agecem-org/cmd/server.go

/*
Copyright © 2023 AGECEM
*/
package cmd

import (
	"crypto/subtle"
	"encoding/json"
	"fmt"
	"log"

	"embed"
	"html/template"
	"io"
	"net/http"

	"github.com/spf13/cobra"
	"github.com/spf13/viper"

	"git.agecem.com/agecem/agecem-org/api"
	"git.agecem.com/agecem/agecem-org/config"
	"git.agecem.com/agecem/agecem-org/media"
	"git.agecem.com/agecem/agecem-org/public"
	"git.agecem.com/agecem/agecem-org/serverhandlers"
	"git.agecem.com/agecem/agecem-org/templates"
	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
)

type Template struct {
	templates *template.Template
}

var cfg config.Config

var (
	publicFS    embed.FS
	templatesFS embed.FS
)

// serverCmd represents the server command
var serverCmd = &cobra.Command{
	Use:   "server",
	Short: "Démarrer le serveur web",
	Run: func(cmd *cobra.Command, args []string) {
		if err := viper.Unmarshal(&cfg); err != nil {
			log.Fatal(err)
		}

		mediaClient, err := media.NewMediaClientFromViper()
		if err != nil {
			log.Fatal(err)
		}

		new_buckets, err := mediaClient.Seed()
		if err != nil {
			log.Fatal(err)
		}

		log.Printf("Seeded %d buckets.\n", len(new_buckets))

		RunServer()
	},
}

func init() {
	rootCmd.AddCommand(serverCmd)
	publicFS = public.GetPublicFS()
	templatesFS = templates.GetTemplatesFS()

	// server.port    -    --server-port
	serverCmd.Flags().Int("server-port", 8080, "Port to run the webserver on (config: server.port)")
	viper.BindPFlag("server.port", serverCmd.Flags().Lookup("server-port"))

	// Not currently used
	/*
		// server.documents.location    -    --server-documents-location
		serverCmd.Flags().String("server-documents-location", "us-east", "Storage bucket location (config: server.documents.location)")
		viper.BindPFlag("server.documents.location", serverCmd.Flags().Lookup("server-documents-location"))
	*/

	// server.documents.endpoint    -    --server-documents-endpoint
	serverCmd.Flags().String("server-documents-endpoint", "minio:9000", "Storage server endpoint (config: server.documents.endpoint)")
	viper.BindPFlag("server.documents.endpoint", serverCmd.Flags().Lookup("server-documents-endpoint"))

	// server.documents.access_key_id    -    --server-documents-access-key-id
	serverCmd.Flags().String("server-documents-access-key-id", "agecem-org", "Storage server access key id (config: server.documents.access_key_id)")
	viper.BindPFlag("server.documents.access_key_id", serverCmd.Flags().Lookup("server-documents-access-key-id"))

	// server.documents.secret_access_key    -    --server-documents-secret-access-key
	serverCmd.Flags().String("server-documents-secret-access-key", "agecem-org", "Storage server secret access key (config: server.documents.secret_access_key)")
	viper.BindPFlag("server.documents.secret_access_key", serverCmd.Flags().Lookup("server-documents-secret-access-key"))

	// server.documents.use_ssl    -    --server-documents-use-ssl
	serverCmd.Flags().Bool("server-documents-use-ssl", false, "Storage server SSL status (config: server.documents.use_ssl)")
	viper.BindPFlag("server.documents.use_ssl", serverCmd.Flags().Lookup("server-documents-use-ssl"))

	// server.documents.buckets    -    --server-documents-buckets
	serverCmd.Flags().StringToString("server-documents-buckets", map[string]string{
		"proces-verbaux": "Procès-verbaux",
		"politiques":     "Politiques",
		"reglements":     "Règlements",
		"formulaires":    "Formulaires",
	}, "Buckets that are allowed to be accessed by the API (config: server.documents.buckets)")
	viper.BindPFlag("server.documents.buckets", serverCmd.Flags().Lookup("server-documents-buckets"))

	// server.api.auth    -    --server-api-auth
	serverCmd.Flags().Bool("server-api-auth", true, "Enable to allow key authentication for /v1 routes (config: server.api.auth)")
	viper.BindPFlag("server.api.auth", serverCmd.Flags().Lookup("server-api-auth"))

