ayo/maingate
8
1
Fork 3
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d8e18d7ffcafd01c051a58aab98eff1401e75529
maingate/core/api.go

554 lines
13 KiB
Go
Raw Blame History

package core
import (
"bytes"
"encoding/binary"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"os"
"path"
"strconv"
"strings"
"sync/atomic"
"time"
"unsafe"
"repositories.action2quare.com/ayo/gocommon"
"repositories.action2quare.com/ayo/gocommon/logger"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/bson/primitive"
"go.mongodb.org/mongo-driver/mongo/options"
)
type FileDocumentDesc struct {
Key string `bson:"key" json:"key"`
Src string `bson:"src" json:"src"`
Link string `bson:"link" json:"link"`
Desc string `bson:"desc" json:"desc"`
Extract bool `bson:"extract" json:"extract"`
Timestamp int64 `bson:"timestamp" json:"timestamp"`
Contents []byte `bson:"contents,omitempty" json:"contents,omitempty"`
}
func (fd *FileDocumentDesc) Save() error {
// 새 파일 올라옴
if len(fd.Contents) == 0 {
return nil
}
var destFile string
if fd.Extract {
os.MkdirAll(fd.Link, os.ModePerm)
destFile = path.Join(fd.Link, fd.Src)
} else {
os.MkdirAll(path.Dir(fd.Link), os.ModePerm)
destFile = fd.Link
}
f, err := os.Create(destFile)
if err != nil {
return err
}
defer f.Close()
_, err = io.Copy(f, bytes.NewBuffer(fd.Contents))
if err != nil {
return err
}
if fd.Extract {
switch path.Ext(destFile) {
case ".zip":
err = gocommon.Unzip(destFile)
case ".tar":
err = gocommon.Untar(destFile)
}
}
return err
}
func (caller apiCaller) filesAPI(w http.ResponseWriter, r *http.Request) error {
if r.Method == "GET" {
allfiles, err := caller.mg.mongoClient.All(CollectionFile, options.Find().SetProjection(bson.M{
"contents": 0,
}).SetReturnKey(false))
if err != nil {
return err
}
if len(allfiles) > 0 {
enc := json.NewEncoder(w)
return enc.Encode(allfiles)
}
} else if r.Method == "DELETE" {
key := r.FormValue("key")
if len(key) == 0 {
w.WriteHeader(http.StatusBadRequest)
return nil
}
_, err := caller.mg.mongoClient.Delete(CollectionFile, bson.M{
"key": key,
})
if err != nil {
return err
}
}
return nil
}
var seq = uint32(0)
func (caller apiCaller) uploadAPI(w http.ResponseWriter, r *http.Request) error {
if r.Method == "PUT" {
infile, header, err := r.FormFile("file")
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return err
}
defer infile.Close()
desc := r.FormValue("desc")
contents, _ := io.ReadAll(infile)
extractstr := r.FormValue("extract")
extract, _ := strconv.ParseBool(extractstr)
var b [5]byte
binary.BigEndian.PutUint32(b[0:4], uint32(time.Now().Unix()))
b[4] = byte(atomic.AddUint32(&seq, 1) % 255)
newidobj := primitive.NewObjectID()
copy(newidobj[:], b[1:])
rf := newidobj.Hex()
var link string
if extract {
link = path.Join("static", rf)
} else {
link = path.Join("static", rf, header.Filename)
}
newdoc := FileDocumentDesc{
Contents: contents,
Src: header.Filename,
Timestamp: time.Now().UTC().Unix(),
Extract: extract,
Link: link,
Desc: desc,
Key: rf,
}
_, _, err = caller.mg.mongoClient.UpsertOne(CollectionFile, bson.M{
"_id": newidobj,
"key": rf,
}, newdoc)
if err == nil {
newdoc.Contents = nil
enc := json.NewEncoder(w)
enc.Encode(newdoc)
}
return err
}
return nil
}
func (caller apiCaller) blockAPI(w http.ResponseWriter, r *http.Request) error {
mg := caller.mg
if r.Method == "GET" {
target, ok := gocommon.ReadObjectIDFormValue(r.Form, "accid")
if ok {
json.NewEncoder(w).Encode(mg.bl.all())
} else if !target.IsZero() {
if blocked, ok := mg.bl.get(target); ok && blocked != nil {
json.NewEncoder(w).Encode(blocked)
}
}
} else if r.Method == "PUT" {
body, _ := io.ReadAll(r.Body)
var bipl blockinfoWithStringId
if err := json.Unmarshal(body, &bipl); err != nil {
return err
}
accid, err := primitive.ObjectIDFromHex(bipl.StrId)
if err != nil {
return err
}
bi := blockinfo{
Start: primitive.NewDateTimeFromTime(time.Unix(bipl.StartUnix, 0)),
End: primitive.NewDateTimeFromTime(time.Unix(bipl.EndUnix, 0)),
Reason: bipl.Reason,
}
logger.Println("bi :", accid, bi)
