ODWRTW/canape
2
2
Fork 0
Code Issues 3 Pull Requests 1 Releases Activity

Make the server act like an API

Browse Source
This commit is contained in:
Grégoire Delattre 2016-11-17 02:06:00 +01:00
parent 466c3f4295
commit 06837a8776
23 changed files with 200 additions and 1028 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config.yml.exemple
View File

@ -1,11 +1,9 @@
authorizer: authorizer:
cookie_name: auth secret: my_secret_app_key
cookie_key: mysecretkey
pepper: pepper pepper: pepper
cost: 10 cost: 10
pgdsn: postgres://test:test@127.0.0.1:5432/dev?sslmode=disable pgdsn: postgres://test:test@127.0.0.1:5432/dev?sslmode=disable
trakttv_client_id: my_trakttv_client_id trakttv_client_id: my_trakttv_client_id
tmdb_api_key: my_tmdb_key tmdb_api_key: my_tmdb_key
listen_port: 3000 listen_port: 3000
templates_dir: build/templates
public_dir: build/public public_dir: build/public

156
src/internal/auth/auth.go
View File

@ -3,8 +3,10 @@ package auth
import ( import (
"fmt" "fmt"
"net/http" "net/http"
"strings"
jwt "github.com/dgrijalva/jwt-go"
"github.com/gorilla/sessions"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
) )
@ -13,8 +15,8 @@ var (
ErrInvalidPassword = fmt.Errorf("Invalid password") ErrInvalidPassword = fmt.Errorf("Invalid password")
// ErrInvalidSecret returned when cookie's secret is don't match // ErrInvalidSecret returned when cookie's secret is don't match
ErrInvalidSecret = fmt.Errorf("Invalid secret") ErrInvalidSecret = fmt.Errorf("Invalid secret")
// ErrCorrupted returned when session have been corrupted // ErrInvalidToken returned when the jwt token is invalid
ErrCorrupted = fmt.Errorf("Corrupted session") ErrInvalidToken = fmt.Errorf("Invalid token")
) )
// UserBackend interface for user backend // UserBackend interface for user backend
@ -27,6 +29,7 @@ type User interface {
GetName() string GetName() string
GetHash() string GetHash() string
HasRole(string) bool HasRole(string) bool
IsAdmin() bool
} }
// Authorizer handle sesssion // Authorizer handle sesssion
@ -37,10 +40,9 @@ type Authorizer struct {
// Params for Authorizer creation // Params for Authorizer creation
type Params struct { type Params struct {
Backend UserBackend Backend UserBackend
Cookiejar *sessions.CookieStore
CookieName string
Pepper string Pepper string
Cost int Cost int
Secret string
} }
// New Authorizer pepper is like a salt but not stored in database, // New Authorizer pepper is like a salt but not stored in database,
@ -60,112 +62,56 @@ func (a *Authorizer) GenHash(password string) (string, error) {
return string(b), nil return string(b), nil
} }
// Login cheks password and updates cookie info // Login cheks password and creates a jwt token
func (a *Authorizer) Login(rw http.ResponseWriter, req *http.Request, username, password string) error { func (a *Authorizer) Login(rw http.ResponseWriter, req *http.Request, username, password string) (User, error) {
cookie, err := a.Cookiejar.Get(req, a.CookieName)
if err != nil {
return err
}
u, err := a.Backend.Get(username) u, err := a.Backend.Get(username)
if err != nil { if err != nil {
return err return nil, err
} }
// Compare the password
err = bcrypt.CompareHashAndPassword([]byte(u.GetHash()), []byte(password+a.Pepper)) err = bcrypt.CompareHashAndPassword([]byte(u.GetHash()), []byte(password+a.Pepper))
if err != nil { if err != nil {
return ErrInvalidPassword return nil, ErrInvalidPassword
} }
cookie.Values["username"] = username return u, nil
}
// genereate secret
b, err := bcrypt.GenerateFromPassword([]byte(u.GetHash()), a.Cost) // CurrentUser returns the logged in username from session and verifies the token
if err != nil { func (a *Authorizer) CurrentUser(rw http.ResponseWriter, req *http.Request) (User, error) {
return err h := req.Header.Get("Authorization")
} // No user logged
cookie.Values["secret"] = string(b) if h == "" {
return nil, nil
err = cookie.Save(req, rw) }
if err != nil {
return err // Get the token from the header
} tokenStr := strings.Replace(h, "Bearer ", "", -1)
return nil
} // Keyfunc to decode the token
var keyfunc jwt.Keyfunc = func(token *jwt.Token) (interface{}, error) {
// RegenSecret update secret in cookie with user info, usefull when updating password return []byte(a.Secret), nil
func (a *Authorizer) RegenSecret(user User, w http.ResponseWriter, r *http.Request) error { }
cookie, err := a.Cookiejar.Get(r, a.CookieName)
if err != nil { var tokenClaims struct {
return err Username string `json:"username"`
} jwt.StandardClaims
// genereate secret }
b, err := bcrypt.GenerateFromPassword([]byte(user.GetHash()), a.Cost) token, err := jwt.ParseWithClaims(tokenStr, &tokenClaims, keyfunc)
if err != nil { if err != nil {
return err return nil, err
} }
cookie.Values["secret"] = string(b)
// Check the token validity
err = cookie.Save(r, w) if !token.Valid {
if err != nil { return nil, ErrInvalidToken
return err }
}
return nil // Get the user
} u, err := a.Backend.Get(tokenClaims.Username)
if err != nil {
// Logout remove cookie info return nil, err
func (a *Authorizer) Logout(rw http.ResponseWriter, req *http.Request) error {
cookie, err := a.Cookiejar.Get(req, a.CookieName)
if err != nil {
return err
}
cookie.Values["username"] = nil
cookie.Values["secret"] = nil
cookie.Options.MaxAge = -1 // kill the cookie
err = cookie.Save(req, rw)
if err != nil {
return err
}
return nil
}
// CurrentUser returns the logged in username from session
func (a *Authorizer) CurrentUser(rw http.ResponseWriter, req *http.Request) (User, error) {
cookie, err := a.Cookiejar.Get(req, a.CookieName)
if err != nil {
return nil, err
}
if cookie.IsNew {
return nil, nil
}
usernameTmp := cookie.Values["username"]
if usernameTmp == nil {
return nil, nil
}
username, ok := usernameTmp.(string)
if !ok {
return nil, ErrCorrupted
}
u, err := a.Backend.Get(username)
if err != nil {
return nil, err
}
// Check secret
hash := u.GetHash()
secretTmp := cookie.Values["secret"]
if secretTmp == nil {
return nil, nil
}
secret, ok := secretTmp.(string)
if !ok {
return nil, ErrCorrupted
}
err = bcrypt.CompareHashAndPassword([]byte(secret), []byte(hash))
if err != nil {
return nil, ErrInvalidSecret
} }
return u, nil return u, nil

