/* Copyright © 2023 AGECEM */ package cmd import ( "context" "crypto/subtle" "encoding/json" "fmt" "log" "regexp" "embed" "html/template" "io" "net/http" "sort" "github.com/minio/minio-go/v7" "github.com/minio/minio-go/v7/pkg/credentials" "github.com/spf13/cobra" "github.com/spf13/viper" "git.agecem.com/agecem/agecem-org/api" "git.agecem.com/agecem/agecem-org/config" "git.agecem.com/agecem/agecem-org/public" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" ) type Template struct { templates *template.Template } var cfg config.Config var embedFS embed.FS // serverCmd represents the server command var serverCmd = &cobra.Command{ Use: "server", Short: "Démarrer le serveur web", Run: func(cmd *cobra.Command, args []string) { if err := viper.Unmarshal(&cfg); err != nil { log.Fatal(err) } RunServer() }, } func init() { rootCmd.AddCommand(serverCmd) embedFS = public.GetEmbedFS() // server.port - --server-port serverCmd.Flags().Int("server-port", 8080, "Port to run the webserver on (config: server.port)") viper.BindPFlag("server.port", serverCmd.Flags().Lookup("server-port")) // Not currently used /* // server.documents.location - --server-documents-location serverCmd.Flags().String("server-documents-location", "us-east", "Storage bucket location (config: server.documents.location)") viper.BindPFlag("server.documents.location", serverCmd.Flags().Lookup("server-documents-location")) */ // server.documents.endpoint - --server-documents-endpoint serverCmd.Flags().String("server-documents-endpoint", "minio:9000", "Storage server endpoint (config: server.documents.endpoint)") viper.BindPFlag("server.documents.endpoint", serverCmd.Flags().Lookup("server-documents-endpoint")) // server.documents.access_key_id - --server-documents-access-key-id serverCmd.Flags().String("server-documents-access-key-id", "", "Storage server access key id (config: server.documents.access_key_id)") viper.BindPFlag("server.documents.access_key_id", serverCmd.Flags().Lookup("server-documents-access-key-id")) // server.documents.secret_access_key - --server-documents-secret-access-key serverCmd.Flags().String("server-documents-secret-access-key", "", "Storage server secret access key (config: server.documents.secret_access_key)") viper.BindPFlag("server.documents.secret_access_key", serverCmd.Flags().Lookup("server-documents-secret-access-key")) // server.documents.use_ssl - --server-documents-use-ssl serverCmd.Flags().Bool("server-documents-use-ssl", true, "Storage server SSL status (config: server.documents.use_ssl)") viper.BindPFlag("server.documents.use_ssl", serverCmd.Flags().Lookup("server-documents-use-ssl")) // server.documents.buckets - --server-documents-buckets serverCmd.Flags().StringSlice("server-documents-buckets", nil, "Buckets that are allowed to be accessed by the API (config: server.documents.buckets)") viper.BindPFlag("server.documents.buckets", serverCmd.Flags().Lookup("server-documents-buckets")) // server.api.auth - --server-api-auth serverCmd.Flags().Bool("server-api-auth", false, "Enable to allow key authentication for /v1 routes (config: server.api.auth)") viper.BindPFlag("server.api.auth", serverCmd.Flags().Lookup("server-api-auth")) // server.api.key - --server-api-key serverCmd.Flags().String("server-api-key", "", "Key to use for authenticating to /v1 routes") viper.BindPFlag("server.api.key", serverCmd.Flags().Lookup("server-api-key")) // server.admin.auth - --server-admin-auth serverCmd.Flags().Bool("server-admin-auth", false, "Enable to allow basic authentication for /admin routes (config: server.admin.auth)") viper.BindPFlag("server.admin.auth", serverCmd.Flags().Lookup("server-admin-auth")) // server.admin.username - --server-admin-username serverCmd.Flags().String("server-admin-username", "", "Username for basic authentication for /admin routes (config: server.admin.username)") viper.BindPFlag("server.admin.username", serverCmd.Flags().Lookup("server-admin-username")) // server.admin.password - --server-admin-password serverCmd.Flags().String("server-admin-password", "", "Password for basic authentication for /admin routes (config: server.admin.password)") viper.BindPFlag("server.admin.password", serverCmd.Flags().Lookup("server-admin-password")) } func RunServer() { e := echo.New() t := &Template{ templates: template.Must(template.ParseFS(embedFS, "html/*.gohtml")), } e.Renderer = t e.Pre(middleware.RemoveTrailingSlash()) groupV1 := e.Group("/v1") groupV1.Use(middleware.AddTrailingSlash()) if cfg.Server.Api.Auth { if len(cfg.Server.Api.Key) < 10 { log.Fatal("server.api.auth is enabled, but server.api.key is too small (needs at least 10 characters)") } groupV1.