200
// @Failure 400 {object} deleteResourceErrorInvalidResourceID
// @Failure 404 {object} deleteResourceErrorResourceNotFound
// @Failure 409 {object} deleteResourceErrorResourceInUse
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/resources/{resourceId} [delete]
// @Summary Delete resource
// @Tags resources
// @Produce json
// @Param resourceId path int true "Resource ID" example(1)
// @Success 200
// @Failure 400 {object} ProblemDetails
// @Failure 404 {object} ProblemDetails
// @Failure 409 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/resources/{resourceId} [delete]
func (h *aclAdminHandler) deleteResource(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
resourceIDStr := chi.URLParam(r, "resourceId")
resourceID, err := strconv.Atoi(resourceIDStr)
if err != nil || resourceID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(deleteResourceErrorInvalidResourceID{
Error: ErrorInvalidResourceID,
Details: "Resource ID must be positive integer",
})
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
return
}
err = h.a.DeleteResource(uint(resourceID))
if err != nil {
slog.Error("Failed to delete resource", "error", err.Error())
slog.Error("Failed to delete resource", "error", err)
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
case acl.ErrResourceNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(deleteResourceErrorResourceNotFound{
Error: ErrorFailedToDeleteResource,
Details: "No resource with ID " + resourceIDStr,
})
return
writeProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
case acl.ErrResourceInUse:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(deleteResourceErrorResourceInUse{
Error: ErrorFailedToDeleteResource,
Details: "Resource with ID " + resourceIDStr + " is used and cannot be deleted",
})
return
writeProblem(w, http.StatusConflict, "/errors/acl/resource-in-use", "Resource in use", "Resource "+resourceIDStr+" is in use", r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to delete resource with ID '" + resourceIDStr + "'",
})
return
slog.Error("unexpected server error", "error", err.Error())
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
w.WriteHeader(http.StatusOK)

59
api/acl_admin/resources_models.go
View File

@@ -7,6 +7,8 @@ type getResourcesResponse []struct {
Key string `json:"key" example:"html.view"`
}
var _ getResourcesResponse // for documentation
/*******************************************************************/
// used in getResource()
type getResourceResponse struct {
@@ -14,16 +16,6 @@ type getResourceResponse struct {
Key string `json:"key" example:"html.view"`
}
type getResourceErrorInvalidResourceID struct {
Error string `json:"error" example:"INVALID_RESOURCE_ID"`
Details string `json:"details" example:"Resource ID must be positive integer"`
}
type getResourceErrorResourceNotFound struct {
Error string `json:"error" example:"RESOURCE_NOT_FOUND"`
Details string `json:"details" example:"No resource with ID 123"`
}
/*******************************************************************/
// used in createResource()
type createResourceRequest struct {
@@ -35,16 +27,6 @@ type createResourceResponse struct {
Key string `json:"key" example:"html.view"`
}
type createResourceErrorResourceAlreadyExists struct {
Error string `json:"error" example:"FAILED_TO_CREATE_RESOURCE"`
Details string `json:"details" example:"Resource with key 'html.view' already exists"`
}
type createResourceErrorInvalidResourceKey struct {
Error string `json:"error" example:"FAILED_TO_CREATE_RESOURCE"`
Details string `json:"details" example:"Invalid resource key"`
}
/*******************************************************************/
// used in updateResource()
type updateResourceRequest struct {
@@ -55,40 +37,3 @@ type updateResourceResponse struct {
ID uint `json:"id" example:"1"`
Key string `json:"key" example:"html.view"`
}
type updateResourceErrorResourceNotFound struct {
Error string `json:"error" example:"RESOURCE_NOT_FOUND"`
Details string `json:"details" example:"No resource with ID 123"`
}
type updateResourceErrorInvalidResourceID struct {
Error string `json:"error" example:"INVALID_RESOURCE_ID"`
Details string `json:"details" example:"Resource ID must be positive integer"`
}
type updateResourceErrorInvalidResourceKey struct {
Error string `json:"error" example:"FAILED_TO_UPDATE_RESOURCE"`
Details string `json:"details" example:"Invalid resource key"`
}
type updateResourceErrorResourceKeyAlreadyExists struct {
Error string `json:"error" example:"FAILED_TO_UPDATE_RESOURCE"`
Details string `json:"details" example:"Resource with key 'html.view' already exists"`
}
/*******************************************************************/
// used in deleteResource()
type deleteResourceErrorResourceNotFound struct {
Error string `json:"error" example:"RESOURCE_NOT_FOUND"`
Details string `json:"details" example:"No resource with ID 123"`
}
type deleteResourceErrorInvalidResourceID struct {
Error string `json:"error" example:"INVALID_RESOURCE_ID"`
Details string `json:"details" example:"Resource ID must be positive integer"`
}
type deleteResourceErrorResourceInUse struct {
Error string `json:"error" example:"FAILED_TO_DELETE_RESOURCE"`
Details string `json:"details" example:"Resource with ID 123 is used and cannot be deleted"`
}