199
src/internal/auth/auth_test.go
View File

@ -1,199 +0,0 @@
package auth
import (
"fmt"
"io/ioutil"
"net/http"
"net/http/cookiejar"
"net/http/httptest"
"testing"
"github.com/gorilla/mux"
"github.com/kr/pretty"
)
const (
pepper = "polp"
ckey = "plop"
cookieName = "auth"
cost = 10
username = "plop"
password = "ploppwd"
hash = "$2a$10$eVye8xbs6nj4TWnlTmifRuBsAU3F2hkxEcFz9WXdYjUuE6uKLVuzK"
)
type user struct {
username string
password string
hash string
}
func (u *user) GetHash() string {
return u.hash
}
type Backend struct {
user *user
}
func (b *Backend) Get(username string) (User, error) {
if username == b.user.username {
return b.user, nil
}
return nil, fmt.Errorf("invalid username")
}
func getBackend() *Backend {
return &Backend{
user: &user{
username: username,
password: password,
hash: hash,
},
}
}
func login(w http.ResponseWriter, r *http.Request) {
a := New(getBackend(), pepper, cookieName, ckey, cost)
err := a.Login(w, r, username, password)
if err != nil {
fmt.Fprintf(w, "%s", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
}
func logout(w http.ResponseWriter, r *http.Request) {
a := New(getBackend(), pepper, cookieName, ckey, cost)
err := a.Logout(w, r)
if err != nil {
fmt.Fprintf(w, "%s", err)
w.WriteHeader(http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
}
func check(w http.ResponseWriter, r *http.Request) {
a := New(getBackend(), pepper, cookieName, key, cost)
u, err := a.CurrentUser(w, r)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(w, "%s", err)
return
}
w.WriteHeader(http.StatusOK)
if u != nil {
usr, ok := u.(*user)
if !ok {
fmt.Fprintf(w, "Invalid user type")
return
}
fmt.Fprintf(w, "%s", usr.username)
}
}
func handlers() *mux.Router {
r := mux.NewRouter()
r.HandleFunc("/login", login).Methods("GET")
r.HandleFunc("/logout", logout).Methods("GET")
r.HandleFunc("/check", check).Methods("GET")
return r
}
func TestAuth(t *testing.T) {
ts := httptest.NewServer(handlers())
defer ts.Close()
cookieJar, _ := cookiejar.New(nil)
client := &http.Client{
Jar: cookieJar,
}
// Check no user logged in =
res, err := client.Get(ts.URL + "/check")
if err != nil {
t.Fatal(err)
}
body, err := ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
t.Fatal(err)
}
if res.StatusCode != http.StatusOK {
t.Fatal(body)
}
if string(body) != "" {
t.Fatalf("No user logged in expected but found: %s", body)
}
// Login
res, err = client.Get(ts.URL + "/login")
if err != nil {
t.Fatal(err)
}
body, err = ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
t.Fatal(err)
}
if res.StatusCode != http.StatusOK {
t.Fatal(string(body))
}
// Checks we are logged in
res, err = client.Get(ts.URL + "/check")
if err != nil {
t.Fatal(err)
}
body, err = ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
t.Fatal(err)
}
if res.StatusCode != http.StatusOK {
pretty.Println(res.StatusCode)
t.Fatal(body)
}
if string(body) != username {
t.Fatalf("We expect be logged in as %s but we got: %s", username, body)
}
// Logout
res, err = client.Get(ts.URL + "/logout")
if err != nil {
t.Fatal(err)
}
body, err = ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
t.Fatal(err)
}
if res.StatusCode != http.StatusOK {
t.Fatal(string(body))
}
// Check no username logged in anymore
res, err = client.Get(ts.URL + "/check")
if err != nil {
t.Fatal(err)
}
body, err = ioutil.ReadAll(res.Body)
res.Body.Close()
if err != nil {
t.Fatal(err)
}
if res.StatusCode != http.StatusOK {
t.Fatal(body)
}
if string(body) != "" {
t.Fatalf("No user logged in expected but found: %s", body)
}
}

