seperate routes, provide robust handler types, use mux

2019-07-14 19:32:36 +01:00
parent cbe709025e
commit 5444b328fd
77 changed files with 11880 additions and 1011 deletions
--- a/server/ctrladmin/ctrl.go
+++ b/server/ctrladmin/ctrl.go
@@ -0,0 +1,233 @@
+package ctrladmin
+
+import (
+	"encoding/gob"
+	"fmt"
+	"html/template"
+	"log"
+	"net/http"
+	"path/filepath"
+	"time"
+
+	"github.com/Masterminds/sprig"
+	"github.com/dustin/go-humanize"
+	"github.com/gorilla/securecookie"
+	"github.com/gorilla/sessions"
+	"github.com/oxtoacart/bpool"
+	"github.com/wader/gormstore"
+
+	"senan.xyz/g/gonic/assets"
+	"senan.xyz/g/gonic/model"
+	"senan.xyz/g/gonic/server/ctrlbase"
+	"senan.xyz/g/gonic/server/key"
+)
+
+func init() {
+	gob.Register(&Flash{})
+}
+
+// extendFromPaths /extends/ the given template for every asset
+// with given prefix
+func extendFromPaths(b *template.Template, p string) *template.Template {
+	assets.PrefixDo(p, func(_ string, asset *assets.EmbeddedAsset) {
+		tmplStr := string(asset.Bytes)
+		b = template.Must(b.Parse(tmplStr))
+	})
+	return b
+}
+
+// extendFromPaths /clones/ the given template for every asset
+// with given prefix, extends it, and insert it into a new map
+func pagesFromPaths(b *template.Template, p string) map[string]*template.Template {
+	ret := map[string]*template.Template{}
+	assets.PrefixDo(p, func(path string, asset *assets.EmbeddedAsset) {
+		tmplKey := filepath.Base(path)
+		clone := template.Must(b.Clone())
+		tmplStr := string(asset.Bytes)
+		ret[tmplKey] = template.Must(clone.Parse(tmplStr))
+	})
+	return ret
+}
+
+const (
+	prefixPartials = "partials"
+	prefixLayouts  = "layouts"
+	prefixPages    = "pages"
+)
+
+type Controller struct {
+	*ctrlbase.Controller
+	buffPool  *bpool.BufferPool
+	templates map[string]*template.Template
+	sessDB    *gormstore.Store
+}
+
+func New(base *ctrlbase.Controller) *Controller {
+	sessionKey := []byte(base.DB.GetSetting("session_key"))
+	if len(sessionKey) == 0 {
+		sessionKey = securecookie.GenerateRandomKey(32)
+		base.DB.SetSetting("session_key", string(sessionKey))
+	}
+	tmplBase := template.
+		New("layout").
+		Funcs(sprig.FuncMap()).
+		Funcs(template.FuncMap{
+			"humanDate": humanize.Time,
+		})
+	tmplBase = extendFromPaths(tmplBase, prefixPartials)
+	tmplBase = extendFromPaths(tmplBase, prefixLayouts)
+	return &Controller{
+		Controller: base,
+		buffPool:   bpool.NewBufferPool(64),
+		templates:  pagesFromPaths(tmplBase, prefixPages),
+		sessDB:     gormstore.New(base.DB.DB, sessionKey),
+	}
+}
+
+type templateData struct {
+	// common
+	Flashes []interface{}
+	User    *model.User
+	// home
+	AlbumCount    int
+	ArtistCount   int
+	TrackCount    int
+	RequestRoot   string
+	RecentFolders []*model.Album
+	AllUsers      []*model.User
+	LastScanTime  time.Time
+	IsScanning    bool
+	//
+	CurrentLastFMAPIKey    string
+	CurrentLastFMAPISecret string
+	SelectedUser           *model.User
+}
+
+type adminHandler func(w http.ResponseWriter, r *http.Request) *response
+
+type response struct {
+	// code is 200
+	template string
+	data     *templateData
+	// code is 303
+	redirect string
+	// code is >= 400
+	code int
+	err  string
+}
+
+func (c *Controller) H(h adminHandler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		resp := h(w, r)
+		if resp.redirect != "" {
+			http.Redirect(w, r, resp.redirect, http.StatusSeeOther)
+			return
+		}
