agecem/agecem-org
4
1
Fork 0
Code Issues 31 Pull requests 2 Activity
agecem-org/cmd/server.go

778 lines
23 KiB
Go
Raw Blame History

/*
Copyright © 2023 AGECEM
*/
package cmd
import (
"context"
"crypto/subtle"
"encoding/json"
"fmt"
"log"
"regexp"
"embed"
"html/template"
"io"
"net/http"
"sort"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"git.agecem.com/agecem/agecem-org/api"
"git.agecem.com/agecem/agecem-org/config"
"git.agecem.com/agecem/agecem-org/public"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
)
type Template struct {
templates *template.Template
}
var cfg config.Config
var embedFS embed.FS
// serverCmd represents the server command
var serverCmd = &cobra.Command{
Use: "server",
Short: "Démarrer le serveur web",
Run: func(cmd *cobra.Command, args []string) {
if err := viper.Unmarshal(&cfg); err != nil {
log.Fatal(err)
}
RunServer()
},
}
func init() {
rootCmd.AddCommand(serverCmd)
embedFS = public.GetEmbedFS()
// server.port - --server-port
serverCmd.Flags().Int("server-port", 8080, "Port to run the webserver on (config: server.port)")
viper.BindPFlag("server.port", serverCmd.Flags().Lookup("server-port"))
// Not currently used
/*
// server.documents.location - --server-documents-location
serverCmd.Flags().String("server-documents-location", "us-east", "Storage bucket location (config: server.documents.location)")
viper.BindPFlag("server.documents.location", serverCmd.Flags().Lookup("server-documents-location"))
*/
// server.documents.endpoint - --server-documents-endpoint
serverCmd.Flags().String("server-documents-endpoint", "minio:9000", "Storage server endpoint (config: server.documents.endpoint)")
viper.BindPFlag("server.documents.endpoint", serverCmd.Flags().Lookup("server-documents-endpoint"))
// server.documents.access_key_id - --server-documents-access-key-id
serverCmd.Flags().String("server-documents-access-key-id", "", "Storage server access key id (config: server.documents.access_key_id)")
viper.BindPFlag("server.documents.access_key_id", serverCmd.Flags().Lookup("server-documents-access-key-id"))
// server.documents.secret_access_key - --server-documents-secret-access-key
serverCmd.Flags().String("server-documents-secret-access-key", "", "Storage server secret access key (config: server.documents.secret_access_key)")
viper.BindPFlag("server.documents.secret_access_key", serverCmd.Flags().Lookup("server-documents-secret-access-key"))
// server.documents.use_ssl - --server-documents-use-ssl
serverCmd.Flags().Bool("server-documents-use-ssl", true, "Storage server SSL status (config: server.documents.use_ssl)")
viper.BindPFlag("server.documents.use_ssl", serverCmd.Flags().Lookup("server-documents-use-ssl"))
// server.documents.buckets - --server-documents-buckets
serverCmd.Flags().StringSlice("server-documents-buckets", nil, "Buckets that are allowed to be accessed by the API (config: server.documents.buckets)")
viper.BindPFlag("server.documents.buckets", serverCmd.Flags().Lookup("server-documents-buckets"))
// server.api.auth - --server-api-auth
serverCmd.Flags().Bool("server-api-auth", false, "Enable to allow key authentication for /v1 routes (config: server.api.auth)")
viper.BindPFlag("server.api.auth", serverCmd.Flags().Lookup("server-api-auth"))
// server.api.key - --server-api-key
serverCmd.Flags().String("server-api-key", "", "Key to use for authenticating to /v1 routes")
viper.BindPFlag("server.api.key", serverCmd.Flags().Lookup("server-api-key"))
// server.admin.auth - --server-admin-auth
serverCmd.Flags().Bool("server-admin-auth", false, "Enable to allow basic authentication for /admin routes (config: server.admin.auth)")