50
src/internal/auth/middleware.go
View File

@ -2,11 +2,8 @@ package auth
import ( import (
"context" "context"
"fmt"
"net/http" "net/http"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/data"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
) )
@ -27,13 +24,12 @@ func NewMiddleware(authorizer *Authorizer, log *logrus.Entry) *Middleware {
func (m *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { func (m *Middleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
user, err := m.authorizer.CurrentUser(w, r) user, err := m.authorizer.CurrentUser(w, r)
if err != nil { if err != nil {
panic(err) http.Error(w, err.Error(), http.StatusUnauthorized)
return
} }
if user != nil { if user != nil {
name := user.GetName() m.log.Debugf("setting user %s in the context", user.GetName())
m.log.Debugf("setting user %s in the context", name)
data.SetData(r, "user", user)
} else { } else {
m.log.Debugf("got a nil user in the context") m.log.Debugf("got a nil user in the context")
} }
@ -49,16 +45,14 @@ type MiddlewareRole struct {
authorizer *Authorizer authorizer *Authorizer
log *logrus.Entry log *logrus.Entry
role string role string
loginPageGetter func() string
} }
// NewMiddlewareRole returns a new MiddlewareRole // NewMiddlewareRole returns a new MiddlewareRole
func NewMiddlewareRole(authorizer *Authorizer, log *logrus.Entry, loginPageGetter func() string, role string) *MiddlewareRole { func NewMiddlewareRole(authorizer *Authorizer, log *logrus.Entry, role string) *MiddlewareRole {
return &MiddlewareRole{ return &MiddlewareRole{
authorizer: authorizer, authorizer: authorizer,
log: log.WithField("middleware", "role"), log: log.WithField("middleware", "role"),
role: role, role: role,
loginPageGetter: loginPageGetter,
} }
} }
@ -72,16 +66,8 @@ func (m *MiddlewareRole) ServeHTTP(w http.ResponseWriter, r *http.Request, next
m.log.Debug("user doesn't have the role") m.log.Debug("user doesn't have the role")
} }
cookie, err := m.authorizer.Cookiejar.Get(r, "rlogin") // return unauthorized
if err != nil { http.Error(w, "Invalid user role", http.StatusUnauthorized)
panic(err)
}
cookie.Values["redirect"] = r.URL.Path
err = cookie.Save(r, w)
if err != nil {
panic(err)
}
http.Redirect(w, r, m.loginPageGetter(), http.StatusTemporaryRedirect)
return return
} }
@ -90,30 +76,6 @@ func (m *MiddlewareRole) ServeHTTP(w http.ResponseWriter, r *http.Request, next
next(w, r) next(w, r)
} }
// GetPostLoginRedirect returns the location of the page requested before the
// users was redirected to the login page
func GetPostLoginRedirect(a *Authorizer, w http.ResponseWriter, r *http.Request) (string, error) {
cookie, err := a.Cookiejar.Get(r, "rlogin")
if err != nil {
return "", err
}
val := cookie.Values["redirect"]
if val == nil {
return "", nil
}
path, ok := val.(string)
if !ok {
return "", fmt.Errorf("invalid redirect type")
}
cookie.Values["rlogin"] = ""
err = cookie.Save(r, w)
if err != nil {
return "", err
}
return path, nil
}
// GetCurrentUser gets the current user from the request context // GetCurrentUser gets the current user from the request context
func GetCurrentUser(r *http.Request, log *logrus.Entry) User { func GetCurrentUser(r *http.Request, log *logrus.Entry) User {
log.Debug("getting user from context") log.Debug("getting user from context")

4
src/internal/config/canape.go
View File

@ -15,7 +15,6 @@ type Config struct {
PGDSN string `yaml:"pgdsn"` PGDSN string `yaml:"pgdsn"`
Port string `yaml:"listen_port"` Port string `yaml:"listen_port"`
TraktTVClientID string `yaml:"trakttv_client_id"` TraktTVClientID string `yaml:"trakttv_client_id"`
TemplatesDir string `yaml:"templates_dir"`
PublicDir string `yaml:"public_dir"` PublicDir string `yaml:"public_dir"`
// TODO improve the detailers configurations // TODO improve the detailers configurations
@ -24,10 +23,9 @@ type Config struct {
} }
type AuthorizerConfig struct { type AuthorizerConfig struct {
CookieName string `yaml:"cookie_name"`
Key string `yaml:"cookie_key"`
Pepper string `yaml:"pepper"` Pepper string `yaml:"pepper"`
Cost int `yaml:"cost"` Cost int `yaml:"cost"`
Secret string `yaml:"secret"`
} }
func Load(path string) (*Config, error) { func Load(path string) (*Config, error) {

4
src/internal/config/polochon.go
View File

@ -2,6 +2,6 @@ package config
// UserPolochon is polochon access parameter for a user // UserPolochon is polochon access parameter for a user
type UserPolochon struct { type UserPolochon struct {
URL string URL string `json:"url"`
Token string Token string `json:"token"`
} }

42
src/internal/data/data.go
View File

@ -1,42 +0,0 @@
package data
import (
"fmt"
"net/http"
"context"
)
type key int
// dKey is key for access to response data in context
const dKey key = 0
// GetAllData return response's data
func GetAllData(r *http.Request) map[string]interface{} {
data := GetData(r, "data")
if data == nil {
data = make(map[string]interface{})
}
mapData, ok := data.(map[string]interface{})
if !ok {
fmt.Printf("something wrong with data")
}
// log.Printf("got all data %+v", mapData)
return mapData
}
// SetData sets some response's data for access in template
func SetData(r *http.Request, key string, val interface{}) {
allData := GetAllData(r)
allData[key] = val
ctx := context.WithValue(r.Context(), "data", allData)
*r = *r.WithContext(ctx)
allData = GetAllData(r)
}
// GetData gets some response's data for access in template
func GetData(r *http.Request, key string) interface{} {
return r.Context().Value(key)
}