+		if resp.err != "" {
+			http.Error(w, resp.err, resp.code)
+			return
+		}
+		if resp.template == "" {
+			http.Error(w, "useless handler return", 500)
+			return
+		}
+		if resp.data == nil {
+			resp.data = &templateData{}
+		}
+		session := r.Context().Value(key.Session).(*sessions.Session)
+		resp.data.Flashes = session.Flashes()
+		if err := session.Save(r, w); err != nil {
+			http.Error(w, fmt.Sprintf("saving session: %v", err), 500)
+			return
+		}
+		resp.data.User, _ = r.Context().Value(key.User).(*model.User)
+		buff := c.buffPool.Get()
+		defer c.buffPool.Put(buff)
+		tmpl, ok := c.templates[resp.template]
+		if !ok {
+			http.Error(w, fmt.Sprintf("finding template %q", resp.template), 500)
+			return
+		}
+		if err := tmpl.Execute(buff, resp.data); err != nil {
+			http.Error(w, fmt.Sprintf("executing template: %v", err), 500)
+			return
+		}
+		w.Header().Set("Content-Type", "text/html; charset=utf-8")
+		buff.WriteTo(w)
+		return
+	})
+}
+
+// ## begin utilities
+// ## begin utilities
+// ## begin utilities
+
+func firstExisting(or string, strings ...string) string {
+	for _, s := range strings {
+		if s != "" {
+			return s
+		}
+	}
+	return or
+}
+
+func sessLogSave(w http.ResponseWriter, r *http.Request, s *sessions.Session) {
+	if err := s.Save(r, w); err != nil {
+		log.Printf("error saving session: %v\n", err)
+	}
+}
+
+type Flash struct {
+	Message string
+	Type    string
+}
+
+func sessAddFlashW(message string, s *sessions.Session) {
+	s.AddFlash(Flash{
+		Message: message,
+		Type:    "warning",
+	})
+}
+
+func sessAddFlashWf(message string, s *sessions.Session, a ...interface{}) {
+	sessAddFlashW(fmt.Sprintf(message, a...), s)
+}
+
+func sessAddFlashN(message string, s *sessions.Session) {
+	s.AddFlash(Flash{
+		Message: message,
+		Type:    "normal",
+	})
+}
+
+func sessAddFlashNf(message string, s *sessions.Session, a ...interface{}) {
+	sessAddFlashN(fmt.Sprintf(message, a...), s)
+}
+
+// ## begin validation
+// ## begin validation
+// ## begin validation
+
+func validateUsername(username string) error {
+	if username == "" {
+		return fmt.Errorf("please enter the username")
+	}
+	return nil
+}
+
+func validatePasswords(pOne, pTwo string) error {
+	if pOne == "" || pTwo == "" {
+		return fmt.Errorf("please enter the password twice")
+	}
+	if !(pOne == pTwo) {
+		return fmt.Errorf("the two passwords entered were not the same")
+	}
+	return nil
+}
+
+func validateAPIKey(apiKey, secret string) error {
+	if apiKey == "" || secret == "" {
+		return fmt.Errorf("please enter both the api key and secret")
+	}
+	return nil
+}
--- a/server/ctrladmin/ctrl_test.go
+++ b/server/ctrladmin/ctrl_test.go
@@ -0,0 +1,40 @@
+package ctrladmin
+
+import "testing"
+
+// silly test for a simple function. i was getting used to
+// testing in go at the time. might aswell keep it though
+func TestFirstExisting(t *testing.T) {
+	cases := []struct {
+		name   string
+		values []string
+		or     string
+		exp    string
+	}{
+		{
+			"none present",
+			[]string{"one", "two", "three"}, "default",
+			"one",
+		},
+		{
+			"first missing",
+			[]string{"", "two", "three"}, "default",
+			"two",
+		},
+		{
+			"all missing",
+			[]string{"", "", ""}, "default",
+			"default",
+		},
+	}
+	for _, tc := range cases {
+		tc := tc // pin
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			actu := firstExisting(tc.or, tc.values...)
