mirror of
https://github.com/gabehf/Koito.git
synced 2026-03-07 13:38:15 -08:00
feat: version v0.0.2
This commit is contained in:
parent
0dceaf017a
commit
7ff317756f
36 changed files with 336 additions and 160 deletions
|
|
@ -34,7 +34,7 @@ func Run(
|
|||
w io.Writer,
|
||||
version string,
|
||||
) error {
|
||||
err := cfg.Load(getenv)
|
||||
err := cfg.Load(getenv, version)
|
||||
if err != nil {
|
||||
panic("Engine: Failed to load configuration")
|
||||
}
|
||||
|
|
@ -150,6 +150,12 @@ func Run(
|
|||
l.Info().Msgf("Engine: Allowing hosts: %v", cfg.AllowedHosts())
|
||||
}
|
||||
|
||||
if len(cfg.AllowedOrigins()) == 0 || cfg.AllowedOrigins()[0] == "" {
|
||||
l.Info().Msgf("Engine: Using default CORS policy")
|
||||
} else {
|
||||
l.Info().Msgf("Engine: CORS policy: Allowing origins: %v", cfg.AllowedOrigins())
|
||||
}
|
||||
|
||||
l.Debug().Msg("Engine: Setting up HTTP server")
|
||||
var ready atomic.Bool
|
||||
mux := chi.NewRouter()
|
||||
|
|
@ -157,6 +163,7 @@ func Run(
|
|||
mux.Use(middleware.Logger(l))
|
||||
mux.Use(chimiddleware.Recoverer)
|
||||
mux.Use(chimiddleware.RealIP)
|
||||
mux.Use(middleware.AllowedHosts)
|
||||
bindRoutes(mux, &ready, store, mbzC)
|
||||
|
||||
httpServer := &http.Server{
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ func TestMain(m *testing.M) {
|
|||
}
|
||||
|
||||
getenv := getTestGetenv(resource)
|
||||
err = cfg.Load(getenv)
|
||||
err = cfg.Load(getenv, "test")
|
||||
if err != nil {
|
||||
log.Fatalf("Could not load cfg: %s", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,12 +25,12 @@ func GetAliasesHandler(store db.DB) http.HandlerFunc {
|
|||
trackIDStr := r.URL.Query().Get("track_id")
|
||||
|
||||
if artistIDStr == "" && albumIDStr == "" && trackIDStr == "" {
|
||||
l.Debug().Msgf("Request is missing required parameters")
|
||||
l.Debug().Msgf("GetAliasesHandler: Request is missing required parameters")
|
||||
utils.WriteError(w, "artist_id, album_id, or track_id must be provided", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if utils.MoreThanOneString(artistIDStr, albumIDStr, trackIDStr) {
|
||||
l.Debug().Msgf("Request is has more than one of artist_id, album_id, and track_id")
|
||||
l.Debug().Msgf("GetAliasesHandler: Request is has more than one of artist_id, album_id, and track_id")
|
||||
utils.WriteError(w, "only one of artist_id, album_id, or track_id can be provided at a time", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
|
@ -97,12 +97,12 @@ func DeleteAliasHandler(store db.DB) http.HandlerFunc {
|
|||
alias := r.URL.Query().Get("alias")
|
||||
|
||||
if alias == "" || (artistIDStr == "" && albumIDStr == "" && trackIDStr == "") {
|
||||
l.Debug().Msgf("Request is missing required parameters")
|
||||
l.Debug().Msgf("DeleteAliasHandler: Request is missing required parameters")
|
||||
utils.WriteError(w, "alias and artist_id, album_id, or track_id must be provided", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if utils.MoreThanOneString(artistIDStr, albumIDStr, trackIDStr) {
|
||||
l.Debug().Msgf("Request is has more than one of artist_id, album_id, and track_id")
|
||||
l.Debug().Msgf("DeleteAliasHandler: Request is has more than one of artist_id, album_id, and track_id")
|
||||
utils.WriteError(w, "only one of artist_id, album_id, or track_id can be provided at a time", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
|
@ -177,12 +177,12 @@ func CreateAliasHandler(store db.DB) http.HandlerFunc {
