vain/server.go

package vain

import (
	"encoding/json"
	"fmt"
	"log"
	"net/http"
	"net/mail"
	"strings"

	verrors "mcquay.me/vain/errors"
)

const apiPrefix = "/api/v0/"

var prefix map[string]string

func init() {
	prefix = map[string]string{
		"pkgs":     apiPrefix + "db/",
		"register": apiPrefix + "register/",
		"confirm":  apiPrefix + "confirm/",
		"forgot":   apiPrefix + "forgot/",
	}
}

// NewServer populates a server, adds the routes, and returns it for use.
func NewServer(sm *http.ServeMux, store *DB) *Server {
	s := &Server{
		db: store,
	}
	addRoutes(sm, s)
	return s
}

// Server serves up the http.
type Server struct {
	db *DB
}

func (s *Server) ServeHTTP(w http.ResponseWriter, req *http.Request) {
	if req.Method == "GET" {
		// TODO: perhaps have a nicely formatted page with info as root if
		// go-get=1 not in request?
		fmt.Fprintf(w, "<!DOCTYPE html>\n<html><head>\n")
		for _, p := range s.db.Pkgs() {
			fmt.Fprintf(w, "%s\n", p)
		}
		fmt.Fprintf(w, "</head>\n<body><p>go tool metadata in head</p></body>\n</html>\n")
		return
	}

	const prefix = "Bearer "
	var tok string
	auth := req.Header.Get("Authorization")
	if strings.HasPrefix(auth, prefix) {
		tok = strings.TrimPrefix(auth, prefix)
	}
	if tok == "" {
		http.Error(w, "missing token", http.StatusUnauthorized)
		return
	}
	ns, err := parseNamespace(req.URL.Path)
	if err != nil {
		http.Error(w, fmt.Sprintf("could not parse namespace:%v", err), http.StatusBadRequest)
		return
	}

	if err := verrors.ToHTTP(s.db.NSForToken(ns, tok)); err != nil {
		http.Error(w, err.Message, err.Code)
		return
	}

	switch req.Method {
	case "POST":
		if req.URL.Path == "/" {
			http.Error(w, fmt.Sprintf("invalid path %q", req.URL.Path), http.StatusBadRequest)
			return
		}
		p := Package{}
		if err := json.NewDecoder(req.Body).Decode(&p); err != nil {
			http.Error(w, fmt.Sprintf("unable to parse json from body: %v", err), http.StatusBadRequest)
			return
		}
		if p.Repo == "" {
			http.Error(w, fmt.Sprintf("invalid repository %q", p.Repo), http.StatusBadRequest)
			return
		}
		if p.Vcs == "" {
			p.Vcs = "git"
		}
		if !valid(p.Vcs) {
			http.Error(w, fmt.Sprintf("invalid vcs %q", p.Vcs), http.StatusBadRequest)
			return
		}
		p.Path = fmt.Sprintf("%s/%s", req.Host, strings.Trim(req.URL.Path, "/"))
		p.Ns = ns
		if !Valid(p.Path, s.db.Pkgs()) {
			http.Error(w, fmt.Sprintf("invalid path; prefix already taken %q", req.URL.Path), http.StatusConflict)
			return
		}
		if err := s.db.AddPackage(p); err != nil {
			http.Error(w, fmt.Sprintf("unable to add package: %v", err), http.StatusInternalServerError)
			return
		}
	case "DELETE":
		p := fmt.Sprintf("%s/%s", req.Host, strings.Trim(req.URL.Path, "/"))
		if !s.db.PackageExists(p) {
			http.Error(w, fmt.Sprintf("package %q not found", p), http.StatusNotFound)
			return
		}

		if err := s.db.RemovePackage(p); err != nil {
			http.Error(w, fmt.Sprintf("unable to delete package: %v", err), http.StatusInternalServerError)
			return
		}
	default:
		http.Error(w, fmt.Sprintf("unsupported method %q; accepted: POST, GET, DELETE", req.Method), http.StatusMethodNotAllowed)
	}
}

func (s *Server) register(w http.ResponseWriter, req *http.Request) {
	req.ParseForm()
	email, ok := req.Form["email"]
	if !ok || len(email) != 1 {
		http.Error(w, "must provide one email parameter", http.StatusBadRequest)
		return
	}

	addr := email[0]
	if _, err := mail.ParseAddress(addr); err != nil {
		http.Error(w, fmt.Sprintf("invalid email detected: %v", err), http.StatusBadRequest)
		return
	}