viper.BindPFlag("server.admin.auth", serverCmd.Flags().Lookup("server-admin-auth"))
// server.admin.username - --server-admin-username
serverCmd.Flags().String("server-admin-username", "", "Username for basic authentication for /admin routes (config: server.admin.username)")
viper.BindPFlag("server.admin.username", serverCmd.Flags().Lookup("server-admin-username"))
// server.admin.password - --server-admin-password
serverCmd.Flags().String("server-admin-password", "", "Password for basic authentication for /admin routes (config: server.admin.password)")
viper.BindPFlag("server.admin.password", serverCmd.Flags().Lookup("server-admin-password"))
}
func RunServer() {
e := echo.New()
t := &Template{
templates: template.Must(template.ParseFS(embedFS, "html/*.gohtml")),
}
e.Renderer = t
e.Pre(middleware.RemoveTrailingSlash())
groupV1 := e.Group("/v1")
groupV1.Use(middleware.AddTrailingSlash())
if cfg.Server.Api.Auth {
if len(cfg.Server.Api.Key) < 10 {
log.Fatal("server.api.auth is enabled, but server.api.key is too small (needs at least 10 characters)")
}
groupV1.Use(middleware.KeyAuth(func(key string, c echo.Context) (bool, error) {
return subtle.ConstantTimeCompare([]byte(key), []byte(cfg.Server.Api.Key)) == 1, nil
}))
log.Println("Key auth for /v1 activated")
}
groupAdmin := e.Group("/admin")
groupAdmin.Use(middleware.AddTrailingSlash())
if cfg.Server.Admin.Auth {
if len(cfg.Server.Admin.Username) < 5 {
log.Fatal("server.admin.auth is enabled, but server.admin.username is too small (needs at least 5 characters)")
}
if len(cfg.Server.Admin.Password) < 10 {
log.Fatal("server.admin.auth is enabled, but server.admin.password is too small (needs at least 10 characters)")
}
groupAdmin.Use(middleware.BasicAuth(func(username_entered, password_entered string, c echo.Context) (bool, error) {
// Be careful to use constant time comparison to prevent timing attacks
if subtle.ConstantTimeCompare([]byte(username_entered), []byte(cfg.Server.Admin.Username)) == 1 &&
subtle.ConstantTimeCompare([]byte(password_entered), []byte(cfg.Server.Admin.Password)) == 1 {
return true, nil
}
return false, nil
}))
log.Println("Basic auth for /admin activated")
}
// API Routes
groupV1.GET("", handleV1)
groupV1.POST("/seed", handleV1Seed)
groupV1.GET("/bucket", handleV1BucketList)
groupV1.GET("/bucket/:bucket", handleV1BucketRead)
groupV1.POST("/bucket/:bucket", handleV1DocumentCreate)
groupV1.GET("/bucket/:bucket/:document", handleV1DocumentRead)
groupV1.PUT("/bucket/:bucket/:document", handleV1DocumentUpdate)
groupV1.DELETE("/bucket/:bucket/:document", handleV1DocumentDelete)
// Static Routes
e.GET("/static/general.css", handleStaticCSSGeneral)
e.GET("/static/index.css", handleStaticCSSIndex)
// HTML Routes
e.GET("/", handleIndex)
e.GET("/a-propos", handleAPropos)
e.GET("/actualite", handleActualite)
e.GET("/actualite/:article", handleActualiteArticle)
e.GET("/vie-etudiante", handleVieEtudiante)
e.GET("/vie-etudiante/:organisme", handleVieEtudianteOrganisme)
e.GET("/documentation", handleDocumentation)
e.GET("/formulaires", handleFormulaires)
// Public Routes
e.GET("/public/documentation/:bucket/:document", handlePublicDocumentation)
// Admin Routes
groupAdmin.GET("", handleAdmin)
groupAdmin.GET("/documents/upload", handleAdminDocumentsUpload)
groupAdmin.POST("/documents/upload", handleAdminDocumentsUploadPOST)
e.Logger.Fatal(e.Start(
fmt.Sprintf(":%d", cfg.Server.Port)))
}
func (t *Template) Render(w io.Writer, name string, data interface{}, c echo.Context) error {
return t.templates.ExecuteTemplate(w, name, data)
}
// API Handlers
// handleV1 affiche les routes accessibles.