	// server.api.key    -    --server-api-key
	serverCmd.Flags().String("server-api-key", "agecem-org", "Key to use for authenticating to /v1 routes")
	viper.BindPFlag("server.api.key", serverCmd.Flags().Lookup("server-api-key"))

	// server.api.port
	serverCmd.Flags().Int("server-api-port", 8080, "API server port (config: server.api.port)")
	viper.BindPFlag("server.api.port", serverCmd.Flags().Lookup("server-api-port"))

	// server.api.protocol
	serverCmd.Flags().String("server-api-protocol", "http", "API server protocol (http/https) (config: server.api.protocol)")
	viper.BindPFlag("server.api.protocol", serverCmd.Flags().Lookup("server-api-protocol"))

	// server.api.host
	serverCmd.Flags().String("server-api-host", "localhost", "API server host (config: server.api.host)")
	viper.BindPFlag("server.api.host", serverCmd.Flags().Lookup("server-api-host"))

	// server.admin.auth    -    --server-admin-auth
	serverCmd.Flags().Bool("server-admin-auth", true, "Enable to allow basic authentication for /admin routes (config: server.admin.auth)")
	viper.BindPFlag("server.admin.auth", serverCmd.Flags().Lookup("server-admin-auth"))

	// server.admin.username    -    --server-admin-username
	serverCmd.Flags().String("server-admin-username", "agecem-org", "Username for basic authentication for /admin routes (config: server.admin.username)")
	viper.BindPFlag("server.admin.username", serverCmd.Flags().Lookup("server-admin-username"))

	// server.admin.password    -    --server-admin-password
	serverCmd.Flags().String("server-admin-password", "agecem-org", "Password for basic authentication for /admin routes (config: server.admin.password)")
	viper.BindPFlag("server.admin.password", serverCmd.Flags().Lookup("server-admin-password"))
}

func RunServer() {
	e := echo.New()

	t := &Template{
		templates: template.Must(template.ParseFS(templatesFS, "html/*.gohtml")),
	}

	e.Renderer = t

	e.Pre(middleware.RemoveTrailingSlash())

	groupStatic := e.Group("/public/*")
	groupStatic.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		Root:       "/",
		Filesystem: http.FS(publicFS),
		//TODO
		//Browse:     true,
	}))

	groupV1 := e.Group("/v1")

	groupV1.Use(middleware.AddTrailingSlash())

	if cfg.Server.Api.Auth {
		if len(cfg.Server.Api.Key) < 10 {
			log.Fatal("server.api.auth is enabled, but server.api.key is too small (needs at least 10 characters)")
		}

		groupV1.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) {
			return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.Server.Api.Key)) == 1, nil
		}))

		log.Println("Key auth for /v1 activated")
	}

	groupAdmin := e.Group("/admin")

	groupAdmin.Use(middleware.AddTrailingSlash())

	if cfg.Server.Admin.Auth {
		if len(cfg.Server.Admin.Username) < 5 {
			log.Fatal("server.admin.auth is enabled, but server.admin.username is too small (needs at least 5 characters)")
		}

		if len(cfg.Server.Admin.Password) < 10 {
			log.Fatal("server.admin.auth is enabled, but server.admin.password is too small (needs at least 10 characters)")
		}

		groupAdmin.Use(middleware.BasicAuth(func(username_entered, password_entered string, c echo.Context) (bool, error) {
			// Be careful to use constant time comparison to prevent timing attacks
			if subtle.ConstantTimeCompare([]byte(username_entered), []byte(cfg.Server.Admin.Username)) == 1 &&
				subtle.ConstantTimeCompare([]byte(password_entered), []byte(cfg.Server.Admin.Password)) == 1 {
				return true, nil
			}
			return false, nil
		}))

		log.Println("Basic auth for /admin activated")
	}

	// API Routes

	groupV1.GET("", serverhandlers.HandleV1)

	groupV1.POST("/seed", serverhandlers.HandleV1Seed)

	groupV1.GET("/bucket", serverhandlers.HandleV1BucketList)

	groupV1.GET("/bucket/:bucket", serverhandlers.HandleV1BucketRead)

	groupV1.POST("/bucket/:bucket", serverhandlers.HandleV1DocumentCreate)

	groupV1.GET("/bucket/:bucket/:document", serverhandlers.HandleV1DocumentRead)

	groupV1.PUT("/bucket/:bucket/:document", serverhandlers.HandleV1DocumentUpdate)

	groupV1.DELETE("/bucket/:bucket/:document", serverhandlers.HandleV1DocumentDelete)

