Compare commits
18 Commits
ac26a981b2
...
68bce99e1d
| Author | SHA1 | Date | |
|---|---|---|---|
| 68bce99e1d | |||
| d64645599d | |||
| 6ce7edd194 | |||
| c718db565e | |||
| af7770eb06 | |||
| 8e67bae683 | |||
| 5468c831c4 | |||
| 600cf84776 | |||
| 0485fd3bee | |||
| f2f7819f8c | |||
| 48d9c14944 | |||
| cadb42d17a | |||
| 0510103125 | |||
| e75390f673 | |||
| bf96ca1263 | |||
| ca569d25bc | |||
| 1468937589 | |||
| 9070b4138e |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -5,3 +5,4 @@ panic.log
|
||||
testdata/
|
||||
secret/
|
||||
data/
|
||||
docs/
|
||||
@@ -1,11 +1,5 @@
|
||||
package api_acladmin
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
const (
|
||||
ErrorInvalidRequestBody = "INVALID_REQUEST_BODY"
|
||||
ErrorInternalServerError = "INTERNAL_SERVER_ERROR"
|
||||
@@ -32,28 +26,3 @@ const (
|
||||
const (
|
||||
ErrorACLServiceNotInitialized = "ACL service is not initialized"
|
||||
)
|
||||
|
||||
// RFC-7807 (Problem Details)
|
||||
type ProblemDetails struct {
|
||||
Type string `json:"type" example:"https://api.triggerssmith.com/errors/role-not-found"`
|
||||
Title string `json:"title" example:"Role not found"`
|
||||
Status int `json:"status" example:"404"`
|
||||
Detail string `json:"detail" example:"No role with ID 42"`
|
||||
Instance string `json:"instance" example:"/api/acl/roles/42"`
|
||||
}
|
||||
|
||||
var typeDomain = "https://api.triggerssmith.com"
|
||||
|
||||
func writeProblem(w http.ResponseWriter, status int, typ, title, detail string, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/problem+json")
|
||||
w.WriteHeader(status)
|
||||
prob := ProblemDetails{
|
||||
Type: typeDomain + typ,
|
||||
Title: title,
|
||||
Status: status,
|
||||
Detail: detail,
|
||||
Instance: r.URL.Path,
|
||||
}
|
||||
slog.Warn("new problem", "type", typ, "title", title, "detail", detail, "instance", r.URL.Path, "status", status)
|
||||
_ = json.NewEncoder(w).Encode(prob)
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"strconv"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/acl"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
@@ -14,7 +15,7 @@ import (
|
||||
// @Tags acl/resources
|
||||
// @Produce json
|
||||
// @Success 200 {object} getResourcesResponse
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/resources [get]
|
||||
func (h *aclAdminHandler) getResources(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
@@ -23,10 +24,10 @@ func (h *aclAdminHandler) getResources(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -49,9 +50,9 @@ func (h *aclAdminHandler) getResources(w http.ResponseWriter, r *http.Request) {
|
||||
// @Produce json
|
||||
// @Param resourceId path int true "Resource ID" example(1)
|
||||
// @Success 200 {object} getResourceResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/resources/{resourceId} [get]
|
||||
func (h *aclAdminHandler) getResource(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
@@ -59,7 +60,7 @@ func (h *aclAdminHandler) getResource(w http.ResponseWriter, r *http.Request) {
|
||||
resourceIDStr := chi.URLParam(r, "resourceId")
|
||||
resourceID, err := strconv.Atoi(resourceIDStr)
|
||||
if err != nil || resourceID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -67,12 +68,12 @@ func (h *aclAdminHandler) getResource(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
case acl.ErrResourceNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -89,16 +90,16 @@ func (h *aclAdminHandler) getResource(w http.ResponseWriter, r *http.Request) {
|
||||
// @Produce json
|
||||
// @Param request body createResourceRequest true "Resource"
|
||||
// @Success 201 {object} createResourceResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 409 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 409 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/resources [post]
|
||||
func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
var req createResourceRequest
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -108,14 +109,14 @@ func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request)
|
||||
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
case acl.ErrInvalidResourceKey:
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-key", "Invalid resource key", "Resource key must be non-empty", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-key", "Invalid resource key", "Resource key must be non-empty", r)
|
||||
case acl.ErrResourceAlreadyExists:
|
||||
writeProblem(w, http.StatusConflict, "/errors/acl/resource-already-exists", "Resource already exists", "Resource '"+req.Key+"' already exists", r)
|
||||
server.WriteProblem(w, http.StatusConflict, "/errors/acl/resource-already-exists", "Resource already exists", "Resource '"+req.Key+"' already exists", r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -134,24 +135,24 @@ func (h *aclAdminHandler) createResource(w http.ResponseWriter, r *http.Request)
|
||||
// @Param resourceId path int true "Resource ID" example(1)
|
||||
// @Param request body updateResourceRequest true "Resource"
|
||||
// @Success 200 {object} updateResourceResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 409 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 409 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/resources/{resourceId} [patch]
|
||||
func (h *aclAdminHandler) updateResource(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
var req updateResourceRequest
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
return
|
||||
}
|
||||
|
||||
resourceIDStr := chi.URLParam(r, "resourceId")
|
||||
resourceID, err := strconv.Atoi(resourceIDStr)
|
||||
if err != nil || resourceID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -161,16 +162,16 @@ func (h *aclAdminHandler) updateResource(w http.ResponseWriter, r *http.Request)
|
||||
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
case acl.ErrInvalidResourceKey:
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-key", "Invalid resource key", "Resource key must be non-empty", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-key", "Invalid resource key", "Resource key must be non-empty", r)
|
||||
case acl.ErrResourceNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
|
||||
case acl.ErrSameResourceKey:
|
||||
writeProblem(w, http.StatusConflict, "/errors/acl/resource-key-already-exists", "Resource key already exists", "Resource key '"+req.Key+"' already exists", r)
|
||||
server.WriteProblem(w, http.StatusConflict, "/errors/acl/resource-key-already-exists", "Resource key already exists", "Resource key '"+req.Key+"' already exists", r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -186,10 +187,10 @@ func (h *aclAdminHandler) updateResource(w http.ResponseWriter, r *http.Request)
|
||||
// @Produce json
|
||||
// @Param resourceId path int true "Resource ID" example(1)
|
||||
// @Success 200
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 409 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 409 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/resources/{resourceId} [delete]
|
||||
func (h *aclAdminHandler) deleteResource(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
@@ -197,7 +198,7 @@ func (h *aclAdminHandler) deleteResource(w http.ResponseWriter, r *http.Request)
|
||||
resourceIDStr := chi.URLParam(r, "resourceId")
|
||||
resourceID, err := strconv.Atoi(resourceIDStr)
|
||||
if err != nil || resourceID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -207,14 +208,14 @@ func (h *aclAdminHandler) deleteResource(w http.ResponseWriter, r *http.Request)
|
||||
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "acl service is not initialized", r)
|
||||
case acl.ErrResourceNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+resourceIDStr, r)
|
||||
case acl.ErrResourceInUse:
|
||||
writeProblem(w, http.StatusConflict, "/errors/acl/resource-in-use", "Resource in use", "Resource "+resourceIDStr+" is in use", r)
|
||||
server.WriteProblem(w, http.StatusConflict, "/errors/acl/resource-in-use", "Resource in use", "Resource "+resourceIDStr+" is in use", r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"strconv"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/acl"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
@@ -14,7 +15,7 @@ import (
|
||||
// @Tags acl/roles
|
||||
// @Produce json
|
||||
// @Success 200 {array} getRolesResponse
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles [get]
|
||||
func (h *aclAdminHandler) getRoles(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
@@ -22,10 +23,10 @@ func (h *aclAdminHandler) getRoles(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -48,16 +49,16 @@ func (h *aclAdminHandler) getRoles(w http.ResponseWriter, r *http.Request) {
|
||||
// @Produce json
|
||||
// @Param roleId path int true "Role ID" example(1)
|
||||
// @Success 200 {object} getRoleResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles/{roleId} [get]
|
||||
func (h *aclAdminHandler) getRole(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
roleIDStr := chi.URLParam(r, "roleId")
|
||||
roleID, err := strconv.Atoi(roleIDStr)
|
||||
if err != nil || roleID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -65,12 +66,12 @@ func (h *aclAdminHandler) getRole(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -86,16 +87,16 @@ func (h *aclAdminHandler) getRole(w http.ResponseWriter, r *http.Request) {
|
||||
// @Produce json
|
||||
// @Param roleId path int true "Role ID" example(1)
|
||||
// @Success 200 {array} getRoleUsersResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles/{roleId}/users [get]
|
||||
func (h *aclAdminHandler) getRoleUsers(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
roleIDStr := chi.URLParam(r, "roleId")
|
||||
roleID, err := strconv.Atoi(roleIDStr)
|
||||
if err != nil || roleID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -103,17 +104,17 @@ func (h *aclAdminHandler) getRoleUsers(w http.ResponseWriter, r *http.Request) {
|
||||
if err != nil {
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
if len(role.Users) == 0 {
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-has-no-users", "Role has no users", "Role has no users", r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-has-no-users", "Role has no users", "Role has no users", r)
|
||||
return
|
||||
}
|
||||
var respUsers getRoleUsersResponse
|
||||
@@ -132,33 +133,33 @@ func (h *aclAdminHandler) getRoleUsers(w http.ResponseWriter, r *http.Request) {
|
||||
// @Produce json
|
||||
// @Param roleId path int true "Role ID" example(1)
|
||||
// @Success 200 {array} getRoleResourcesResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles/{roleId}/resources [get]
|
||||
func (h *aclAdminHandler) getRoleResources(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
roleIDStr := chi.URLParam(r, "roleId")
|
||||
roleID, err := strconv.Atoi(roleIDStr)
|
||||
if err != nil || roleID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
role, err := h.a.GetRoleByID(uint(roleID))
|
||||
if err != nil {
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
if len(role.Resources) == 0 {
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-has-no-users", "Role has no users", "Role has no users", r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-has-no-users", "Role has no users", "Role has no users", r)
|
||||
return
|
||||
}
|
||||
var respResources getRoleResourcesResponse
|
||||
@@ -177,16 +178,16 @@ func (h *aclAdminHandler) getRoleResources(w http.ResponseWriter, r *http.Reques
|
||||
// @Produce json
|
||||
// @Param request body createRoleRequest true "Role"
|
||||
// @Success 201 {object} createRoleResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 409 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 409 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles [post]
|
||||
func (h *aclAdminHandler) createRole(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
var req createRoleRequest
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -195,13 +196,13 @@ func (h *aclAdminHandler) createRole(w http.ResponseWriter, r *http.Request) {
|
||||
slog.Error("Failed to create role", "error", err.Error())
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrInvalidRoleName:
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-name", "Invalid role name", "Role name must be non-empty", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-name", "Invalid role name", "Role name must be non-empty", r)
|
||||
case acl.ErrRoleAlreadyExists:
|
||||
writeProblem(w, http.StatusConflict, "/errors/acl/role-already-exists", "Role already exists", "Role '"+req.Name+"' already exists", r)
|
||||
server.WriteProblem(w, http.StatusConflict, "/errors/acl/role-already-exists", "Role already exists", "Role '"+req.Name+"' already exists", r)
|
||||
default:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -220,24 +221,24 @@ func (h *aclAdminHandler) createRole(w http.ResponseWriter, r *http.Request) {
|
||||
// @Param roleId path int true "Role ID" example(1)
|
||||
// @Param request body updateRoleRequest true "Role"
|
||||
// @Success 200 {object} updateRoleResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 409 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 409 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles/{roleId} [patch]
|
||||
func (h *aclAdminHandler) updateRole(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
var req updateRoleRequest
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
return
|
||||
}
|
||||
|
||||
roleIDStr := chi.URLParam(r, "roleId")
|
||||
roleID, err := strconv.Atoi(roleIDStr)
|
||||
if err != nil || roleID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -246,15 +247,15 @@ func (h *aclAdminHandler) updateRole(w http.ResponseWriter, r *http.Request) {
|
||||
slog.Error("Failed to update role", "error", err.Error())
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrInvalidRoleName:
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-name", "Invalid role name", "Role name must be non-empty", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-name", "Invalid role name", "Role name must be non-empty", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
case acl.ErrSameRoleName:
|
||||
writeProblem(w, http.StatusConflict, "/errors/acl/role-name-already-exists", "Role name already exists", "Role '"+req.Name+"' already exists", r)
|
||||
server.WriteProblem(w, http.StatusConflict, "/errors/acl/role-name-already-exists", "Role name already exists", "Role '"+req.Name+"' already exists", r)
|
||||
default:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -270,17 +271,17 @@ func (h *aclAdminHandler) updateRole(w http.ResponseWriter, r *http.Request) {
|
||||
// @Produce json
|
||||
// @Param roleId path int true "Role ID" example(1)
|
||||
// @Success 204
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 409 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 409 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles/{roleId} [delete]
