maingate/core/api.go

package core

import (
	"bytes"
	"encoding/binary"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"net/http"
	"os"
	"path"
	"strconv"
	"strings"
	"sync/atomic"
	"time"
	"unsafe"

	"repositories.action2quare.com/ayo/gocommon"
	"repositories.action2quare.com/ayo/gocommon/logger"

	"go.mongodb.org/mongo-driver/bson"
	"go.mongodb.org/mongo-driver/bson/primitive"
	"go.mongodb.org/mongo-driver/mongo/options"
)

type FileDocumentDesc struct {
	Key       string `bson:"key" json:"key"`
	Src       string `bson:"src" json:"src"`
	Link      string `bson:"link" json:"link"`
	Desc      string `bson:"desc" json:"desc"`
	Extract   bool   `bson:"extract" json:"extract"`
	Timestamp int64  `bson:"timestamp" json:"timestamp"`
	Contents  []byte `bson:"contents,omitempty" json:"contents,omitempty"`
}

func (fd *FileDocumentDesc) Save() error {
	// 새 파일 올라옴
	if len(fd.Contents) == 0 {
		return nil
	}

	var destFile string
	if fd.Extract {
		os.MkdirAll(fd.Link, os.ModePerm)
		destFile = path.Join(fd.Link, fd.Src)
	} else {
		os.MkdirAll(path.Dir(fd.Link), os.ModePerm)
		destFile = fd.Link
	}

	f, err := os.Create(destFile)
	if err != nil {
		return err
	}
	defer f.Close()

	_, err = io.Copy(f, bytes.NewBuffer(fd.Contents))
	if err != nil {
		return err
	}

	if fd.Extract {
		switch path.Ext(destFile) {
		case ".zip":
			err = gocommon.Unzip(destFile)
		case ".tar":
			err = gocommon.Untar(destFile)
		}
	}
	return err
}

func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error {
	if r.Method == "GET" {
		allfiles, err := caller.mg.mongoClient.All(CollectionFile, options.Find().SetProjection(bson.M{
			"contents": 0,
		}).SetReturnKey(false))
		if err != nil {
			return err
		}

		if len(allfiles) > 0 {
			enc := json.NewEncoder(w)
			return enc.Encode(allfiles)
		}
	} else if r.Method == "DELETE" {
		key := r.FormValue("key")
		if len(key) == 0 {
			w.WriteHeader(http.StatusBadRequest)
			return nil
		}

		_, err := caller.mg.mongoClient.Delete(CollectionFile, bson.M{
			"key": key,
		})

		if err != nil {
			return err
		}
	}

	return nil
}

var seq = uint32(0)

func (caller apiCaller) uploadAPI(w http.ResponseWriter, r *http.Request) error {
	if r.Method == "PUT" {
		infile, header, err := r.FormFile("file")
		if err != nil {
			w.WriteHeader(http.StatusBadRequest)
			return err
		}
		defer infile.Close()

		desc := r.FormValue("desc")
		contents, _ := io.ReadAll(infile)
		extractstr := r.FormValue("extract")
		extract, _ := strconv.ParseBool(extractstr)

		var b [5]byte
		binary.BigEndian.PutUint32(b[0:4], uint32(time.Now().Unix()))
		b[4] = byte(atomic.AddUint32(&seq, 1) % 255)

		newidobj := primitive.NewObjectID()
		copy(newidobj[:], b[1:])

		rf := newidobj.Hex()
		var link string
		if extract {
			link = path.Join("static", rf)
		} else {
			link = path.Join("static", rf, header.Filename)
		}

		newdoc := FileDocumentDesc{
			Contents:  contents,
			Src:       header.Filename,
			Timestamp: time.Now().UTC().Unix(),
			Extract:   extract,
			Link:      link,
			Desc:      desc,
			Key:       rf,
		}
		_, _, err = caller.mg.mongoClient.UpsertOne(CollectionFile, bson.M{
			"_id": newidobj,
			"key": rf,
		}, newdoc)

		if err == nil {
			newdoc.Contents = nil
			enc := json.NewEncoder(w)
			enc.Encode(newdoc)
		}
		return err
	}
	return nil
}