	// HTML Routes

	e.GET("/", handleIndex)

	//e.GET("/a-propos", handleAPropos)

	//e.GET("/actualite", handleActualite)

	//e.GET("/actualite/:article", handleActualiteArticle)

	e.GET("/vie-etudiante", handleVieEtudiante)

	e.GET("/vie-etudiante/:organisme", handleVieEtudianteOrganisme)

	e.GET("/documentation", handleDocumentation)

	e.GET("/formulaires", handleFormulaires)

	// Public Routes

	e.GET("/public/documentation/:bucket/:document", handlePublicDocumentation)

	// Admin Routes

	groupAdmin.GET("", handleAdmin)

	groupAdmin.GET("/documents/upload", handleAdminDocumentsUpload)

	groupAdmin.POST("/documents/upload", handleAdminDocumentsUploadPOST)

	e.Logger.Fatal(e.Start(
		fmt.Sprintf(":%d", cfg.Server.Port)))
}

func (t *Template) Render(w io.Writer, name string, data interface{}, c echo.Context) error {
	return t.templates.ExecuteTemplate(w, name, data)
}

// HTML Handlers

func handleIndex(c echo.Context) error {
	return c.Render(http.StatusOK, "index-html", nil)
}

/*
func handleAPropos(c echo.Context) error {
	return c.Render(http.StatusOK, "a-propos-html", nil)
}
*/

/*
func handleActualite(c echo.Context) error {
	return c.Render(http.StatusOK, "actualite-html", nil)
}
*/

/*
func handleActualiteArticle(c echo.Context) error {
	article := c.Param("article")
	return c.String(http.StatusOK, fmt.Sprintf("Article: %s", article))
}
*/

func handleVieEtudiante(c echo.Context) error {
	return c.Render(http.StatusOK, "vie-etudiante-html", nil)
}

func handleVieEtudianteOrganisme(c echo.Context) error {
	organisme := c.Param("organisme")
	return c.String(http.StatusOK, fmt.Sprintf("Organisme: %s", organisme))
}

func handleDocumentation(c echo.Context) error {
	client, err := api.NewApiClientFromViper()
	if err != nil {
		return c.Render(http.StatusInternalServerError, "documentation-html", nil)
	}

	result, err := client.Call(http.MethodGet, "/v1/bucket")
	if err != nil {
		return c.Render(http.StatusInternalServerError, "documentation-html", nil)
	}

	var buckets map[string]string

	err = json.Unmarshal(result, &buckets)
	if err != nil {
		return c.Render(http.StatusInternalServerError, "documentation-html", nil)
	}

	type Bucket struct {
		Name        string
		DisplayName string
		Documents   []string
	}

	var data []Bucket

	for bucket, displayName := range buckets {
		content, err := client.Call(http.MethodGet, fmt.Sprintf("/v1/bucket/%s", bucket))
		if err != nil {
			return c.Render(http.StatusInternalServerError, "documentation-html", nil)
		}

		var documents []string

		err = json.Unmarshal(content, &documents)
		if err != nil {
			return c.Render(http.StatusInternalServerError, "documentation-html", nil)
		}

		// Ce bloc retire tous les caractères spéciaux d'une string
		// N'est pas présentement activé, car les fichiers sont processed
		// à la création de toute façon.
		/*
				reg, err := regexp.Compile("[^.a-zA-Z0-9_-]+")
				if err != nil {
					return c.Render(http.StatusInternalServerError, "documentation-html", nil)
				}

				var documents_processed []string

				for _, document := range documents {
					document_processed := reg.ReplaceAllString(document, "")
					documents_processed = append(documents_processed, document_processed)
				}
			documents_processed := documents
		*/

		data = append(data, Bucket{
			Name:        bucket,
			DisplayName: displayName,
			Documents:   documents,
		})
	}

	return c.Render(http.StatusOK, "documentation-html", data)
}

func handleFormulaires(c echo.Context) error {
	return c.Render(http.StatusOK, "formulaires-html", nil)
}

func handlePublicDocumentation(c echo.Context) error {
	client, err := api.NewApiClientFromViper()
	if err != nil {
		return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
	}

	bucket := c.Param("bucket")
	document := c.Param("document")

	result, err := client.Call(http.MethodGet, fmt.Sprintf("/v1/bucket/%s/%s", bucket, document))
	if err != nil {
		return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
	}