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) { return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.Server.Api.Key)) == 1, nil })) log.Println("Key auth for /v1 activated") } groupAdmin := e.Group("/admin") groupAdmin.Use(middleware.AddTrailingSlash()) if cfg.Server.Admin.Auth { if len(cfg.Server.Admin.Username) < 5 { log.Fatal("server.admin.auth is enabled, but server.admin.username is too small (needs at least 5 characters)") } if len(cfg.Server.Admin.Password) < 10 { log.Fatal("server.admin.auth is enabled, but server.admin.password is too small (needs at least 10 characters)") } groupAdmin.Use(middleware.BasicAuth(func(username_entered, password_entered string, c echo.Context) (bool, error) { // Be careful to use constant time comparison to prevent timing attacks if subtle.ConstantTimeCompare([]byte(username_entered), []byte(cfg.Server.Admin.Username)) == 1 && subtle.ConstantTimeCompare([]byte(password_entered), []byte(cfg.Server.Admin.Password)) == 1 { return true, nil } return false, nil })) log.Println("Basic auth for /admin activated") } // API Routes groupV1.GET("", handleV1) groupV1.POST("/seed", handleV1Seed) groupV1.GET("/bucket", handleV1BucketList) groupV1.GET("/bucket/:bucket", handleV1BucketRead) groupV1.POST("/bucket/:bucket", handleV1DocumentCreate) groupV1.GET("/bucket/:bucket/:document", handleV1DocumentRead) groupV1.PUT("/bucket/:bucket/:document", handleV1DocumentUpdate) groupV1.DELETE("/bucket/:bucket/:document", handleV1DocumentDelete) // Static Routes e.GET("/static/general.css", handleStaticCSSGeneral) e.GET("/static/index.css", handleStaticCSSIndex) // HTML Routes e.GET("/", handleIndex) e.GET("/a-propos", handleAPropos) e.GET("/actualite", handleActualite) e.GET("/actualite/:article", handleActualiteArticle) e.GET("/vie-etudiante", handleVieEtudiante) e.GET("/vie-etudiante/:organisme", handleVieEtudianteOrganisme) e.GET("/documentation", handleDocumentation) e.GET("/formulaires", handleFormulaires) // Public Routes e.GET("/public/documentation/:bucket/:document", handlePublicDocumentation) // Admin Routes groupAdmin.GET("", handleAdmin) groupAdmin.GET("/documents/upload", handleAdminDocumentsUpload) groupAdmin.POST("/documents/upload", handleAdminDocumentsUploadPOST) e.Logger.Fatal(e.Start( fmt.Sprintf(":%d", cfg.Server.Port))) } func (t *Template) Render(w io.Writer, name string, data interface{}, c echo.Context) error { return t.templates.ExecuteTemplate(w, name, data) } // API Handlers // handleV1 affiche les routes accessibles. // Les routes sont triées selon .Path, pour les rendre plus facilement navigables. func handleV1(c echo.Context) error { routes := c.Echo().Routes() sort.Slice(routes, func(i, j int) bool { return routes[i].Path < routes[j].Path }) return c.JSON(http.StatusOK, routes) } // handleV1Seed créé des buckets dans minio selon la liste de buckets dans server.documents.buckets // Les buckets sont créés avec paramètres par défaut, et sont ensuite visible dans /v1/bucket. func handleV1Seed(c echo.Context) error { // Initialize minio client object client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{ Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""), Secure: cfg.Server.Documents.UseSSL, }) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#New", "error": err.Error(), }) } var new_buckets []string for _, bucket := range cfg.Server.Documents.Buckets { exists, err := client.BucketExists(context.Background(), bucket) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#BucketExists", "error": err.Error(), }) } if exists { continue } if err = client.MakeBucket(context.Background(), bucket, minio.MakeBucketOptions{}); err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#MakeBucket", "error": err.Error(), }) } new_buckets = append(new_buckets, bucket) } var message string if len(new_buckets) == 0 { message = "All buckets already exist" } else { message = "Buckets successfully created" } return c.JSON(http.StatusOK, map[string]interface{}{ "message": message, "buckets": new_buckets, }) } // handleV1BucketList affiche les buckets permis par server.documents.buckets, qui existent. func handleV1BucketList(c echo.Context) error { // Initialize minio client object client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{ Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""), Secure: cfg.Server.Documents.UseSSL, }) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#New", }) } var buckets []string for _, bucket_name := range cfg.Server.Documents.Buckets { exists, err := client.BucketExists(context.Background(), bucket_name) if err != nil { return c.JSON(http.StatusInternalServerError, "Error during minio#BucketExists") } if exists { buckets = append(buckets, bucket_name) } } return c.JSON(http.StatusOK, buckets) } func handleV1BucketRead(c echo.Context) error { bucket := c.Param("bucket") allowed := false for _, bucket_allowed := range cfg.Server.Documents.Buckets { if bucket == bucket_allowed { allowed = true } } if !allowed { /* return c.JSON(http.StatusBadRequest, map[string]string{ "message": "Bucket is not allowed in server.documents.buckets", }) */ return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } ctx, cancel := context.WithCancel(context.Background()) defer cancel() // Initialize minio client object client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{ Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""), Secure: cfg.Server.Documents.UseSSL, }) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#New", }) } exists, err := client.BucketExists(ctx, bucket) if err != nil { return c.JSON(http.StatusInternalServerError, "Error during minio#BucketExists") } if !exists { return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } var keys []string objectCh := client.ListObjects(ctx, bucket, minio.ListObjectsOptions{}) for object := range objectCh { if object.Err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#ListObjects", }) } keys = append(keys, object.Key) } return c.JSON(http.StatusOK, keys) } // handleV1DocumentCreate permet d'ajouter un object dans un bucket, par multipart/form-data func handleV1DocumentCreate(c echo.Context) error { bucket := c.Param("bucket") form_file, err := c.FormFile("document") if err != nil { return c.JSON(http.StatusBadRequest, map[string]interface{}{ "message": "Error during handleV1DocumentCreate's echo#Context.FormFile", "error": err, }) } allowed := false for _, bucket_allowed := range cfg.Server.Documents.Buckets { if bucket == bucket_allowed { allowed = true } } if !allowed { return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } ctx, cancel := context.WithCancel(context.Background()) defer cancel() // Initialize minio client object client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{ Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""), Secure: cfg.Server.Documents.UseSSL, }) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#New", }) } src, err := form_file.Open() if err != nil { return err } defer src.Close() reg, err := regexp.Compile("[^.a-zA-Z0-9_-]+") if err != nil { return c.Render(http.StatusInternalServerError, "documentation-html", nil) } filename_processed := reg.ReplaceAllString(form_file.Filename, "") info, err := client.PutObject(ctx, bucket, filename_processed, src, form_file.Size, minio.PutObjectOptions{ ContentType: form_file.Header.Get("Content-Type"), }) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#PutObject", }) } return c.JSON(http.StatusOK, map[string]interface{}{ "message": "ok", "info": map[string]interface{}{ "bucket": info.Bucket, "key": info.Key, "size": info.Size, }, }) } // handleV1DocumentRead permet de lire le contenu d'un fichier et protentiellement de le télécharger func handleV1DocumentRead(c echo.Context) error { bucket := c.Param("bucket") document := c.Param("document") allowed := false for _, bucket_allowed := range cfg.Server.Documents.Buckets { if bucket == bucket_allowed { allowed = true } } if !allowed { /* return