YetAnotherToDoList/server/main.go

122 lines
4.0 KiB
Go

/*
YetAnotherToDoList
Copyright © 2023 gilex-dev gilex-dev@proton.me
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 3.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package server
import (
"context"
"fmt"
"net/http"
"strconv"
"github.com/99designs/gqlgen/graphql"
"github.com/99designs/gqlgen/graphql/handler"
"github.com/go-chi/chi"
"github.com/go-chi/chi/middleware"
"somepi.ddns.net/gitea/gilex-dev/YetAnotherToDoList/globals"
"somepi.ddns.net/gitea/gilex-dev/YetAnotherToDoList/graph"
"somepi.ddns.net/gitea/gilex-dev/YetAnotherToDoList/graph/model"
"somepi.ddns.net/gitea/gilex-dev/YetAnotherToDoList/server/auth"
)
func StartServer(portHTTP int, portHTTPS int, certFile string, keyFile string) {
router := chi.NewRouter()
router.Use(middleware.StripSlashes)
handleDevTools(router, portHTTP, portHTTPS) // controlled by 'dev' tag
handleFrontend(router) // controlled by 'headless' tag
router.HandleFunc("/version", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "%s %s", globals.Version, globals.CommitHash)
})
router.HandleFunc("/auth/login", auth.IssueRefreshTokenHandler)
router.HandleFunc("/auth", auth.IssueAccessTokenHandler)
router.Group(func(r chi.Router) {
config := graph.Config{Resolvers: &graph.Resolver{}}
config.Directives.HasPrivilege = func(ctx context.Context, obj interface{}, next graphql.Resolver, privilege model.Privilege) (interface{}, error) {
switch privilege {
case model.PrivilegeIsUserCreator:
if !auth.ForContext(ctx).IsUserCreator {
return nil, fmt.Errorf("access denied: you need IsUserCreator")
}
case model.PrivilegeIsAdmin:
if !auth.ForContext(ctx).IsAdmin {
return nil, fmt.Errorf("access denied: you need IsAdmin")
}
}
// or let it pass through
return next(ctx)
}
config.Directives.AsUser = func(ctx context.Context, obj interface{}, next graphql.Resolver, id string) (interface{}, error) {
if !auth.ForContext(ctx).IsAdmin {
// block calling the next resolver
return nil, fmt.Errorf("access denied: you need IsAdmin to use the asUser directive")
}
// or let it pass through
fmt.Printf("Running as %s instead of %s\n", id, auth.ForContext(ctx).UserId) //DEBUG
auth.ForContext(ctx).UserId = id
return next(ctx)
}
srv := handler.NewDefaultServer(graph.NewExecutableSchema(config))
r.Use(auth.Middleware())
r.Handle("/api", srv)
r.HandleFunc("/protected", func(w http.ResponseWriter, r *http.Request) {
fmt.Printf("user is %+v\n", auth.ForContext(r.Context()))
})
})
// router.HandleFunc("/auth/", func(w http.ResponseWriter, r *http.Request) {
// http.Redirect(w, r, "/auth", http.StatusMovedPermanently)
// })
err := <-listen(portHTTP, portHTTPS, certFile, keyFile, router)
globals.Logger.Fatalf("Could not start serving service due to (error: %s)", err)
}
func listen(portHTTP int, portHTTPS int, certFile string, keyFile string, router *chi.Mux) chan error {
errs := make(chan error)
// Starting HTTP server
if portHTTP != -1 {
go func() {
globals.Logger.Printf("Staring HTTP service on %d ...", portHTTP)
if err := http.ListenAndServe(":"+strconv.FormatInt(int64(portHTTP), 10), router); err != nil {
errs <- err
}
}()
}
// Starting HTTPS server
if portHTTPS != -1 && certFile != "" && keyFile != "" {
go func() {
globals.Logger.Printf("Staring HTTPS service on %d ...", portHTTPS)
if err := http.ListenAndServeTLS(":"+strconv.FormatInt(int64(portHTTPS), 10), certFile, keyFile, router); err != nil {
errs <- err
}
}()
}
return errs
}