348
api/acl_admin/roles.go
View File

@@ -10,158 +10,158 @@ import (
"github.com/go-chi/chi/v5"
)
// @Summary Get all roles
// @Tags roles
// @Produce json
// @Success 200 {object} getRolesResponse
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles [get]
// @Summary Get all roles
// @Tags roles
// @Produce json
// @Success 200 {array} getRolesResponse
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/roles [get]
func (h *aclAdminHandler) getRoles(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
roles, err := h.a.GetRoles()
if err != nil {
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to get roles",
})
return
slog.Error("unexpected server error", "error", err.Error())
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
_ = json.NewEncoder(w).Encode(func() getRolesResponse {
// Transform acl.Role to getRolesResponse
resp := make(getRolesResponse, 0, len(roles))
for _, role := range roles {
resp = append(resp, struct {
ID uint `json:"id" example:"1"`
Name string `json:"name" example:"admin"`
}{
ID: role.ID,
Name: role.Name,
})
}
return resp
}())
type R struct {
ID uint `json:"id" example:"1"`
Name string `json:"name" example:"admin"`
}
resp := make([]R, 0, len(roles))
for _, role := range roles {
resp = append(resp, R{ID: role.ID, Name: role.Name})
}
_ = json.NewEncoder(w).Encode(resp)
}
// @Summary Get role by ID
// @Tags roles
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Success 200 {object} getRoleResponse
// @Failure 400 {object} getRoleErrorInvalidRoleID
// @Failure 404 {object} getRoleErrorRoleNotFound
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles/{roleId} [get]
// @Summary Get role users
// @Tags roles
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Success 200 {array} getRoleUsersResponse
// @Failure 400 {object} ProblemDetails
// @Failure 404 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/roles/{roleId}/users [get]
func (h *aclAdminHandler) getRoleUsers(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
roleIDStr := chi.URLParam(r, "roleId")
roleID, err := strconv.Atoi(roleIDStr)
if err != nil || roleID < 0 {
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
return
}
role, err := h.a.GetRoleByID(uint(roleID))
if err != nil {
switch err {
case acl.ErrNotInitialized:
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
case acl.ErrRoleNotFound:
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
default:
slog.Error("unexpected server error", "error", err.Error())
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
if len(role.Users) == 0 {
writeProblem(w, http.StatusNotFound, "/errors/acl/role-has-no-users", "Role has no users", "Role has no users", r)
return
}
var respUsers getRoleUsersResponse
for _, user := range role.Users {
respUsers = append(respUsers, getRoleUser{
ID: user.ID,
Name: user.Username,
Email: user.Email,
})
}
_ = json.NewEncoder(w).Encode(respUsers)
}
// @Summary Get role by ID
// @Tags roles
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Success 200 {object} getRoleResponse
// @Failure 400 {object} ProblemDetails
// @Failure 404 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/roles/{roleId} [get]
func (h *aclAdminHandler) getRole(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
roleIDStr := chi.URLParam(r, "roleId")
roleID, err := strconv.Atoi(roleIDStr)
if err != nil || roleID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(getRoleErrorInvalidRoleID{
Error: ErrorInvalidRoleID,
Details: "Role ID must be positive integer",
})
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
return
}
role, err := h.a.GetRoleByID(uint(roleID))
if err != nil {
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
case acl.ErrRoleNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(getRoleErrorRoleNotFound{
Error: ErrorRoleNotFound,
Details: "No role with ID " + roleIDStr,
})
return
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to get role with ID " + roleIDStr,
})