20
src/internal/movies/handlers.go
View File

@ -15,13 +15,14 @@ import (
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/auth" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/auth"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/config" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/config"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/data"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/users" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/users"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/web" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/web"
) )
// ErrPolochonUnavailable is an error returned if the polochon server is not available
var ErrPolochonUnavailable = fmt.Errorf("Invalid polochon address") var ErrPolochonUnavailable = fmt.Errorf("Invalid polochon address")
// SortByTitle helps sort the movies
type SortByTitle []*Movie type SortByTitle []*Movie
func (a SortByTitle) Len() int { return len(a) } func (a SortByTitle) Len() int { return len(a) }
@ -115,18 +116,10 @@ func FromPolochon(env *web.Env, w http.ResponseWriter, r *http.Request) error {
if !ok { if !ok {
return fmt.Errorf("invalid user type") return fmt.Errorf("invalid user type")
} }
data.SetData(r, "user", user)
movies, err := getPolochonMovies(user) movies, err := getPolochonMovies(user)
if err != nil { if err != nil {
// Catch network error for accessing specified polochon address return env.RenderError(w, err)
if err == ErrPolochonUnavailable {
data.SetData(r, "error", "Invalid address")
return env.Rends(w, r, "movies/library")
}
return err
} }
var polochonConfig config.UserPolochon var polochonConfig config.UserPolochon
@ -168,10 +161,10 @@ func FromPolochon(env *web.Env, w http.ResponseWriter, r *http.Request) error {
sort.Sort(smovies) sort.Sort(smovies)
data.SetData(r, "movies", movies[params.Start:params.Start+params.Limit]) return env.RenderJSON(w, movies)
return env.Rends(w, r, "movies/library")
} }
// ExplorePopular returns the popular movies
func ExplorePopular(env *web.Env, w http.ResponseWriter, r *http.Request) error { func ExplorePopular(env *web.Env, w http.ResponseWriter, r *http.Request) error {
log := env.Log.WithField("function", "movies.ExplorePopular") log := env.Log.WithField("function", "movies.ExplorePopular")
@ -206,7 +199,6 @@ func ExplorePopular(env *web.Env, w http.ResponseWriter, r *http.Request) error
movies = append(movies, movie) movies = append(movies, movie)
ids = append(ids, m.IDs.ImDB) ids = append(ids, m.IDs.ImDB)
} }
data.SetData(r, "movies", movies)
return env.Rends(w, r, "movies/library") return env.RenderJSON(w, movies)
} }