// Les routes sont triées selon .Path, pour les rendre plus facilement navigables.
func handleV1(c echo.Context) error {
routes := c.Echo().Routes()
sort.Slice(routes, func(i, j int) bool { return routes[i].Path < routes[j].Path })
return c.JSON(http.StatusOK, routes)
}
// handleV1Seed créé des buckets dans minio selon la liste de buckets dans server.documents.buckets
// Les buckets sont créés avec paramètres par défaut, et sont ensuite visible dans /v1/bucket.
func handleV1Seed(c echo.Context) error {
// Initialize minio client object
client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""),
Secure: cfg.Server.Documents.UseSSL,
})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#New",
"error": err.Error(),
})
}
var new_buckets []string
for _, bucket := range cfg.Server.Documents.Buckets {
exists, err := client.BucketExists(context.Background(), bucket)
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#BucketExists",
"error": err.Error(),
})
}
if exists {
continue
}
if err = client.MakeBucket(context.Background(), bucket, minio.MakeBucketOptions{}); err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#MakeBucket",
"error": err.Error(),
})
}
new_buckets = append(new_buckets, bucket)
}
var message string
if len(new_buckets) == 0 {
message = "All buckets already exist"
} else {
message = "Buckets successfully created"
}
return c.JSON(http.StatusOK, map[string]interface{}{
"message": message,
"buckets": new_buckets,
})
}
// handleV1BucketList affiche les buckets permis par server.documents.buckets, qui existent.
func handleV1BucketList(c echo.Context) error {
// Initialize minio client object
client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""),
Secure: cfg.Server.Documents.UseSSL,
})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#New",
})
}
var buckets []string
for _, bucket_name := range cfg.Server.Documents.Buckets {
exists, err := client.BucketExists(context.Background(), bucket_name)
if err != nil {
return c.JSON(http.StatusInternalServerError, "Error during minio#BucketExists")
}
if exists {
buckets = append(buckets, bucket_name)
}
}
return c.JSON(http.StatusOK, buckets)
}
func handleV1BucketRead(c echo.Context) error {
bucket := c.Param("bucket")
allowed := false
for _, bucket_allowed := range cfg.Server.Documents.Buckets {
if bucket == bucket_allowed {
allowed = true
}
}
if !allowed {
/*
return c.JSON(http.StatusBadRequest, map[string]string{
"message": "Bucket is not allowed in server.documents.buckets",
})
*/
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Initialize minio client object
client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""),
Secure: cfg.Server.Documents.UseSSL,
})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#New",
})
}
exists, err := client.BucketExists(ctx, bucket)
if err != nil {
return c.JSON(http.StatusInternalServerError, "Error during minio#BucketExists")
}
if !exists {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
var keys []string
objectCh := client.ListObjects(ctx, bucket, minio.ListObjectsOptions{})
for object := range objectCh {
if object.Err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#ListObjects",
})
}
keys = append(keys, object.Key)
}
return c.JSON(http.StatusOK, keys)
}
// handleV1DocumentCreate permet d'ajouter un object dans un bucket, par multipart/form-data
func handleV1DocumentCreate(c echo.Context) error {
bucket := c.Param("bucket")
form_file, err := c.FormFile("document")
if err != nil {
return c.JSON(http.StatusBadRequest, map[string]interface{}{
"message": "Error during handleV1DocumentCreate's echo#Context.FormFile",
"error": err,
})
}
allowed := false
for _, bucket_allowed := range cfg.Server.Documents.Buckets {
if bucket == bucket_allowed {
allowed = true
}
}
if !allowed {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Initialize minio client object
client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""),
Secure: cfg.Server.Documents.UseSSL,
})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#New",
})
}
src, err := form_file.Open()
if err != nil {
return err
}
defer src.Close()
reg, err := regexp.Compile("[^.a-zA-Z0-9_-]+")
if err != nil {
return c.Render(http.StatusInternalServerError, "documentation-html", nil)
}
filename_processed := reg.ReplaceAllString(form_file.Filename, "")
info, err := client.PutObject(ctx, bucket, filename_processed, src, form_file.Size, minio.PutObjectOptions{
ContentType: form_file.Header.Get("Content-Type"),
})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#PutObject",
})
}
return c.JSON(http.StatusOK, map[string]interface{}{
"message": "ok",
"info": map[string]interface{}{
"bucket": info.Bucket,
"key": info.Key,
"size": info.Size,
},
})
}
// handleV1DocumentRead permet de lire le contenu d'un fichier et protentiellement de le télécharger
func handleV1DocumentRead(c echo.Context) error {
bucket := c.Param("bucket")
document := c.Param("document")
allowed := false
for _, bucket_allowed := range cfg.Server.Documents.Buckets {
if bucket == bucket_allowed {
allowed = true
}
}