return
slog.Error("unexpected server error", "error", err.Error())
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
_ = json.NewEncoder(w).Encode(getRoleResponse{
ID: role.ID,
Name: role.Name,
})
}
// @Summary Create role
// @Tags roles
// @Accept json
// @Produce json
// @Param request body createRoleRequest true "Role"
// @Success 201 {object} createRoleResponse
// @Failure 400 {object} errorInvalidRequestBody
// @Failure 401 {object} createRoleErrorInvalidRoleName
// @Failure 409 {object} createRoleErrorRoleAlreadyExists
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles [post]
// @Summary Create role
// @Tags roles
// @Accept json
// @Produce json
// @Param request body createRoleRequest true "Role"
// @Success 201 {object} createRoleResponse
// @Failure 400 {object} ProblemDetails
// @Failure 409 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/roles [post]
func (h *aclAdminHandler) createRole(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var req createRoleRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(errorInvalidRequestBody{
Error: ErrorInvalidRequestBody,
Details: "Request body is not valid JSON",
})
writeProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
return
}
roleID, err := h.a.CreateRole(req.Name)
if err != nil {
slog.Error("Failed to create role", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
case acl.ErrRoleAlreadyExists:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(createRoleErrorRoleAlreadyExists{
Error: ErrorFailedToCreateRole,
Details: "Role with name '" + req.Name + "' already exists",
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
case acl.ErrInvalidRoleName:
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(createRoleErrorInvalidRoleName{
Error: ErrorFailedToCreateRole,
Details: "Role name must be non-empty string",
})
return
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-name", "Invalid role name", "Role name must be non-empty", r)
case acl.ErrRoleAlreadyExists:
writeProblem(w, http.StatusConflict, "/errors/acl/role-already-exists", "Role already exists", "Role '"+req.Name+"' already exists", r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to create role with name '" + req.Name + "'",
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
w.WriteHeader(http.StatusCreated)
_ = json.NewEncoder(w).Encode(createRoleResponse{
ID: roleID,
@@ -169,146 +169,92 @@ func (h *aclAdminHandler) createRole(w http.ResponseWriter, r *http.Request) {
})
}
// @Summary Update role
// @Tags roles
// @Accept json
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Param request body updateRoleRequest true "Role"
// @Success 200 {object} updateRoleResponse
// @Failure 400 {object} errorInvalidRequestBody
// @Failure 400 {object} updateRoleErrorInvalidRoleID
// @Failure 400 {object} updateRoleErrorInvalidRoleName
// @Failure 404 {object} updateRoleErrorRoleNotFound
// @Failure 409 {object} updateRoleErrorRoleNameAlreadyExists
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles/{roleId} [patch]
// @Summary Update role
// @Tags roles
// @Accept json
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Param request body updateRoleRequest true "Role"
// @Success 200 {object} updateRoleResponse
// @Failure 400 {object} ProblemDetails
// @Failure 404 {object} ProblemDetails
// @Failure 409 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/roles/{roleId} [patch]
func (h *aclAdminHandler) updateRole(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
var req updateRoleRequest
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(errorInvalidRequestBody{
Error: ErrorInvalidRequestBody,
Details: "Request body is not valid JSON",
})
writeProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
return
}
roleIDStr := chi.URLParam(r, "roleId")
roleID, err := strconv.Atoi(roleIDStr)
if err != nil || roleID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(updateRoleErrorInvalidRoleID{
