2022-07-09 17:42:00 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
"net/http"
|
2022-09-22 09:08:13 +00:00
|
|
|
"strings"
|
2022-07-09 17:42:00 +00:00
|
|
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
)
|
|
|
|
|
|
|
|
func declareAPIRoutes(router *gin.Engine) {
|
|
|
|
apiRoutes := router.Group("/api")
|
|
|
|
apiRoutes.Use(authMiddleware())
|
|
|
|
|
|
|
|
declareAPIAuthRoutes(apiRoutes)
|
2022-11-20 14:28:27 +00:00
|
|
|
declareAPICategoriesRoutes(apiRoutes)
|
2022-07-09 17:42:00 +00:00
|
|
|
declareAPISurveysRoutes(apiRoutes)
|
|
|
|
declareAPIWorksRoutes(apiRoutes)
|
2022-09-10 10:14:11 +00:00
|
|
|
declareAPIKeysRoutes(apiRoutes)
|
2022-12-02 10:48:10 +00:00
|
|
|
declareAPISharesRoutes(apiRoutes)
|
2022-09-05 09:00:46 +00:00
|
|
|
declareCallbacksRoutes(apiRoutes)
|
2022-07-09 17:42:00 +00:00
|
|
|
|
2022-09-04 09:38:10 +00:00
|
|
|
authRoutes := router.Group("")
|
|
|
|
authRoutes.Use(authMiddleware(loggedUser))
|
|
|
|
adminRoutes := router.Group("")
|
|
|
|
adminRoutes.Use(authMiddleware(adminRestricted))
|
|
|
|
initializeGitLabOIDC(router, authRoutes, adminRoutes)
|
|
|
|
|
2022-07-09 17:42:00 +00:00
|
|
|
apiAuthRoutes := router.Group("/api")
|
|
|
|
apiAuthRoutes.Use(authMiddleware(loggedUser))
|
|
|
|
|
|
|
|
declareAPIAuthAsksRoutes(apiAuthRoutes)
|
|
|
|
declareAPIAuthQuestionsRoutes(apiAuthRoutes)
|
|
|
|
declareAPIAuthHelpRoutes(apiAuthRoutes)
|
2022-09-03 14:16:41 +00:00
|
|
|
declareAPIAuthKeysRoutes(apiAuthRoutes)
|
2022-07-09 17:42:00 +00:00
|
|
|
declareAPIAuthSurveysRoutes(apiAuthRoutes)
|
|
|
|
declareAPIAuthUsersRoutes(apiAuthRoutes)
|
|
|
|
declareAPIAuthWorksRoutes(apiAuthRoutes)
|
|
|
|
|
|
|
|
apiAdminRoutes := router.Group("/api")
|
|
|
|
apiAdminRoutes.Use(authMiddleware(adminRestricted))
|
|
|
|
|
2022-09-02 12:08:03 +00:00
|
|
|
apiAdminRoutes.DELETE("/cache", func(c *gin.Context) {
|
|
|
|
_surveys_cache_mutex.Lock()
|
|
|
|
_surveys_cache = map[int64]*Survey{}
|
|
|
|
_surveys_cache_mutex.Unlock()
|
|
|
|
|
|
|
|
_questions_cache_mutex.Lock()
|
|
|
|
_questions_cache = map[int64]*Question{}
|
|
|
|
_questions_cache_mutex.Unlock()
|
|
|
|
})
|
|
|
|
|
2022-09-10 23:05:51 +00:00
|
|
|
declareAPIAdminAuthRoutes(apiAdminRoutes)
|
2022-07-09 17:42:00 +00:00
|
|
|
declareAPIAdminAsksRoutes(apiAdminRoutes)
|
2022-11-20 14:28:27 +00:00
|
|
|
declareAPIAdminCategoriesRoutes(apiRoutes)
|
2022-07-09 17:42:00 +00:00
|
|
|
declareAPIAuthGradesRoutes(apiAdminRoutes)
|
2023-01-01 14:26:58 +00:00
|
|
|
declareAPIAdminGradationRoutes(apiAdminRoutes)
|
2022-07-09 17:42:00 +00:00
|
|
|
declareAPIAdminHelpRoutes(apiAdminRoutes)
|
|
|
|
declareAPIAdminQuestionsRoutes(apiAdminRoutes)
|
2022-09-04 09:38:10 +00:00
|
|
|
declareAPIAuthRepositoriesRoutes(apiAdminRoutes)
|
2022-07-09 17:42:00 +00:00
|
|
|
declareAPIAdminSurveysRoutes(apiAdminRoutes)
|
|
|
|
declareAPIAdminUsersRoutes(apiAdminRoutes)
|
|
|
|
declareAPIAdminWorksRoutes(apiAdminRoutes)
|
|
|
|
}
|
|
|
|
|
|
|
|
func loggedUser(u *User, c *gin.Context) bool {
|
|
|
|
if u != nil {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"errmsg": "Permission Denied"})
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func adminRestricted(u *User, c *gin.Context) bool {
|
|
|
|
if u != nil && u.IsAdmin {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{"errmsg": "Permission Denied"})
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2022-09-22 09:08:13 +00:00
|
|
|
func getSessionFromRequest(c *gin.Context) (*Session, error) {
|
|
|
|
var encodedSession string
|
|
|
|
|
|
|
|
if cookie, err := c.Request.Cookie("auth"); err == nil {
|
|
|
|
encodedSession = cookie.Value
|
|
|
|
} else if flds := strings.Fields(c.GetHeader("Authorization")); len(flds) == 2 && flds[0] == "Bearer" {
|
|
|
|
encodedSession = flds[1]
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(encodedSession) > 0 {
|
|
|
|
if sessionid, err := base64.StdEncoding.DecodeString(encodedSession); err != nil {
|
|
|
|
return nil, err
|
|
|
|
} else {
|
|
|
|
return getSession(sessionid)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2022-07-09 17:42:00 +00:00
|
|
|
func authMiddleware(access ...func(*User, *gin.Context) bool) gin.HandlerFunc {
|
|
|
|
return func(c *gin.Context) {
|
2022-09-22 09:08:13 +00:00
|
|
|
session, err := getSessionFromRequest(c)
|
|
|
|
if err != nil {
|
|
|
|
eraseCookie(c)
|
|
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-07-09 17:42:00 +00:00
|
|
|
var user *User = nil
|
2022-09-22 09:08:13 +00:00
|
|
|
if session == nil || session.IdUser == nil {
|
|
|
|
user = nil
|
|
|
|
} else if std, err := getUser(int(*session.IdUser)); err != nil {
|
|
|
|
eraseCookie(c)
|
|
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
|
|
|
|
return
|
|
|
|
} else {
|
|
|
|
user = std
|
2022-07-09 17:42:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Check access limitation
|
|
|
|
for _, a := range access {
|
|
|
|
if !a(user, c) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Retrieve corresponding user
|
2022-09-04 09:12:37 +00:00
|
|
|
c.Set("Session", session)
|
2022-07-09 17:42:00 +00:00
|
|
|
c.Set("LoggedUser", user)
|
|
|
|
|
|
|
|
// We are now ready to continue
|
|
|
|
c.Next()
|
2022-09-04 09:12:37 +00:00
|
|
|
|
|
|
|
// On return, check if the session has changed
|
|
|
|
if session != nil && session.HasChanged() {
|
|
|
|
session.Update()
|
|
|
|
}
|
2022-07-09 17:42:00 +00:00
|
|
|
}
|
|
|
|
}
|