_, _, err = mg.mongoClient.Update(CollectionBlock, bson.M{
"_id": accid,
}, bson.M{
"$set": &bi,
}, options.Update().SetUpsert(true))
if err != nil {
return err
}
} else if r.Method == "DELETE" {
id := r.URL.Query().Get("id")
if len(id) == 0 {
return errors.New("id param is missing")
}
idobj, err := primitive.ObjectIDFromHex(id)
if err != nil {
return err
}
_, _, err = mg.mongoClient.Update(CollectionBlock, bson.M{
"_id": idobj,
}, bson.M{
"$currentDate": bson.M{
"_ts": bson.M{"$type": "date"},
},
}, options.Update().SetUpsert(false))
if err != nil {
return err
}
mg.mongoClient.Delete(CollectionAuth, bson.M{"_id": idobj})
}
return nil
}
func (caller apiCaller) whitelistAPI(w http.ResponseWriter, r *http.Request) error {
mg := caller.mg
if r.Method == "GET" {
enc := json.NewEncoder(w)
enc.Encode(mg.wl.all())
} else if r.Method == "PUT" {
body, _ := io.ReadAll(r.Body)
var member whitelistmember
if err := json.Unmarshal(body, &member); err != nil {
return err
}
member.ExpiredAt = 0
member.Id = primitive.NilObjectID
_, _, err := mg.mongoClient.Update(CollectionWhitelist, bson.M{
"_id": primitive.NewObjectID(),
}, bson.M{
"$set": &member,
}, options.Update().SetUpsert(true))
if err != nil {
return err
}
} else if r.Method == "DELETE" {
id := r.URL.Query().Get("id")
if len(id) == 0 {
return errors.New("id param is missing")
}
idobj, err := primitive.ObjectIDFromHex(id)
if err != nil {
return err
}
_, _, err = mg.mongoClient.Update(CollectionWhitelist, bson.M{
"_id": idobj,
}, bson.M{
"$currentDate": bson.M{
"_ts": bson.M{"$type": "date"},
},
}, options.Update().SetUpsert(false))
if err != nil {
return err
}
}
return nil
}
func (caller apiCaller) serviceAPI(w http.ResponseWriter, r *http.Request) error {
mg := caller.mg
if r.Method == "GET" {
logger.Println("serviceAPI :", r.URL.Path)
if mg.service().Id.IsZero() {
logger.Println(" id is zero")
newService := serviceDescription{
ServiceDescriptionSummary: ServiceDescriptionSummary{
Id: primitive.NewObjectID(),
},
}
if err := newService.prepare(caller.mg); err != nil {
logger.Println(" prepare failed :", err)
return err
}
atomic.StorePointer(&mg.serviceptr, unsafe.Pointer(&newService))
}
w.Write(mg.service().serviceSerialized)
} else if r.Method == "POST" {
body, _ := io.ReadAll(r.Body)
var service serviceDescription
if err := json.Unmarshal(body, &service); err != nil {
return err
}
if len(service.ServerApiTokens) == 0 {
service.ServerApiTokens = []primitive.ObjectID{
primitive.NewObjectIDFromTimestamp(time.Now().Add(-time.Hour * 24 * 30 * 465)),
}
}
filter := bson.M{"_id": service.Id}
success, _, err := mg.mongoClient.Update(CollectionService, filter, bson.M{
"$set": &service,
}, options.Update().SetUpsert(true))
if err != nil {
return err
}
if !success {
logger.Println("serviceAPI failed. not vaild user :", caller.userinfo)
w.WriteHeader(http.StatusBadRequest)
}
}
return nil
}
func (caller apiCaller) maintenanceAPI(w http.ResponseWriter, r *http.Request) error {
mg := caller.mg
if r.Method == "GET" {
w.Write(mg.service().divisionsSerialized)
} else if r.Method == "POST" {
var divs map[string]*Division
dec := json.NewDecoder(r.Body)
if err := dec.Decode(&divs); err != nil {
w.WriteHeader(http.StatusBadRequest)
return err
}
_, _, err := mg.mongoClient.Update(CollectionService, bson.M{
"_id": mg.service().Id,
}, bson.M{
"$set": bson.M{"divisions": divs},
}, options.Update().SetUpsert(false))
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
return err
}
}
return nil
}
func (caller apiCaller) couponAPI(w http.ResponseWriter, r *http.Request) error {
switch r.Method {
case "PUT":
// 쿠폰 생성
logger.Println("begin generateCoupons")
generateCoupons(caller.mg.mongoClient, w, r)
case "POST":
// TODO : 쿠폰 사용
// 쿠폰 사용 표시 해주고 내용을 응답
logger.Println("begin useCoupon")
useCoupon(caller.mg.mongoClient, w, r)
case "GET":
// 쿠폰 조회
if r.Form.Has("code") {
// 쿠폰 코드 조회
logger.Println("begin queryCoupon")
queryCoupon(caller.mg.mongoClient, w, r)
} else if r.Form.Has("name") {
// 쿠폰 코드 다운
logger.Println("begin downloadCoupons")
