agecem-org/cmd.go

/*
Copyright © 2023-2024 AGECEM
*/
package main

import (
	"crypto/subtle"
	"embed"
	"encoding/json"
	"fmt"
	"io"
	"log"
	"net/http"
	"os"
	"strings"
	"text/template"

	"codeberg.org/vlbeaudoin/pave/v2"
	"codeberg.org/vlbeaudoin/serpents"
	"git.agecem.com/agecem/agecem-org/public"
	"git.agecem.com/agecem/agecem-org/templates"
	"git.agecem.com/agecem/agecem-org/version"
	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
	"github.com/spf13/cobra"
	"github.com/spf13/viper"
)

// configCmd represents the config command
var configCmd = &cobra.Command{
	Use:   "config",
	Short: "Print the config to stdout in indented JSON format",
	Run: func(cmd *cobra.Command, args []string) {
		var cfg Config

		if err := viper.Unmarshal(&cfg); err != nil {
			log.Fatal(err)
		}

		printConfig(cfg)
	},
}

func init() {
	rootCmd.AddCommand(configCmd)
}

func printConfig(config Config) error {
	buf, err := json.MarshalIndent(config, "", "  ")
	if err != nil {
		return err
	}

	fmt.Println(string(buf))

	return nil
}

var cfgFile string

// rootCmd represents the base command when called without any subcommands
var rootCmd = &cobra.Command{
	Use:   "agecem-org",
	Short: "Application du site web de l'AGECEM",
	Long:  "Application du site web de l'AGECEM, l'Association Générale Étudiante du Cégep Édouard-Montpetit.",
}

// Execute adds all child commands to the root command and sets flags appropriately.
// This is called by main.main(). It only needs to happen once to the rootCmd.
func Execute() {
	err := rootCmd.Execute()
	if err != nil {
		os.Exit(1)
	}
}

func init() {
	cobra.OnInitialize(initConfig)

	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.agecem-org.yaml)")
}

// initConfig reads in config file and ENV variables if set.
func initConfig() {
	if cfgFile != "" {
		// Use config file from the flag.
		viper.SetConfigFile(cfgFile)
	} else {
		// Find home directory.
		home, err := os.UserHomeDir()
		cobra.CheckErr(err)

		// Search config in home directory with name ".agecem-org" (without extension).
		viper.AddConfigPath(home)
		viper.SetConfigType("yaml")
		viper.SetConfigName(".agecem-org")
	}

	viper.SetEnvPrefix("AGECEM_ORG")
	viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
	viper.AutomaticEnv() // read in environment variables that match

	// If a config file is found, read it in.
	if err := viper.ReadInConfig(); err == nil {
		fmt.Fprintln(os.Stderr, "Using config file:", viper.ConfigFileUsed())
	}
}

type Template struct {
	templates *template.Template
}

var cfg Config

var (
	publicFS    embed.FS
	templatesFS embed.FS
)

// serverCmd represents the server command
var serverCmd = &cobra.Command{
	Use:   "server",
	Short: "Démarrer le serveur web",
	Run: func(cmd *cobra.Command, args []string) {
		if err := viper.Unmarshal(&cfg); err != nil {
			log.Fatal(err)
		}

		mediaClient, err := NewMediaClientFromViper()
		switch err != nil {
		case true:
			log.Printf("NewMediaClientFromViper error: %s", err)
		case false:
			new_buckets, err := mediaClient.Seed()
			if err != nil {
				log.Printf("(*media.MediaClient).Seed error: %s", err)
			} else {
				log.Printf("Seeded %d buckets.\n", len(new_buckets))
			}
		}

		RunServer()
	},
}

func init() {
	rootCmd.AddCommand(serverCmd)
	publicFS = public.GetPublicFS()
	templatesFS = templates.GetTemplatesFS()

	serpents.Int(serverCmd.Flags(),
		"server.port", "server-port", 8080,
		"Port to run the webserver on")