+			if actu != tc.exp {
+				t.Errorf("expected %q, got %q", tc.exp, actu)
+			}
+		})
+	}
+}
--- a/server/ctrladmin/handlers.go
+++ b/server/ctrladmin/handlers.go
@@ -0,0 +1,292 @@
+package ctrladmin
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/gorilla/sessions"
+
+	"senan.xyz/g/gonic/model"
+	"senan.xyz/g/gonic/scanner"
+	"senan.xyz/g/gonic/server/key"
+	"senan.xyz/g/gonic/server/lastfm"
+)
+
+func (c *Controller) ServeLogin(w http.ResponseWriter, r *http.Request) *response {
+	return &response{template: "login.tmpl"}
+}
+
+func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) *response {
+	session := r.Context().Value(key.Session).(*sessions.Session)
+	username := r.FormValue("username")
+	password := r.FormValue("password")
+	if username == "" || password == "" {
+		sessAddFlashW("please provide both a username and password", session)
+		sessLogSave(w, r, session)
+		return &response{redirect: r.Referer()}
+	}
+	user := c.DB.GetUserFromName(username)
+	if user == nil || password != user.Password {
+		sessAddFlashW("invalid username / password", session)
+		sessLogSave(w, r, session)
+		return &response{redirect: r.Referer()}
+	}
+	// put the user name into the session. future endpoints after this one
+	// are wrapped with WithUserSession() which will get the name from the
+	// session and put the row into the request context
+	session.Values["user"] = user.Name
+	sessLogSave(w, r, session)
+	return &response{redirect: "/admin/home"}
+}
+
+func (c *Controller) ServeLogout(w http.ResponseWriter, r *http.Request) *response {
+	session := r.Context().Value(key.Session).(*sessions.Session)
+	session.Options.MaxAge = -1
+	sessLogSave(w, r, session)
+	return &response{redirect: "/admin/login"}
+}
+
+func (c *Controller) ServeHome(w http.ResponseWriter, r *http.Request) *response {
+	data := &templateData{}
+	//
+	// stats box
+	c.DB.Table("artists").Count(&data.ArtistCount)
+	c.DB.Table("albums").Count(&data.AlbumCount)
+	c.DB.Table("tracks").Count(&data.TrackCount)
+	//
+	// lastfm box
+	scheme := firstExisting(
+		"http", // fallback
+		r.Header.Get("X-Forwarded-Proto"),
+		r.Header.Get("X-Forwarded-Scheme"),
+		r.URL.Scheme,
+	)
+	host := firstExisting(
+		"localhost:7373", // fallback
+		r.Header.Get("X-Forwarded-Host"),
+		r.Host,
+	)
+	data.RequestRoot = fmt.Sprintf("%s://%s", scheme, host)
+	data.CurrentLastFMAPIKey = c.DB.GetSetting("lastfm_api_key")
+	//
+	// users box
+	c.DB.Find(&data.AllUsers)
+	//
+	// recent folders box
+	c.DB.
+		Where("tag_artist_id IS NOT NULL").
+		Order("modified_at DESC").
+		Limit(8).