downloadCoupons(caller.mg.mongoClient, w, r)
} else {
// 쿠폰 이름 목록
logger.Println("begin listAllCouponNames")
listAllCouponNames(caller.mg.mongoClient, w, r)
}
}
return nil
}
var errApiTokenMissing = errors.New("mg-x-api-token is missing")
func (caller apiCaller) configAPI(w http.ResponseWriter, r *http.Request) error {
mg := caller.mg
if !*devflag {
apitoken := r.Header.Get("MG-X-API-TOKEN")
if len(apitoken) == 0 {
return errApiTokenMissing
}
apitokenObj, _ := primitive.ObjectIDFromHex(apitoken)
if !mg.service().isValidToken(apitokenObj) {
return fmt.Errorf("mg-x-api-token is not valid : %s", apitoken)
}
}
return nil
}
func (caller apiCaller) lockcreatecharAPI(w http.ResponseWriter, r *http.Request) error {
mg, err := caller.mg.mongoClient.FindAll(CollectionService, bson.M{})
if err != nil {
return err
}
haschr, _ := gocommon.ReadStringFormValue(r.Form, "haschr")
locked := make(map[string]any)
if haschr == "true" {
locked["lock"] = false
} else {
curregion, _ := gocommon.ReadStringFormValue(r.Form, "region")
for _, regioninfo := range mg {
region := regioninfo["divisions"].(primitive.M)
for idx, rl := range region {
if idx == curregion {
if rl.(primitive.M)["lockcreatechar"].(bool) {
locked["lock"] = true
} else {
locked["lock"] = false
}
}
}
}
}
create, _ := json.Marshal(locked)
w.Write(create)
return nil
}
type apiCaller struct {
userinfo map[string]any
globalAdmins map[string]bool
mg *Maingate
apiToken primitive.ObjectID
}
func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) {
defer func() {
s := recover()
if s != nil {
logger.Error(s)
}
}()
defer func() {
io.Copy(io.Discard, r.Body)
r.Body.Close()
}()
r.ParseMultipartForm(32 << 20)
var userinfo map[string]any
if !*devflag {
authheader := r.Header.Get("Authorization")
if len(authheader) == 0 {
logger.Println("Authorization header is not valid :", authheader)
w.WriteHeader(http.StatusBadRequest)
return
}
req, _ := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil)
req.Header.Add("Authorization", authheader)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
logger.Println("graph microsoft api call failed :", err)
w.WriteHeader(http.StatusBadRequest)
return
}
defer resp.Body.Close()
raw, _ := io.ReadAll(resp.Body)
if err = json.Unmarshal(raw, &userinfo); err != nil {
return
}
if _, expired := userinfo["error"]; expired {
w.WriteHeader(http.StatusUnauthorized)
return
}
}
ptr := atomic.LoadPointer(&mg.admins)
adminsptr := (*globalAdmins)(ptr)
if adminsptr.modtime != gocommon.ConfigModTime() {
var config globalAdmins
if err := gocommon.LoadConfig(&config); err == nil {
config.parse()
adminsptr = &config
atomic.StorePointer(&mg.admins, unsafe.Pointer(adminsptr))
}
}
var apiTokenObj primitive.ObjectID
if !*devflag {
apiToken := r.Header.Get("MG-X-API-TOKEN")
if len(apiToken) > 0 {
obj, err := primitive.ObjectIDFromHex(apiToken)
if err != nil {
logger.Error(err)
w.WriteHeader(http.StatusBadRequest)
return
}
apiTokenObj = obj
}
}
logger.Println("api call :", r.URL.Path, r.Method, r.URL.Query(), userinfo)
caller := apiCaller{
userinfo: userinfo,
globalAdmins: adminsptr.emails,
mg: mg,
apiToken: apiTokenObj,
}
var err error
if strings.HasSuffix(r.URL.Path, "/service") {
err = caller.serviceAPI(w, r)
} else if strings.HasSuffix(r.URL.Path, "/whitelist") {
err = caller.whitelistAPI(w, r)
} else if strings.HasSuffix(r.URL.Path, "/config") {
err = caller.configAPI(w, r)
} else if strings.HasSuffix(r.URL.Path, "/upload") {
err = caller.uploadAPI(w, r)
} else if strings.HasSuffix(r.URL.Path, "/maintenance") {
err = caller.maintenanceAPI(w, r)
} else if strings.HasSuffix(r.URL.Path, "/files") {
err = caller.filesAPI(w, r)
} else if strings.HasSuffix(r.URL.Path, "/block") {
err = caller.blockAPI(w, r)
} else if strings.HasSuffix(r.URL.Path, "/coupon") {
err = caller.couponAPI(w, r)
} else if strings.HasSuffix(r.URL.Path, "/lockcreatechar") {
err = caller.lockcreatecharAPI(w, r)
}
if err != nil {
logger.Error(err)
}
}
Reference in New Issue View Git Blame Copy Permalink