227
src/internal/users/handlers.go
View File

@ -1,134 +1,102 @@
package users package users
import ( import (
"encoding/json"
"fmt" "fmt"
"net/http" "net/http"
"time"
"github.com/gorilla/Schema" jwt "github.com/dgrijalva/jwt-go"
"github.com/kr/pretty"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/auth" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/auth"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/config" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/config"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/data"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/web" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/web"
) )
func LoginGETHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error {
return e.Rends(w, r, "users/login")
}
func SignupGETHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error {
return e.Rends(w, r, "users/signup")
}
func SignupPOSTHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error { func SignupPOSTHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error {
type newForm struct { var data struct {
Username string Username string `json:"username"`
Password string Password string `json:"password"`
PasswordVerify string PasswordConfirm string `json:"password_confirm"`
}
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
return err
} }
e.Log.Debugf("creating new user ...") e.Log.Debugf("creating new user ...")
err := r.ParseForm() if data.Password == "" && data.PasswordConfirm != "" {
if err != nil { return e.RenderError(w, fmt.Errorf("Empty password"))
return err
} }
form := new(newForm) if data.Password != data.PasswordConfirm {
decoder := schema.NewDecoder() return e.RenderError(w, fmt.Errorf("Passwords missmatch"))
err = decoder.Decode(form, r.PostForm)
if err != nil {
return err
} }
user := User{ user := User{Name: data.Username}
Name: form.Username,
} var err error
if form.Password != "" || form.PasswordVerify != "" { user.Hash, err = e.Auth.GenHash(data.Password)
if form.Password != form.PasswordVerify {
data.SetData(r, "Errors", "Password mismatch")
return e.Rends(w, r, "users/signup")
}
user.Hash, err = e.Auth.GenHash(form.Password)
if err != nil { if err != nil {
return err return err
} }
}
err = user.NewConfig() err = user.NewConfig()
if err != nil { if err != nil {
return err return err
} }
err = user.Add(e.Database) if err = user.Add(e.Database); err != nil {
if err != nil {
pretty.Println(err)
return err return err
} }
e.Log.Debugf("new user %s created ...", form.Username) e.Log.Debugf("new user %s created ...", data.Username)
err = e.Auth.Login(w, r, form.Username, form.Password) return e.RenderOK(w, "User created")
if err != nil {
if err == auth.ErrInvalidPassword || err == ErrUnknownUser {
data.SetData(r, "Errors", "Error invalid user or password")
return e.Rends(w, r, "users/signup")
}
return err
}
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return nil
} }
// LoginPOSTHandler handles the login proccess
func LoginPOSTHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error { func LoginPOSTHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error {
type loginForm struct { var data struct {
Username string Username string `json:"username"`
Password string Password string `json:"password"`
} }
err := r.ParseForm() if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
if err != nil {
return err return err
} }
form := new(loginForm) user, err := e.Auth.Login(w, r, data.Username, data.Password)
decoder := schema.NewDecoder()
err = decoder.Decode(form, r.PostForm)
if err != nil {
return err
}
err = e.Auth.Login(w, r, form.Username, form.Password)
if err != nil { if err != nil {
if err == auth.ErrInvalidPassword || err == ErrUnknownUser { if err == auth.ErrInvalidPassword || err == ErrUnknownUser {
data.SetData(r, "Errors", "Error invalid user or password") return e.RenderError(w, fmt.Errorf("Error invalid user or password"))
return e.Rends(w, r, "users/login")
} }
return err return err
} }
e.Log.Debug("logged") e.Log.Debugf("logged %s", user.GetName())
path, err := auth.GetPostLoginRedirect(e.Auth, w, r) // Create a jwt token
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
// Not before
"nbf": time.Now().Unix(),
// Issued at
"iat": time.Now().Unix(),
// Private claims
"username": user.GetName(),
"isAdmin": user.IsAdmin(),
})
// Sign the token
ss, err := token.SignedString([]byte(e.Auth.Secret))
if err != nil { if err != nil {
return err return err
} }
e.Log.Debugf("redirecting to %s", path) var out = struct {
if path != "" { Token string `json:"token"`
http.Redirect(w, r, path, http.StatusTemporaryRedirect) }{
return nil Token: ss,
} }
e.Log.Debugf("got no path, redirecting to /")
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return nil
}
// LogoutHandler just logout return e.RenderJSON(w, out)
func LogoutHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error {
e.Auth.Logout(w, r)
http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
return nil
} }
// DetailsHandler show user details // DetailsHandler show user details
@ -145,8 +113,7 @@ func DetailsHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error {
return err return err
} }
data.SetData(r, "polochon", polochonConfig) return e.RenderJSON(w, polochonConfig)
return e.Rends(w, r, "users/details")
} }
// EditHandler allow editing user info and configuration // EditHandler allow editing user info and configuration
@ -156,70 +123,44 @@ func EditHandler(e *web.Env, w http.ResponseWriter, r *http.Request) error {
if !ok { if !ok {
return fmt.Errorf("invalid user type") return fmt.Errorf("invalid user type")
} }
var data struct {
PolochonURL string `json:"polochon_url"`
PolochonToken string `json:"polochon_token"`
Password string `json:"password"`
PasswordConfirm string `json:"password_confirm"`
}
if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
return err
}
if data.Password == "" && data.PasswordConfirm != "" {
if data.Password != data.PasswordConfirm {
return e.RenderError(w, fmt.Errorf("Passwords empty or missmatch"))
}
// Update the user config
var err error
user.Hash, err = e.Auth.GenHash(data.Password)
if err != nil {
return err
}
if err := user.Update(e.Database); err != nil {
return err
}
}
// Update the polochon config
var polochonConfig config.UserPolochon var polochonConfig config.UserPolochon
err := user.GetConfig("polochon", &polochonConfig) if err := user.GetConfig("polochon", &polochonConfig); err != nil {
if err != nil { return err
}
polochonConfig.URL = data.PolochonURL
polochonConfig.Token = data.PolochonToken
if err := user.SetConfig("polochon", polochonConfig); err != nil {
return err return err
} }
if r.Method == "GET" { return e.RenderOK(w, "user updated")
data.SetData(r, "polochon", polochonConfig)
return e.Rends(w, r, "users/edit")
}
type editForm struct {
PolochonURL string
PolochonToken string
Password string
PasswordVerify string
}
err = r.ParseForm()
if err != nil {
return err
}
form := new(editForm)
decoder := schema.NewDecoder()
err = decoder.Decode(form, r.PostForm)
if err != nil {
return err
}
polochonConfig.URL = form.PolochonURL
polochonConfig.Token = form.PolochonToken
err = user.SetConfig("polochon", polochonConfig)
if err != nil {
return err
}
if form.Password != "" || form.PasswordVerify != "" {
if form.Password != form.PasswordVerify {
// TODO: manage form error
}
user.Hash, err = e.Auth.GenHash(form.Password)
if err != nil {
return err
}
}
err = user.Update(e.Database)
if err != nil {
pretty.Println(err)
return err
}
err = e.Auth.RegenSecret(user, w, r)
if err != nil {
return err
}
url, err := e.GetURL("users.details")
if err != nil {
return err
}
http.Redirect(w, r, url, http.StatusTemporaryRedirect)
return nil
} }

4
src/internal/users/users.go
View File

@ -204,3 +204,7 @@ func (u *User) HasRole(role string) bool {
} }
return true return true
} }
func (u *User) IsAdmin() bool {
return u.HasRole(AdminRole)
}