Error: ErrorInvalidRoleID,
Details: "Role ID must be positive integer",
})
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
return
}
err = h.a.UpdateRole(uint(roleID), req.Name)
// TODO: make error handling more specific in acl service
if err != nil {
slog.Error("Failed to update role", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
case acl.ErrInvalidRoleName:
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(updateRoleErrorInvalidRoleName{
Error: ErrorFailedToUpdateRole,
Details: "Invalid role name",
})
return
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-name", "Invalid role name", "Role name must be non-empty", r)
case acl.ErrRoleNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(updateRoleErrorRoleNotFound{
Error: ErrorFailedToUpdateRole,
Details: "No role with ID " + roleIDStr,
})
return
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
case acl.ErrSameRoleName:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(updateRoleErrorRoleNameAlreadyExists{
Error: ErrorFailedToUpdateRole,
Details: "Role with name '" + req.Name + "' already exists",
})
return
writeProblem(w, http.StatusConflict, "/errors/acl/role-name-already-exists", "Role name already exists", "Role '"+req.Name+"' already exists", r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to update role with name '" + req.Name + "'",
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
w.WriteHeader(http.StatusOK)
_ = json.NewEncoder(w).Encode(updateRoleResponse{
ID: uint(roleID),
Name: req.Name,
})
}
// @Summary Delete role
// @Tags roles
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Success 200
// @Failure 400 {object} deleteRoleErrorInvalidRoleID
// @Failure 404 {object} deleteRoleErrorRoleNotFound
// @Failure 409 {object} deleteRoleErrorRoleInUse
// @Failure 500 {object} errorInternalServerError
// @Router /api/acl/roles/{roleId} [delete]
// @Summary Delete role
// @Tags roles
// @Produce json
// @Param roleId path int true "Role ID" example(1)
// @Success 200
// @Failure 400 {object} ProblemDetails
// @Failure 404 {object} ProblemDetails
// @Failure 409 {object} ProblemDetails
// @Failure 500 {object} ProblemDetails
// @Router /api/acl/roles/{roleId} [delete]
func (h *aclAdminHandler) deleteRole(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
roleIDStr := chi.URLParam(r, "roleId")
roleID, err := strconv.Atoi(roleIDStr)
if err != nil || roleID < 0 {
w.WriteHeader(http.StatusBadRequest)
_ = json.NewEncoder(w).Encode(deleteRoleErrorInvalidRoleID{
Error: ErrorInvalidRoleID,
Details: "Role ID must be positive integer",
})
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
return
}
err = h.a.DeleteRole(uint(roleID))
// TODO: make error handling more specific in acl service
if err != nil {
slog.Error("Failed to delete role", "error", err.Error())
switch err {
case acl.ErrNotInitialized:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: ErrorACLServiceNotInitialized,
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
case acl.ErrRoleNotFound:
w.WriteHeader(http.StatusNotFound)
_ = json.NewEncoder(w).Encode(deleteRoleErrorRoleNotFound{
Error: ErrorFailedToDeleteRole,
Details: "No role with ID " + roleIDStr,
})
return
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
case acl.ErrRoleInUse:
w.WriteHeader(http.StatusConflict)
_ = json.NewEncoder(w).Encode(deleteRoleErrorRoleInUse{
Error: ErrorFailedToDeleteRole,
Details: "Role with ID " + roleIDStr + " is assigned to users and cannot be deleted",
})
return
writeProblem(w, http.StatusConflict, "/errors/acl/role-in-use", "Role in use", "Role "+roleIDStr+" is assigned to at least one user and cannot be deleted", r)
default:
w.WriteHeader(http.StatusInternalServerError)
_ = json.NewEncoder(w).Encode(errorInternalServerError{
Error: ErrorInternalServerError,
Details: "Failed to delete role with ID '" + roleIDStr + "'",
})
return
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
}
return
}
w.WriteHeader(http.StatusOK)
}