func (caller apiCaller) blockAPI(w http.ResponseWriter, r *http.Request) error {
	mg := caller.mg
	logger.Println("blockAPI :", r.Method)
	switch r.Method {
	case "GET":
		target, ok := gocommon.ReadObjectIDFormValue(r.Form, "accid")
		if !ok {
			// 페이지네이션 해야할 듯
			//json.NewEncoder(w).Encode(mg.bl.all())
		} else if !target.IsZero() {
			var blocked []blockinfo
			if err := caller.mg.mongoClient.FindAllAs(CollectionBlock, bson.M{
				"accid": target,
			}, &blocked); err == nil {
				json.NewEncoder(w).Encode(blocked)
			}
		}
	case "PUT":
		var targets struct {
			Start    primitive.DateTime
			End      primitive.DateTime
			Accounts map[primitive.ObjectID]primitive.M // accid->meta
		}
		if err := gocommon.MakeDecoder(r).Decode(&targets); err != nil {
			return err
		}

		for accid, meta := range targets.Accounts {
			bi := blockinfo{
				Start: targets.Start,
				End:   targets.End,
				Meta:  meta,
			}

			_, err := mg.mongoClient.Collection(CollectionBlock).InsertOne(r.Context(), bi)
			if err != nil {
				logger.Println("account is not blocked. err :", err)
			} else {
				logger.Println("account is blocked :", meta)
				mg.sessionProvider.RevokeAll(accid)
			}
		}
	case "DELETE":
		id := r.URL.Query().Get("id")

		if len(id) == 0 {
			return errors.New("id param is missing")
		}
		idobj, err := primitive.ObjectIDFromHex(id)
		if err != nil {
			return err
		}

		mg.mongoClient.Delete(CollectionBlock, bson.M{"_id": idobj})
	}
	return nil
}

func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) error {
	mg := caller.mg
	switch r.Method {
	case "GET":
		var all []whitelistmember
		if err := mg.mongoClient.AllAs(CollectionWhitelist, &all); err == nil {
			enc := json.NewEncoder(w)
			enc.Encode(all)
		}
	case "PUT":
		body, _ := io.ReadAll(r.Body)
		var member whitelistmember
		if err := json.Unmarshal(body, &member); err != nil {
			return err
		}
		member.ExpiredAt = 0
		member.Id = primitive.NewObjectID()
		_, _, err := mg.mongoClient.Update(CollectionWhitelist, bson.M{
			"_id": member.Id,
		}, bson.M{
			"$set": &member,
		}, options.Update().SetUpsert(true))

		if err != nil {
			return err
		}
	case "DELETE":
		id := r.URL.Query().Get("id")

		if len(id) == 0 {
			return errors.New("id param is missing")
		}
		idobj, err := primitive.ObjectIDFromHex(id)
		if err != nil {
			return err
		}

		_, _, err = mg.mongoClient.Update(CollectionWhitelist, bson.M{
			"_id": idobj,
		}, bson.M{
			"$currentDate": bson.M{
				"_ts": bson.M{"$type": "date"},
			},
		}, options.Update().SetUpsert(false))
		if err != nil {
			return err
		}
	}
	return nil
}

func (caller apiCaller) serviceAPI(w http.ResponseWriter, r *http.Request) error {
	mg := caller.mg
	if r.Method == "GET" {
		logger.Println("serviceAPI :", r.URL.Path)
		if mg.service().Id.IsZero() {
			logger.Println("  id is zero")
			newService := serviceDescription{
				Id: primitive.NewObjectID(),
			}
			if err := newService.prepare(caller.mg); err != nil {
				logger.Println("  prepare failed :", err)
				return err
			}
			atomic.StorePointer(&mg.serviceptr, unsafe.Pointer(&newService))
		}

		w.Write(mg.service().serviceSerialized)
	} else if r.Method == "POST" {
		body, _ := io.ReadAll(r.Body)
		var service serviceDescription
		if err := json.Unmarshal(body, &service); err != nil {
			return err
		}

		if len(service.ServerApiTokens) == 0 {
			service.ServerApiTokens = []primitive.ObjectID{
				primitive.NewObjectIDFromTimestamp(time.Now().Add(-time.Hour * 24 * 30 * 465)),
			}
		}

