commit 4c49b0fe6dafd9047b6f3568a881846114750cf5 Author: konrad Date: Fri Nov 30 22:36:20 2018 +0100 initial commit diff --git a/handler/create.go b/handler/create.go new file mode 100644 index 0000000..302f413 --- /dev/null +++ b/handler/create.go @@ -0,0 +1,61 @@ +// Vikunja is a todo-list application to facilitate your life. +// Copyright 2018 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package handler + +import ( + "code.vikunja.io/api/pkg/web" + "github.com/labstack/echo" + "github.com/op/go-logging" + "net/http" +) + +// CreateWeb is the handler to create an object +func (c *WebHandler) CreateWeb(ctx echo.Context) error { + // Get our model + currentStruct := c.EmptyStruct() + + // Get the object & bind params to struct + if err := ParamBinder(currentStruct, ctx); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "No or invalid model provided.") + } + + // Validate the struct + if err := ctx.Validate(currentStruct); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, err) + } + + // Get the user to pass for later checks + authprovider := ctx.Get("AuthProvider").(*web.Auths) + currentAuth, err := authprovider.AuthObject(ctx) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.") + } + + // Check rights + if !currentStruct.CanCreate(currentAuth) { + ctx.Get("LoggingProvider").(*logging.Logger).Noticef("Tried to create while not having the rights for it", currentAuth) + return echo.NewHTTPError(http.StatusForbidden) + } + + // Create + err = currentStruct.Create(currentAuth) + if err != nil { + return HandleHTTPError(err, ctx) + } + + return ctx.JSON(http.StatusCreated, currentStruct) +} diff --git a/handler/delete.go b/handler/delete.go new file mode 100644 index 0000000..06d1415 --- /dev/null +++ b/handler/delete.go @@ -0,0 +1,58 @@ +// Vikunja is a todo-list application to facilitate your life. +// Copyright 2018 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package handler + +import ( + "code.vikunja.io/api/pkg/web" + "github.com/labstack/echo" + "github.com/op/go-logging" + "net/http" +) + +type message struct { + Message string `json:"message"` +} + +// DeleteWeb is the web handler to delete something +func (c *WebHandler) DeleteWeb(ctx echo.Context) error { + + // Get our model + currentStruct := c.EmptyStruct() + + // Bind params to struct + if err := ParamBinder(currentStruct, ctx); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "Invalid URL param.") + } + + // Check if the user has the right to delete + authprovider := ctx.Get("AuthProvider").(*web.Auths) + currentAuth, err := authprovider.AuthObject(ctx) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError) + } + if !currentStruct.CanDelete(currentAuth) { + ctx.Get("LoggingProvider").(*logging.Logger).Noticef("Tried to delete while not having the rights for it", currentAuth) + return echo.NewHTTPError(http.StatusForbidden) + } + + err = currentStruct.Delete() + if err != nil { + return HandleHTTPError(err, ctx) + } + + return ctx.JSON(http.StatusOK, message{"Successfully deleted."}) +} diff --git a/handler/helper.go b/handler/helper.go new file mode 100644 index 0000000..2e1bc2e --- /dev/null +++ b/handler/helper.go @@ -0,0 +1,46 @@ +// Vikunja is a todo-list application to facilitate your life. +// Copyright 2018 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package handler + +import ( + "code.vikunja.io/api/pkg/web" + "github.com/labstack/echo" + "github.com/op/go-logging" + "net/http" +) + +// WebHandler defines the webhandler object +// This does web stuff, aka returns json etc. Uses CRUDable Methods to get the data +type WebHandler struct { + EmptyStruct func() CObject +} + +// CObject is the definition of our object, holds the structs +type CObject interface { + web.CRUDable + web.Rights +} + +// HandleHTTPError does what it says +func HandleHTTPError(err error, ctx echo.Context) *echo.HTTPError { + if a, has := err.(web.HTTPErrorProcessor); has { + errDetails := a.HTTPError() + return echo.NewHTTPError(errDetails.HTTPCode, errDetails) + } + ctx.Get("LoggingProvider").(*logging.Logger).Error(err.Error()) + return echo.NewHTTPError(http.StatusInternalServerError) +} diff --git a/handler/paramBinder.go b/handler/paramBinder.go new file mode 100644 index 0000000..7caf4c4 --- /dev/null +++ b/handler/paramBinder.go @@ -0,0 +1,288 @@ +// Vikunja is a todo-list application to facilitate your life. +// Copyright 2018 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package handler + +import ( + "errors" + "github.com/labstack/echo" + "reflect" + "strconv" + "strings" +) + +const paramTagName = "param" + +// ParamBinder binds parameters to a struct. +// Currently a working implementation, waiting to implement this officially into echo. +func ParamBinder(i interface{}, c echo.Context) (err error) { + + // Default binder + db := new(echo.DefaultBinder) + if err = db.Bind(i, c); err != nil { + return + } + + paramNames := c.ParamNames() + paramValues := c.ParamValues() + paramVars := make(map[string][]string) + for in, name := range paramNames { + // Hotfix for an echo bug where a param name would show up which dont exist + names := strings.Split(name, ",") + for _, n := range names { + paramVars[n] = append(paramVars[name], paramValues[in]) + } + } + + b := Binder{} + err = b.bindData(i, paramVars, paramTagName) + + /* + // Our custom magic starts here + paramNames := c.ParamNames() + paramValues := c.ParamValues() + + v := reflect.ValueOf(i) + t := reflect.TypeOf(i) + s := reflect.ValueOf(i).Elem() + for i := 0; i < v.NumField(); i++ { + field := t.Field(i) + f := s.Field(i) + + // Check if it has a param tag + tag := field.Tag.Get(paramTagName) + if tag != "" { + // If it has one, range over all url parameters to see if we have a match + for in, name := range paramNames { + // Found match + if tag == name { + // Put the value of that match in our sruct + switch field.Type.Name() { + case "int64": // SetInt only accepts int64, so the struct field can only have int64 of int (no int32/16/int...) + intParam, err := strconv.ParseInt(paramValues[in], 10, 64) + f.SetInt(intParam) + + if err != nil { + return err + } + case "string": + f.SetString(paramValues[in]) + } + } + } + } + + + + + //f.SetString("blub") + + }*/ + + return +} + +// Binder represents a binder +type Binder struct{} + +func (b *Binder) bindData(ptr interface{}, data map[string][]string, tag string) error { + typ := reflect.TypeOf(ptr).Elem() + val := reflect.ValueOf(ptr).Elem() + + if typ.Kind() != reflect.Struct { + return errors.New("Binding element must be a struct") + } + + for i := 0; i < typ.NumField(); i++ { + typeField := typ.Field(i) + structField := val.Field(i) + if !structField.CanSet() { + continue + } + structFieldKind := structField.Kind() + inputFieldName := typeField.Tag.Get(tag) + + if inputFieldName == "" { + inputFieldName = typeField.Name + // If tag is nil, we inspect if the field is a struct. + if _, ok := bindUnmarshaler(structField); !ok && structFieldKind == reflect.Struct { + err := b.bindData(structField.Addr().Interface(), data, tag) + if err != nil { + return err + } + continue + } + } + inputValue, exists := data[inputFieldName] + if !exists { + continue + } + + // Call this first, in case we're dealing with an alias to an array type + if ok, err := unmarshalField(typeField.Type.Kind(), inputValue[0], structField); ok { + if err != nil { + return err + } + continue + } + + numElems := len(inputValue) + if structFieldKind == reflect.Slice && numElems > 0 { + sliceOf := structField.Type().Elem().Kind() + slice := reflect.MakeSlice(structField.Type(), numElems, numElems) + for j := 0; j < numElems; j++ { + if err := setWithProperType(sliceOf, inputValue[j], slice.Index(j)); err != nil { + return err + } + } + val.Field(i).Set(slice) + } else { + if err := setWithProperType(typeField.Type.Kind(), inputValue[0], structField); err != nil { + return err + } + } + } + return nil +} + +func setWithProperType(valueKind reflect.Kind, val string, structField reflect.Value) error { + // But also call it here, in case we're dealing with an array of BindUnmarshalers + if ok, err := unmarshalField(valueKind, val, structField); ok { + return err + } + + switch valueKind { + case reflect.Int: + return setIntField(val, 0, structField) + case reflect.Int8: + return setIntField(val, 8, structField) + case reflect.Int16: + return setIntField(val, 16, structField) + case reflect.Int32: + return setIntField(val, 32, structField) + case reflect.Int64: + return setIntField(val, 64, structField) + case reflect.Uint: + return setUintField(val, 0, structField) + case reflect.Uint8: + return setUintField(val, 8, structField) + case reflect.Uint16: + return setUintField(val, 16, structField) + case reflect.Uint32: + return setUintField(val, 32, structField) + case reflect.Uint64: + return setUintField(val, 64, structField) + case reflect.Bool: + return setBoolField(val, structField) + case reflect.Float32: + return setFloatField(val, 32, structField) + case reflect.Float64: + return setFloatField(val, 64, structField) + case reflect.String: + structField.SetString(val) + default: + return errors.New("unknown type") + } + return nil +} + +func setIntField(value string, bitSize int, field reflect.Value) error { + if value == "" { + value = "0" + } + intVal, err := strconv.ParseInt(value, 10, bitSize) + if err == nil { + field.SetInt(intVal) + } + return err +} + +func setUintField(value string, bitSize int, field reflect.Value) error { + if value == "" { + value = "0" + } + uintVal, err := strconv.ParseUint(value, 10, bitSize) + if err == nil { + field.SetUint(uintVal) + } + return err +} + +func setBoolField(value string, field reflect.Value) error { + if value == "" { + value = "false" + } + boolVal, err := strconv.ParseBool(value) + if err == nil { + field.SetBool(boolVal) + } + return err +} + +func setFloatField(value string, bitSize int, field reflect.Value) error { + if value == "" { + value = "0.0" + } + floatVal, err := strconv.ParseFloat(value, bitSize) + if err == nil { + field.SetFloat(floatVal) + } + return err +} + +// BindUnmarshaler type +type BindUnmarshaler interface { + // UnmarshalParam decodes and assigns a value from an form or query param. + UnmarshalParam(param string) error +} + +// bindUnmarshaler attempts to unmarshal a reflect.Value into a BindUnmarshaler +func bindUnmarshaler(field reflect.Value) (BindUnmarshaler, bool) { + ptr := reflect.New(field.Type()) + if ptr.CanInterface() { + iface := ptr.Interface() + if unmarshaler, ok := iface.(BindUnmarshaler); ok { + return unmarshaler, ok + } + } + return nil, false +} + +func unmarshalField(valueKind reflect.Kind, val string, field reflect.Value) (bool, error) { + switch valueKind { + case reflect.Ptr: + return unmarshalFieldPtr(val, field) + default: + return unmarshalFieldNonPtr(val, field) + } +} + +func unmarshalFieldNonPtr(value string, field reflect.Value) (bool, error) { + if unmarshaler, ok := bindUnmarshaler(field); ok { + err := unmarshaler.UnmarshalParam(value) + field.Set(reflect.ValueOf(unmarshaler).Elem()) + return true, err + } + return false, nil +} + +func unmarshalFieldPtr(value string, field reflect.Value) (bool, error) { + if field.IsNil() { + // Initialize the pointer to a nil value + field.Set(reflect.New(field.Type().Elem())) + } + return unmarshalFieldNonPtr(value, field.Elem()) +} diff --git a/handler/read_all.go b/handler/read_all.go new file mode 100644 index 0000000..3b28154 --- /dev/null +++ b/handler/read_all.go @@ -0,0 +1,66 @@ +// Vikunja is a todo-list application to facilitate your life. +// Copyright 2018 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package handler + +import ( + "code.vikunja.io/api/pkg/web" + "github.com/labstack/echo" + "github.com/op/go-logging" + "net/http" + "strconv" +) + +// ReadAllWeb is the webhandler to get all objects of a type +func (c *WebHandler) ReadAllWeb(ctx echo.Context) error { + // Get our model + currentStruct := c.EmptyStruct() + + authprovider := ctx.Get("AuthProvider").(*web.Auths) + currentAuth, err := authprovider.AuthObject(ctx) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.") + } + + // Get the object & bind params to struct + if err := ParamBinder(currentStruct, ctx); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "No or invalid model provided.") + } + + // Pagination + page := ctx.QueryParam("page") + if page == "" { + page = "1" + } + pageNumber, err := strconv.Atoi(page) + if err != nil { + ctx.Get("LoggingProvider").(*logging.Logger).Error(err.Error()) + return echo.NewHTTPError(http.StatusBadRequest, "Bad page requested.") + } + if pageNumber < 0 { + return echo.NewHTTPError(http.StatusBadRequest, "Bad page requested.") + } + + // Search + search := ctx.QueryParam("s") + + lists, err := currentStruct.ReadAll(search, currentAuth, pageNumber) + if err != nil { + return HandleHTTPError(err, ctx) + } + + return ctx.JSON(http.StatusOK, lists) +} diff --git a/handler/read_one.go b/handler/read_one.go new file mode 100644 index 0000000..dd9f280 --- /dev/null +++ b/handler/read_one.go @@ -0,0 +1,55 @@ +// Vikunja is a todo-list application to facilitate your life. +// Copyright 2018 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package handler + +import ( + "code.vikunja.io/api/pkg/web" + "github.com/labstack/echo" + "github.com/op/go-logging" + "net/http" +) + +// ReadOneWeb is the webhandler to get one object +func (c *WebHandler) ReadOneWeb(ctx echo.Context) error { + // Get our model + currentStruct := c.EmptyStruct() + + // Get the object & bind params to struct + if err := ParamBinder(currentStruct, ctx); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "No or invalid model provided.") + } + + // Get our object + err := currentStruct.ReadOne() + if err != nil { + return HandleHTTPError(err, ctx) + } + + // Check rights + // We can only check the rights on a full object, which is why we need to check it afterwards + authprovider := ctx.Get("AuthProvider").(*web.Auths) + currentAuth, err := authprovider.AuthObject(ctx) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.") + } + if !currentStruct.CanRead(currentAuth) { + ctx.Get("LoggingProvider").(*logging.Logger).Noticef("Tried to read one while not having the rights for it", currentAuth) + return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this") + } + + return ctx.JSON(http.StatusOK, currentStruct) +} diff --git a/handler/update.go b/handler/update.go new file mode 100644 index 0000000..3124005 --- /dev/null +++ b/handler/update.go @@ -0,0 +1,60 @@ +// Vikunja is a todo-list application to facilitate your life. +// Copyright 2018 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package handler + +import ( + "code.vikunja.io/api/pkg/web" + "github.com/labstack/echo" + "github.com/op/go-logging" + "net/http" +) + +// UpdateWeb is the webhandler to update an object +func (c *WebHandler) UpdateWeb(ctx echo.Context) error { + + // Get our model + currentStruct := c.EmptyStruct() + + // Get the object & bind params to struct + if err := ParamBinder(currentStruct, ctx); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "No or invalid model provided.") + } + + // Validate the struct + if err := ctx.Validate(currentStruct); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, err) + } + + // Check if the user has the right to do that + authprovider := ctx.Get("AuthProvider").(*web.Auths) + currentAuth, err := authprovider.AuthObject(ctx) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.") + } + if !currentStruct.CanUpdate(currentAuth) { + ctx.Get("LoggingProvider").(*logging.Logger).Noticef("Tried to update while not having the rights for it", currentAuth) + return echo.NewHTTPError(http.StatusForbidden) + } + + // Do the update + err = currentStruct.Update() + if err != nil { + return HandleHTTPError(err, ctx) + } + + return ctx.JSON(http.StatusOK, currentStruct) +} diff --git a/web.go b/web.go new file mode 100644 index 0000000..a3941e0 --- /dev/null +++ b/web.go @@ -0,0 +1,65 @@ +// Vikunja is a todo-list application to facilitate your life. +// Copyright 2018 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +package web + +import "github.com/labstack/echo" + +// Rights defines rights methods +type Rights interface { + IsAdmin(Auth) bool + CanWrite(Auth) bool + CanRead(Auth) bool + CanDelete(Auth) bool + CanUpdate(Auth) bool + CanCreate(Auth) bool +} + +// CRUDable defines the crud methods +type CRUDable interface { + Create(Auth) error + ReadOne() error + ReadAll(string, Auth, int) (interface{}, error) + Update() error + Delete() error +} + +// HTTPErrorProcessor is executed when the defined error is thrown, it will make sure the user sees an appropriate error message and http status code +type HTTPErrorProcessor interface { + HTTPError() HTTPError +} + +// HTTPError holds informations about an http error +type HTTPError struct { + HTTPCode int `json:"-"` + Code int `json:"code"` + Message string `json:"message"` +} + +// Auth defines the authentication interface used to get some auth thing +type Auth interface { + AuthDummy() +} + +// Authprovider is a holder for the implementation of an authprovider by the application +type Authprovider interface { + GetAuthObject(echo.Context) (Auth, error) +} + +// Auths holds the authobject +type Auths struct { + AuthObject func(echo.Context) (Auth, error) +}