	// Check if result can fit inside a map containing a message
	var result_map map[string]string

	err = json.Unmarshal(result, &result_map)
	if err == nil {
		return c.JSON(http.StatusBadRequest, result_map)
	}

	return c.Blob(http.StatusOK, "application/octet-stream", result)
}

func handleAdmin(c echo.Context) error {
	return c.Render(http.StatusOK, "admin-html", nil)
}

func handleAdminDocumentsUpload(c echo.Context) error {
	client, err := api.NewApiClientFromViper()
	if err != nil {
		return c.Render(http.StatusInternalServerError, "documentation-html", nil)
	}

	result, err := client.Call(http.MethodGet, "/v1/bucket")
	if err != nil {
		return c.Render(http.StatusInternalServerError, "documentation-html", nil)
	}

	var buckets map[string]string

	err = json.Unmarshal(result, &buckets)
	if err != nil {
		return c.Render(http.StatusInternalServerError, "documentation-html", nil)
	}

	type Bucket struct {
		Name        string
		DisplayName string
		Documents   []string
	}

	var data struct {
		Buckets []Bucket
		Message string
	}

	for bucketName, displayName := range buckets {
		data.Buckets = append(data.Buckets, Bucket{
			Name:        bucketName,
			DisplayName: displayName,
		})
	}

	return c.Render(http.StatusOK, "admin-upload-html", data)
}

func handleAdminDocumentsUploadPOST(c echo.Context) error {
	type Bucket struct {
		Name        string
		DisplayName string
		Documents   []string
	}

	var data struct {
		Buckets []Bucket
		Message string
	}

	client, err := api.New(cfg.Server.Api.Protocol, cfg.Server.Api.Host, cfg.Server.Port, api.APIOptions{
		KeyAuth:   cfg.Server.Api.Auth,
		Key:       cfg.Server.Api.Key,
		BasicAuth: cfg.Server.Admin.Auth,
		Username:  cfg.Server.Admin.Username,
		Password:  cfg.Server.Admin.Password,
	})
	if err != nil {
		data.Message = fmt.Sprintf("handleAdminDocumentsUploadPOST#api.New: %s", err)
		return c.Render(http.StatusInternalServerError, "admin-upload-html", data)
	}

	result, err := client.Call(http.MethodGet, "/v1/bucket")
	if err != nil {
		data.Message = "Error during GET /v1/bucket"
		return c.Render(http.StatusInternalServerError, "documentation-html", data)
	}

	var buckets map[string]string

	err = json.Unmarshal(result, &buckets)
	if err != nil {
		return c.Render(http.StatusInternalServerError, "documentation-html", nil)
	}

	for bucketName, displayName := range buckets {
		data.Buckets = append(data.Buckets, Bucket{
			Name:        bucketName,
			DisplayName: displayName,
		})
	}

	bucket := c.FormValue("bucket")

	document, err := c.FormFile("document")
	if err != nil {
		data.Message = fmt.Sprintf("handleAdminDocumentsUploadPOST#c.FormFile: %s", err)
		return c.Render(http.StatusBadRequest, "admin-upload-html", data)
	}

	response, err := client.UploadDocument(bucket, document)
	if err != nil {
		data.Message = fmt.Sprintf("handleAdminDocumentsUploadPOST#client.UploadDocument: %s", err)
		return c.Render(http.StatusInternalServerError, "admin-upload-html", data)
	}

	// Format response
	var info, status string

	info = fmt.Sprintf("[%.0f] /public/documentation/%s/%s", response.Info.Size, response.Info.Bucket, response.Info.Object)

	status = response.Message

	data.Message = fmt.Sprintf("%s - %s", status, info)

	return c.Render(http.StatusOK, "admin-upload-html", data)
}