|
|||
trackIDStr := r.URL.Query().Get("track_id")
|
||||
|
||||
if alias == "" || (artistIDStr == "" && albumIDStr == "" && trackIDStr == "") {
|
||||
l.Debug().Msgf("Request is missing required parameters")
|
||||
l.Debug().Msgf("CreateAliasHandler: Request is missing required parameters")
|
||||
utils.WriteError(w, "alias and artist_id, album_id, or track_id must be provided", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if utils.MoreThanOneString(artistIDStr, albumIDStr, trackIDStr) {
|
||||
l.Debug().Msgf("Request is has more than one of artist_id, album_id, and track_id")
|
||||
l.Debug().Msgf("CreateAliasHandler: Request is has more than one of artist_id, album_id, and track_id")
|
||||
utils.WriteError(w, "only one of artist_id, album_id, or track_id can be provided at a time", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
|
@ -247,12 +247,12 @@ func SetPrimaryAliasHandler(store db.DB) http.HandlerFunc {
|
|||
alias := r.URL.Query().Get("alias")
|
||||
|
||||
if alias == "" || (artistIDStr == "" && albumIDStr == "" && trackIDStr == "") {
|
||||
l.Debug().Msgf("Request is missing required parameters")
|
||||
l.Debug().Msgf("SetPrimaryAliasHandler: Request is missing required parameters")
|
||||
utils.WriteError(w, "alias and artist_id, album_id, or track_id must be provided", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if utils.MoreThanOneString(artistIDStr, albumIDStr, trackIDStr) {
|
||||
l.Debug().Msgf("Request is has more than one of artist_id, album_id, and track_id")
|
||||
l.Debug().Msgf("SetPrimaryAliasHandler: Request is has more than one of artist_id, album_id, and track_id")
|
||||
utils.WriteError(w, "only one of artist_id, album_id, or track_id can be provided at a time", http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package middleware
|
|||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"fmt"
|
||||
"math/big"
|
||||
"net/http"
|
||||
"runtime/debug"
|
||||
|
|
@ -63,9 +64,21 @@ func Logger(baseLogger *zerolog.Logger) func(next http.Handler) http.Handler {
|
|||
return func(next http.Handler) http.Handler {
|
||||
fn := func(w http.ResponseWriter, r *http.Request) {
|
||||
reqID := GetRequestID(r.Context())
|
||||
l := baseLogger.With().Str("request_id", reqID).Logger()
|
||||
|
||||
// Inject logger with request_id into the context
|
||||
loggerCtx := baseLogger.With().Str("request_id", reqID)
|
||||
|
||||
for key, values := range r.URL.Query() {
|
||||
if strings.Contains(strings.ToLower(key), "password") {
|
||||
continue
|
||||
}
|
||||
if len(values) > 0 {
|
||||
loggerCtx = loggerCtx.Str(fmt.Sprintf("query.%s", key), values[0])
|
||||
}
|
||||
}
|
||||
|
||||
l := loggerCtx.Logger()
|
||||
|
||||
// Inject logger into context
|
||||
r = logger.Inject(r, &l)
|
||||
|
||||
ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
|
||||
|
|
@ -82,20 +95,18 @@ func Logger(baseLogger *zerolog.Logger) func(next http.Handler) http.Handler {
|
|||
utils.WriteError(ww, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
pathS := strings.Split(r.URL.Path, "/")
|
||||
if len(pathS) > 1 && pathS[1] == "apis" {
|
||||
l.Info().
|
||||
Str("type", "access").
|
||||
Timestamp().
|
||||
Msgf("Received %s %s - Responded with %d in %.2fms", r.Method, r.URL.Path, ww.Status(), float64(t2.Sub(t1).Nanoseconds())/1_000_000.0)
|
||||
} else {
|
||||
l.Debug().
|
||||
Str("type", "access").
|
||||
Timestamp().