	// Not currently used
	/*
		// server.documents.location    -    --server-documents-location
		serverCmd.Flags().String("server-documents-location", "us-east", "Storage bucket location (config: server.documents.location)")
		viper.BindPFlag("server.documents.location", serverCmd.Flags().Lookup("server-documents-location"))
	*/

	serpents.String(serverCmd.Flags(),
		"server.documents.endpoint", "server-documents-endpoint", "minio:9000",
		"Storage server endpoint")

	serpents.String(serverCmd.Flags(),
		"server.documents.access_key_id", "server-documents-access-key-id", "agecem-org",
		"Storage server access key id")

	serpents.String(serverCmd.Flags(),
		"server.documents.secret_access_key", "server-documents-secret-access-key", "agecem-org",
		"Storage server secret access key")

	serpents.Bool(serverCmd.Flags(),
		"server.documents.use_ssl", "server-documents-use-ssl", false,
		"Storage server SSL status")

	serpents.StringToString(serverCmd.Flags(),
		"server.documents.buckets", "server-documents-buckets", map[string]string{
			"proces-verbaux": "Procès-verbaux",
			"politiques":     "Politiques",
			"reglements":     "Règlements",
			"formulaires":    "Formulaires",
		},
		"Buckets that are allowed to be accessed by the API")

	serpents.Bool(serverCmd.Flags(),
		"server.api.auth", "server-api-auth", true,
		"Enable to allow key authentication for /v1 routes")

	serpents.String(serverCmd.Flags(),
		"server.api.key", "server-api-key", "agecem-org",
		"Key to use for authenticating to /v1 routes")

	serpents.Int(serverCmd.Flags(),
		"server.api.port", "server-api-port", 8080,
		"API server port")

	serpents.String(serverCmd.Flags(),
		"server.api.protocol", "server-api-protocol", "http",
		"API server protocol (http/https)")

	serpents.String(serverCmd.Flags(),
		"server.api.host", "server-api-host", "localhost",
		"API server host")

	serpents.Bool(serverCmd.Flags(),
		"server.admin.auth", "server-admin-auth", true,
		"Enable to allow basic authentication for /admin routes")

	serpents.String(serverCmd.Flags(),
		"server.admin.username", "server-admin-username", "agecem-org",
		"Username for basic authentication for /admin routes")

	serpents.String(serverCmd.Flags(),
		"server.admin.password", "server-admin-password", "agecem-org",
		"Password for basic authentication for /admin routes")
}

func RunServer() {
	e := echo.New()

	t := &Template{
		templates: template.Must(template.ParseFS(templatesFS, "html/*.html")),
	}

	e.Renderer = t

	e.Pre(middleware.RemoveTrailingSlash())

	groupStatic := e.Group("/public/*")
	groupStatic.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		Root:       "/",
		Filesystem: http.FS(publicFS),
		//TODO
		//Browse:     true,
	}))

	groupV1 := e.Group("/v1")

	groupV1.Use(middleware.AddTrailingSlash())

	if cfg.Server.Api.Auth {
		if len(cfg.Server.Api.Key) < 10 {
			log.Fatal("server.api.auth is enabled, but server.api.key is too small (needs at least 10 characters)")
		}

		groupV1.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) {
			return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.Server.Api.Key)) == 1, nil
		}))

		log.Println("Key auth for /v1 activated")
	}

	groupAdmin := e.Group("/admin")

	groupAdmin.Use(middleware.AddTrailingSlash())

	if cfg.Server.Admin.Auth {
		if len(cfg.Server.Admin.Username) < 5 {
			log.Fatal("server.admin.auth is enabled, but server.admin.username is too small (needs at least 5 characters)")
		}

		if len(cfg.Server.Admin.Password) < 10 {
			log.Fatal("server.admin.auth is enabled, but server.admin.password is too small (needs at least 10 characters)")
		}

		groupAdmin.Use(middleware.BasicAuth(func(username_entered, password_entered string, c echo.Context) (bool, error) {
			// Be careful to use constant time comparison to prevent timing attacks
			if subtle.ConstantTimeCompare([]byte(username_entered), []byte(cfg.Server.Admin.Username)) == 1 &&
				subtle.ConstantTimeCompare([]byte(password_entered), []byte(cfg.Server.Admin.Password)) == 1 {
				return true, nil
			}
			return false, nil
		}))

		log.Println("Basic auth for /admin activated")
	}

	// API Routes
	mediaClient, err := NewMediaClientFromViper()
	if err != nil {
		log.Fatal("Error during NewMediaClientFromViper for API handlers")
	}

	p := pave.New()

	v1Handler := V1Handler{
		Config:      cfg,
		MediaClient: mediaClient,
		Pave:        &p,
	}

	groupV1.GET("", v1Handler.ListRoutes)