+		Find(&data.RecentFolders)
+	data.IsScanning = scanner.IsScanning()
+	if tStr := c.DB.GetSetting("last_scan_time"); tStr != "" {
+		i, _ := strconv.ParseInt(tStr, 10, 64)
+		data.LastScanTime = time.Unix(i, 0)
+	}
+	//
+	return &response{
+		template: "home.tmpl",
+		data:     data,
+	}
+}
+
+func (c *Controller) ServeChangeOwnPassword(w http.ResponseWriter, r *http.Request) *response {
+	return &response{template: "change_own_password.tmpl"}
+}
+
+func (c *Controller) ServeChangeOwnPasswordDo(w http.ResponseWriter, r *http.Request) *response {
+	session := r.Context().Value(key.Session).(*sessions.Session)
+	passwordOne := r.FormValue("password_one")
+	passwordTwo := r.FormValue("password_two")
+	err := validatePasswords(passwordOne, passwordTwo)
+	if err != nil {
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
+		return &response{redirect: r.Referer()}
+	}
+	user := r.Context().Value(key.User).(*model.User)
+	user.Password = passwordOne
+	c.DB.Save(user)
+	return &response{redirect: "/admin/home"}
+}
+
+func (c *Controller) ServeLinkLastFMDo(w http.ResponseWriter, r *http.Request) *response {
+	token := r.URL.Query().Get("token")
+	if token == "" {
+		return &response{
+			err:  "please provide a token",
+			code: 400,
+		}
+	}
+	sessionKey, err := lastfm.GetSession(
+		c.DB.GetSetting("lastfm_api_key"),
+		c.DB.GetSetting("lastfm_secret"),
+		token,
+	)
+	if err != nil {
+		session := r.Context().Value(key.Session).(*sessions.Session)
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
+		return &response{redirect: "/admin/home"}
+	}
+	user := r.Context().Value(key.User).(*model.User)
+	user.LastFMSession = sessionKey
+	c.DB.Save(&user)
+	return &response{redirect: "/admin/home"}
+}
+
+func (c *Controller) ServeUnlinkLastFMDo(w http.ResponseWriter, r *http.Request) *response {
+	user := r.Context().Value(key.User).(*model.User)
+	user.LastFMSession = ""
+	c.DB.Save(&user)
+	return &response{redirect: "/admin/home"}
+}
+
+func (c *Controller) ServeChangePassword(w http.ResponseWriter, r *http.Request) *response {
+	username := r.URL.Query().Get("user")
+	if username == "" {
+		return &response{
+			err:  "please provide a username",
+			code: 400,
+		}
+	}
+	user := c.DB.GetUserFromName(username)
+	if user == nil {
+		return &response{
+			err:  "couldn't find a user with that name",
+			code: 400,
+		}
+	}
+	data := &templateData{}
+	data.SelectedUser = user
+	return &response{
+		template: "change_own_password.tmpl",
+		data:     data,
+	}
+}
+
+func (c *Controller) ServeChangePasswordDo(w http.ResponseWriter, r *http.Request) *response {
+	session := r.Context().Value(key.Session).(*sessions.Session)
+	username := r.URL.Query().Get("user")
+	passwordOne := r.FormValue("password_one")
+	passwordTwo := r.FormValue("password_two")
+	err := validatePasswords(passwordOne, passwordTwo)
+	if err != nil {
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
+		return &response{redirect: r.Referer()}
+	}
+	user := c.DB.GetUserFromName(username)
+	user.Password = passwordOne
+	c.DB.Save(user)
+	return &response{redirect: "/admin/home"}
+}
+
+func (c *Controller) ServeDeleteUser(w http.ResponseWriter, r *http.Request) *response {
+	username := r.URL.Query().Get("user")
+	if username == "" {
+		return &response{
+			err:  "please provide a username",
+			code: 400,
+		}
+	}
+	user := c.DB.GetUserFromName(username)
+	if user == nil {
+		return &response{
+			err:  "couldn't find a user with that name",
+			code: 400,
+		}
+	}
+	data := &templateData{}
+	data.SelectedUser = user
+	return &response{
+		template: "delete_user.tmpl",
+		data:     data,
+	}
+}
+
+func (c *Controller) ServeDeleteUserDo(w http.ResponseWriter, r *http.Request) *response {
+	username := r.URL.Query().Get("user")
+	user := c.DB.GetUserFromName(username)
+	c.DB.Delete(user)
+	return &response{redirect: "/admin/home"}
+}
+
+func (c *Controller) ServeCreateUser(w http.ResponseWriter, r *http.Request) *response {
+	return &response{template: "create_user.tmpl"}
+}
+
+func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) *response {