|
||||
func (h *aclAdminHandler) deleteRole(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
roleIDStr := chi.URLParam(r, "roleId")
|
||||
roleID, err := strconv.Atoi(roleIDStr)
|
||||
if err != nil || roleID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
|
||||
@@ -289,13 +290,13 @@ func (h *aclAdminHandler) deleteRole(w http.ResponseWriter, r *http.Request) {
|
||||
slog.Error("Failed to delete role", "error", err.Error())
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
case acl.ErrRoleInUse:
|
||||
writeProblem(w, http.StatusConflict, "/errors/acl/role-in-use", "Role in use", "Role "+roleIDStr+" is assigned to at least one user and cannot be deleted", r)
|
||||
server.WriteProblem(w, http.StatusConflict, "/errors/acl/role-in-use", "Role in use", "Role "+roleIDStr+" is assigned to at least one user and cannot be deleted", r)
|
||||
default:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -309,37 +310,37 @@ func (h *aclAdminHandler) deleteRole(w http.ResponseWriter, r *http.Request) {
|
||||
// @Param roleId path int true "Role ID" example(1)
|
||||
// @Param request body assignResourceToRoleRequest true "Resource"
|
||||
// @Success 201
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 409 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 409 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles/{roleId}/resources [post]
|
||||
func (h *aclAdminHandler) assignResourceToRole(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
roleIDStr := chi.URLParam(r, "roleId")
|
||||
roleID, err := strconv.Atoi(roleIDStr)
|
||||
if err != nil || roleID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
var req assignResourceToRoleRequest
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-request-body", "Invalid request body", "Invalid JSON body", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-request-body", "Invalid request body", "Invalid JSON body", r)
|
||||
return
|
||||
}
|
||||
if err := h.a.AssignResourceToRole(uint(roleID), req.ResourceID); err != nil {
|
||||
slog.Error("Failed to assign resource to role", "error", err.Error())
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
case acl.ErrResourceNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+strconv.Itoa(int(req.ResourceID)), r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+strconv.Itoa(int(req.ResourceID)), r)
|
||||
case acl.ErrResourceAlreadyAssigned:
|
||||
writeProblem(w, http.StatusConflict, "/errors/acl/resource-already-assigned", "Resource already assigned", "Resource with ID "+strconv.Itoa(int(req.ResourceID))+" is already assigned to role with ID "+roleIDStr, r)
|
||||
server.WriteProblem(w, http.StatusConflict, "/errors/acl/resource-already-assigned", "Resource already assigned", "Resource with ID "+strconv.Itoa(int(req.ResourceID))+" is already assigned to role with ID "+roleIDStr, r)
|
||||
default:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -352,37 +353,37 @@ func (h *aclAdminHandler) assignResourceToRole(w http.ResponseWriter, r *http.Re
|
||||
// @Param roleId path int true "Role ID" example(1)
|
||||
// @Param resId path int true "Resource ID" example(1)
|
||||
// @Success 204
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/roles/{roleId}/resources/{resId} [delete]
|
||||
func (h *aclAdminHandler) removeResourceFromRole(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
roleIDStr := chi.URLParam(r, "roleId")
|
||||
roleID, err := strconv.Atoi(roleIDStr)
|
||||
if err != nil || roleID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
resourceIDStr := chi.URLParam(r, "resId")
|
||||
resourceID, err := strconv.Atoi(resourceIDStr)
|
||||
if err != nil || resourceID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-resource-id", "Invalid resource ID", "Resource ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
if err := h.a.RemoveResourceFromRole(uint(roleID), uint(resourceID)); err != nil {
|
||||
slog.Error("Failed to remove resource from role", "error", err.Error())
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-not-found", "Role not found", "No role with ID "+roleIDStr, r)
|
||||
case acl.ErrResourceNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+strconv.Itoa(int(resourceID)), r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/resource-not-found", "Resource not found", "No resource with ID "+strconv.Itoa(int(resourceID)), r)
|
||||
case acl.ErrRoleResourceNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/role-resource-not-found", "Role resource not found", "No role-resource pair with role ID "+roleIDStr+" and resource ID "+strconv.Itoa(int(resourceID)), r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/role-resource-not-found", "Role resource not found", "No role-resource pair with role ID "+roleIDStr+" and resource ID "+strconv.Itoa(int(resourceID)), r)
|
||||
default:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"strconv"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/acl"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
@@ -15,30 +16,30 @@ import (
|
||||
// @Produce json
|
||||
// @Param userId path int true "User ID" example(1)
|
||||
// @Success 200 {object} getUserRolesResponse
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/users/{userId}/roles [get]
|
||||
func (h *aclAdminHandler) getUserRoles(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
userIDStr := chi.URLParam(r, "userId")
|
||||
userID, err := strconv.Atoi(userIDStr)
|
||||
if err != nil {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-user-id", "Invalid user ID", "User ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-user-id", "Invalid user ID", "User ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
roles, err := h.a.GetUserRoles(uint(userID))
|
||||
if err != nil {
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrUserNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/user-not-found", "User not found", "User not found", r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/user-not-found", "User not found", "User not found", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/no-role-found", "No role found", "No role found for user "+strconv.Itoa(userID), r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/no-role-found", "No role found", "No role found for user "+strconv.Itoa(userID), r)
|
||||
default:
|
||||
slog.Error("unexpected server error", "error", err.Error())
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -55,37 +56,37 @@ func (h *aclAdminHandler) getUserRoles(w http.ResponseWriter, r *http.Request) {
|
||||
// @Param userId path int true "User ID" example(1)
|
||||
// @Param body body assignRoleToUserRequest true "Role ID"
|
||||
// @Success 201
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 409 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 409 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/users/{userId}/roles [post]
|
||||
func (h *aclAdminHandler) assignRoleToUser(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
userIDStr := chi.URLParam(r, "userId")
|
||||
userID, err := strconv.Atoi(userIDStr)
|
||||
if err != nil || userID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-user-id", "Invalid user ID", "User ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-user-id", "Invalid user ID", "User ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
var req assignRoleToUserRequest
|
||||
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-request-body", "Invalid request body", "Invalid JSON body", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-request-body", "Invalid request body", "Invalid JSON body", r)
|
||||
return
|
||||
}
|
||||
if err := h.a.AssignRoleToUser(req.RoleID, uint(userID)); err != nil {
|
||||
slog.Error("Failed to assign role to user", "error", err.Error())
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrUserNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/user-not-found", "User not found", "User not found", r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/user-not-found", "User not found", "User not found", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/no-role-found", "No role found", "No role found for user "+strconv.Itoa(userID), r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/no-role-found", "No role found", "No role found for user "+strconv.Itoa(userID), r)
|
||||
case acl.ErrRoleAlreadyAssigned:
|
||||
writeProblem(w, http.StatusConflict, "/errors/acl/role-already-assigned", "Role already assigned", "Role with ID "+strconv.Itoa(int(req.RoleID))+" is already assigned to user "+strconv.Itoa(userID), r)
|
||||
server.WriteProblem(w, http.StatusConflict, "/errors/acl/role-already-assigned", "Role already assigned", "Role with ID "+strconv.Itoa(int(req.RoleID))+" is already assigned to user "+strconv.Itoa(userID), r)
|
||||
default:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
@@ -98,22 +99,22 @@ func (h *aclAdminHandler) assignRoleToUser(w http.ResponseWriter, r *http.Reques
|
||||
// @Param userId path int true "User ID" example(1)
|
||||
// @Param roleId path int true "Role ID" example(1)
|
||||
// @Success 204
|
||||
// @Failure 400 {object} ProblemDetails
|
||||
// @Failure 404 {object} ProblemDetails
|
||||
// @Failure 500 {object} ProblemDetails
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/acl/users/{userId}/roles/{roleId} [delete]
|
||||
func (h *aclAdminHandler) removeRoleFromUser(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
userIDStr := chi.URLParam(r, "userId")
|
||||
userID, err := strconv.Atoi(userIDStr)
|
||||
if err != nil || userID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-user-id", "Invalid user ID", "User ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-user-id", "Invalid user ID", "User ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
roleIDStr := chi.URLParam(r, "roleId")
|
||||
roleID, err := strconv.Atoi(roleIDStr)
|
||||
if err != nil || roleID < 0 {
|
||||
writeProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/acl/invalid-role-id", "Invalid role ID", "Role ID must be positive integer", r)
|
||||
return
|
||||
}
|
||||
err = h.a.RemoveRoleFromUser(uint(roleID), uint(userID))
|
||||
@@ -121,15 +122,15 @@ func (h *aclAdminHandler) removeRoleFromUser(w http.ResponseWriter, r *http.Requ
|
||||
slog.Error("Failed to remove role from user", "error", err.Error())
|
||||
switch err {
|
||||
case acl.ErrNotInitialized:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "ACL service is not initialized", r)
|
||||
case acl.ErrUserNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/user-not-found", "User not found", "User not found", r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/user-not-found", "User not found", "User not found", r)
|
||||
case acl.ErrRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/no-role-found", "No role found", "No role found for user "+strconv.Itoa(userID), r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/no-role-found", "No role found", "No role found for user "+strconv.Itoa(userID), r)
|
||||
case acl.ErrUserRoleNotFound:
|
||||
writeProblem(w, http.StatusNotFound, "/errors/acl/user-role-not-found", "User role not found", "User "+strconv.Itoa(userID)+" does not have role "+strconv.Itoa(roleID), r)
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/acl/user-role-not-found", "User role not found", "User "+strconv.Itoa(userID)+" does not have role "+strconv.Itoa(roleID), r)
|
||||
default:
|
||||
writeProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
}
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
|
||||
7
api/auth/errors.go
Normal file
7
api/auth/errors.go
Normal file
@@ -0,0 +1,7 @@
|
||||
package api_auth
|
||||
|
||||
const (
|
||||
ErrorInvalidCredentials = "INVALID_CREDENTIALS"
|
||||
ErrorInvalidToken = "INVALID_TOKEN"
|
||||
ErrorExpiredToken = "EXPIRED_TOKEN"
|
||||
)
|
||||
35
api/auth/get_user_data.go
Normal file
35
api/auth/get_user_data.go
Normal file
@@ -0,0 +1,35 @@
|
||||
package api_auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type GetUserDataResponse struct {
|
||||
UserID uint `json:"id"`
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
}
|
||||
|
||||
func (h *authHandler) handleGetUserData(w http.ResponseWriter, r *http.Request) {
|
||||
by := r.URL.Query().Get("by")
|
||||
value := r.URL.Query().Get("value")
|
||||
if value == "" {
|
||||
value = r.URL.Query().Get(by)
|
||||
}
|
||||
user, err := h.a.Get(by, value)
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to get user", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
err = json.NewEncoder(w).Encode(meResponse{
|
||||
UserID: user.ID,
|
||||
Username: user.Username,
|
||||
Email: user.Email,
|
||||
})
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to encode response", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
@@ -3,24 +3,19 @@
|
||||
package api_auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/auth"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/config"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
func setRefreshCookie(w http.ResponseWriter, token string, ttl time.Duration, secure bool) {
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "refresh_token",
|
||||
Value: token,
|
||||
Path: "/api/auth/refresh",
|
||||
Path: "/api/auth/",
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
MaxAge: int(ttl.Seconds()),
|
||||
@@ -58,165 +53,3 @@ func MustRoute(config *config.Config, authService *auth.Service) func(chi.Router
|
||||
r.Post("/revoke", h.handleRevoke) // not implemented
|
||||
}
|
||||
}
|
||||
|
||||
type registerRequest struct {
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
type registerResponse struct {
|
||||
UserID uint `json:"id"`
|
||||
Username string `json:"username"`
|
||||
}
|
||||
|
||||
func (h *authHandler) handleRegister(w http.ResponseWriter, r *http.Request) {
|
||||
var req registerRequest
|
||||
err := json.NewDecoder(r.Body).Decode(&req)
|
||||
if err != nil {
|
||||
http.Error(w, "Invalid request payload", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
user, err := h.a.Register(req.Username, req.Email, req.Password)
|
||||
if err != nil {
|
||||
slog.Error("Failed to register user", "error", err)
|
||||
http.Error(w, "Registration failed", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
err = json.NewEncoder(w).Encode(registerResponse{
|
||||
UserID: user.ID,
|
||||
Username: user.Username,
|
||||
})
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to encode response", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
}
|
||||
|
||||
type loginRequest struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
type loginResponse struct {
|
||||
Token string `json:"accessToken"`
|
||||
}
|
||||
|
||||
func (h *authHandler) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
var req loginRequest
|
||||
err := json.NewDecoder(r.Body).Decode(&req)
|
||||
if err != nil {
|
||||
http.Error(w, "Invalid request payload", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
tokens, err := h.a.Login(req.Username, req.Password)
|
||||
if err != nil {
|
||||
http.Error(w, "Authentication failed", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
setRefreshCookie(w, tokens.Refresh, h.cfg.Auth.RefreshTokenTTL, false)
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
err = json.NewEncoder(w).Encode(loginResponse{Token: tokens.Access})
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to encode response", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func (h *authHandler) handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
claims, err := h.a.AuthenticateRequest(r)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
rjti := claims.(jwt.MapClaims)["rjti"].(string)
|
||||
err = h.a.Logout(rjti)
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to logout, taking cookie anyways", http.StatusInternalServerError)
|
||||
}
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "refresh_token",
|
||||
Value: "",
|
||||
MaxAge: -1,
|
||||
Path: "/api/users/refresh",
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
if err == nil {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
}
|
||||
}
|
||||
|
||||
type meResponse struct {
|
||||
UserID uint `json:"id"`
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
}
|
||||
|
||||
func (h *authHandler) handleMe(w http.ResponseWriter, r *http.Request) {
|
||||
refresh_token_cookie, err := r.Cookie("refresh_token")
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
userID, err := h.a.ValidateRefreshToken(refresh_token_cookie.Value)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
user, err := h.a.Get("id", fmt.Sprint(userID))
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to get user", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
err = json.NewEncoder(w).Encode(meResponse{
|
||||
UserID: user.ID,
|
||||
Username: user.Username,
|
||||
Email: user.Email,
|
||||
})
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to encode response", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
type GetUserDataResponse meResponse
|
||||
|
||||
func (h *authHandler) handleGetUserData(w http.ResponseWriter, r *http.Request) {
|
||||
by := r.URL.Query().Get("by")
|
||||
value := r.URL.Query().Get("value")
|
||||
if value == "" {
|
||||
value = r.URL.Query().Get(by)
|
||||
}
|
||||
user, err := h.a.Get(by, value)
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to get user", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
err = json.NewEncoder(w).Encode(meResponse{
|
||||
UserID: user.ID,
|
||||
Username: user.Username,
|
||||
Email: user.Email,
|
||||
})
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to encode response", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func (h *authHandler) handleRevoke(w http.ResponseWriter, r *http.Request) {
|
||||
server.NotImplemented(w)
|
||||
}
|
||||
|
||||
func (h *authHandler) handleRefresh(w http.ResponseWriter, r *http.Request) {
|
||||
server.NotImplemented(w)
|
||||
}
|
||||
|
||||
55
api/auth/login.go
Normal file
55
api/auth/login.go
Normal file
@@ -0,0 +1,55 @@
|
||||
package api_auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/auth"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
)
|
||||
|
||||
type loginRequest struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
type loginResponse struct {
|
||||
Token string `json:"accessToken"`
|
||||
}
|
||||
|
||||
// @Summary Login
|
||||
// @Tags auth
|
||||
// @Produce json
|
||||
// @Param request body loginRequest true "Login request"
|
||||
// @Success 200 {object} loginResponse
|
||||
// @Failure 400 {object} server.ProblemDetails
|
||||
// @Failure 401 {object} server.ProblemDetails
|
||||
// @Router /api/auth/login [post]
|
||||
func (h *authHandler) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
var req loginRequest
|
||||
err := json.NewDecoder(r.Body).Decode(&req)
|
||||
if err != nil {
|
||||
server.WriteProblem(w, http.StatusBadRequest, "/errors/invalid-request-body", "Invalid request body", "Body is not valid JSON", r)
|
||||
return
|
||||
}
|
||||
|
||||
tokens, err := h.a.Login(req.Username, req.Password)
|
||||
if err != nil {
|
||||
slog.Error("Login failed", "error", err.Error())
|
||||
switch err {
|
||||
case auth.ErrInvalidUsername:
|
||||
server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/invalid-credentials", "Invalid credentials", fmt.Sprintf("User with username %s not found", req.Username), r)
|
||||
case auth.ErrInvalidPassword:
|
||||
server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/invalid-credentials", "Invalid credentials", fmt.Sprintf("Invalid password for user %s", req.Username), r)
|
||||
default:
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
setRefreshCookie(w, tokens.Refresh, h.cfg.Auth.RefreshTokenTTL, false)
|
||||
_ = json.NewEncoder(w).Encode(loginResponse{Token: tokens.Access})
|
||||
}
|
||||
82
api/auth/logout.go
Normal file
82
api/auth/logout.go
Normal file
@@ -0,0 +1,82 @@
|
||||
package api_auth
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/auth"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
// @Summary Logout
|
||||
// @Description Requires valid refresh token
|
||||
// @Tags auth
|
||||
// @Success 204
|
||||
// @Failure 401 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/auth/logout [post]
|
||||
func (h *authHandler) handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
// claims, err := h.a.AuthenticateRequest(r)
|
||||
// if err != nil {
|
||||
// slog.Error("failed to AuthenticateRequest", "error", err.Error())
|
||||
// switch err {
|
||||
// case auth.ErrInvalidToken:
|
||||
// server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/invalid-token", "Invalid token", "Invalid token: taking cookies anyways", r)
|
||||
// case auth.ErrTokenIsMissing:
|
||||
// server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/invalid-token", "Invalid token", "Token is missing: taking cookies anyway", r)
|
||||
// default:
|
||||
// server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error: taking cookies anyway", r)
|
||||
// }
|
||||
// http.SetCookie(w, &http.Cookie{
|
||||
// Name: "refresh_token",
|
||||
// Value: "",
|
||||
// MaxAge: -1,
|
||||
// Path: "/api/auth/",
|
||||
// HttpOnly: true,
|
||||
// SameSite: http.SameSiteLaxMode,
|
||||
// })
|
||||
// return
|
||||
// }
|
||||
// rjti := claims.(jwt.MapClaims)["rjti"].(string)
|
||||
refreshCookie, err := r.Cookie("refresh_token")
|
||||
if err != nil && errors.Is(err, http.ErrNoCookie) {
|
||||
server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/refresh-token-not-found", "Refresh token is missing", "Refresh token is missing", r)
|
||||
return
|
||||
}
|
||||
refreshStr := refreshCookie.Value
|
||||
if refreshStr == "" {
|
||||
server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/refresh-token-not-found", "Refresh token is missing", "Refresh token is missing", r)
|
||||
return
|
||||
}
|
||||
claims, err := h.a.ValidateRefreshToken(refreshStr)
|
||||
if err != nil {
|
||||
slog.Error("failed to ValidateRefreshToken", "error", err.Error())
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error while validating refresh token: maybe invalid", r)
|
||||
return
|
||||
}
|
||||
rjti := claims.(jwt.MapClaims)["jti"].(string)
|
||||
err = h.a.Logout(rjti)
|
||||
if err != nil {
|
||||
slog.Error("failed to Logout", "error", err.Error())
|
||||
switch err {
|
||||
case auth.ErrInvalidToken:
|
||||
server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/already-revoked", "Token already revoked", fmt.Sprintf("Token with rjti '%s' is already revoked", rjti), r)
|
||||
default:
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error: taking cookies anyway", r)
|
||||
}
|
||||
}
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "refresh_token",
|
||||
Value: "",
|
||||
MaxAge: -1,
|
||||
Path: "/api/auth/",
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
if err == nil {
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
}
|
||||
}
|
||||
42
api/auth/me.go
Normal file
42
api/auth/me.go
Normal file
@@ -0,0 +1,42 @@
|
||||
package api_auth
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
)
|
||||
|
||||
type meResponse struct {
|
||||
UserID uint `json:"id"`
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
}
|
||||
|
||||
func (h *authHandler) handleMe(w http.ResponseWriter, r *http.Request) {
|
||||
server.NotImplemented(w)
|
||||
// refresh_token_cookie, err := r.Cookie("refresh_token")
|
||||
// if err != nil {
|
||||
// w.WriteHeader(http.StatusUnauthorized)
|
||||
// return
|
||||
// }
|
||||
// userID, err := h.a.ValidateRefreshToken(refresh_token_cookie.Value)
|
||||
// if err != nil {
|
||||
// w.WriteHeader(http.StatusUnauthorized)
|
||||
// return
|
||||
// }
|
||||
// user, err := h.a.Get("id", fmt.Sprint(userID))
|
||||
// if err != nil {
|
||||
// http.Error(w, "Failed to get user", http.StatusInternalServerError)
|
||||
// return
|
||||
// }
|
||||
// w.Header().Set("Content-Type", "application/json")
|
||||
// err = json.NewEncoder(w).Encode(meResponse{
|
||||
// UserID: user.ID,
|
||||
// Username: user.Username,
|
||||
// Email: user.Email,
|
||||
// })
|
||||
// if err != nil {
|
||||
// http.Error(w, "Failed to encode response", http.StatusInternalServerError)
|
||||
// return
|
||||
// }
|
||||
}
|
||||
56
api/auth/refresh.go
Normal file
56
api/auth/refresh.go
Normal file
@@ -0,0 +1,56 @@
|
||||
package api_auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/auth"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
)
|
||||
|
||||
type refreshResponse struct {
|
||||
Access string `json:"accessToken"`
|
||||
}
|
||||
|
||||
// @Summary Refresh tokens
|
||||
// @Description Requires valid HttpOnly refresh_token cookie
|
||||
// @Tags auth
|
||||
// @Produce json
|
||||
// @Security RefreshCookieAuth
|
||||
// @Success 200 {object} refreshResponse
|
||||
// @Failure 401 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/auth/refresh [post]
|
||||
func (h *authHandler) handleRefresh(w http.ResponseWriter, r *http.Request) {
|
||||
refreshCookie, err := r.Cookie("refresh_token")
|
||||
if err != nil && errors.Is(err, http.ErrNoCookie) {
|
||||
server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/refresh-token-not-found", "Refresh token is missing", "Refresh token is missing", r)
|
||||
return
|
||||
}
|
||||
refreshStr := refreshCookie.Value
|
||||
if refreshStr == "" {
|
||||
server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/refresh-token-not-found", "Refresh token is missing", "Refresh token is missing", r)
|
||||
return
|
||||
}
|
||||
tokens, err := h.a.RefreshTokens(refreshStr)
|
||||
if err != nil {
|
||||
if errors.Is(err, auth.ErrInvalidToken) {
|
||||
server.WriteProblem(w, http.StatusUnauthorized, "/errors/auth/refresh-token-invalid", "Refresh token is invalid", "Refresh token is invalid", r)
|
||||
} else {
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "unexpected error: taking cookies anyway", r)
|
||||
}
|
||||
return
|
||||
}
|
||||
http.SetCookie(w, &http.Cookie{
|
||||
Name: "refresh_token",
|
||||
Value: tokens.Refresh,
|
||||
MaxAge: 3600,
|
||||
Path: "/api/auth/refresh",
|
||||
HttpOnly: true,
|
||||
SameSite: http.SameSiteLaxMode,
|
||||
})
|
||||
var resp refreshResponse
|
||||
resp.Access = tokens.Access
|
||||
_ = json.NewEncoder(w).Encode(resp)
|
||||
}
|
||||
45
api/auth/register.go
Normal file
45
api/auth/register.go
Normal file
@@ -0,0 +1,45 @@
|
||||
package api_auth
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
type registerRequest struct {
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
type registerResponse struct {
|
||||
UserID uint `json:"id"`
|
||||
Username string `json:"username"`
|
||||
}
|
||||
|
||||
func (h *authHandler) handleRegister(w http.ResponseWriter, r *http.Request) {
|
||||
var req registerRequest
|
||||
err := json.NewDecoder(r.Body).Decode(&req)
|
||||
if err != nil {
|
||||
http.Error(w, "Invalid request payload", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
user, err := h.a.Register(req.Username, req.Email, req.Password)
|
||||
if err != nil {
|
||||
slog.Error("Failed to register user", "error", err)
|
||||
http.Error(w, "Registration failed", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
err = json.NewEncoder(w).Encode(registerResponse{
|
||||
UserID: user.ID,
|
||||
Username: user.Username,
|
||||
})
|
||||
if err != nil {
|
||||
http.Error(w, "Failed to encode response", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.WriteHeader(http.StatusCreated)
|
||||
}
|
||||
11
api/auth/revoke.go
Normal file
11
api/auth/revoke.go
Normal file
@@ -0,0 +1,11 @@
|
||||
package api_auth
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
)
|
||||
|
||||
func (h *authHandler) handleRevoke(w http.ResponseWriter, r *http.Request) {
|
||||
server.NotImplemented(w)
|
||||
}
|
||||
@@ -16,6 +16,7 @@ import (
|
||||
"path/filepath"
|
||||
|
||||
"git.oblat.lv/alex/triggerssmith/internal/config"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
@@ -41,16 +42,26 @@ func MustRoute(config *config.Config) func(chi.Router) {
|
||||
}
|
||||
}
|
||||
|
||||
// @Summary Get block
|
||||
// @Tags block
|
||||
// @Produce json
|
||||
// @Param blockPath path string true "Block Path" example(menu)
|
||||
// @Success 200 {object} Block
|
||||
// @Failure 403 {object} server.ProblemDetails
|
||||
// @Failure 404 {object} server.ProblemDetails
|
||||
// @Failure 500 {object} server.ProblemDetails
|
||||
// @Router /api/block/{blockPath} [get]
|
||||
func (h *blockHandler) handleBlock(w http.ResponseWriter, r *http.Request) {
|
||||
if !h.cfg.Server.BlockConfig.Enabled {
|
||||
http.Error(w, "Block serving is disabled", http.StatusForbidden)
|
||||
server.WriteProblem(w, http.StatusForbidden, "/errors/block/block-serving-disabled", "Block serving is disabled", "Block serving is disabled", r)
|
||||
return
|
||||
}
|
||||
|
||||
blockPath := r.URL.Path[len("/api/block/"):]
|
||||
block, err := LoadBlock(blockPath, h.cfg)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
slog.Error("failed to load block", slog.String("path", blockPath), slog.String("err", err.Error()))
|
||||
server.WriteProblem(w, http.StatusInternalServerError, "/errors/internal-server-error", "Internal Server Error", "failed to load block", r)
|
||||
return
|
||||
}
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
"git.oblat.lv/alex/triggerssmith/internal/acl"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/auth"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/config"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/server"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/vars"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/go-chi/chi/v5/middleware"
|
||||
@@ -59,6 +60,7 @@ func NewRouter(deps RouterDependencies) *Router {
|
||||
// RouteHandler sets up the routes and middleware for the router.