c.JSON(http.StatusBadRequest, map[string]string{ "message": "Bucket is not allowed in server.documents.buckets", }) */ return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } ctx, cancel := context.WithCancel(context.Background()) defer cancel() // Initialize minio client object client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{ Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""), Secure: cfg.Server.Documents.UseSSL, }) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#New", }) } bucket_exists, err := client.BucketExists(ctx, bucket) if err != nil { return c.JSON(http.StatusInternalServerError, "Error during minio#BucketExists") } if !bucket_exists { return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{}) if err != nil { if err.Error() == "The specified key does not exist." { return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } return c.JSON(http.StatusInternalServerError, map[string]interface{}{ "message": "Error during minio#StatObject", }) } _ = document_info document_object, err := client.GetObject(ctx, bucket, document, minio.GetObjectOptions{}) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#GetObject", }) } defer document_object.Close() return c.Stream(http.StatusOK, document_info.ContentType, document_object) } // handleV1DocumentUpdate permet de mettre à jour certains champs d'un object, comme le Content-Type ou le Filename func handleV1DocumentUpdate(c echo.Context) error { return c.JSON(http.StatusNotImplemented, map[string]string{ "message": "Not Implemented", }) } // handleV1DocumentDelete permet de supprimer un object func handleV1DocumentDelete(c echo.Context) error { bucket := c.Param("bucket") document := c.Param("document") allowed := false for _, bucket_allowed := range cfg.Server.Documents.Buckets { if bucket == bucket_allowed { allowed = true } } if !allowed { /* return c.JSON(http.StatusBadRequest, map[string]string{ "message": "Bucket is not allowed in server.documents.buckets", }) */ return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } ctx, cancel := context.WithCancel(context.Background()) defer cancel() // Initialize minio client object client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{ Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""), Secure: cfg.Server.Documents.UseSSL, }) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#New", }) } bucket_exists, err := client.BucketExists(ctx, bucket) if err != nil { return c.JSON(http.StatusInternalServerError, "Error during minio#BucketExists") } if !bucket_exists { return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{}) if err != nil { if err.Error() == "The specified key does not exist." { return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } return c.JSON(http.StatusInternalServerError, map[string]interface{}{ "message": "Error during minio#StatObject", }) } //TODO Add error validation _ = document_info err = client.RemoveObject(ctx, bucket, document, minio.RemoveObjectOptions{}) if err != nil { return c.JSON(http.StatusInternalServerError, map[string]string{ "message": "Error during minio#RemoveObject", }) } return c.JSON(http.StatusOK, map[string]string{ "message": "Document deleted", }) } // HTML Handlers func handleIndex(c echo.Context) error { return c.Render(http.StatusOK, "index-html", nil) } func handleAPropos(c echo.Context) error { return c.Render(http.StatusOK, "a-propos-html", nil) } func handleActualite(c echo.Context) error { return c.Render(http.StatusOK, "actualite-html", nil) } func handleActualiteArticle(c echo.Context) error { article := c.Param("article") return c.String(http.StatusOK, fmt.Sprintf("Article: %s", article)) } func handleVieEtudiante(c echo.Context) error { return c.Render(http.StatusOK, "vie-etudiante-html", nil) } func handleVieEtudianteOrganisme(c echo.Context) error { organisme := c.Param("organisme") return c.String(http.StatusOK, fmt.Sprintf("Organisme: %s", organisme)) } func handleDocumentation(c echo.Context) error { client, err := api.New("http", "localhost", cfg.Server.Port, api.APIOptions{ KeyAuth: cfg.Server.Api.Auth, Key: cfg.Server.Api.Key, }) if err != nil { return c.Render(http.StatusInternalServerError, "documentation-html", nil) } result, err := client.Call(http.MethodGet, "/v1/bucket") if err != nil { return c.Render(http.StatusInternalServerError, "documentation-html", nil) } var buckets []string err = json.Unmarshal(result, &buckets) if err != nil { return c.Render(http.StatusInternalServerError, "documentation-html", nil) } type Bucket struct { Name string Documents []string } var data []Bucket for _, bucket := range buckets { content, err := client.Call(http.MethodGet, fmt.Sprintf("/v1/bucket/%s", bucket)) if err != nil { return c.Render(http.StatusInternalServerError, "documentation-html", nil) } var documents []string err = json.Unmarshal(content, &documents) if err != nil { return c.Render(http.StatusInternalServerError, "documentation-html", nil) } // Ce bloc retire tous les caractères spéciaux d'une string // N'est pas présentement activé, car les fichiers sont processed // à la création de toute façon. /* reg, err := regexp.Compile("[^.a-zA-Z0-9_-]+") if err != nil { return c.Render(http.StatusInternalServerError, "documentation-html", nil) } var documents_processed []string for _, document := range documents { document_processed := reg.ReplaceAllString(document, "") documents_processed = append(documents_processed, document_processed) } */ documents_processed := documents data = append(data, Bucket{ Name: bucket, Documents: documents_processed, }) } return c.Render(http.StatusOK, "documentation-html", data) } func handleFormulaires(c echo.Context) error { return c.Render(http.StatusOK, "formulaires-html", nil) } func handlePublicDocumentation(c echo.Context) error { client, err := api.New("http", "localhost", cfg.Server.Port, api.APIOptions{ KeyAuth: cfg.Server.Api.Auth, Key: cfg.Server.Api.Key, }) if err != nil { return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } bucket := c.Param("bucket") document := c.Param("document") result, err := client.Call(http.MethodGet, fmt.Sprintf("/v1/bucket/%s/%s", bucket, document)) if err != nil { return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"}) } // Check if result can fit inside a map containing a message var result_map map[string]string err = json.Unmarshal(result, &result_map) if err == nil { return c.JSON(http.StatusBadRequest, result_map) } return c.Blob(http.StatusOK, "application/octet-stream", result) } func handleAdmin(c echo.Context) error { return c.Render(http.StatusOK, "admin-html", nil) } func handleAdminDocumentsUpload(c echo.Context) error { return c.Render(http.StatusOK, "admin-upload-html", nil) } func handleAdminDocumentsUploadPOST(c echo.Context) error { client, err := api.New("http", "localhost", cfg.Server.Port, api.APIOptions{ KeyAuth: cfg.Server.Api.Auth, Key: cfg.Server.Api.Key, BasicAuth: cfg.Server.Admin.Auth, Username: cfg.Server.Admin.Username, Password: cfg.Server.Admin.Password, }) if err != nil { return c.Render(http.StatusInternalServerError, "admin-upload-html", struct{ Message string }{Message: fmt.Sprintf("handleAdminDocumentsUploadPOST#api.New: %s", err)}) } bucket := c.FormValue("bucket") document, err := c.FormFile("document") if err != nil { return c.Render(http.StatusBadRequest, "admin-upload-html", struct{ Message string }{Message: fmt.Sprintf("handleAdminDocumentsUploadPOST#c.FormFile: %s", err)}) } response, err := client.UploadDocument(bucket, document) if err != nil { return c.Render(http.StatusInternalServerError, "admin-upload-html", struct{ Message string }{Message: fmt.Sprintf("handleAdminDocumentsUploadPOST#client.UploadDocument: %s", err)}) } // Format response var message, info, status string info = fmt.Sprintf("[%.0f] /public/documentation/%s/%s", response.Info.Size, response.Info.Bucket, response.Info.Object) status = response.Message message = fmt.Sprintf("%s - %s", status, info) return c.Render(http.StatusOK, "admin-upload-html", struct{ Message string }{Message: message}) } // CSS Handlers func handleStaticCSSIndex(c echo.Context) error { // TODO Ajouter gestion d'erreurs data, _ := embedFS.ReadFile("css/index.css") return c.Blob(http.StatusOK, "text/css", data) } func handleStaticCSSGeneral(c echo.Context) error { // TODO Ajouter gestion d'erreurs data, _ := embedFS.ReadFile("css/general.css") return c.Blob(http.StatusOK, "text/css", data) }