+	session := r.Context().Value(key.Session).(*sessions.Session)
+	username := r.FormValue("username")
+	err := validateUsername(username)
+	if err != nil {
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
+		return &response{redirect: r.Referer()}
+	}
+	passwordOne := r.FormValue("password_one")
+	passwordTwo := r.FormValue("password_two")
+	err = validatePasswords(passwordOne, passwordTwo)
+	if err != nil {
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
+		return &response{redirect: r.Referer()}
+	}
+	user := model.User{
+		Name:     username,
+		Password: passwordOne,
+	}
+	err = c.DB.Create(&user).Error
+	if err != nil {
+		sessAddFlashWf("could not create user `%s`: %v", session, username, err)
+		sessLogSave(w, r, session)
+		return &response{redirect: r.Referer()}
+	}
+	return &response{redirect: "/admin/home"}
+}
+
+func (c *Controller) ServeUpdateLastFMAPIKey(w http.ResponseWriter, r *http.Request) *response {
+	data := &templateData{}
+	data.CurrentLastFMAPIKey = c.DB.GetSetting("lastfm_api_key")
+	data.CurrentLastFMAPISecret = c.DB.GetSetting("lastfm_secret")
+	return &response{
+		template: "create_user.tmpl",
+		data:     data,
+	}
+}
+
+func (c *Controller) ServeUpdateLastFMAPIKeyDo(w http.ResponseWriter, r *http.Request) *response {
+	session := r.Context().Value(key.Session).(*sessions.Session)
+	apiKey := r.FormValue("api_key")
+	secret := r.FormValue("secret")
+	err := validateAPIKey(apiKey, secret)
+	if err != nil {
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
+		return &response{redirect: r.Referer()}
+	}
+	c.DB.SetSetting("lastfm_api_key", apiKey)
+	c.DB.SetSetting("lastfm_secret", secret)
+	return &response{redirect: r.Referer()}
+}
+
+func (c *Controller) ServeStartScanDo(w http.ResponseWriter, r *http.Request) *response {
+	defer func() {
+		go func() {
+			err := scanner.
+				New(c.DB, c.MusicPath).
+				Start()
+			if err != nil {
+				log.Printf("error while scanning: %v\n", err)
+			}
+		}()
+	}()
+	session := r.Context().Value(key.Session).(*sessions.Session)
+	sessAddFlashN("scan started. refresh for results", session)
+	sessLogSave(w, r, session)
+	return &response{redirect: "/admin/home"}
+}
--- a/server/ctrladmin/middleware.go
+++ b/server/ctrladmin/middleware.go
@@ -0,0 +1,60 @@
+package ctrladmin
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/gorilla/sessions"
+
+	"senan.xyz/g/gonic/model"
+	"senan.xyz/g/gonic/server/key"
+)
+
+func (c *Controller) WithSession(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		session, _ := c.sessDB.Get(r, "gonic")
+		withSession := context.WithValue(r.Context(), key.Session, session)
+		next.ServeHTTP(w, r.WithContext(withSession))
+	})
+}
+
+func (c *Controller) WithUserSession(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// session exists at this point
+		session := r.Context().Value(key.Session).(*sessions.Session)
+		username, ok := session.Values["user"].(string)
+		if !ok {
+			sessAddFlashW("you are not authenticated", session)
+			sessLogSave(w, r, session)
+			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
+			return
+		}
+		// take username from sesion and add the user row to the context
+		user := c.DB.GetUserFromName(username)
+		if user == nil {
+			// the username in the client's session no longer relates to a
+			// user in the database (maybe the user was deleted)
+			session.Options.MaxAge = -1
+			sessLogSave(w, r, session)
+			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
+			return
+		}
+		withUser := context.WithValue(r.Context(), key.User, user)
+		next.ServeHTTP(w, r.WithContext(withUser))
+	})
+}
+
+func (c *Controller) WithAdminSession(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// session and user exist at this point
+		session := r.Context().Value(key.Session).(*sessions.Session)
+		user := r.Context().Value(key.User).(*model.User)
+		if !user.IsAdmin {
+			sessAddFlashW("you are not an admin", session)
+			sessLogSave(w, r, session)
+			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}