|
||||
// TODO: implement hot reload for static files enabled/disabled
|
||||
func (r *Router) MustRoute() chi.Router {
|
||||
r.r.Use(middleware.RealIP)
|
||||
r.r.Use(middleware.Logger)
|
||||
r.r.Use(middleware.Recoverer)
|
||||
r.r.Use(middleware.Timeout(r.cfg.Server.TimeoutSeconds))
|
||||
@@ -106,6 +108,14 @@ func (r *Router) MustRoute() chi.Router {
|
||||
})
|
||||
w.Write([]byte(b))
|
||||
})
|
||||
r.r.NotFound(func(w http.ResponseWriter, req *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/problem+json")
|
||||
server.WriteProblem(w, http.StatusNotFound, "/errors/not-found", "Not found", "Requested page not found", req)
|
||||
})
|
||||
r.r.MethodNotAllowed(func(w http.ResponseWriter, req *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/problem+json")
|
||||
server.WriteProblem(w, http.StatusMethodNotAllowed, "/errors/method-not-allowed", "Method not allowed", "Requested method not allowed", req)
|
||||
})
|
||||
//r.r.Handle("/invoke/function/{function_id}/{function_version}", invoke.InvokeHandler(r.cfg))
|
||||
return r.r
|
||||
}
|
||||
|
||||
1106
docs/docs.go
1106
docs/docs.go
File diff suppressed because it is too large
Load Diff
1077
docs/swagger.json
1077
docs/swagger.json
File diff suppressed because it is too large
Load Diff
@@ -1,718 +0,0 @@
|
||||
definitions:
|
||||
api_acladmin.ProblemDetails:
|
||||
properties:
|
||||
detail:
|
||||
example: No role with ID 42
|
||||
type: string
|
||||
instance:
|
||||
example: /api/acl/roles/42
|
||||
type: string
|
||||
status:
|
||||
example: 404
|
||||
type: integer
|
||||
title:
|
||||
example: Role not found
|
||||
type: string
|
||||
type:
|
||||
example: https://api.triggerssmith.com/errors/role-not-found
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.assignResourceToRoleRequest:
|
||||
properties:
|
||||
resourceId:
|
||||
example: 1
|
||||
type: integer
|
||||
type: object
|
||||
api_acladmin.assignRoleToUserRequest:
|
||||
properties:
|
||||
roleId:
|
||||
example: 1
|
||||
type: integer
|
||||
type: object
|
||||
api_acladmin.createResourceRequest:
|
||||
properties:
|
||||
key:
|
||||
example: html.view
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.createResourceResponse:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
key:
|
||||
example: html.view
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.createRoleRequest:
|
||||
properties:
|
||||
name:
|
||||
example: admin
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.createRoleResponse:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
name:
|
||||
example: admin
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.getResourceResponse:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
key:
|
||||
example: html.view
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.getRoleResource:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
name:
|
||||
example: '*'
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.getRoleResponse:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
name:
|
||||
example: admin
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.getRoleUser:
|
||||
properties:
|
||||
email:
|
||||
example: admin@triggerssmith.com
|
||||
type: string
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
username:
|
||||
example: admin
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.getUserRole:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
name:
|
||||
example: '*'
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.updateResourceRequest:
|
||||
properties:
|
||||
key:
|
||||
example: html.view
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.updateResourceResponse:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
key:
|
||||
example: html.view
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.updateRoleRequest:
|
||||
properties:
|
||||
name:
|
||||
example: admin
|
||||
type: string
|
||||
type: object
|
||||
api_acladmin.updateRoleResponse:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
name:
|
||||
example: admin
|
||||
type: string
|
||||
type: object
|
||||
info:
|
||||
contact: {}
|
||||
paths:
|
||||
/api/acl/resources:
|
||||
get:
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
items:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
key:
|
||||
example: html.view
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Get all resources
|
||||
tags:
|
||||
- acl/resources
|
||||
post:
|
||||
consumes:
|
||||
- application/json
|
||||
parameters:
|
||||
- description: Resource
|
||||
in: body
|
||||
name: request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.createResourceRequest'
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"201":
|
||||
description: Created
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.createResourceResponse'
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"409":
|
||||
description: Conflict
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Create resource
|
||||
tags:
|
||||
- acl/resources
|
||||
/api/acl/resources/{resourceId}:
|
||||
delete:
|
||||
parameters:
|
||||
- description: Resource ID
|
||||
example: 1
|
||||
in: path
|
||||
name: resourceId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"409":
|
||||
description: Conflict
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Delete resource
|
||||
tags:
|
||||
- acl/resources
|
||||
get:
|
||||
parameters:
|
||||
- description: Resource ID
|
||||
example: 1
|
||||
in: path
|
||||
name: resourceId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.getResourceResponse'
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Get resource by ID
|
||||
tags:
|
||||
- acl/resources
|
||||
patch:
|
||||
consumes:
|
||||
- application/json
|
||||
parameters:
|
||||
- description: Resource ID
|
||||
example: 1
|
||||
in: path
|
||||
name: resourceId
|
||||
required: true
|
||||
type: integer
|
||||
- description: Resource
|
||||
in: body
|
||||
name: request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.updateResourceRequest'
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.updateResourceResponse'
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"409":
|
||||
description: Conflict
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Update resource
|
||||
tags:
|
||||
- acl/resources
|
||||
/api/acl/roles:
|
||||
get:
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
items:
|
||||
items:
|
||||
properties:
|
||||
id:
|
||||
example: 1
|
||||
type: integer
|
||||
name:
|
||||
example: admin
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
type: array
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Get all roles
|
||||
tags:
|
||||
- acl/roles
|
||||
post:
|
||||
consumes:
|
||||
- application/json
|
||||
parameters:
|
||||
- description: Role
|
||||
in: body
|
||||
name: request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.createRoleRequest'
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"201":
|
||||
description: Created
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.createRoleResponse'
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"409":
|
||||
description: Conflict
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Create role
|
||||
tags:
|
||||
- acl/roles
|
||||
/api/acl/roles/{roleId}:
|
||||
delete:
|
||||
parameters:
|
||||
- description: Role ID
|
||||
example: 1
|
||||
in: path
|
||||
name: roleId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"204":
|
||||
description: No Content
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"409":
|
||||
description: Conflict
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Delete role
|
||||
tags:
|
||||
- acl/roles
|
||||
get:
|
||||
parameters:
|
||||
- description: Role ID
|
||||
example: 1
|
||||
in: path
|
||||
name: roleId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.getRoleResponse'
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Get role by ID
|
||||
tags:
|
||||
- acl/roles
|
||||
patch:
|
||||
consumes:
|
||||
- application/json
|
||||
parameters:
|
||||
- description: Role ID
|
||||
example: 1
|
||||
in: path
|
||||
name: roleId
|
||||
required: true
|
||||
type: integer
|
||||
- description: Role
|
||||
in: body
|
||||
name: request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.updateRoleRequest'
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.updateRoleResponse'
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"409":
|
||||
description: Conflict
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Update role
|
||||
tags:
|
||||
- acl/roles
|
||||
/api/acl/roles/{roleId}/resources:
|
||||
get:
|
||||
parameters:
|
||||
- description: Role ID
|
||||
example: 1
|
||||
in: path
|
||||
name: roleId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
items:
|
||||
items:
|
||||
$ref: '#/definitions/api_acladmin.getRoleResource'
|
||||
type: array
|
||||
type: array
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Get role resources
|
||||
tags:
|
||||
- acl/roles
|
||||
post:
|
||||
parameters:
|
||||
- description: Role ID
|
||||
example: 1
|
||||
in: path
|
||||
name: roleId
|
||||
required: true
|
||||
type: integer
|
||||
- description: Resource
|
||||
in: body
|
||||
name: request
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.assignResourceToRoleRequest'
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"201":
|
||||
description: Created
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"409":
|
||||
description: Conflict
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Assign resource to role
|
||||
tags:
|
||||
- acl/roles
|
||||
/api/acl/roles/{roleId}/resources/{resId}:
|
||||
delete:
|
||||
parameters:
|
||||
- description: Role ID
|
||||
example: 1
|
||||
in: path
|
||||
name: roleId
|
||||
required: true
|
||||
type: integer
|
||||
- description: Resource ID
|
||||
example: 1
|
||||
in: path
|
||||
name: resId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"204":
|
||||
description: No Content
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Remove resource from role
|
||||
tags:
|
||||
- acl/roles
|
||||
/api/acl/roles/{roleId}/users:
|
||||
get:
|
||||
parameters:
|
||||
- description: Role ID
|
||||
example: 1
|
||||
in: path
|
||||
name: roleId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
items:
|
||||
items:
|
||||
$ref: '#/definitions/api_acladmin.getRoleUser'
|
||||
type: array
|
||||
type: array
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Get role users
|
||||
tags:
|
||||
- acl/roles
|
||||
/api/acl/users/{userId}/roles:
|
||||
get:
|
||||
parameters:
|
||||
- description: User ID
|
||||
example: 1
|
||||
in: path
|
||||
name: userId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"200":
|
||||
description: OK
|
||||
schema:
|
||||
items:
|
||||
$ref: '#/definitions/api_acladmin.getUserRole'
|
||||
type: array
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Get user roles by user ID
|
||||
tags:
|
||||
- acl/users
|
||||
post:
|
||||
parameters:
|
||||
- description: User ID
|
||||
example: 1
|
||||
in: path
|
||||
name: userId
|
||||
required: true
|
||||
type: integer
|
||||
- description: Role ID
|
||||
in: body
|
||||
name: body
|
||||
required: true
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.assignRoleToUserRequest'
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"201":
|
||||
description: Created
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"409":
|
||||
description: Conflict
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Assign role to user
|
||||
tags:
|
||||
- acl/users
|
||||
/api/acl/users/{userId}/roles/{roleId}:
|
||||
delete:
|
||||
parameters:
|
||||
- description: User ID
|
||||
example: 1
|
||||
in: path
|
||||
name: userId
|
||||
required: true
|
||||
type: integer
|
||||
- description: Role ID
|
||||
example: 1
|
||||
in: path
|
||||
name: roleId
|
||||
required: true
|
||||
type: integer
|
||||
produces:
|
||||
- application/json
|
||||
responses:
|
||||
"204":
|
||||
description: No Content
|
||||
"400":
|
||||
description: Bad Request
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"404":
|
||||
description: Not Found
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
"500":
|
||||
description: Internal Server Error
|
||||
schema:
|
||||
$ref: '#/definitions/api_acladmin.ProblemDetails'
|
||||
summary: Remove role from user
|
||||
tags:
|
||||
- acl/users
|
||||
swagger: "2.0"
|
||||
13
internal/auth/errors.go
Normal file
13
internal/auth/errors.go
Normal file
@@ -0,0 +1,13 @@
|
||||
package auth
|
||||
|
||||
import "fmt"
|
||||
|
||||
var (
|
||||
ErrUserNotFound = fmt.Errorf("user not found")
|
||||
ErrInvalidPassword = fmt.Errorf("invalid password")
|
||||
ErrInvalidEmail = fmt.Errorf("invalid email")
|
||||
ErrInvalidUsername = fmt.Errorf("invalid username")
|
||||
|
||||
ErrTokenIsMissing = fmt.Errorf("token is missing")
|
||||
ErrInvalidToken = fmt.Errorf("invalid token")
|
||||
)
|
||||
@@ -1,6 +1,7 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
@@ -8,7 +9,7 @@ import (
|
||||
"git.oblat.lv/alex/triggerssmith/internal/config"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/jwt"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/token"
|
||||
"git.oblat.lv/alex/triggerssmith/internal/user"
|
||||
user_p "git.oblat.lv/alex/triggerssmith/internal/user"
|
||||
ejwt "github.com/golang-jwt/jwt/v5"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
@@ -23,7 +24,7 @@ type Service struct {
|
||||
|
||||
services struct {
|
||||
jwt *jwt.Service
|
||||
user *user.Service
|
||||
user *user_p.Service
|
||||
token *token.Service
|
||||
}
|
||||
}
|
||||
@@ -32,7 +33,7 @@ type AuthServiceDependencies struct {
|
||||
Configuration *config.Config
|
||||
|
||||
JWTService *jwt.Service
|
||||
UserService *user.Service
|
||||
UserService *user_p.Service
|
||||
TokenService *token.Service
|
||||
}
|
||||
|
||||
@@ -53,7 +54,7 @@ func NewAuthService(deps AuthServiceDependencies) (*Service, error) {
|
||||
cfg: deps.Configuration,
|
||||
services: struct {
|
||||
jwt *jwt.Service
|
||||
user *user.Service
|
||||
user *user_p.Service
|
||||
token *token.Service
|
||||
}{
|
||||
jwt: deps.JWTService,
|
||||
@@ -65,20 +66,20 @@ func NewAuthService(deps AuthServiceDependencies) (*Service, error) {
|
||||
|
||||
// Users
|
||||
|
||||
func (s *Service) Get(by, value string) (*user.User, error) {
|
||||
func (s *Service) Get(by, value string) (*user_p.User, error) {
|
||||
return s.services.user.GetBy(by, value)
|
||||
}
|
||||
|
||||
// Register creates a new user with the given username, email, and password.
|
||||
// Password is hashed before storing.
|
||||
// Returns the created user or an error.