|
||||
Msgf("Received %s %s - Responded with %d in %.2fms", r.Method, r.URL.Path, ww.Status(), float64(t2.Sub(t1).Nanoseconds())/1_000_000.0)
|
||||
}
|
||||
|
||||
pathS := strings.Split(r.URL.Path, "/")
|
||||
msg := fmt.Sprintf("Received %s %s - Responded with %d in %.2fms",
|
||||
r.Method, r.URL.Path, ww.Status(), float64(t2.Sub(t1).Nanoseconds())/1_000_000.0)
|
||||
|
||||
if len(pathS) > 1 && pathS[1] == "apis" {
|
||||
l.Info().Str("type", "access").Timestamp().Msg(msg)
|
||||
} else {
|
||||
l.Debug().Str("type", "access").Timestamp().Msg(msg)
|
||||
}
|
||||
}()
|
||||
|
||||
next.ServeHTTP(ww, r)
|
||||
}
|
||||
return http.HandlerFunc(fn)
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package middleware
|
|||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
|
@ -24,25 +25,34 @@ func ValidateSession(store db.DB) func(next http.Handler) http.Handler {
|
|||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
l := logger.FromContext(r.Context())
|
||||
|
||||
l.Debug().Msgf("ValidateSession: Checking user authentication via session cookie")
|
||||
|
||||
cookie, err := r.Cookie("koito_session")
|
||||
var sid uuid.UUID
|
||||
if err == nil {
|
||||
sid, err = uuid.Parse(cookie.Value)
|
||||
if err != nil {
|
||||
l.Err(err).Msg("ValidateSession: Could not parse UUID from session cookie")
|
||||
utils.WriteError(w, "session cookie is invalid", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
l.Debug().Msgf("ValidateSession: No session cookie found; attempting API key authentication")
|
||||
utils.WriteError(w, "session cookie is missing", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
l.Debug().Msg("Retrieved login cookie from request")
|
||||
l.Debug().Msg("ValidateSession: Retrieved login cookie from request")
|
||||
|
||||
u, err := store.GetUserBySession(r.Context(), sid)
|
||||
if err != nil {
|
||||
l.Err(err).Msg("Failed to get user from session")
|
||||
l.Err(fmt.Errorf("ValidateSession: %w", err)).Msg("Error accessing database")
|
||||
utils.WriteError(w, "internal server error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if u == nil {
|
||||
l.Debug().Msg("ValidateSession: No user with session id found")
|
||||
utils.WriteError(w, "unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
|
@ -50,11 +60,11 @@ func ValidateSession(store db.DB) func(next http.Handler) http.Handler {
|
|||
ctx := context.WithValue(r.Context(), UserContextKey, u)
|
||||
r = r.WithContext(ctx)
|
||||
|
||||
l.Debug().Msgf("Refreshing session for user '%s'", u.Username)
|
||||
l.Debug().Msgf("ValidateSession: Refreshing session for user '%s'", u.Username)
|
||||
|
||||
store.RefreshSession(r.Context(), sid, time.Now().Add(30*24*time.Hour))
|
||||
|
||||
l.Debug().Msgf("Refreshed session for user '%s'", u.Username)
|
||||
l.Debug().Msgf("ValidateSession: Refreshed session for user '%s'", u.Username)
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
|
|
@ -67,10 +77,19 @@ func ValidateApiKey(store db.DB) func(next http.Handler) http.Handler {
|
|||
ctx := r.Context()
|
||||
l := logger.FromContext(ctx)
|
||||
|
||||
l.Debug().Msg("ValidateApiKey: Checking if user is already authenticated")
|
||||
|
||||
u := GetUserFromContext(ctx)
|
||||
if u != nil {
|
||||
l.Debug().Msg("ValidateApiKey: User is already authenticated; skipping API key authentication")
|
||||
next.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
authh := r.Header.Get("Authorization")
|
||||
s := strings.Split(authh, "Token ")
|
||||
if len(s) < 2 {
|
||||
l.Debug().Msg("Authorization header must be formatted 'Token {token}'")
|
||||
l.Debug().Msg("ValidateApiKey: Authorization header must be formatted 'Token {token}'")
|
||||
utils.WriteError(w, "unauthorized", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,12 +25,16 @@ func bindRoutes(
|
|||
db db.DB,
|
||||
mbz mbz.MusicBrainzCaller,
|
||||
) {
|
||||
if !(len(cfg.AllowedOrigins()) == 0) && !(cfg.AllowedOrigins()[0] == "") {
|
||||
r.Use(cors.Handler(cors.Options{
|
||||
AllowedOrigins: cfg.AllowedOrigins(),
|
||||
AllowedMethods: []string{"GET", "OPTIONS", "HEAD"},
|
||||
}))
|
||||
}
|
||||
r.With(chimiddleware.RequestSize(5<<20)).
|
||||
With(middleware.AllowedHosts).
|
||||
Get("/images/{size}/{filename}", handlers.ImageHandler(db))
|
||||
|
||||
r.Route("/apis/web/v1", func(r chi.Router) {
|
||||
r.Use(middleware.AllowedHosts)
|
||||
r.Get("/artist", handlers.GetArtistHandler(db))
|
||||
r.Get("/album", handlers.GetAlbumHandler(db))
|
||||
r.Get("/track", handlers.GetTrackHandler(db))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue