orchid/servers/api.go

package servers

import (
	"github.com/MrMelon54/mjwt"
	"github.com/MrMelon54/mjwt/auth"
	oUtils "github.com/MrMelon54/orchid/utils"
	vUtils "github.com/MrMelon54/violet/utils"
	"github.com/julienschmidt/httprouter"
	"net/http"
	"time"
)

// NewApiServer creates and runs a http server containing all the API
// endpoints for the software
//
// `/cert` - edit certificate
func NewApiServer(listen string, signer mjwt.Verifier, domains oUtils.DomainChecker) *http.Server {
	r := httprouter.New()

	// Endpoint for adding a certificate
	r.POST("/cert", func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
		// TODO: register domains to a certificate
		vUtils.RespondVioletError(rw, http.StatusNotImplemented, "API unavailable")
		rw.WriteHeader(http.StatusNotImplemented)
		return

		if !hasPerms(signer, req, "orchid:cert:") {
			vUtils.RespondHttpStatus(rw, http.StatusForbidden)
			return
		}
		domain := params.ByName("domain")
		if !domains.ValidateDomain(domain) {
			vUtils.RespondVioletError(rw, http.StatusBadRequest, "Invalid domain")
			return
		}
		rw.WriteHeader(http.StatusAccepted)
	})

	// Create and run http server
	return &http.Server{
		Addr:              listen,
		Handler:           r,
		ReadTimeout:       time.Minute,
		ReadHeaderTimeout: time.Minute,
		WriteTimeout:      time.Minute,
		IdleTimeout:       time.Minute,
		MaxHeaderBytes:    2500,
	}
}

func hasPerms(verify mjwt.Verifier, req *http.Request, perm string) bool {
	// Get bearer token
	bearer := vUtils.GetBearer(req)
	if bearer == "" {
		return false
	}

	// Read claims from mjwt
	_, b, err := mjwt.ExtractClaims[auth.AccessTokenClaims](verify, bearer)
	if err != nil {
		return false
	}

	// Token must have perm
	return b.Claims.Perms.Has(perm)
}