|
||||
func (s *Service) Register(username, email, password string) (*user.User, error) {
|
||||
func (s *Service) Register(username, email, password string) (*user_p.User, error) {
|
||||
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to hash password: %w", err)
|
||||
}
|
||||
|
||||
user := &user.User{
|
||||
user := &user_p.User{
|
||||
Username: username,
|
||||
Email: email,
|
||||
Password: string(hashedPassword),
|
||||
@@ -97,12 +98,15 @@ func (s *Service) Register(username, email, password string) (*user.User, error)
|
||||
func (s *Service) Login(username, password string) (*Tokens, error) {
|
||||
user, err := s.services.user.GetBy("username", username)
|
||||
if err != nil {
|
||||
if err == user_p.ErrUserNotFound {
|
||||
return nil, ErrInvalidUsername
|
||||
}
|
||||
return nil, fmt.Errorf("failed to get user by username: %w", err)
|
||||
}
|
||||
|
||||
err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid password: %w", err)
|
||||
return nil, ErrInvalidPassword
|
||||
}
|
||||
refreshToken, rjti, err := s.services.jwt.Generate(s.cfg.Auth.RefreshTokenTTL, ejwt.MapClaims{
|
||||
"sub": user.ID,
|
||||
@@ -122,39 +126,46 @@ func (s *Service) Login(username, password string) (*Tokens, error) {
|
||||
|
||||
// Logout revokes the refresh token identified by the given rjti.
|
||||
func (s *Service) Logout(rjti string) error {
|
||||
return s.services.token.RevokeByRefreshDefault(rjti)
|
||||
err := s.services.token.RevokeByRefreshDefault(rjti)
|
||||
if err != nil {
|
||||
if errors.Is(err, token.ErrTokenIsRevoked) {
|
||||
return ErrInvalidToken
|
||||
}
|
||||
return fmt.Errorf("failed to revoke token: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Access tokens
|
||||
|
||||
// ValidateAccessToken validates the given access token string.
|
||||
// Returns the user ID (sub claim) if valid, or an error.
|
||||
func (s *Service) ValidateAccessToken(tokenStr string) (int64, error) {
|
||||
// Returns claims if valid, or an error.
|
||||
func (s *Service) ValidateAccessToken(tokenStr string) (ejwt.Claims, error) {
|
||||
claims, _, err := s.services.jwt.Validate(tokenStr)
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("failed to validate access token: %w", err)
|
||||
return nil, fmt.Errorf("failed to validate access token: %w", err)
|
||||
}
|
||||
|
||||
isRevoked, err := s.services.token.IsRevoked(claims["rjti"].(string))
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("failed to check if token is revoked: %w", err)
|
||||
return nil, fmt.Errorf("failed to check if token is revoked: %w", err)
|
||||
}
|
||||
if isRevoked {
|
||||
return 0, fmt.Errorf("token is revoked")
|
||||
return nil, fmt.Errorf("token is revoked")
|
||||
}
|
||||
|
||||
sub := claims["sub"].(float64)
|
||||
return int64(sub), nil
|
||||
return claims, nil
|
||||
}
|
||||
|
||||
// Refresh tokens
|
||||
|
||||
// RefreshTokens validates the given refresh token and issues new access and refresh tokens.
|
||||
// Returns the new access and refresh tokens or an error.
|
||||
// May return [ErrInvalidToken] if the refresh token is invalid or revoked.
|
||||
func (s *Service) RefreshTokens(refreshTokenStr string) (*Tokens, error) {
|
||||
claims, rjti, err := s.services.jwt.Validate(refreshTokenStr)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to validate refresh token: %w", err)
|
||||
return nil, errors.Join(ErrInvalidToken, err)
|
||||
}
|
||||
|
||||
isRevoked, err := s.services.token.IsRevoked(rjti)
|
||||
@@ -162,7 +173,7 @@ func (s *Service) RefreshTokens(refreshTokenStr string) (*Tokens, error) {
|
||||
return nil, fmt.Errorf("failed to check if token is revoked: %w", err)
|
||||
}
|
||||
if isRevoked {
|
||||
return nil, fmt.Errorf("refresh token is revoked")
|
||||
return nil, ErrInvalidToken
|
||||
}
|
||||
|
||||
sub := claims["sub"].(float64)
|
||||
@@ -190,23 +201,22 @@ func (s *Service) RefreshTokens(refreshTokenStr string) (*Tokens, error) {
|
||||
}
|
||||
|
||||
// ValidateRefreshToken validates the given refresh token string.
|
||||
// Returns user id and error.
|
||||
func (s *Service) ValidateRefreshToken(tokenStr string) (int64, error) {
|
||||
// Returns claims and error.
|
||||
func (s *Service) ValidateRefreshToken(tokenStr string) (ejwt.Claims, error) {
|
||||
claims, _, err := s.services.jwt.Validate(tokenStr)
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("failed to validate refresh token: %w", err)
|
||||
return nil, fmt.Errorf("failed to validate refresh token: %w", err)
|
||||
}
|
||||
|
||||
isRevoked, err := s.services.token.IsRevoked(claims["jti"].(string))
|
||||
if err != nil {
|
||||
return 0, fmt.Errorf("failed to check if token is revoked: %w", err)
|
||||
return nil, fmt.Errorf("failed to check if token is revoked: %w", err)
|
||||
}
|
||||
if isRevoked {
|
||||
return 0, fmt.Errorf("refresh token is revoked")
|
||||
return nil, fmt.Errorf("refresh token is revoked")
|
||||
}
|
||||
|
||||
sub := claims["sub"].(float64)
|
||||
return int64(sub), nil
|
||||
return claims, nil
|
||||
}
|
||||
|
||||
// RevokeRefresh revokes the refresh token identified by the given token string.
|
||||
@@ -232,10 +242,10 @@ func (s *Service) IsRefreshRevoked(token string) (bool, error) {
|
||||
func (s *Service) AuthenticateRequest(r *http.Request) (ejwt.Claims, error) {
|
||||
header := r.Header.Get("Authorization")
|
||||
if header == "" {
|
||||
return nil, fmt.Errorf("token is missing")
|
||||
return nil, ErrTokenIsMissing
|
||||
}
|
||||
if !strings.HasPrefix(header, "Bearer ") {
|
||||
return nil, fmt.Errorf("token is missing")
|
||||
return nil, ErrTokenIsMissing
|
||||
}
|
||||
tokenString := strings.TrimPrefix(header, "Bearer ")
|
||||
tokenClaims, _, err := s.services.jwt.Validate(tokenString)
|
||||
|
||||
@@ -2,6 +2,7 @@ package server
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
@@ -18,3 +19,28 @@ func WriteError(w http.ResponseWriter, error, details string, statusCode int) {
|
||||
Details: details,
|
||||
})
|
||||
}
|
||||
|
||||
// RFC-7807 (Problem Details)
|
||||
type ProblemDetails struct {
|
||||
Type string `json:"type" example:"https://api.triggerssmith.com/errors/role-not-found"`
|
||||
Title string `json:"title" example:"Role not found"`
|
||||
Status int `json:"status" example:"404"`
|
||||
Detail string `json:"detail" example:"No role with ID 42"`
|
||||
Instance string `json:"instance" example:"/api/acl/roles/42"`
|
||||
}
|
||||
|
||||
var typeDomain = "https://api.triggerssmith.com"
|
||||
|
||||
func WriteProblem(w http.ResponseWriter, status int, typ, title, detail string, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/problem+json")
|
||||
w.WriteHeader(status)
|
||||
prob := ProblemDetails{
|
||||
Type: typeDomain + typ,
|
||||
Title: title,
|
||||
Status: status,
|
||||
Detail: detail,
|
||||
Instance: r.URL.Path,
|
||||
}
|
||||
slog.Warn("new problem", "type", typ, "title", title, "detail", detail, "instance", r.URL.Path, "status", status)
|
||||
_ = json.NewEncoder(w).Encode(prob)
|
||||
}
|
||||
|
||||
7
internal/token/errors.go
Normal file
7
internal/token/errors.go
Normal file
@@ -0,0 +1,7 @@
|
||||
package token
|
||||
|
||||
import "fmt"
|
||||
|
||||
var (
|
||||
ErrTokenIsRevoked = fmt.Errorf("token is revoked")
|
||||
)
|
||||
@@ -29,6 +29,13 @@ func NewSQLiteTokenStore(db *gorm.DB) (*SQLiteTokenStore, error) {
|
||||
}
|
||||
|
||||
func (s *SQLiteTokenStore) revoke(tokenID string, expiresAt time.Time) error {
|
||||
if revoked, err := s.isRevoked(tokenID); err == nil {
|
||||
if revoked {
|
||||
return ErrTokenIsRevoked
|
||||
}
|
||||
} else {
|
||||
return err
|
||||
}
|
||||
return s.db.Create(&Token{
|
||||
TokenID: tokenID,
|
||||
Expiration: expiresAt,
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package user
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"gorm.io/gorm"
|
||||
@@ -24,6 +25,7 @@ func (s *GormUserStore) Create(user *User) error {
|
||||
}
|
||||
|
||||
// Search returns a user by username or id or email
|
||||
// May return [ErrUserNotFound] if user not found
|
||||
func (s *GormUserStore) GetBy(by, value string) (*User, error) {
|
||||
if by != "username" && by != "id" && by != "email" {
|
||||
return nil, fmt.Errorf("unsuppored field %s", by)
|
||||
@@ -31,7 +33,10 @@ func (s *GormUserStore) GetBy(by, value string) (*User, error) {
|
||||
var user User
|
||||
err := s.db.Where(fmt.Sprintf("%s = ?", by), value).First(&user).Error
|
||||
if err != nil {
|
||||
return nil, err
|
||||
if errors.Is(err, gorm.ErrRecordNotFound) {
|
||||
return nil, ErrUserNotFound
|
||||
}
|
||||
return nil, fmt.Errorf("failed to get user: %w", err)
|
||||
}
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
@@ -1,120 +1,33 @@
|
||||
body {
|
||||
font-family: system-ui, sans-serif;
|
||||
margin: 0;
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
min-height: 100vh;
|
||||
}
|
||||
|
||||
header {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: space-between;
|
||||
background: #333;
|
||||
color: white;
|
||||
padding: 10px 15px;
|
||||
position: relative;
|
||||
}
|
||||
|
||||
footer {
|
||||
background: #333;
|
||||
color: white;
|
||||
text-align: center;
|
||||
padding: 10px;
|
||||
}
|
||||
|
||||
main {
|
||||
flex: 1;
|
||||
padding: 20px;
|
||||
max-width: 1000px;
|
||||
margin: 0 auto;
|
||||
}
|
||||
|
||||
body {font-family: system-ui, sans-serif; margin: 0; display: flex; flex-direction: column; min-height: 100vh;}
|
||||
header {display: flex; align-items: center; justify-content: space-between; background: #333; color: white; padding: 10px 15px; position: relative;}
|
||||
footer {background: #333; color: white; text-align: center; padding: 10px;}
|
||||
main {flex: 1; padding: 20px; max-width: 1000px; margin: 0 auto;}
|
||||
button {cursor:pointer; border-radius: 8px; border: 1px solid #ccc; background:#e4e4e4; padding: 10px 12px; font-size: 16px;}
|
||||
button:hover {background: #aa92f8;}
|
||||
input {background: #ffffff; padding: 10px 12px; font-size: 15px; border-radius: 8px; border: 1px solid #ccc; transition: border 0.2s, box-shadow 0.2s; width:200px;}
|
||||
input:focus {border-color: #7f57ff; box-shadow: 0 0 0 2px rgba(127, 87, 255, 0.2); outline: none;}
|
||||
select{background: #ffffff; padding: 10px 12px; font-size: 15px; border-radius: 8px; border: 1px solid #ccc; transition: border 0.2s, box-shadow 0.2s; width:225px;}
|
||||
select:focus {border-color: #7f57ff; box-shadow: 0 0 0 2px rgba(127, 87, 255, 0.2); outline: none;}
|
||||
/* навигация */
|
||||
nav ul {
|
||||
list-style: none;
|
||||
display: flex;
|
||||
gap: 20px;
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
nav a {
|
||||
color: white;
|
||||
text-decoration: none;
|
||||
font-weight: 500;
|
||||
}
|
||||
|
||||
nav a:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
nav ul {list-style: none; display: flex; gap: 20px; margin: 0; padding: 0;}
|
||||
nav a {color: white; text-decoration: none; font-weight: 500;}
|
||||
nav a:hover {text-decoration: underline;}
|
||||
/* бургер */
|
||||
.burger {
|
||||
display: none;
|
||||
flex-direction: column;
|
||||
justify-content: center;
|
||||
gap: 5px;
|
||||
width: 30px;
|
||||
height: 25px;
|
||||
background: none;
|
||||
border: none;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.burger span {
|
||||
display: block;
|
||||
height: 3px;
|
||||
width: 100%;
|
||||
background: white;
|
||||
border-radius: 2px;
|
||||
transition: 0.3s;
|
||||
}
|
||||
|
||||
.burger.active span:nth-child(1) {
|
||||
transform: translateY(8px) rotate(45deg);
|
||||
}
|
||||
|
||||
.burger.active span:nth-child(2) {
|
||||
opacity: 0;
|
||||
}
|
||||
|
||||
.burger.active span:nth-child(3) {
|
||||
transform: translateY(-8px) rotate(-45deg);
|
||||
}
|
||||
|
||||
.burger {display: none; flex-direction: column; justify-content: center; gap: 5px; width: 30px; height: 25px; background: none; border: none; cursor: pointer;}
|
||||
.burger span {display: block; height: 3px; width: 100%; background: white; border-radius: 2px; transition: 0.3s;}
|
||||
.burger.active span:nth-child(1) {transform: translateY(8px) rotate(45deg);}
|
||||
.burger.active span:nth-child(2) {opacity: 0;}
|
||||
.burger.active span:nth-child(3) {transform: translateY(-8px) rotate(-45deg);}
|
||||
/* сетка */
|
||||
.grid-3 {
|
||||
display: grid;
|
||||
grid-template-columns: 15% 70% 15%;
|
||||
gap: 20px;
|
||||
margin-top: 20px;
|
||||
}
|
||||