58
src/internal/web/env.go
View File

@ -1,8 +1,6 @@
package web package web
import ( import (
"fmt"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/auth" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/auth"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/config" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/config"
@ -34,28 +32,14 @@ type EnvParams struct {
// NewEnv returns a new *Env // NewEnv returns a new *Env
func NewEnv(p EnvParams) *Env { func NewEnv(p EnvParams) *Env {
e := &Env{ return &Env{
Database: p.Database, Database: p.Database,
Log: p.Log, Log: p.Log,
Router: mux.NewRouter(), Router: mux.NewRouter(),
Auth: p.Auth, Auth: p.Auth,
Config: p.Config, Config: p.Config,
Render: render.New(),
} }
tmplFuncs = append(tmplFuncs, map[string]interface{}{
"URL": func(name string, pairs ...string) (string, error) {
return e.GetURL(name, pairs...)
},
})
e.Render = render.New(render.Options{
Directory: p.Config.TemplatesDir,
Layout: "layout",
Funcs: tmplFuncs,
DisableHTTPErrorRendering: true,
RequirePartials: true,
})
return e
} }
type Route struct { type Route struct {
@ -76,7 +60,7 @@ func (r *Route) Methods(methods ...string) *Route {
func (r *Route) WithRole(role string) *Route { func (r *Route) WithRole(role string) *Route {
handler := r.mRoute.GetHandler() handler := r.mRoute.GetHandler()
newHandler := negroni.New( newHandler := negroni.New(
auth.NewMiddlewareRole(r.env.Auth, r.env.Log, r.env.GetLoginRouteGetter(), role), auth.NewMiddlewareRole(r.env.Auth, r.env.Log, role),
negroni.Wrap(handler)) negroni.Wrap(handler))
r.mRoute.Handler(newHandler) r.mRoute.Handler(newHandler)
return r return r
@ -90,39 +74,3 @@ func (e *Env) Handle(route string, H HandlerFunc) *Route {
mRoute: mRoute, mRoute: mRoute,
} }
} }
// GetURL returns URL string from URL name and params
// Usefull for redirection and templates
func (e *Env) GetURL(name string, pairs ...string) (string, error) {
route := e.Router.Get(name)
if route == nil {
return "", fmt.Errorf("No route find for the given name: %s", name)
}
URL, err := route.URL(pairs...)
if err != nil {
return "", err
}
return URL.String(), nil
}
// SetLoginRoute sets the route name of login page for further use
// with GetLoginRouteGetter
func (e *Env) SetLoginRoute(name string) error {
route, err := e.GetURL(name)
if err != nil {
return err
}
e.loginRoute = route
return nil
}
// GetLoginRouteGetter allow some code parts like middleware access
// to login route name
func (e *Env) GetLoginRouteGetter() func() string {
return func() string {
if e.loginRoute == "" {
panic("Env: login route not set")
}
return e.loginRoute
}
}

66
src/internal/web/render.go
View File

@ -1,48 +1,36 @@
package web package web
import ( import "net/http"
"html/template"
"net/http"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/data" // RenderError renders an error
func (e *Env) RenderError(w http.ResponseWriter, err error) error {
"github.com/gorilla/mux" return e.render(w, "error", err.Error())
)
// TmplFuncs handles global template functions
var tmplFuncs = []template.FuncMap{
map[string]interface{}{
"safeURL": func(s string) template.URL {
return template.URL(s)
},
},
} }
// AddTmplFunc adds a template function // RenderOK renders a message
func AddTmplFunc(name string, f interface{}) error { func (e *Env) RenderOK(w http.ResponseWriter, message string) error {
tmplFuncs = append(tmplFuncs, map[string]interface{}{ return e.render(w, "ok", message)
name: f,
})
return nil
} }
// TemplateData represents object passed to template renderer func (e *Env) render(w http.ResponseWriter, status, message string) error {
type TemplateData struct { var out = struct {
Route string Status string `json:"status"`
Data map[string]interface{} Message string `json:"message"`
} }{
Status: status,
// Rends a view Message: message,
func (e *Env) Rends(w http.ResponseWriter, r *http.Request, template string) error {
if r.Header.Get("Accept") == "application/json" {
return e.Render.JSON(w, http.StatusOK, TemplateData{
Route: mux.CurrentRoute(r).GetName(),
Data: data.GetAllData(r),
})
} }
return e.Render.JSON(w, http.StatusOK, out)
return e.Render.HTML(w, http.StatusOK, template, TemplateData{ }
Route: mux.CurrentRoute(r).GetName(),
Data: data.GetAllData(r), // RenderJSON renders the data in JSON format
}) func (e *Env) RenderJSON(w http.ResponseWriter, data interface{}) error {
var out = struct {
Status string `json:"status"`
Data interface{} `json:"data"`
}{
Status: "ok",
Data: data,
}
return e.Render.JSON(w, http.StatusOK, out)
} }

48
src/internal/web/templates.go
View File

@ -1,48 +0,0 @@
package web
import (
"html/template"
"net/http"
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/data"
"github.com/gorilla/mux"
)
// TmplFuncs handles global template functions
var tmplFuncs = []template.FuncMap{
map[string]interface{}{
"safeURL": func(s string) template.URL {
return template.URL(s)
},
},
}
// AddTmplFunc adds a template function
func AddTmplFunc(name string, f interface{}) error {
tmplFuncs = append(tmplFuncs, map[string]interface{}{
name: f,
})
return nil
}
// TemplateData represents object passed to template renderer
type TemplateData struct {
Route string
Data map[string]interface{}
}
// Rends a view
func (e *Env) Rends(w http.ResponseWriter, r *http.Request, template string) error {
if r.Header.Get("Accept") == "application/json" {
return e.Render.JSON(w, http.StatusOK, TemplateData{
Route: mux.CurrentRoute(r).GetName(),
Data: data.GetAllData(r),
})
}
return e.Render.HTML(w, http.StatusOK, template, TemplateData{
Route: mux.CurrentRoute(r).GetName(),
Data: data.GetAllData(r),
})
}