if !allowed {
/*
return c.JSON(http.StatusBadRequest, map[string]string{
"message": "Bucket is not allowed in server.documents.buckets",
})
*/
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Initialize minio client object
client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""),
Secure: cfg.Server.Documents.UseSSL,
})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#New",
})
}
bucket_exists, err := client.BucketExists(ctx, bucket)
if err != nil {
return c.JSON(http.StatusInternalServerError, "Error during minio#BucketExists")
}
if !bucket_exists {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{})
if err != nil {
if err.Error() == "The specified key does not exist." {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
return c.JSON(http.StatusInternalServerError, map[string]interface{}{
"message": "Error during minio#StatObject",
})
}
_ = document_info
document_object, err := client.GetObject(ctx, bucket, document, minio.GetObjectOptions{})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#GetObject",
})
}
defer document_object.Close()
return c.Stream(http.StatusOK, document_info.ContentType, document_object)
}
// handleV1DocumentUpdate permet de mettre à jour certains champs d'un object, comme le Content-Type ou le Filename
func handleV1DocumentUpdate(c echo.Context) error {
return c.JSON(http.StatusNotImplemented, map[string]string{
"message": "Not Implemented",
})
}
// handleV1DocumentDelete permet de supprimer un object
func handleV1DocumentDelete(c echo.Context) error {
bucket := c.Param("bucket")
document := c.Param("document")
allowed := false
for _, bucket_allowed := range cfg.Server.Documents.Buckets {
if bucket == bucket_allowed {
allowed = true
}
}
if !allowed {
/*
return c.JSON(http.StatusBadRequest, map[string]string{
"message": "Bucket is not allowed in server.documents.buckets",
})
*/
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// Initialize minio client object
client, err := minio.New(cfg.Server.Documents.Endpoint, &minio.Options{
Creds: credentials.NewStaticV4(cfg.Server.Documents.AccessKeyId, cfg.Server.Documents.SecretAccessKey, ""),
Secure: cfg.Server.Documents.UseSSL,
})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#New",
})
}
bucket_exists, err := client.BucketExists(ctx, bucket)
if err != nil {
return c.JSON(http.StatusInternalServerError, "Error during minio#BucketExists")
}
if !bucket_exists {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
document_info, err := client.StatObject(ctx, bucket, document, minio.StatObjectOptions{})
if err != nil {
if err.Error() == "The specified key does not exist." {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
return c.JSON(http.StatusInternalServerError, map[string]interface{}{
"message": "Error during minio#StatObject",
})
}
//TODO Add error validation
_ = document_info
err = client.RemoveObject(ctx, bucket, document, minio.RemoveObjectOptions{})
if err != nil {
return c.JSON(http.StatusInternalServerError, map[string]string{
"message": "Error during minio#RemoveObject",
})
}
return c.JSON(http.StatusOK, map[string]string{
"message": "Document deleted",
})
}
// HTML Handlers
func handleIndex(c echo.Context) error {
return c.Render(http.StatusOK, "index-html", nil)
}
func handleAPropos(c echo.Context) error {
return c.Render(http.StatusOK, "a-propos-html", nil)
}
func handleActualite(c echo.Context) error {
return c.Render(http.StatusOK, "actualite-html", nil)
}
func handleActualiteArticle(c echo.Context) error {
article := c.Param("article")
return c.String(http.StatusOK, fmt.Sprintf("Article: %s", article))
}
func handleVieEtudiante(c echo.Context) error {
return c.Render(http.StatusOK, "vie-etudiante-html", nil)
}
func handleVieEtudianteOrganisme(c echo.Context) error {
organisme := c.Param("organisme")
return c.String(http.StatusOK, fmt.Sprintf("Organisme: %s", organisme))
}
func handleDocumentation(c echo.Context) error {
client, err := api.New("http", "localhost", cfg.Server.Port, api.APIOptions{
KeyAuth: cfg.Server.Api.Auth,
Key: cfg.Server.Api.Key,
})
if err != nil {
return c.Render(http.StatusInternalServerError, "documentation-html", nil)
}
result, err := client.Call(http.MethodGet, "/v1/bucket")
if err != nil {
return c.Render(http.StatusInternalServerError, "documentation-html", nil)
}
var buckets []string
err = json.Unmarshal(result, &buckets)
if err != nil {
return c.Render(http.StatusInternalServerError, "documentation-html", nil)
}
type Bucket struct {
Name string
Documents []string
}
var data []Bucket
for _, bucket := range buckets {
content, err := client.Call(http.MethodGet, fmt.Sprintf("/v1/bucket/%s", bucket))
if err != nil {
return c.Render(http.StatusInternalServerError, "documentation-html", nil)
}
var documents []string
err = json.Unmarshal(content, &documents)
if err != nil {
return c.Render(http.StatusInternalServerError, "documentation-html", nil)
}
// Ce bloc retire tous les caractères spéciaux d'une string
// N'est pas présentement activé, car les fichiers sont processed
// à la création de toute façon.
/*
reg, err := regexp.Compile("[^.a-zA-Z0-9_-]+")
if err != nil {
return c.Render(http.StatusInternalServerError, "documentation-html", nil)
}
var documents_processed []string
for _, document := range documents {
document_processed := reg.ReplaceAllString(document, "")
documents_processed = append(documents_processed, document_processed)
}
*/
documents_processed := documents
data = append(data, Bucket{
Name: bucket,
Documents: documents_processed,
})
}
return c.Render(http.StatusOK, "documentation-html", data)
}
func handleFormulaires(c echo.Context) error {
return c.Render(http.StatusOK, "formulaires-html", nil)
}
func handlePublicDocumentation(c echo.Context) error {
client, err := api.New("http", "localhost", cfg.Server.Port, api.APIOptions{
KeyAuth: cfg.Server.Api.Auth,
Key: cfg.Server.Api.Key,
})
if err != nil {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
bucket := c.Param("bucket")
document := c.Param("document")
result, err := client.Call(http.MethodGet, fmt.Sprintf("/v1/bucket/%s/%s", bucket, document))
if err != nil {
return c.JSON(http.StatusNotFound, map[string]string{"message": "Not Found"})
}
// Check if result can fit inside a map containing a message
var result_map map[string]string
err = json.Unmarshal(result, &result_map)
if err == nil {
return c.JSON(http.StatusBadRequest, result_map)
}
return c.Blob(http.StatusOK, "application/octet-stream", result)
}
func handleAdmin(c echo.Context) error {
return c.Render(http.StatusOK, "admin-html", nil)
}
func handleAdminDocumentsUpload(c echo.Context) error {
return c.Render(http.StatusOK, "admin-upload-html", nil)
}
func handleAdminDocumentsUploadPOST(c echo.Context) error {
client, err := api.New("http", "localhost", cfg.Server.Port, api.APIOptions{
KeyAuth: cfg.Server.Api.Auth,
Key: cfg.Server.Api.Key,
BasicAuth: cfg.Server.Admin.Auth,
Username: cfg.Server.Admin.Username,
Password: cfg.Server.Admin.Password,
})
if err != nil {
return c.Render(http.StatusInternalServerError, "admin-upload-html", struct{ Message string }{Message: fmt.Sprintf("handleAdminDocumentsUploadPOST#api.New: %s", err)})
}
bucket := c.FormValue("bucket")
document, err := c.FormFile("document")
if err != nil {
return c.Render(http.StatusBadRequest, "admin-upload-html", struct{ Message string }{Message: fmt.Sprintf("handleAdminDocumentsUploadPOST#c.FormFile: %s", err)})
}
response, err := client.UploadDocument(bucket, document)
if err != nil {
return c.Render(http.StatusInternalServerError, "admin-upload-html", struct{ Message string }{Message: fmt.Sprintf("handleAdminDocumentsUploadPOST#client.UploadDocument: %s", err)})
}
// Format response
var message, info, status string
info = fmt.Sprintf("[%.0f] /public/documentation/%s/%s", response.Info.Size, response.Info.Bucket, response.Info.Object)
status = response.Message
message = fmt.Sprintf("%s - %s", status, info)
return c.Render(http.StatusOK, "admin-upload-html", struct{ Message string }{Message: message})
}
// CSS Handlers
func handleStaticCSSIndex(c echo.Context) error {
// TODO Ajouter gestion d'erreurs
data, _ := embedFS.ReadFile("css/index.css")
return c.Blob(http.StatusOK, "text/css", data)
}
func handleStaticCSSGeneral(c echo.Context) error {
// TODO Ajouter gestion d'erreurs
data, _ := embedFS.ReadFile("css/general.css")
return c.Blob(http.StatusOK, "text/css", data)
}
Reference in a new issue View git blame Copy permalink