.grid-3 {display: grid; grid-template-columns: 15% 70% 15%; gap: 20px; margin-top: 20px;}
|
||||
.grid-block {background: #f5f5f5; padding: 15px; border-radius: 10px; box-shadow: 0 2px 5px rgba(0,0,0,0.1);}
|
||||
/* Полупрозрачный фон */
|
||||
.overlay {position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.5); display: flex; justify-content: center; align-items: center; z-index: 1000;}
|
||||
|
||||
.grid-block {
|
||||
background: #f5f5f5;
|
||||
padding: 15px;
|
||||
border-radius: 10px;
|
||||
box-shadow: 0 2px 5px rgba(0,0,0,0.1);
|
||||
}
|
||||
/* Полупрозрачный фон */
|
||||
.overlay {
|
||||
position: fixed;
|
||||
top: 0;
|
||||
left: 0;
|
||||
width: 100%;
|
||||
height: 100%;
|
||||
background: rgba(0,0,0,0.5);
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
align-items: center;
|
||||
z-index: 1000;
|
||||
}
|
||||
|
||||
/* Окна */
|
||||
/* Окна */
|
||||
/* Message */
|
||||
.window-popup { width:400px; height:150px; background:#fff; border-radius:10px; display:flex; flex-direction:column; justify-content:center; align-items:center; padding:20px; box-shadow:0 0 10px rgba(0,0,0,0.3); }
|
||||
.window-popup button { margin-top:20px; padding:5px 10px; cursor:pointer; }
|
||||
.window-popup {width:400px; height:150px; background:#fff; border-radius:10px; display:flex; flex-direction:column; justify-content:center; align-items:center; padding:20px; box-shadow:0 0 10px rgba(0,0,0,0.3); }
|
||||
|
||||
|
||||
/* Menu */
|
||||
.window-menu { position:absolute; background:#fff; border-radius:10px; border:1px solid rgba(0,0,0,0.12); box-shadow:0 6px 18px rgba(0,0,0,0.12); min-width:160px; z-index:9999; overflow:hidden; }
|
||||
@@ -135,39 +48,29 @@ nav a:hover {
|
||||
|
||||
/* адаптив */
|
||||
@media (max-width: 425px) {
|
||||
.grid-3 {
|
||||
grid-template-columns: 1fr;
|
||||
}
|
||||
|
||||
.burger {
|
||||
display: flex;
|
||||
}
|
||||
|
||||
nav {
|
||||
position: absolute;
|
||||
top: 100%;
|
||||
left: 0;
|
||||
width: 100%;
|
||||
background: #222;
|
||||
display: none;
|
||||
flex-direction: column;
|
||||
text-align: center;
|
||||
padding: 10px 0;
|
||||
z-index: 10;
|
||||
}
|
||||
|
||||
nav.open {
|
||||
display: flex;
|
||||
animation: slideDown 0.3s ease;
|
||||
}
|
||||
|
||||
nav ul {
|
||||
flex-direction: column;
|
||||
gap: 10px;
|
||||
}
|
||||
|
||||
.grid-3 {grid-template-columns: 1fr;}
|
||||
.burger {display: flex;}
|
||||
nav {position: absolute; top: 100%; left: 0; width: 100%; background: #222; display: none; flex-direction: column; text-align: center; padding: 10px 0; z-index: 10;}
|
||||
nav.open {display: flex; animation: slideDown 0.3s ease;}
|
||||
nav ul {flex-direction: column; gap: 10px;}
|
||||
@keyframes slideDown {
|
||||
from { opacity: 0; transform: translateY(-10px); }
|
||||
to { opacity: 1; transform: translateY(0); }
|
||||
}
|
||||
}
|
||||
.ui-overlay {position: fixed; inset: 0; background: rgba(0,0,0,.4); display: flex; align-items: center; justify-content: center;}
|
||||
.ui-alert {background: #fff; padding: 20px; border-radius: 16px; min-width: 300px; font-family: sans-serif; text-align: center;}
|
||||
/* .ui-alert button {margin-top: 20px; border: 1px solid #ccc; padding: 8px 16px; cursor: pointer; border-radius: 8px;} */
|
||||
.ui-popup-list {position: fixed; background: #fff; border: 1px solid #ccc; border-radius: 6px; box-shadow: 0 4px 10px rgba(0,0,0,.15); z-index: 1000;}
|
||||
.ui-popup-list .icon {width: 16px; text-align: center;}
|
||||
.ui-popup-list div {padding: 8px 12px; cursor: pointer; display: flex; align-items: center;}
|
||||
.ui-popup-list div:hover {background: #eee;}
|
||||
.ui-window {background: #fff; padding: 16px; border-radius: 8px; min-width: 300px; font-family: sans-serif; width: 360px;}
|
||||
.ui-window .header {display: flex; justify-content: space-between; font-weight: bold; margin-bottom: 10px; cursor: move; user-select: none;}
|
||||
.ui-window .row {display: flex; justify-content: space-between; padding: 4px 0;}
|
||||
/* Tabs */
|
||||
.tabs {display: flex; border-bottom: 1px solid #ccc; margin-bottom: 10px;}
|
||||
.tab {padding: 6px 12px; cursor: pointer;}
|
||||
.tab.active {border-bottom: 2px solid #0078d7; font-weight: bold;}
|
||||
.tab-content {display: none;}
|
||||
.tab-content.active {display: block;}
|
||||
|
||||
@@ -1,117 +1,126 @@
|
||||
/***********************************************************************
|
||||
* ГЛОБАЛЬНОЕ СОСТОЯНИЕ
|
||||
* access-token хранится только в памяти (без localStorage)
|
||||
**********************************************************************/
|
||||
let accessToken = null; // access-token хранится только в памяти (без localStorage)
|
||||
let accessToken = null;
|
||||
|
||||
/***********************************************************************
|
||||
* sendRequest УНИВЕРСАЛЬНАЯ ФУНКЦИЯ ДЛЯ ОТПРАВКИ HTTP-ЗАПРОСОВ
|
||||
*
|
||||
* sendRequest(url, options)
|
||||
* - автоматически добавляет Content-Type и credentials
|
||||
* - автоматически превращает body в JSON
|
||||
* - проверяет response.ok
|
||||
* - пробрасывает текст ошибки
|
||||
* - возвращает JSON-ответ
|
||||
* user объект в котором хранятся данные пользователя
|
||||
**********************************************************************/
|
||||
//let accessToken = ""; // access только в памяти
|
||||
|
||||
async function apiProtected(path, options = {}) {
|
||||
const send = async () =>
|
||||
fetch(path, {
|
||||
...options,
|
||||
headers: {
|
||||
...(options.headers || {}),
|
||||
Authorization: "Bearer " + accessToken,
|
||||
"Content-Type": "application/json"
|
||||
}
|
||||
});
|
||||
|
||||
let r = await send();
|
||||
|
||||
if ((r.status === 401)) {
|
||||
// обновляем access
|
||||
const rr = await fetch("/api/users/refresh", {
|
||||
method: "POST",
|
||||
credentials: "include"
|
||||
});
|
||||
|
||||
if (!rr.ok) throw "refresh failed";
|
||||
|
||||
const j = await rr.json();
|
||||
accessToken = j.access_token;
|
||||
|
||||
r = await send();
|
||||
}
|
||||
|
||||
if (!r.ok) throw await r.text();
|
||||
return r.json();
|
||||
const user = {
|
||||
id: 0,
|
||||
name: ""
|
||||
}
|
||||
|
||||
|
||||
async function sendRequest(url, options = {}) {
|
||||
// Базовые параметры
|
||||
/***********************************************************************
|
||||
* apiProtected — это удобная функция для защищённых API-запросов,
|
||||
* которая:
|
||||
*
|
||||
* - Подставляет стандартные и пользовательские настройки запроса.
|
||||
* - Добавляет Authorization с токеном.
|
||||
* - Автоматически сериализует JSON-тело.
|
||||
* - Парсит ответ.
|
||||
* - Обрабатывает устаревший токен (401) и повторяет запрос.
|
||||
* - Выбрасывает ошибки для внешнего try...catch.
|
||||
***********************************************************************/
|
||||
async function apiProtected(path, options = {}) {
|
||||
// Базовые настройки
|
||||
const defaultOptions = {
|
||||
//method: "GET",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
credentials: "include"
|
||||
};
|
||||
|
||||
// Объединяем настройки
|
||||
const finalOptions = {
|
||||
...defaultOptions,
|
||||
...options,
|
||||
headers: { ...defaultOptions.headers, ...(options.headers || {}) }
|
||||
};
|
||||
|
||||
// Если тело — объект, превращаем в JSON
|
||||
// Если есть тело и это объект — сериализуем
|
||||
if (finalOptions.body && typeof finalOptions.body === "object") {
|
||||
finalOptions.body = JSON.stringify(finalOptions.body);
|
||||
}
|
||||
|
||||
let response;
|
||||
// Вспомогательная функция отправки запроса
|
||||
const send = async () => {
|
||||
try {
|
||||
response = await fetch(url, finalOptions);
|
||||
} catch (err) {
|
||||
// Сетевые ошибки (сервер не доступен, нет интернета, CORS и т.д.)
|
||||
return {
|
||||
ok: false,
|
||||
status: 0,
|
||||
data: err.toString()
|
||||
};
|
||||
// Добавляем Authorization, если токен есть
|
||||
if (accessToken) {
|
||||
finalOptions.headers.Authorization = `Bearer ${accessToken}`;
|
||||
}
|
||||
|
||||
// Читаем тело ответа только один раз
|
||||
let text = await response.text();
|
||||
// Отправляем fetch запрос.
|
||||
const res = await fetch(path, finalOptions);
|
||||
const text = await res.text();
|
||||
let data;
|
||||
// Пытаемся распарсить ответ как JSON, если не получается
|
||||
// — возвращаем текст.
|
||||
try {
|
||||
data = JSON.parse(text);
|
||||
} catch {
|
||||
data = text;
|
||||
}
|
||||
|
||||
return {
|
||||
ok: response.ok,
|
||||
status: response.status,
|
||||
data
|
||||
return { res, data };
|
||||
} catch (err) {
|
||||
return { res: null, data: err.toString() };
|
||||
}
|
||||
};
|
||||
// Первый запрос
|
||||
let { res, data } = await send();
|
||||
// Если 401 — обновляем токен и повторяем
|
||||
if (res && res.status === 401) {
|
||||
await refreshAccess(); // обновляем accessToken
|
||||
({ res, data } = await send()); // повторный запрос
|
||||
}
|
||||
// Если всё равно ошибка — кидаем
|
||||
if (!res || !res.ok) {
|
||||
throw { status: res ? res.status : 0, data };
|
||||
}
|
||||
return data; // возвращаем распарсенный JSON или текст
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
* refreshAccess() Обнавление токенов:
|
||||
*
|
||||
* - Отправляет POST на /api/users/refresh, используя refresh-токен в cookie.
|
||||
* - Проверяет успешность ответа.
|
||||
* - Сохраняет новый access-токен.
|
||||
* - Декодирует токен, чтобы получить user_id.
|
||||
* - Обновляет глобальные данные о пользователе (id и name).
|
||||
****************************************************************************/
|
||||
async function refreshAccess (){
|
||||
//Отправка запроса на обновление токена
|
||||
const rr = await fetch("/api/auth/refresh", {
|
||||
method: "POST",
|
||||
credentials: "include"
|
||||
});
|
||||
// Проверка ответа
|
||||
if (!rr.ok) throw "refresh failed";
|
||||
// Получение нового токена
|
||||
const j = await rr.json();
|
||||
accessToken = j.access_token;
|
||||
// Декодирование payload JWT
|
||||
const payload = JSON.parse(
|
||||
atob(accessToken.split(".")[1].replace(/-/g, "+").replace(/_/g, "/"))
|
||||
);
|
||||
// Обновление данных пользователя
|
||||
user.id = payload.user_id;
|
||||
user.name = (await getUserDataByID(user.id)).name;
|
||||
}
|
||||
|
||||
|
||||
/********************************************************************
|
||||
* loadMenu функция загрузки блока меню страницы в формате Markdown *
|
||||
********************************************************************/
|
||||
/********************************************************************************
|
||||
* loadMenu функция загрузки блока меню страницы в формате Markdown
|
||||
********************************************************************************/
|
||||
async function loadMenu() {
|
||||
await loadBlock("menu/top1", "header");
|
||||
}
|
||||
/********************************************************************
|
||||
* loadPage функция загрузки блока страницы в формате Markdown *
|
||||
********************************************************************/
|
||||
/********************************************************************************
|
||||
* loadPage функция загрузки блока страницы в формате Markdown
|
||||
********************************************************************************/
|
||||
async function loadPage(path) {
|
||||
await loadBlock(path, "content");
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
* loadMdScript функция загрузки Markdown библиотеки *
|
||||
********************************************************************/
|
||||
/*********************************************************************************
|
||||
* loadMdScript функция загрузки Markdown библиотеки
|
||||
*********************************************************************************/
|
||||
function loadMdScript(src) {
|
||||
return new Promise((resolve, reject) => {
|
||||
const script = document.createElement('script');
|
||||
@@ -123,24 +132,32 @@ async function loadMenu() {
|
||||
});
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
* loadBlock функция загрузки блока в формате Markdown *
|
||||
********************************************************************/
|
||||
/**********************************************************************************
|
||||
* loadBlock — это универсальная функция для динамического контента:
|
||||
*
|
||||
* - Находит контейнер по id.
