AnthoLume/api/web-routes.go

164 lines
3.5 KiB
Go

package api
import (
"net/http"
argon2 "github.com/alexedwards/argon2id"
"github.com/gin-gonic/gin"
"reichard.io/bbank/database"
)
type infoResponse struct {
Authorized bool `json:"authorized"`
Version string `json:"version"`
}
type queryParams struct {
Page *int64 `form:"page"`
Limit *int64 `form:"limit"`
Document *string `form:"document"`
}
func bindQueryParams(c *gin.Context) queryParams {
var qParams queryParams
c.BindQuery(&qParams)
if qParams.Limit == nil {
var defaultValue int64 = 50
qParams.Limit = &defaultValue
} else if *qParams.Limit < 0 {
var zeroValue int64 = 0
qParams.Limit = &zeroValue
}
if qParams.Page == nil || *qParams.Page < 1 {
var oneValue int64 = 0
qParams.Page = &oneValue
}
return qParams
}
func (api *API) serverInfo(c *gin.Context) {
respData := infoResponse{
Authorized: false,
Version: api.Config.Version,
}
var rHeader authHeader
if err := c.ShouldBindHeader(&rHeader); err != nil {
c.JSON(200, respData)
return
}
if rHeader.AuthUser == "" || rHeader.AuthKey == "" {
c.JSON(200, respData)
return
}
user, err := api.DB.Queries.GetUser(api.DB.Ctx, rHeader.AuthUser)
if err != nil {
c.JSON(200, respData)
return
}
match, err := argon2.ComparePasswordAndHash(rHeader.AuthKey, user.Pass)
if err != nil || match != true {
c.JSON(200, respData)
return
}
respData.Authorized = true
c.JSON(200, respData)
}
func (api *API) getDocuments(c *gin.Context) {
qParams := bindQueryParams(c)
documents, err := api.DB.Queries.GetDocuments(api.DB.Ctx, database.GetDocumentsParams{
Offset: (*qParams.Page - 1) * *qParams.Limit,
Limit: *qParams.Limit,
})
if err != nil {
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"})
return
}
if documents == nil {
documents = []database.Document{}
}
c.JSON(http.StatusOK, documents)
}
func (api *API) getUsers(c *gin.Context) {
rUser, _ := c.Get("AuthorizedUser")
qParams := bindQueryParams(c)
users, err := api.DB.Queries.GetUsers(api.DB.Ctx, database.GetUsersParams{
User: rUser.(string),
Offset: (*qParams.Page - 1) * *qParams.Limit,
Limit: *qParams.Limit,
})
if err != nil {
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"})
return
}
if users == nil {
users = []database.User{}
}
c.JSON(http.StatusOK, users)
}
func (api *API) getActivity(c *gin.Context) {
rUser, _ := c.Get("AuthorizedUser")
qParams := bindQueryParams(c)
dbActivityParams := database.GetActivityParams{
UserID: rUser.(string),
DocFilter: false,
DocumentID: "",
Offset: (*qParams.Page - 1) * *qParams.Limit,
Limit: *qParams.Limit,
}
if qParams.Document != nil {
dbActivityParams.DocFilter = true
dbActivityParams.DocumentID = *qParams.Document
}
activity, err := api.DB.Queries.GetActivity(api.DB.Ctx, dbActivityParams)
if err != nil {
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"})
return
}
if activity == nil {
activity = []database.GetActivityRow{}
}
c.JSON(http.StatusOK, activity)
}
func (api *API) getDevices(c *gin.Context) {
rUser, _ := c.Get("AuthorizedUser")
qParams := bindQueryParams(c)
devices, err := api.DB.Queries.GetDevices(api.DB.Ctx, database.GetDevicesParams{
UserID: rUser.(string),
Offset: (*qParams.Page - 1) * *qParams.Limit,
Limit: *qParams.Limit,
})
if err != nil {
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Invalid Request"})
return
}
if devices == nil {
devices = []database.Device{}
}
c.JSON(http.StatusOK, devices)
}