	if err := pave.EchoRegister[
		ExecuteSeedRequest,
		ExecuteSeedResponse](groupV1, &p, "/v1", http.MethodPost, "/seed", "Créer buckets manquants définis dans `server.documents.buckets`", "ExecuteSeed", v1Handler.ExecuteSeed); err != nil {
		log.Fatal(err)
	}

	if err := pave.EchoRegister[
		UpdateDocumentKeyRequest,
		UpdateDocumentKeyResponse](groupV1, &p, "/v1", http.MethodPut, "/bucket/:bucket/:document/key", "Renommer un document", "UpdateDocumentKey", v1Handler.UpdateDocumentKey); err != nil {

		log.Fatal(err)
	}

	if err := pave.EchoRegister[
		ReadSpecRequest,
		ReadSpecResponse](groupV1, &p, "/v1", http.MethodGet, "/spec", DescriptionV1SpecGET, "SpecRead", v1Handler.ReadSpec); err != nil {
		log.Fatal(err)
	}

	if err := pave.EchoRegister[
		ListBucketsRequest,
		ListBucketsResponse](groupV1, &p, "/v1", http.MethodGet, "/bucket", "List buckets", "ListBuckets", v1Handler.ListBuckets); err != nil {
		log.Fatal(err)
	}

	if err := pave.EchoRegister[
		ReadBucketRequest,
		ReadBucketResponse](groupV1, &p, "/v1", http.MethodGet, "/bucket/:bucket", "Read bucket content", "ReadBucket", v1Handler.ReadBucket); err != nil {
		log.Fatal(err)
	}

	if err := pave.EchoRegister[
		CreateDocumentsRequest,
		CreateDocumentsResponse](groupV1, &p, "/v1", http.MethodPost, "/bucket/:bucket/many", "Upload documents to specified bucket", "CreateDocuments", v1Handler.CreateDocuments); err != nil {
		log.Fatal(err)
	}

	if err := pave.EchoRegister[
		CreateDocumentRequest,
		CreateDocumentResponse](groupV1, &p, "/v1", http.MethodPost, "/bucket/:bucket", "Upload document to specified bucket", "CreateDocument", v1Handler.CreateDocument); err != nil {
		log.Fatal(err)
	}

	// Do not move to pave, uses echo.Stream instead of echo.JSON
	groupV1.GET("/bucket/:bucket/:document", v1Handler.ReadDocument)

	if err := pave.EchoRegister[
		DeleteDocumentRequest,
		DeleteDocumentResponse](groupV1, &p, "/v1", http.MethodDelete, "/bucket/:bucket/:document", "Delete document in specified bucket", "DeleteDocument", v1Handler.DeleteDocument); err != nil {
		log.Fatal(err)
	}

	// HTML Routes
	client := http.DefaultClient
	defer client.CloseIdleConnections()

	apiClient, err := NewAPIClientFromViper(client)
	if err != nil {
		log.Fatal(err)
	}

	webHandler := WebHandler{
		ApiClient: apiClient,
	}

	e.GET("/", HandleIndex)

	//e.GET("/a-propos", HandleAPropos)

	//e.GET("/actualite", HandleActualite)

	//e.GET("/actualite/:article", HandleActualiteArticle)

	e.GET("/vie-etudiante", HandleVieEtudiante)

	e.GET("/vie-etudiante/:organisme", HandleVieEtudianteOrganisme)

	e.GET("/documentation", webHandler.HandleDocumentation)

	e.GET("/formulaires", HandleFormulaires)

	// Public Routes

	e.GET("/public/documentation/:bucket/:document", webHandler.HandlePublicDocumentation)

	// Admin Routes

	groupAdmin.GET("", HandleAdmin)

	groupAdmin.GET("/documents/upload", webHandler.HandleAdminDocumentsUpload)

	groupAdmin.POST("/documents/upload", webHandler.HandleAdminDocumentsUploadPOST)

	e.Logger.Fatal(e.Start(
		fmt.Sprintf(":%d", cfg.Server.Port)))
}

func (t *Template) Render(w io.Writer, name string, data interface{}, c echo.Context) error {
	return t.templates.ExecuteTemplate(w, name, data)
}

// versionCmd represents the version command
var versionCmd = &cobra.Command{
	Use:   "version",
	Short: "Print version registered at build time",
	Run: func(cmd *cobra.Command, args []string) {
		fmt.Println("agecem-org", version.Version())
	},
}

func init() {
	rootCmd.AddCommand(versionCmd)
}