|
||||
* - Очищает старый контент и связанные скрипты/стили.
|
||||
* - Запрашивает блок через apiProtected.
|
||||
* - Преобразует Markdown в HTML.
|
||||
* - Добавляет CSS и JS динамически.
|
||||
* - Вызывает pageInit() блока, если есть.
|
||||
* - Обрабатывает ошибки.
|
||||
**********************************************************************************/
|
||||
async function loadBlock(path, block_Name) {
|
||||
// Получаем контейнер блока
|
||||
const container = document.getElementById(block_Name);
|
||||
if (!container) {
|
||||
//console.warn(`loadBlock: контейнер #${block_Name} не найден — игнорируем`);
|
||||
if (!container) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
// Обработка пути
|
||||
path = path.replace(/\/$/, "");
|
||||
//console.log(path);
|
||||
if (!container) {
|
||||
console.error(`loadBlock ERROR: element #${block_Name} not found`);
|
||||
return;
|
||||
}
|
||||
const blockName = path === "pages" ? "pages/home" : path;
|
||||
//console.log(blockName);
|
||||
try {
|
||||
// Очистка контейнера и старых динамических стилей/скриптов
|
||||
container.innerHTML = '';
|
||||
document.querySelectorAll('style[data-dynamic], script[data-dynamic]').forEach(el => {
|
||||
const name = el.getAttribute('data-dynamic');
|
||||
@@ -148,28 +165,27 @@ if (!container) {
|
||||
el.remove();
|
||||
}
|
||||
});
|
||||
const response = await sendRequest(`/api/block/${blockName}`);
|
||||
if (!response.ok) {
|
||||
throw new Error(`Failed to load block: ${response.status}`);
|
||||
}
|
||||
|
||||
// Получение блока с сервера
|
||||
const response = await apiProtected(`/api/block/${blockName}`, {method: "GET"});
|
||||
// Динамически подгружаем markdown-it, если он ещё не загружен
|
||||
if (!window.markdownit) {
|
||||
await loadMdScript('/static/js/markdown-it.min.js');
|
||||
}
|
||||
|
||||
const { content: mdContent, css, js } = response.data;
|
||||
const { content: mdContent, css, js } = response;
|
||||
// Преобразуем markdown в HTML
|
||||
if (mdContent) {
|
||||
const md = window.markdownit({ html: true, linkify: true, typographer: true });
|
||||
container.innerHTML = md.render(mdContent);
|
||||
container?.id?.match(/^loadedBlock_\d+_view$/) && (document.getElementById(container.id.replace('_view', '_html')).innerHTML = mdContent);
|
||||
}
|
||||
// Добавление CSS блока
|
||||
if (css) {
|
||||
const style = document.createElement('style');
|
||||
style.dataset.dynamic = block_Name;
|
||||
style.textContent = css;
|
||||
document.head.appendChild(style);
|
||||
}
|
||||
// Добавление JS блока
|
||||
if (js) {
|
||||
const script = document.createElement('script');
|
||||
script.dataset.dynamic = block_Name;
|
||||
@@ -185,24 +201,35 @@ if (!container) {
|
||||
`;
|
||||
document.body.appendChild(script);
|
||||
}
|
||||
// Обработка ошибок
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
container.innerHTML = "<h2>блок не найден</h2>";
|
||||
}
|
||||
}
|
||||
|
||||
// SPA-навигация
|
||||
/*****************************************************************************
|
||||
* SPA-навигация
|
||||
*****************************************************************************/
|
||||
function navigateTo(url, target) {
|
||||
const clean = url.replace(/^\//, "");
|
||||
history.pushState({}, "", "/" + clean);
|
||||
loadBlock("pages/" + clean, target);
|
||||
}
|
||||
|
||||
// Поддержка кнопки "назад/вперед"
|
||||
/*****************************************************************************
|
||||
* Поддержка кнопки "назад/вперед"
|
||||
*****************************************************************************/
|
||||
window.addEventListener("popstate", () => {loadBlock(location.pathname);});
|
||||
// Обработка истории браузера
|
||||
|
||||
/*****************************************************************************
|
||||
* Обработка истории браузера
|
||||
*****************************************************************************/
|
||||
window.addEventListener("popstate", () => loadBlock(window.location.pathname));
|
||||
// Инициализация после загрузки DOM
|
||||
|
||||
/*****************************************************************************
|
||||
* Инициализация после загрузки DOM
|
||||
*****************************************************************************/
|
||||
window.onload = async function () {
|
||||
let url = window.location.href;
|
||||
// Убираем слеш в конце, если он есть
|
||||
@@ -215,13 +242,14 @@ window.onload = async function () {
|
||||
await loadMenu();
|
||||
await loadPage("pages"+window.location.pathname);
|
||||
};
|
||||
// Перехватчик ссылок
|
||||
|
||||
/*****************************************************************************
|
||||
* Перехватчик ссылок
|
||||
*****************************************************************************/
|
||||
window.addEventListener("click", (event) => {
|
||||
const a = event.target.closest("a");
|
||||
if (!a) return;
|
||||
|
||||
const href = a.getAttribute("href");
|
||||
|
||||
// игнорируем внешние ссылки и mailto:
|
||||
if (!href || href.startsWith("http") || href.startsWith("mailto:")) return;
|
||||
const target = a.dataset.target || "content"; // default = content
|
||||
@@ -229,64 +257,305 @@ window.addEventListener("click", (event) => {
|
||||
navigateTo(href, target);
|
||||
});
|
||||
|
||||
//popup
|
||||
function popup(message, afterClose){
|
||||
// Создаём overlay
|
||||
const overlay = document.createElement('div');
|
||||
overlay.className = 'overlay';
|
||||
// Создаём popup
|
||||
const popup = document.createElement('div');
|
||||
popup.className = 'popup';
|
||||
// Добавляем текст
|
||||
const text = document.createElement('div');
|
||||
text.textContent = message;
|
||||
// Добавляем кнопку закрытия
|
||||
const closeBtn = document.createElement('button');
|
||||
closeBtn.textContent = 'Закрыть';
|
||||
closeBtn.addEventListener('click', () => {
|
||||
overlay.remove();
|
||||
if (typeof afterClose === 'function') {
|
||||
afterClose(); // ← ВАША ФУНКЦИЯ ПОСЛЕ ЗАКРЫТИЯ
|
||||
}
|
||||
});
|
||||
}
|
||||
//popupMenu
|
||||
function popupMenu(message, afterClose){
|
||||
// Создаём popupMenu
|
||||
const popupMenu = document.createElement('div');
|
||||
popup.className = 'popup_Menu';
|
||||
// Добавляем текст
|
||||
const text = document.createElement('div');
|
||||
text.textContent = message;
|
||||
// Добавляем кнопку закрытия
|
||||
const closeBtn = document.createElement('button');
|
||||
closeBtn.textContent = 'Закрыть';
|
||||
closeBtn.addEventListener('click', () => {
|
||||
overlay.remove();
|
||||
if (typeof afterClose === 'function') {
|
||||
afterClose(); // ← ВАША ФУНКЦИЯ ПОСЛЕ ЗАКРЫТИЯ
|
||||
}
|
||||
});
|
||||
|
||||
popup.appendChild(text);
|
||||
popup.appendChild(closeBtn);
|
||||
overlay.appendChild(popup);
|
||||
document.body.appendChild(overlay);
|
||||
};
|
||||
|
||||
/* ------------------- Переключение видимости пароля ------------------- */
|
||||
|
||||
/*****************************************************************************
|
||||
* Переключение видимости пароля
|
||||
*****************************************************************************/
|
||||
document.addEventListener("click", (e) => {
|
||||
if (!e.target.classList.contains("toggle-pass")) return;
|
||||
//console.log("toggle");
|
||||
console.log("toggle");
|
||||
const input = e.target.previousElementSibling;
|
||||
if (!input) return;
|
||||
|
||||
if (input.type === "password") {
|
||||
input.type = "text";
|
||||
e.target.textContent = "🙈";
|
||||
e.target.textContent = "*";//🔓
|
||||
} else {
|
||||
input.type = "password";
|
||||
e.target.textContent = "👁";
|
||||
e.target.textContent = "A";//🔒
|
||||
}
|
||||
});
|
||||
|
||||
/*****************************************************************************
|
||||
* Получение данных пользователя. Пример использования:
|
||||
* btn.onclick = async function () {
|
||||
* const user = await getUserDataByID(3);
|
||||
* alert(user.name);
|
||||
* };
|
||||
*****************************************************************************/
|
||||
async function getUserDataByID(id) {
|
||||
const data = await apiProtected(
|
||||
`/api/users/getUserData?userid=${encodeURIComponent(id)}&by=id`
|
||||
);
|
||||
return {
|
||||
id: data.ID,
|
||||
name: data.Username
|
||||
}
|
||||
}
|
||||
|
||||
/******************************************************************************
|
||||
* Функция userLogin:
|
||||
*
|
||||
* - пытается залогиниться через API,
|
||||
* - возвращает accessToken при успехе,
|
||||
* - бросает понятные ошибки (INVALID_CREDENTIALS, LOGIN_FAILED) при неудаче.
|
||||
******************************************************************************/
|
||||
async function userLogin(username, password) {
|
||||
try {
|
||||
// Запрос логина
|
||||
const r = await apiProtected(`/api/auth/login`, {
|
||||
method: "POST",
|
||||
headers: {
|
||||
"Content-Type": "application/json"
|
||||
},
|
||||
body: JSON.stringify({
|
||||
username,
|
||||
password
|
||||
})
|
||||
});
|
||||
// Проверка access token
|
||||
if (!r?.access_token) {
|
||||
throw new Error("Token not received");
|
||||
}
|
||||
const payload = JSON.parse(
|
||||
atob(r.access_token.split(".")[1].replace(/-/g, "+").replace(/_/g, "/"))
|
||||
);
|
||||
// Успешный результат
|
||||
user.name = username;
|
||||
user.id = payload.user_id;
|
||||
return {
|
||||
accessToken: r.access_token
|
||||
};
|
||||
// Обработка ошибок (catch)
|
||||
} catch (err) {
|
||||
// err — объект { status, data } из apiProtected
|
||||
if (err?.status === 401) {
|
||||
throw new Error("INVALID_CREDENTIALS");
|
||||
}
|
||||
// Неверный логин / пароль
|
||||
console.error("Login error:", err);
|
||||
throw new Error("LOGIN_FAILED");
|
||||
}
|
||||
}
|
||||
|
||||
/******************************************************************************
|
||||
* userLogout — это функция выхода пользователя из системы.
|
||||
******************************************************************************/
|
||||
async function userLogout() {
|
||||
accessToken = "";
|
||||
await fetch("/api/auth/logout", { method: "POST", credentials: "include" });
|
||||
};
|
||||
|
||||
/******************************************************************************
|
||||
* userRegister функция которая:
|
||||
*
|
||||
* - регистрирует нового пользователя,
|
||||
* - возвращает ответ сервера при успехе,
|
||||
* - преобразует HTTP-ошибки в бизнес-ошибки, понятные UI.
|
||||
******************************************************************************/
|
||||
async function userRegister(username, password) {
|
||||
try {
|
||||
// Запрос регистрации
|
||||
const data = await apiProtected("/api/auth/register", {
|
||||
method: "POST",
|
||||
body: {
|
||||
username,
|
||||
password
|
||||
}
|
||||
});
|
||||
// Успешный результат
|
||||
return data;
|
||||
// Перехват ошибок
|
||||
} catch (err) {
|
||||
// Сюда прилетают ошибки, брошенные apiProtected:
|
||||
// Логирование
|
||||
console.error("Register error:", err);
|
||||
// Маппинг HTTP → бизнес-ошибки
|
||||
// Некорректные данные
|
||||
if (err?.status === 400) {
|
||||
throw new Error("BAD_REQUEST");
|
||||
}
|
||||
// Пользователь уже существует
|
||||
if (err?.status === 409) {
|
||||
throw new Error("USER_EXISTS");
|
||||
}
|
||||
// Любая другая ошибка
|
||||
throw new Error("REGISTER_FAILED");
|
||||
}
|
||||
}
|
||||
|
||||
/***************************************************************************
|
||||
* Класса UIComponents это статический UI-helper, который:
|
||||
*
|
||||
* - не хранит состояние приложения
|
||||
* - не зависит от фреймворков
|
||||
* - создаёт всплывающие UI-элементы поверх страницы
|
||||
*
|
||||
* Содержит методы:
|
||||
*
|
||||
* - UIComponents.showAlert(...)
|
||||
* - UIComponents.confirm(...)
|
||||
* - UIComponents.showPopupList(...)
|
||||
* - UIComponents.showFileProperties(...)
|
||||
***************************************************************************/
|
||||
class UIComponents {
|
||||
/* ============== 1. АЛЕРТ С ОВЕРЛЕЕМ ============== */
|
||||
/* Показывает модальное окно с кнопкой OK.