		filter := bson.M{"_id": service.Id}
		success, _, err := mg.mongoClient.Update(CollectionService, filter, bson.M{
			"$set": &service,
		}, options.Update().SetUpsert(true))

		if err != nil {
			return err
		}

		if !success {
			logger.Println("serviceAPI failed. not vaild user :", caller.userinfo)
			w.WriteHeader(http.StatusBadRequest)
		}
	}

	return nil
}

func (caller apiCaller) maintenanceAPI(w http.ResponseWriter, r *http.Request) error {
	mg := caller.mg
	if r.Method == "GET" {
		w.Write(mg.service().divisionsSerialized)
	} else if r.Method == "POST" {
		var divs map[string]*Division
		dec := json.NewDecoder(r.Body)
		if err := dec.Decode(&divs); err != nil {
			w.WriteHeader(http.StatusBadRequest)
			return err
		}

		_, _, err := mg.mongoClient.Update(CollectionService, bson.M{
			"_id": mg.service().Id,
		}, bson.M{
			"$set": bson.M{"divisions": divs},
		}, options.Update().SetUpsert(false))

		if err != nil {
			w.WriteHeader(http.StatusInternalServerError)
			return err
		}
	}

	return nil
}

func (caller apiCaller) couponAPI(w http.ResponseWriter, r *http.Request) error {
	switch r.Method {
	case "PUT":
		// 쿠폰 생성
		logger.Println("begin generateCoupons")
		generateCoupons(caller.mg.mongoClient, w, r)

	case "POST":
		// TODO : 쿠폰 사용
		// 쿠폰 사용 표시 해주고 내용을 응답
		logger.Println("begin useCoupon")
		useCoupon(caller.mg.mongoClient, w, r)

	case "GET":
		// 쿠폰 조회
		if r.Form.Has("code") {
			// 쿠폰 코드 조회
			logger.Println("begin queryCoupon")
			queryCoupon(caller.mg.mongoClient, w, r)
		} else if r.Form.Has("name") {
			// 쿠폰 코드 다운
			logger.Println("begin downloadCoupons")
			downloadCoupons(caller.mg.mongoClient, w, r)
		} else {
			// 쿠폰 이름 목록
			logger.Println("begin listAllCouponNames")
			listAllCouponNames(caller.mg.mongoClient, w, r)
		}
	}
	return nil
}

type accountlinkinfo struct {
	Uid      string `json:"uid"`
	Platform string `json:"platform"`
}

func (caller apiCaller) userinfoAPI(w http.ResponseWriter, r *http.Request) error {
	mg := caller.mg
	if r.Method == "GET" {
		//  계정 조회
		accid, _ := gocommon.ReadObjectIDFormValue(r.Form, "accid")
		if len(accid) > 0 {
			all, err := mg.mongoClient.FindAll(CollectionAccount, bson.M{
				"accid": accid,
			}, options.Find().SetProjection(bson.M{"_id": 1, "accid": 1}))

			if err != nil {
				return err
			}

			var linkinfos []accountlinkinfo
			for _, doc := range all {
				id := doc["_id"].(primitive.ObjectID)

				link, err := mg.mongoClient.FindOne(CollectionLink, bson.M{
					"_id": id,
				}, options.FindOne().SetProjection(bson.M{"_id": 1, "platform": 1, "uid": 1}))

				if err != nil {
					logger.Error("link failed. FindOneAndUpdate link err:", err)
					w.WriteHeader(http.StatusInternalServerError)
					return err
				}

				var info accountlinkinfo
				info.Platform = link["platform"].(string)
				info.Uid = link["uid"].(string)
				linkinfos = append(linkinfos, info)
			}

			enc := json.NewEncoder(w)
			enc.Encode(linkinfos)
		}
	} else if r.Method == "POST" {
		r.ParseMultipartForm(32 << 20)
		var body struct {
			Platform string
			Uid      []string
		}
		if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
			return err
		}

		if len(body.Platform) > 0 && len(body.Uid) > 0 {
			output := make(map[string]any)
			for _, uid := range body.Uid {
				link, err := mg.mongoClient.FindOne(CollectionLink, bson.M{
					"platform": body.Platform,
					"uid":      uid,
				}, options.FindOne().SetProjection(bson.M{"_id": 1}))
				if err != nil {
					return err
				}
				output[uid] = link["_id"]
			}
			json.NewEncoder(w).Encode(output)
		}
	}

