mirror of
https://github.com/1f349/orchid.git
synced 2024-11-13 23:51:34 +00:00
67 lines
1.7 KiB
Go
67 lines
1.7 KiB
Go
|
package servers
|
||
|
|
||
|
import (
|
||
|
"github.com/MrMelon54/mjwt"
|
||
|
"github.com/MrMelon54/mjwt/auth"
|
||
|
oUtils "github.com/MrMelon54/orchid/utils"
|
||
|
vUtils "github.com/MrMelon54/violet/utils"
|
||
|
"github.com/julienschmidt/httprouter"
|
||
|
"net/http"
|
||
|
"time"
|
||
|
)
|
||
|
|
||
|
// NewApiServer creates and runs a http server containing all the API
|
||
|
// endpoints for the software
|
||
|
//
|
||
|
// `/cert` - edit certificate
|
||
|
func NewApiServer(listen string, signer mjwt.Verifier, domains oUtils.DomainChecker) *http.Server {
|
||
|
r := httprouter.New()
|
||
|
|
||
|
// Endpoint for adding a certificate
|
||
|
r.POST("/cert", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
|
||
|
// TODO: register domains to a certificate
|
||
|
vUtils.RespondVioletError(rw, http.StatusNotImplemented, "API unavailable")
|
||
|
rw.WriteHeader(http.StatusNotImplemented)
|
||
|
return
|
||
|
|
||
|
if !hasPerms(signer, req, "orchid:cert:") {
|
||
|
vUtils.RespondHttpStatus(rw, http.StatusForbidden)
|
||
|
return
|
||
|
}
|
||
|
domain := params.ByName("domain")
|
||
|
if !domains.ValidateDomain(domain) {
|
||
|
vUtils.RespondVioletError(rw, http.StatusBadRequest, "Invalid domain")
|
||
|
return
|
||
|
}
|
||
|
rw.WriteHeader(http.StatusAccepted)
|
||
|
})
|
||
|
|
||
|
// Create and run http server
|
||
|
return &http.Server{
|
||
|
Addr: listen,
|
||
|
Handler: r,
|
||
|
ReadTimeout: time.Minute,
|
||
|
ReadHeaderTimeout: time.Minute,
|
||
|
WriteTimeout: time.Minute,
|
||
|
IdleTimeout: time.Minute,
|
||
|
MaxHeaderBytes: 2500,
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func hasPerms(verify mjwt.Verifier, req *http.Request, perm string) bool {
|
||
|
// Get bearer token
|
||
|
bearer := vUtils.GetBearer(req)
|
||
|
if bearer == "" {
|
||
|
return false
|
||
|
}
|
||
|
|
||
|
// Read claims from mjwt
|
||
|
_, b, err := mjwt.ExtractClaims[auth.AccessTokenClaims](verify, bearer)
|
||
|
if err != nil {
|
||
|
return false
|
||
|
}
|
||
|
|
||
|
// Token must have perm
|
||
|
return b.Claims.Perms.Has(perm)
|
||
|
}
|