|
||||
с затемняющим фоном, который перекрывает страницу*/
|
||||
static showAlert(message) {//, title = 'Сообщение'
|
||||
const overlay = document.createElement('div');
|
||||
overlay.className = 'ui-overlay';
|
||||
|
||||
const alertBox = document.createElement('div');
|
||||
alertBox.className = 'window-popup';//ui-alert
|
||||
|
||||
alertBox.innerHTML =
|
||||
//<h3>${title}</h3>
|
||||
`<p>${message}</p>
|
||||
<button>OK</button>
|
||||
`;
|
||||
|
||||
alertBox.querySelector('button').onclick = () => {
|
||||
overlay.remove();
|
||||
};
|
||||
|
||||
overlay.appendChild(alertBox);
|
||||
document.body.appendChild(overlay);
|
||||
}
|
||||
|
||||
/*==================== 2. confirm ===================== */
|
||||
/* Аналог window.confirm */
|
||||
static confirm(message, title = 'Подтверждение') {
|
||||
return new Promise(resolve => {
|
||||
const overlay = document.createElement('div');
|
||||
overlay.className = 'ui-overlay';
|
||||
|
||||
const box = document.createElement('div');
|
||||
box.className = 'ui-alert';
|
||||
|
||||
box.innerHTML = `
|
||||
<h3>${title}</h3>
|
||||
<p>${message}</p>
|
||||
<div style="display:flex;justify-content:center;gap:12px;margin-top:16px">
|
||||
<button data-yes>Да</button>
|
||||
<button data-no>Нет</button>
|
||||
</div>
|
||||
`;
|
||||
|
||||
const close = (result) => {
|
||||
overlay.remove();
|
||||
resolve(result);
|
||||
};
|
||||
|
||||
box.querySelector('[data-yes]').onclick = () => close(true);
|
||||
box.querySelector('[data-no]').onclick = () => close(false);
|
||||
|
||||
overlay.appendChild(box);
|
||||
document.body.appendChild(overlay);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
/* ========== 3. ПОПАП СПИСОК ========== */
|
||||
static showPopupList(items = {}, x = 0, y = 0) {
|
||||
// Удаляем предыдущий popup
|
||||
if (UIComponents.currentPopup) {
|
||||
UIComponents.currentPopup.remove();
|
||||
UIComponents.currentPopup = null;
|
||||
}
|
||||
|
||||
const popup = document.createElement('div');
|
||||
popup.className = 'ui-popup-list';
|
||||
popup.style.left = x + 'px';
|
||||
popup.style.top = y + 'px';
|
||||
|
||||
for (const [name, fn] of Object.entries(items)) {
|
||||
const el = document.createElement('div');
|
||||
el.textContent = name;
|
||||
el.onclick = () => {
|
||||
fn(); // вызываем конкретную функцию
|
||||
popup.remove();
|
||||
UIComponents.currentPopup = null;
|
||||
};
|
||||
popup.appendChild(el);
|
||||
}
|
||||
|
||||
document.body.appendChild(popup);
|
||||
UIComponents.currentPopup = popup;
|
||||
|
||||
const removePopup = () => {
|
||||
if (UIComponents.currentPopup) {
|
||||
UIComponents.currentPopup.remove();
|
||||
UIComponents.currentPopup = null;
|
||||
}
|
||||
document.removeEventListener('click', removePopup);
|
||||
};
|
||||
setTimeout(() => document.addEventListener('click', removePopup), 0);
|
||||
}
|
||||
|
||||
/* ========== 4. ОКНО "СВОЙСТВА ФАЙЛА" ========== */
|
||||
static showFileProperties(general = {}, details = {}) {
|
||||
const overlay = document.createElement('div');
|
||||
overlay.className = 'ui-overlay';
|
||||
|
||||
const win = document.createElement('div');
|
||||
win.className = 'ui-window';
|
||||
win.style.position = 'absolute';
|
||||
|
||||
const rows = obj =>
|
||||
Object.entries(obj)
|
||||
.map(([k, v]) => `<div class="row"><span>${k}</span><span>${v}</span></div>`)
|
||||
.join('');
|
||||
|
||||
win.innerHTML = `
|
||||
<div class="header">
|
||||
<span>Свойства</span>
|
||||
<button>×</button>
|
||||
</div>
|
||||
|
||||
<div class="tabs">
|
||||
<div class="tab active" data-tab="general">Общие</div>
|
||||
<div class="tab" data-tab="details">Подробно</div>
|
||||
</div>
|
||||
|
||||
<div class="tab-content active" id="general">${rows(general)}</div>
|
||||
<div class="tab-content" id="details">${rows(details)}</div>
|
||||
`;
|
||||
|
||||
win.querySelector('button').onclick = () => overlay.remove();
|
||||
|
||||
/* tabs */
|
||||
win.querySelectorAll('.tab').forEach(tab => {
|
||||
tab.onclick = () => {
|
||||
win.querySelectorAll('.tab, .tab-content')
|
||||
.forEach(e => e.classList.remove('active'));
|
||||
|
||||
tab.classList.add('active');
|
||||
win.querySelector('#' + tab.dataset.tab).classList.add('active');
|
||||
};
|
||||
});
|
||||
|
||||
/* drag */
|
||||
const header = win.querySelector('.header');
|
||||
header.onmousedown = (e) => {
|
||||
const r = win.getBoundingClientRect();
|
||||
const dx = e.clientX - r.left;
|
||||
const dy = e.clientY - r.top;
|
||||
|
||||
document.onmousemove = e =>
|
||||
Object.assign(win.style, {
|
||||
left: e.clientX - dx + 'px',
|
||||
top: e.clientY - dy + 'px'
|
||||
});
|
||||
|
||||
document.onmouseup = () => document.onmousemove = null;
|
||||
};
|
||||
|
||||
overlay.appendChild(win);
|
||||
document.body.appendChild(overlay);
|
||||
|
||||
win.style.left = 'calc(50% - 180px)';
|
||||
win.style.top = '20%';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="ru">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<base href="/">
|
||||
<link rel="icon" type="image/png" href="/static/img/favicon.png">
|
||||
<title>JWT SPA project</title>
|
||||
<link rel="icon" type="image/png" href="/img/favicon.png">
|
||||
<title>TS Web</title>
|
||||
<link rel="stylesheet" href="/static/css/style.css">
|
||||
<script defer src="/static/js/app.js"></script>
|
||||
</head>
|
||||
@@ -18,7 +17,7 @@
|
||||
<main id="content"></main>
|
||||
|
||||
<footer>
|
||||
<p>© 2025 Go Markdown SPA</p>
|
||||
<p>© 2025 TriggersSmith web</p>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -17,5 +17,6 @@
|
||||
<li><a href="/gpt" data-link="true" data-target="content">GPT</a></li>
|
||||
<li><a href="/ACL" data-link="true" data-target="content">ACL</a></li>
|
||||
<li><a href="/userSlava/popup" data-link="true" data-target="content">Сообщения popup</a></li>
|
||||
<li><a href="/session" data-link="true" data-target="content">Сессия</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
@@ -12,7 +12,7 @@ async function UserLogin() {
|
||||
const p = document.getElementById("password").value;
|
||||
|
||||
try {
|
||||
const r = await fetch("/api/users/login", {
|
||||
const r = await fetch("/api/auth/login", {
|
||||
method: "POST",
|
||||
credentials: "include",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
@@ -35,7 +35,7 @@ async function UserLogin() {
|
||||
|
||||
async function UserLogout() {
|
||||
try {
|
||||
await fetch("/api/users/logout", { method: "POST", credentials: "include" });
|
||||
await fetch("/api/auth/logout", { method: "POST", credentials: "include" });
|
||||
accessToken = "";
|
||||
alert("logged out");
|
||||
} catch (err) {
|
||||
|
||||
19
static/blocks/pages/session/content.md
Normal file
19
static/blocks/pages/session/content.md
Normal file
@@ -0,0 +1,19 @@
|
||||
<div class="form1" id="login_block">
|
||||
|
||||
# Вход в систему
|
||||
|
||||
Пожалуйста, введите ваши данные для входа.
|
||||
|
||||
<div class="grid-block">
|
||||
<label for="username">Имя пользователя</label>
|
||||
<input type="text" id="username" name="username" required>
|
||||
<label for="password">Пароль</label>
|
||||
<input type="password" id="password" name="password" required>
|
||||
<button type="submit" id="login_btn">Войти</button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form1" id="user_block">
|
||||
<p id="user_info"></p>
|
||||
<button id="logout_btn">Выйти</button>
|
||||
</div>
|
||||
67
static/blocks/pages/session/script.js
Normal file
67
static/blocks/pages/session/script.js
Normal file
@@ -0,0 +1,67 @@
|
||||
async function initUser() {
|
||||
try {
|
||||
// Если нет токена, делаем refresh
|
||||
if (!accessToken) {
|
||||
await refreshAccess ();
|
||||
}
|
||||
// Проверяем, получили ли токен
|
||||
if (!accessToken) throw new Error("no token");
|
||||
// выводим имя пользователя
|
||||
user_info.innerHTML = `Вы зашли как: ${user.name}. </br> Ваш ID:${user.id}`;
|
||||
// Показываем блок пользователя
|
||||
showUser()
|
||||
} catch (e) {
|
||||
// Показываем блок логина
|
||||
showLogin()
|
||||
console.error(e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function showLogin() {
|
||||
login_block.classList.remove("hiden_block");
|
||||
user_block.classList.add("hiden_block");
|
||||
}
|
||||
|
||||
function showUser() {
|
||||
login_block.classList.add("hiden_block");
|
||||
user_block.classList.remove("hiden_block");
|
||||
}
|
||||
initUser();
|
||||
|
||||
/* --------------------------- Логин ------------------------------- */
|
||||
|
||||
async function onLoginClick() {
|
||||
try {
|
||||
const { accessToken: token } = await userLogin(
|
||||
username.value.trim(),
|
||||
password.value
|
||||
);
|
||||
|
||||
accessToken = token;
|
||||
// UIComponents.showAlert("Вы успешно вошли как "+user.name+".</br> Ваш ID:"+user.id);
|
||||
|
||||
username.value = "";
|
||||
password.value = "";
|
||||
|
||||
} catch (e) {
|
||||
switch (e.message) {
|
||||
case "INVALID_CREDENTIALS":
|
||||
UIComponents.showAlert("Неверный логин или пароль");
|
||||
break;
|
||||
case "BAD_REQUEST":
|
||||
UIComponents.showAlert("Некорректный запрос");
|
||||
break;
|
||||
default:
|
||||
UIComponents.showAlert("Ошибка при логине");
|
||||
}
|
||||
}
|
||||
initUser();
|
||||
}
|
||||
|
||||
/* ------------------- Кнопки ------------------- */
|
||||
logout_btn.onclick = async () => {
|
||||
await userLogout(); // вызываем существующую функцию
|
||||
initUser(); // делаем своё
|
||||
};
|
||||
login_btn.onclick = onLoginClick;
|
||||
78
static/blocks/pages/session/style.css
Normal file
78
static/blocks/pages/session/style.css
Normal file
@@ -0,0 +1,78 @@
|
||||
.hiden_block{
|
||||
display:none;
|
||||
}
|
||||
|
||||
.form1 {
|
||||
background: #fff;
|
||||
padding: 10px;
|
||||
border-radius: 16px;
|
||||
box-shadow: 0 4px 20px rgba(0,0,0,0.1);
|
||||
/*max-width: 250px;
|
||||
width: 100%;*/
|
||||
width: 250px;
|
||||
}
|
||||
|
||||
.form1 h1 {
|
||||
margin-top: 0;
|
||||
text-align: center;
|
||||
font-size: 26px;
|
||||
color: #333;
|
||||
}
|
||||
|
||||
.form1 p {
|
||||
text-align: center;
|
||||
color: #666;
|
||||
margin-bottom: 25px;
|
||||
}
|
||||
|
||||
.form1 .grid-block h3 {
|
||||
margin-bottom: 15px;
|
||||
color: #444;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.form1 form {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: 14px;
|
||||
}
|
||||
|
||||
.form1 label {
|
||||
font-size: 15px;
|
||||
color: #555;
|
||||
}
|
||||
|
||||
.form1 input {
|
||||
padding: 10px 12px;
|
||||
font-size: 15px;
|
||||
border-radius: 8px;
|
||||
border: 1px solid #ccc;
|
||||
transition: border 0.2s, box-shadow 0.2s;
|
||||
}
|
||||
|
||||
.form1 input:focus {
|
||||
border-color: #7f57ff;
|
||||
box-shadow: 0 0 0 2px rgba(127, 87, 255, 0.2);
|
||||
outline: none;
|
||||
}
|
||||
|
||||
.form1 button {
|
||||
width: 100%;
|
||||
padding: 10px 12px;
|
||||
font-size: 16px;
|
||||
background:#e4e4e4;
|
||||
/* color: white; */
|
||||
border: 1px solid #ccc;
|
||||
border-radius: 8px;
|
||||
cursor: pointer;
|
||||
margin-top: 10px;
|
||||
transition: background 0.25s, transform 0.1s;
|
||||
}
|
||||
|
||||
.form1 button:hover {
|
||||
background: #aa92f8;
|
||||
}
|
||||
|
||||
.form1 button:active {
|
||||
transform: scale(0.98);
|
||||
}
|
||||
@@ -12,14 +12,14 @@ btn_prot.onclick = async () => {
|
||||
|
||||
async function UserLogout() {
|
||||
accessToken = "";
|
||||
await fetch("/api/users/logout", { method: "POST", credentials: "include" });
|
||||
await fetch("/api/auth/logout", { method: "POST", credentials: "include"});
|
||||
};
|
||||
|
||||
async function UserLogin() {
|
||||
const u = log_user.value,
|
||||
p = log_pass.value;
|
||||
|
||||
const r = await fetch("/api/users/login", {
|
||||
const r = await fetch("/api/auth/login", {
|
||||
method: "POST",
|
||||
credentials: "include",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
|
||||
Reference in New Issue
Block a user