orchid/servers/api.go

67 lines
1.7 KiB
Go
Raw Normal View History

2023-07-06 01:26:17 +01:00
package servers
import (
"github.com/MrMelon54/mjwt"
"github.com/MrMelon54/mjwt/auth"
oUtils "github.com/MrMelon54/orchid/utils"
vUtils "github.com/MrMelon54/violet/utils"
"github.com/julienschmidt/httprouter"
"net/http"
"time"
)
// NewApiServer creates and runs a http server containing all the API
// endpoints for the software
//
// `/cert` - edit certificate
func NewApiServer(listen string, signer mjwt.Verifier, domains oUtils.DomainChecker) *http.Server {
r := httprouter.New()
// Endpoint for adding a certificate
r.POST("/cert", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
// TODO: register domains to a certificate
vUtils.RespondVioletError(rw, http.StatusNotImplemented, "API unavailable")
rw.WriteHeader(http.StatusNotImplemented)
return
if !hasPerms(signer, req, "orchid:cert:") {
vUtils.RespondHttpStatus(rw, http.StatusForbidden)
return
}
domain := params.ByName("domain")
if !domains.ValidateDomain(domain) {
vUtils.RespondVioletError(rw, http.StatusBadRequest, "Invalid domain")
return
}
rw.WriteHeader(http.StatusAccepted)
})
// Create and run http server
return &http.Server{
Addr: listen,
Handler: r,
ReadTimeout: time.Minute,
ReadHeaderTimeout: time.Minute,
WriteTimeout: time.Minute,
IdleTimeout: time.Minute,
MaxHeaderBytes: 2500,
}
}
func hasPerms(verify mjwt.Verifier, req *http.Request, perm string) bool {
// Get bearer token
bearer := vUtils.GetBearer(req)
if bearer == "" {
return false
}
// Read claims from mjwt
_, b, err := mjwt.ExtractClaims[auth.AccessTokenClaims](verify, bearer)
if err != nil {
return false
}
// Token must have perm
return b.Claims.Perms.Has(perm)
}