64
api/acl_admin/roles_models.go
View File

@@ -7,6 +7,8 @@ type getRolesResponse []struct {
Name string `json:"name" example:"admin"`
}
var _ getRolesResponse
/*******************************************************************/
// used in getRole()
type getRoleResponse struct {
@@ -14,15 +16,14 @@ type getRoleResponse struct {
Name string `json:"name" example:"admin"`
}
type getRoleErrorInvalidRoleID struct {
Error string `json:"error" example:"INVALID_ROLE_ID"`
Details string `json:"details" example:"Role ID must be positive integer"`
}
type getRoleErrorRoleNotFound struct {
Error string `json:"error" example:"ROLE_NOT_FOUND"`
Details string `json:"details" example:"No role with ID 123"`
/*******************************************************************/
// used in getRoleUsers()
type getRoleUser struct {
ID uint `json:"id" example:"1"`
Name string `json:"username" example:"admin"`
Email string `json:"email" example:"admin@triggerssmith.com"`
}
type getRoleUsersResponse []getRoleUser
/*******************************************************************/
// used in createRole()
@@ -35,16 +36,6 @@ type createRoleResponse struct {
Name string `json:"name" example:"admin"`
}
type createRoleErrorRoleAlreadyExists struct {
Error string `json:"error" example:"FAILED_TO_CREATE_ROLE"`
Details string `json:"details" example:"Role with name 'admin' already exists"`
}
type createRoleErrorInvalidRoleName struct {
Error string `json:"error" example:"FAILED_TO_CREATE_ROLE"`
Details string `json:"details" example:"Invalid role name"`
}
/*******************************************************************/
// used in updateRole()
type updateRoleRequest struct {
@@ -55,40 +46,3 @@ type updateRoleResponse struct {
ID uint `json:"id" example:"1"`
Name string `json:"name" example:"admin"`
}
type updateRoleErrorRoleNotFound struct {
Error string `json:"error" example:"ROLE_NOT_FOUND"`
Details string `json:"details" example:"No role with ID 123"`
}
type updateRoleErrorInvalidRoleID struct {
Error string `json:"error" example:"INVALID_ROLE_ID"`
Details string `json:"details" example:"Role ID must be positive integer"`
}
type updateRoleErrorInvalidRoleName struct {
Error string `json:"error" example:"FAILED_TO_UPDATE_ROLE"`
Details string `json:"details" example:"Invalid role name"`
}
type updateRoleErrorRoleNameAlreadyExists struct {
Error string `json:"error" example:"FAILED_TO_UPDATE_ROLE"`
Details string `json:"details" example:"Role with name 'admin' already exists"`
}
/*******************************************************************/
// used in deleteRole()
type deleteRoleErrorRoleNotFound struct {
Error string `json:"error" example:"ROLE_NOT_FOUND"`
Details string `json:"details" example:"No role with ID 123"`
}
type deleteRoleErrorInvalidRoleID struct {
Error string `json:"error" example:"INVALID_ROLE_ID"`
Details string `json:"details" example:"Role ID must be positive integer"`
}
type deleteRoleErrorRoleInUse struct {
Error string `json:"error" example:"FAILED_TO_DELETE_ROLE"`
Details string `json:"details" example:"Role with ID 123 is assigned to users and cannot be deleted"`
}

2
api/auth/handle.go
View File

@@ -5,6 +5,7 @@ package api_auth
import (
"encoding/json"
"fmt"
"log/slog"
"net/http"
"time"
@@ -79,6 +80,7 @@ func (h *authHandler) handleRegister(w http.ResponseWriter, r *http.Request) {
user, err := h.a.Register(req.Username, req.Email, req.Password)
if err != nil {
slog.Error("Failed to register user", "error", err)
http.Error(w, "Registration failed", http.StatusInternalServerError)
return
}

2
api/router.go
View File

@@ -90,7 +90,7 @@ func (r *Router) MustRoute() chi.Router {
api.Route("/block", api_block.MustRoute(r.cfg))
authRoute := api_auth.MustRoute(r.cfg, r.authService)
api.Route("/auth", authRoute)
api.Route("/users", authRoute) // legacy support
//api.Route("/users", authRoute) // legacy support
aclAdminRoute := api_acladmin.MustRoute(r.cfg, r.aclService, r.authService)
api.Route("/acl", aclAdminRoute)
api.Route("/acl-admin", aclAdminRoute) // legacy support