	return nil
}

var errApiTokenMissing = errors.New("mg-x-api-token is missing")

func (caller apiCaller) configAPI(w http.ResponseWriter, r *http.Request) error {
	mg := caller.mg

	if !*devflag {
		apitoken := r.Header.Get("MG-X-API-TOKEN")
		if len(apitoken) == 0 {
			return errApiTokenMissing
		}

		apitokenObj, _ := primitive.ObjectIDFromHex(apitoken)
		if !mg.service().isValidToken(apitokenObj) {
			return fmt.Errorf("mg-x-api-token is not valid : %s", apitoken)
		}
	}

	return nil
}

type apiCaller struct {
	userinfo     map[string]any
	globalAdmins map[string]bool
	mg           *Maingate
	apiToken     primitive.ObjectID
}

func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) {
	defer func() {
		s := recover()
		if s != nil {
			logger.Error(s)
		}
	}()

	defer func() {
		io.Copy(io.Discard, r.Body)
		r.Body.Close()
	}()

	r.ParseMultipartForm(32 << 20)

	var userinfo map[string]any

	if !*devflag {
		authheader := r.Header.Get("Authorization")
		if len(authheader) == 0 {
			logger.Println("Authorization header is not valid :", authheader)
			w.WriteHeader(http.StatusBadRequest)
			return
		}

		req, _ := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil)
		req.Header.Add("Authorization", authheader)
		client := &http.Client{}

		resp, err := client.Do(req)
		if err != nil {
			logger.Println("graph microsoft api call failed :", err)
			w.WriteHeader(http.StatusBadRequest)
			return
		}
		defer resp.Body.Close()

		raw, _ := io.ReadAll(resp.Body)
		if err = json.Unmarshal(raw, &userinfo); err != nil {
			return
		}

		if _, expired := userinfo["error"]; expired {
			w.WriteHeader(http.StatusUnauthorized)
			return
		}
	}

	ptr := atomic.LoadPointer(&mg.admins)
	adminsptr := (*globalAdmins)(ptr)

	if adminsptr.modtime != gocommon.ConfigModTime() {
		var config globalAdmins
		if err := gocommon.LoadConfig(&config); err == nil {
			config.parse()
			adminsptr = &config
			atomic.StorePointer(&mg.admins, unsafe.Pointer(adminsptr))
		}
	}

	var apiTokenObj primitive.ObjectID
	if !*devflag {
		apiToken := r.Header.Get("MG-X-API-TOKEN")
		if len(apiToken) > 0 {
			obj, err := primitive.ObjectIDFromHex(apiToken)
			if err != nil {
				logger.Error(err)
				w.WriteHeader(http.StatusBadRequest)
				return
			}
			apiTokenObj = obj
		}
	}

	logger.Println("api call :", r.URL.Path, r.Method, r.URL.Query(), userinfo)
	caller := apiCaller{
		userinfo:     userinfo,
		globalAdmins: adminsptr.emails,
		mg:           mg,
		apiToken:     apiTokenObj,
	}

	var err error
	if strings.HasSuffix(r.URL.Path, "/service") {
		err = caller.serviceAPI(w, r)
	} else if strings.HasSuffix(r.URL.Path, "/whitelist") {
		err = caller.whitelistAPI(w, r)
	} else if strings.HasSuffix(r.URL.Path, "/config") {
		err = caller.configAPI(w, r)
	} else if strings.HasSuffix(r.URL.Path, "/upload") {
		err = caller.uploadAPI(w, r)
	} else if strings.HasSuffix(r.URL.Path, "/maintenance") {
		err = caller.maintenanceAPI(w, r)
	} else if strings.HasSuffix(r.URL.Path, "/files") {
		err = caller.filesAPI(w, r)
	} else if strings.HasSuffix(r.URL.Path, "/block") {
		err = caller.blockAPI(w, r)
	} else if strings.HasSuffix(r.URL.Path, "/coupon") {
		err = caller.couponAPI(w, r)
	} else if strings.HasSuffix(r.URL.Path, "/userinfo") {
		err = caller.userinfoAPI(w, r)
	}

	if err != nil {
		logger.Error(err)
	}
}