25
src/main.go
View File

@ -11,7 +11,6 @@ import (
"gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/web" "gitlab.quimbo.fr/odwrtw/canape-sql/src/internal/web"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/gorilla/sessions"
"github.com/jmoiron/sqlx" "github.com/jmoiron/sqlx"
_ "github.com/lib/pq" _ "github.com/lib/pq"
"github.com/urfave/negroni" "github.com/urfave/negroni"
@ -54,9 +53,8 @@ func main() {
authParams := auth.Params{ authParams := auth.Params{
Backend: uBackend, Backend: uBackend,
Pepper: cf.Authorizer.Pepper, Pepper: cf.Authorizer.Pepper,
CookieName: cf.Authorizer.CookieName,
Cookiejar: sessions.NewCookieStore([]byte(cf.Authorizer.Key)),
Cost: cf.Authorizer.Cost, Cost: cf.Authorizer.Cost,
Secret: cf.Authorizer.Secret,
} }
authorizer := auth.New(authParams) authorizer := auth.New(authParams)
@ -69,22 +67,13 @@ func main() {
authMiddleware := auth.NewMiddleware(env.Auth, log) authMiddleware := auth.NewMiddleware(env.Auth, log)
env.Handle("/", movies.ExplorePopular).Name("movies.home") env.Handle("/users/login", users.LoginPOSTHandler).Methods("POST")
env.Handle("/users/login", users.LoginGETHandler).Name("users.login").Methods("GET") env.Handle("/users/signup", users.SignupPOSTHandler).Methods("POST")
env.Handle("/users/login", users.LoginPOSTHandler).Name("users.login").Methods("POST") env.Handle("/users/details", users.DetailsHandler).WithRole(users.UserRole)
env.Handle("/users/signup", users.SignupGETHandler).Name("users.signup").Methods("GET") env.Handle("/users/edit", users.EditHandler).WithRole(users.UserRole)
env.Handle("/users/signup", users.SignupPOSTHandler).Name("users.signup").Methods("POST")
env.Handle("/users/logout", users.LogoutHandler).Name("users.logout")
env.Handle("/users/details", users.DetailsHandler).Name("users.details").WithRole(users.UserRole)
env.Handle("/users/edit", users.EditHandler).Name("users.edit").WithRole(users.UserRole)
env.Handle("/movies/polochon", movies.FromPolochon).Name("movies.polochon").WithRole(users.UserRole) env.Handle("/movies/polochon", movies.FromPolochon).WithRole(users.UserRole)
env.Handle("/movies/explore/popular", movies.ExplorePopular).Name("movies.explore.popular").WithRole(users.UserRole) env.Handle("/movies/explore/popular", movies.ExplorePopular).WithRole(users.UserRole)
err = env.SetLoginRoute("users.login")
if err != nil {
log.Panic(err)
}
n := negroni.Classic() n := negroni.Classic()
n.Use(authMiddleware) n.Use(authMiddleware)

9
src/templates/errors.tmpl
View File

@ -1,9 +0,0 @@
{{ if $.Data.Errors }}
<div class="row">
<div class="col-md-6 col-md-offset-3 col-xs-12">
<div class="alert alert-warning">
<p>{{ $.Data.Errors }}</p>
</div>
</div>
</div>
{{ end }}

23
src/templates/layout.tmpl
View File

@ -1,23 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Canape</title>
<link href="/css/app.css" rel="stylesheet">
</head>
<body>
{{ template "errors" $ }}
{{ template "success" $ }}
{{ template "navbar" $ }}
<div class="container-fluid">
<div class="container">
{{ yield }}
</div>
</div>
<script src="/js/app.js"></script>
</body>
</html>

61
src/templates/movies/library.tmpl
View File

@ -1,61 +0,0 @@
{{ if $.Data.error }}
{{ if eq $.Data.error "Invalid address"}}
<div class="alert alert-danger" role="alert">
The polochon API adress specified in your configuration is invalid or unreachable,
<a href="{{ URL "users.edit"}}">change it</a>
</div>
{{ end }}
{{ else }}
<div class="row" id="movie-library">
<div class="col-xs-5 col-md-8">
<div class="row">
{{ range $.Data.movies }}
<div class="col-xs-12 col-md-3">
<a href="#" class="thumbnail" data-imdbid="{{.ImdbID}}">
<img src="/img/movies/{{.ImdbID}}.jpg" onerror="this.onerror=null;this.src='/img/noimage.png';">
</a>
</div>
{{ end }}
</div>
</div>
<div class="col-xs-7 col-md-4">
{{ range $.Data.movies}}
<div id="{{.ImdbID}}-detail" class="hidden movie-detail affix">
<h1 class="hidden-xs">{{ .Title }}</h1>
<h3 class="visible-xs">{{ .Title }}</h3>
<h4 class="hidden-xs">{{ .Year }}</h4>
<p>
<i class="fa fa-clock-o"></i>
{{ .Runtime }} min
</p>
<p>
<i class="fa fa-star-o"></i>
{{ .Rating }} <small>({{ .Votes }} counts)</small>
</p>
<p class="movie-plot">{{ .Plot }}</p>
<div class="movie-details-buttons">
{{ if .PolochonURL }}
<a type="button" class="btn btn-success btn-sm" href="{{ .PolochonURL }}">
<i class="fa fa-download"></i> Download
</a>
{{ end }}
<a id="imdb-link" type="button" class="btn btn-sm btn-warning" href="http://www.imdb.com/title/{{ .ImdbID }}">
<i class="fa fa-external-link"></i> IMDB
</a>
</div>
</div>
{{ end}}
</div>
</div>
{{ end }}

71
src/templates/navbar.tmpl
View File

@ -1,71 +0,0 @@
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="container">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">Canape</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
<li><a href="{{ URL "movies.explore.popular"}}">Movies</a></li>
<li><a href="#">TV Shows</a></li>
{{ if $.Data.user }}
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
<i class="fa fa-list"></i>
My Library
<span class="caret"></span>
</a>
<ul class="dropdown-menu" role="menu">
<li {{ if eq $.Route "movies.polochon" }}class="active"{{ end }}>
<a href="{{ URL "movies.polochon" }}?limit=10">Movies{{ if eq $.Route "movies.polochon" }}<span class="sr-only">Movies</span>{{ end }}</a>
</li>
<li>
<a href="#">
TVShows
</a>
</li>
</ul>
</li>
{{ end }}
</ul>
<ul class="nav navbar-nav navbar-right">
{{ if $.Data.user }}
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">{{$.Data.user.Name}} <span class="caret"></span></a>
<ul class="dropdown-menu">
<li>
<a href="{{ URL "users.details"}}">My account</a>
</li>
<li>
<a href="{{ URL "users.edit"}}">Edit</a>
</li>
<li role="separator" class="divider"></li>
<li>
<a href="{{ URL "users.logout"}}">Logout</a>
</li>
</ul>
</li>
{{ else }}
<li>
<a href="{{ URL "users.login"}}">Sign in</a>
</li>
<li>
<a href="{{ URL "users.signup"}}">Sign up</a>
</li>
{{ end }}
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</div><!-- /.container -->
</nav>

9
src/templates/success.tmpl
View File

@ -1,9 +0,0 @@
{{ if $.Data.Success }}
<div class="row">
<div class="col-xs-12">
<div class="alert alert-success">
{{ $.Data.Success }}
</div>
</div>
</div>
{{ end }}

26
src/templates/users/details.tmpl
View File

@ -1,26 +0,0 @@
<div class="container">
<div id="user-details" class="content-fluid">
<div class="col-md-6 col-md-offset-3 col-xs-12">
<h2>{{ $.Data.user.Name }}'s informations</h2>
<hr>
<div class="panel panel-info">
<div class="panel-heading">
Polochon URL
</div>
<div class="panel-body">{{ $.Data.polochon.URL }}</div>
</div>
<div class="panel panel-info">
<div class="panel-heading">
Polochon token
</div>
<div class="panel-body">{{ $.Data.polochon.Token }}</div>
</div>
<div>
<a class="btn btn-default pull-left" href="{{ URL "users.edit" }}">Edit</a>
</div>
</div>
</div>
</div>

40
src/templates/users/edit.tmpl
View File

@ -1,40 +0,0 @@
<div class="container">
<div class="content-fluid">
<div class="col-md-6 col-md-offset-3 col-xs-12">
<h2>Edit user</h2>
<hr>
<form accept-charset="UTF-8" action="{{ URL "users.edit" }}" method="POST" class="form-horizontal" id="user">
<div class="form-group">
<label class="control-label" for="PolochonURL">Polochon URL</label>
<input autofocus="autofocus" class="form-control" name="PolochonURL" type="text" value="{{ $.Data.polochon.URL }}">
</div>
<div class="form-group">
<label class="control-label" for="PolochonToken">Polochon token</label>
<input autofocus="autofocus" class="form-control" name="PolochonToken" type="text" value="{{ $.Data.polochon.Token }}" >
</div>
<hr>
<div class="form-group">
<label class="control-label" for="Password">Password</label>
<input autocomplete="off" class="form-control" name="Password" type="password" value="">
</div>
<div class="form-group">
<label class="control-label" for="PasswordVerify">Confirm Password</label>
<input autocomplete="off" class="form-control" name="PasswordVerify" type="password" value="">
</div>
<div>
<input class="btn btn-primary pull-right" type="submit" value="Update">
<a class="btn btn-default pull-left" href="{{ URL "users.details" }}">Cancel</a>
</div>
</form>
</div>
</div>
</div>

27
src/templates/users/login.tmpl
View File

@ -1,27 +0,0 @@
<div class="container">
<div class="content-fluid">
<div class="col-md-6 col-md-offset-3 col-xs-12">
<h2>Log in</h2>
<hr>
<form accept-charset="UTF-8" action="/users/login" method="POST" class="form-horizontal">
<div>
<label for="user_email">Username</label>
<br>
<input autofocus="autofocus" class="form-control" id="username" name="Username" type="username" value="">
<p></p>
</div>
<div>
<label for="user_password">Password</label>
<br>
<input autocomplete="off" class="form-control" id="password" name="Password" type="password">
<p></p>
</div>
<div>
<input class="btn btn-primary pull-right" type="submit" value="Log in">
<br>
</div>
<a class="btn btn-default btn-sm pull-left" href="/movies/%3cnil%3e">Cancel</a>
</form>
</div>
</div>
</div>

39
src/templates/users/signup.tmpl
View File

@ -1,39 +0,0 @@
<div class="container">
<div class="content-fluid">
<div class="col-md-6 col-md-offset-3 col-xs-12">
<h2>Sign up</h2>
<hr>
<form accept-charset="UTF-8" action="{{ URL "users.signup" }}" method="POST" class="form-horizontal" id="new_user">
<div>
<p class="">
<label for="user_email">Username</label>
<br>
<input autofocus="autofocus" class="form-control" id="username" name="Username" type="username" value="">
<span class="error"></span>
</p>
</div>
<div>
<p class="">
<label for="user_password">Password</label>
<br>
<input autocomplete="off" class="form-control" id="password" name="Password" type="password" value="">
<span class="error"></span>
</p>
</div>
<div>
<p class="">
<label for="user_password">Confirm Password</label>
<br>
<input autocomplete="off" class="form-control" id="passwordVerify" name="PasswordVerify" type="password" value="">
<span class="error"></span>
</p>
</div>
<div>
<input class="btn btn-primary pull-right" type="submit" value="Sign up">
<br>
</div>
<a class="btn btn-default btn-sm pull-left" href="/movies/%3cnil%3e">Cancel</a>
</form>
</div>
</div>
</div>