diff --git a/API.md b/API.md deleted file mode 100644 index 937f0ec..0000000 --- a/API.md +++ /dev/null @@ -1,13 +0,0 @@ -# API - -## Original Endpoints - -POST /users/create -GET /users/auth -GET /syncs/progress/:document -PUT /syncs/progress - -## New Endpoints - -GET /syncs/activity -POST /syncs/activity diff --git a/api/api.go b/api/api.go index 40f8025..78b1e04 100644 --- a/api/api.go +++ b/api/api.go @@ -65,7 +65,6 @@ func NewApi(db *database.DBManager, c *config.Config) *API { // Register API Routes apiGroup := api.Router.Group("/api") api.registerKOAPIRoutes(apiGroup) - api.registerWebAPIRoutes(apiGroup) return api } @@ -110,8 +109,6 @@ func (api *API) registerWebAppRoutes() { func (api *API) registerKOAPIRoutes(apiGroup *gin.RouterGroup) { koGroup := apiGroup.Group("/ko") - koGroup.GET("/info", api.serverInfo) - koGroup.POST("/users/create", api.createUser) koGroup.GET("/users/auth", api.authAPIMiddleware, api.authorizeUser) @@ -127,24 +124,6 @@ func (api *API) registerKOAPIRoutes(apiGroup *gin.RouterGroup) { koGroup.POST("/syncs/activity", api.authAPIMiddleware, api.checkActivitySync) } -func (api *API) registerWebAPIRoutes(apiGroup *gin.RouterGroup) { - v1Group := apiGroup.Group("/v1") - - v1Group.GET("/info", api.serverInfo) - - v1Group.POST("/users", api.createUser) - v1Group.GET("/users", api.authAPIMiddleware, api.getUsers) - - v1Group.POST("/documents", api.authAPIMiddleware, api.checkDocumentsSync) - v1Group.GET("/documents", api.authAPIMiddleware, api.getDocuments) - - v1Group.GET("/documents/:document/file", api.authAPIMiddleware, api.downloadDocumentFile) - v1Group.PUT("/documents/:document/file", api.authAPIMiddleware, api.uploadDocumentFile) - - v1Group.GET("/activity", api.authAPIMiddleware, api.getActivity) - v1Group.GET("/devices", api.authAPIMiddleware, api.getDevices) -} - func generateToken(n int) ([]byte, error) { b := make([]byte, n) _, err := rand.Read(b) diff --git a/api/app-routes.go b/api/app-routes.go index 5d5c4f0..09114a3 100644 --- a/api/app-routes.go +++ b/api/app-routes.go @@ -17,6 +17,12 @@ import ( "reichard.io/bbank/metadata" ) +type queryParams struct { + Page *int64 `form:"page"` + Limit *int64 `form:"limit"` + Document *string `form:"document"` +} + type requestDocumentEdit struct { Title *string `form:"title"` Author *string `form:"author"` @@ -332,8 +338,6 @@ func (api *API) editDocument(c *gin.Context) { coverFileName = &fileName } else if rDocEdit.CoverGBID != nil { - // TODO - var coverDir string = filepath.Join(api.Config.DataPath, "covers") fileName, err := metadata.SaveCover(*rDocEdit.CoverGBID, coverDir, rDocID.DocumentID, true) if err == nil { @@ -466,3 +470,23 @@ func (api *API) identifyDocument(c *gin.Context) { c.HTML(http.StatusOK, "document", templateVars) } + +func bindQueryParams(c *gin.Context) queryParams { + var qParams queryParams + c.BindQuery(&qParams) + + if qParams.Limit == nil { + var defaultValue int64 = 50 + qParams.Limit = &defaultValue + } else if *qParams.Limit < 0 { + var zeroValue int64 = 0 + qParams.Limit = &zeroValue + } + + if qParams.Page == nil || *qParams.Page < 1 { + var oneValue int64 = 0 + qParams.Page = &oneValue + } + + return qParams +} diff --git a/api/auth.go b/api/auth.go index f890217..dee8357 100644 --- a/api/auth.go +++ b/api/auth.go @@ -12,6 +12,7 @@ import ( "reichard.io/bbank/database" ) +// KOSync API Auth Headers type authHeader struct { AuthUser string `header:"x-auth-user"` AuthKey string `header:"x-auth-key"` @@ -90,6 +91,8 @@ func (api *API) authFormLogin(c *gin.Context) { }) return } + + // MD5 - KOSync Compatiblity password := fmt.Sprintf("%x", md5.Sum([]byte(rawPassword))) if authorized := api.authorizeCredentials(username, password); authorized != true { @@ -109,13 +112,6 @@ func (api *API) authFormLogin(c *gin.Context) { c.Redirect(http.StatusFound, "/") } -func (api *API) authLogout(c *gin.Context) { - session := sessions.Default(c) - session.Clear() - session.Save() - c.Redirect(http.StatusFound, "/login") -} - func (api *API) authFormRegister(c *gin.Context) { if !api.Config.RegistrationEnabled { c.AbortWithStatus(http.StatusConflict) @@ -173,3 +169,10 @@ func (api *API) authFormRegister(c *gin.Context) { c.Redirect(http.StatusFound, "/") } + +func (api *API) authLogout(c *gin.Context) { + session := sessions.Default(c) + session.Clear() + session.Save() + c.Redirect(http.StatusFound, "/login") +} diff --git a/api/web-routes.go b/api/web-routes.go deleted file mode 100644 index 8a4dded..0000000 --- a/api/web-routes.go +++ /dev/null @@ -1,163 +0,0 @@ -package api - -import ( - "net/http" - - argon2 "github.com/alexedwards/argon2id" - "github.com/gin-gonic/gin" - "reichard.io/bbank/database" -) - -type infoResponse struct { - Authorized bool `json:"authorized"` - Version string `json:"version"` -} - -type queryParams struct { - Page *int64 `form:"page"` - Limit *int64 `form:"limit"` - Document *string `form:"document"` -} - -func bindQueryParams(c *gin.Context) queryParams { - var qParams queryParams - c.BindQuery(&qParams) - - if qParams.Limit == nil { - var defaultValue int64 = 50 - qParams.Limit = &defaultValue - } else if *qParams.Limit < 0 { - var zeroValue int64 = 0 - qParams.Limit = &zeroValue - } - - if qParams.Page == nil || *qParams.Page < 1 { - var oneValue int64 = 0 - qParams.Page = &oneValue - } - - return qParams -} - -func (api *API) serverInfo(c *gin.Context) { - respData := infoResponse{ - Authorized: false, - Version: api.Config.Version, - } - - var rHeader authHeader - if err := c.ShouldBindHeader(&rHeader); err != nil { - c.JSON(200, respData) - return - } - if rHeader.AuthUser == "" || rHeader.AuthKey == "" { - c.JSON(200, respData) - return - } - - user, err := api.DB.Queries.GetUser(api.DB.Ctx, rHeader.AuthUser) - if err != nil { - c.JSON(200, respData) - return - } - - match, err := argon2.ComparePasswordAndHash(rHeader.AuthKey, user.Pass) - if err != nil || match != true { - c.JSON(200, respData) - return - } - - respData.Authorized = true - c.JSON(200, respData) -} - -func (api *API) getDocuments(c *gin.Context) { - qParams := bindQueryParams(c) - - documents, err := api.DB.Queries.GetDocuments(api.DB.Ctx, database.GetDocumentsParams{ - Offset: (*qParams.Page - 1) * *qParams.Limit, - Limit: *qParams.Limit, - }) - if err != nil { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"}) - return - } - - if documents == nil { - documents = []database.Document{} - } - - c.JSON(http.StatusOK, documents) -} - -func (api *API) getUsers(c *gin.Context) { - rUser, _ := c.Get("AuthorizedUser") - qParams := bindQueryParams(c) - - users, err := api.DB.Queries.GetUsers(api.DB.Ctx, database.GetUsersParams{ - User: rUser.(string), - Offset: (*qParams.Page - 1) * *qParams.Limit, - Limit: *qParams.Limit, - }) - if err != nil { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"}) - return - } - - if users == nil { - users = []database.User{} - } - - c.JSON(http.StatusOK, users) -} - -func (api *API) getActivity(c *gin.Context) { - rUser, _ := c.Get("AuthorizedUser") - qParams := bindQueryParams(c) - - dbActivityParams := database.GetActivityParams{ - UserID: rUser.(string), - DocFilter: false, - DocumentID: "", - Offset: (*qParams.Page - 1) * *qParams.Limit, - Limit: *qParams.Limit, - } - - if qParams.Document != nil { - dbActivityParams.DocFilter = true - dbActivityParams.DocumentID = *qParams.Document - } - - activity, err := api.DB.Queries.GetActivity(api.DB.Ctx, dbActivityParams) - if err != nil { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"}) - return - } - - if activity == nil { - activity = []database.GetActivityRow{} - } - - c.JSON(http.StatusOK, activity) -} - -func (api *API) getDevices(c *gin.Context) { - rUser, _ := c.Get("AuthorizedUser") - qParams := bindQueryParams(c) - - devices, err := api.DB.Queries.GetDevices(api.DB.Ctx, database.GetDevicesParams{ - UserID: rUser.(string), - Offset: (*qParams.Page - 1) * *qParams.Limit, - Limit: *qParams.Limit, - }) - if err != nil { - c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"}) - return - } - - if devices == nil { - devices = []database.Device{} - } - - c.JSON(http.StatusOK, devices) -}