orchid/servers/certDomainManage.go

package servers

import (
	"context"
	"encoding/json"
	"fmt"
	"github.com/1f349/mjwt"
	"github.com/1f349/orchid/database"
	"github.com/1f349/orchid/renewal"
	"github.com/1f349/orchid/utils"
	"github.com/julienschmidt/httprouter"
	"net/http"
)

func certDomainManageGET(db *database.Queries, signer mjwt.Verifier) httprouter.Handle {
	return checkAuthForCertificate(signer, "orchid:cert:edit", db, func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, certId int64) {
		rows, err := db.GetDomainStatesForCert(context.Background(), certId)
		if err != nil {
			apiError(rw, http.StatusInsufficientStorage, "Database error")
			return
		}

		// write output
		rw.WriteHeader(http.StatusAccepted)
		m := map[string]any{
			"id":      fmt.Sprintf("%d", certId),
			"domains": rows,
		}
		_ = json.NewEncoder(rw).Encode(m)
	})
}

func certDomainManagePUTandDELETE(db *database.Queries, signer mjwt.Verifier, domains utils.DomainChecker) httprouter.Handle {
	return checkAuthForCertificate(signer, "orchid:cert:edit", db, func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, certId int64) {
		// check request type
		isAdd := req.Method == http.MethodPut

		// read domains from request body
		var d []string
		if json.NewDecoder(req.Body).Decode(&d) != nil {
			apiError(rw, http.StatusBadRequest, "Invalid request body")
			return
		}

		// validate all domains
		for _, i := range d {
			if !validateDomainOwnershipClaims(i, b.Claims.Perms) {
				apiError(rw, http.StatusBadRequest, "Token cannot modify a specified domain")
				return
			}
			if !domains.ValidateDomain(i) {
				apiError(rw, http.StatusBadRequest, "Invalid domain")
				return
			}
		}

		// run a safe transaction to insert or update the certificate domains
		if db.UseTx(req.Context(), func(tx *database.Queries) error {
			if isAdd {
				// insert domains to add
				for _, i := range d {
					err := tx.AddDomains(req.Context(), database.AddDomainsParams{
						CertID: certId,
						Domain: i,
						State:  renewal.DomainStateAdded,
					})
					if err != nil {
						return fmt.Errorf("failed to add domains to the database")
					}
				}
			} else {
				// update domains to removed state
				err := tx.UpdateDomains(req.Context(), database.UpdateDomainsParams{
					State:   renewal.DomainStateRemoved,
					Domains: d,
				})
				if err != nil {
					return fmt.Errorf("failed to remove domains from the database")
				}
			}
			return nil
		}) != nil {
			apiError(rw, http.StatusInsufficientStorage, "Database error")
			return
		}

		// write output
		rw.WriteHeader(http.StatusAccepted)
		m := map[string]any{
			"id": fmt.Sprintf("%d", certId),
		}
		if isAdd {
			m["add_domains"] = d
		} else {
			m["remove_domains"] = d
		}
		_ = json.NewEncoder(rw).Encode(m)
	})
}
Loads of API code 2023-07-10 17:51:14 +01:00			`package servers`

			`import (`
Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`"context"`
Loads of API code 2023-07-10 17:51:14 +01:00			`"encoding/json"`
			`"fmt"`
Add endpoint for grabbing owned certificates 2023-11-14 13:24:30 +00:00			`"github.com/1f349/mjwt"`
Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`"github.com/1f349/orchid/database"`
Rename module 2023-07-22 01:39:39 +01:00			`"github.com/1f349/orchid/renewal"`
			`"github.com/1f349/orchid/utils"`
Loads of API code 2023-07-10 17:51:14 +01:00			`"github.com/julienschmidt/httprouter"`
			`"net/http"`
			`)`

Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`func certDomainManageGET(db *database.Queries, signer mjwt.Verifier) httprouter.Handle {`
Continue changes for sqlc 2024-03-09 00:55:06 +00:00			`return checkAuthForCertificate(signer, "orchid:cert:edit", db, func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, certId int64) {`
			`rows, err := db.GetDomainStatesForCert(context.Background(), certId)`
Loads of API code 2023-07-10 17:51:14 +01:00			`if err != nil {`
			`apiError(rw, http.StatusInsufficientStorage, "Database error")`
			`return`
			`}`

			`// write output`
			`rw.WriteHeader(http.StatusAccepted)`
			`m := map[string]any{`
			`"id": fmt.Sprintf("%d", certId),`
Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`"domains": rows,`
Loads of API code 2023-07-10 17:51:14 +01:00			`}`
			`_ = json.NewEncoder(rw).Encode(m)`
			`})`
			`}`

Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`func certDomainManagePUTandDELETE(db *database.Queries, signer mjwt.Verifier, domains utils.DomainChecker) httprouter.Handle {`
			`return checkAuthForCertificate(signer, "orchid:cert:edit", db, func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims, certId int64) {`
Loads of API code 2023-07-10 17:51:14 +01:00			`// check request type`
			`isAdd := req.Method == http.MethodPut`

			`// read domains from request body`
			`var d []string`
			`if json.NewDecoder(req.Body).Decode(&d) != nil {`
			`apiError(rw, http.StatusBadRequest, "Invalid request body")`
			`return`
			`}`

			`// validate all domains`
			`for _, i := range d {`
Use access token permissions to find owned domains 2023-07-12 20:55:53 +01:00			`if !validateDomainOwnershipClaims(i, b.Claims.Perms) {`
Loads of API code 2023-07-10 17:51:14 +01:00			`apiError(rw, http.StatusBadRequest, "Token cannot modify a specified domain")`
			`return`
			`}`
			`if !domains.ValidateDomain(i) {`
			`apiError(rw, http.StatusBadRequest, "Invalid domain")`
			`return`
			`}`
			`}`

			`// run a safe transaction to insert or update the certificate domains`
Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`if db.UseTx(req.Context(), func(tx *database.Queries) error {`
Loads of API code 2023-07-10 17:51:14 +01:00			`if isAdd {`
			`// insert domains to add`
			`for _, i := range d {`
Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`err := tx.AddDomains(req.Context(), database.AddDomainsParams{`
			`CertID: certId,`
			`Domain: i,`
			`State: renewal.DomainStateAdded,`
			`})`
Loads of API code 2023-07-10 17:51:14 +01:00			`if err != nil {`
			`return fmt.Errorf("failed to add domains to the database")`
			`}`
			`}`
			`} else {`
			`// update domains to removed state`
Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`err := tx.UpdateDomains(req.Context(), database.UpdateDomainsParams{`
Continue changes for sqlc 2024-03-09 00:55:06 +00:00			`State: renewal.DomainStateRemoved,`
			`Domains: d,`
Start updating to support sqlc and migrations 2024-03-09 00:31:52 +00:00			`})`
Loads of API code 2023-07-10 17:51:14 +01:00			`if err != nil {`
			`return fmt.Errorf("failed to remove domains from the database")`
			`}`
			`}`
			`return nil`
			`}) != nil {`
			`apiError(rw, http.StatusInsufficientStorage, "Database error")`
			`return`
			`}`

			`// write output`
			`rw.WriteHeader(http.StatusAccepted)`
			`m := map[string]any{`
			`"id": fmt.Sprintf("%d", certId),`
			`}`
			`if isAdd {`
			`m["add_domains"] = d`
			`} else {`
			`m["remove_domains"] = d`
			`}`
			`_ = json.NewEncoder(rw).Encode(m)`
			`})`
			`}`