	tok, err := s.db.Register(addr)
	if err := verrors.ToHTTP(err); err != nil {
		http.Error(w, err.Message, err.Code)
		return
	}
	proto := "https"
	if req.TLS == nil {
		proto = "http"
	}
	log.Printf("%s://%s/api/v0/confirm/%+v", proto, req.Host, tok)
	fmt.Fprintf(w, "please check your email\n")
}

func (s *Server) confirm(w http.ResponseWriter, req *http.Request) {
	tok := req.URL.Path[len(prefix["confirm"]):]
	tok = strings.TrimRight(tok, "/")
	if tok == "" {
		http.Error(w, "must provide one email parameter", http.StatusBadRequest)
		return
	}
	tok, err := s.db.Confirm(tok)
	if err := verrors.ToHTTP(err); err != nil {
		http.Error(w, err.Message, err.Code)
		return
	}
	fmt.Fprintf(w, "new token: %s\n", tok)
}

func (s *Server) forgot(w http.ResponseWriter, req *http.Request) {
	req.ParseForm()
	email, ok := req.Form["email"]
	if !ok || len(email) != 1 {
		http.Error(w, "must provide one email parameter", http.StatusBadRequest)
		return
	}

	addr := email[0]
	if _, err := mail.ParseAddress(addr); err != nil {
		http.Error(w, fmt.Sprintf("invalid email detected: %v", err), http.StatusBadRequest)
		return
	}

	tok, err := s.db.forgot(addr)
	if err := verrors.ToHTTP(err); err != nil {
		http.Error(w, err.Message, err.Code)
		return
	}
	log.Printf("http://%s/api/v0/confirm/%+v", req.Host, tok)
	fmt.Fprintf(w, "please check your email\n")
}
func (s *Server) pkgs(w http.ResponseWriter, req *http.Request) {
	w.Header().Set("Content-type", "application/json")
	json.NewEncoder(w).Encode(s.db.Pkgs())
}

func addRoutes(sm *http.ServeMux, s *Server) {
	sm.Handle("/", s)

	sm.HandleFunc(prefix["pkgs"], s.pkgs)
	sm.HandleFunc(prefix["register"], s.register)
	sm.HandleFunc(prefix["confirm"], s.confirm)
	sm.HandleFunc(prefix["forgot"], s.forgot)
}
moved ysv -> vain 2016-02-11 11:57:16 -08:00			`package vain`
Added an http server 2016-02-08 00:15:22 -08:00
stubbed out supported methods on / 2016-02-11 12:12:13 -08:00			`import (`
simple in-memory storage working for POST/GET 2016-02-13 01:18:06 -08:00			`"encoding/json"`
stubbed out supported methods on / 2016-02-11 12:12:13 -08:00			`"fmt"`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`"log"`
stubbed out supported methods on / 2016-02-11 12:12:13 -08:00			`"net/http"`
validate email on register/forgot Fixes #21. Change-Id: I21bfd87d6fd730e8a90ceec77c9b23a90bc397e9 2016-04-22 23:50:23 -07:00			`"net/mail"`
simple in-memory storage working for POST/GET 2016-02-13 01:18:06 -08:00			`"strings"`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00
			`verrors "mcquay.me/vain/errors"`
stubbed out supported methods on / 2016-02-11 12:12:13 -08:00			`)`
Added an http server 2016-02-08 00:15:22 -08:00
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`const apiPrefix = "/api/v0/"`

			`var prefix map[string]string`

			`func init() {`
			`prefix = map[string]string{`
			`"pkgs": apiPrefix + "db/",`
			`"register": apiPrefix + "register/",`
			`"confirm": apiPrefix + "confirm/",`
			`"forgot": apiPrefix + "forgot/",`
			`}`
			`}`

Addressing go vet / golint 2016-02-15 01:10:14 -08:00			`// NewServer populates a server, adds the routes, and returns it for use.`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`func NewServer(sm http.ServeMux, store DB) *Server {`
Addressing go vet / golint 2016-02-15 01:10:14 -08:00			`s := &Server{`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`db: store,`
Addressing go vet / golint 2016-02-15 01:10:14 -08:00			`}`
vcs as string, not int. No longer do we keep track of const iota style. Just encode the behavior in the server for defaults, add a validation function, call it a day. Change-Id: I603e9dd287a57084c78c543f1ce83b0acf47a765 2016-02-23 22:09:29 -08:00			`addRoutes(sm, s)`
Addressing go vet / golint 2016-02-15 01:10:14 -08:00			`return s`
			`}`

			`// Server serves up the http.`
Added an http server 2016-02-08 00:15:22 -08:00			`type Server struct {`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`db *DB`
Added an http server 2016-02-08 00:15:22 -08:00			`}`

stubbed out supported methods on / 2016-02-11 12:12:13 -08:00			`func (s Server) ServeHTTP(w http.ResponseWriter, req http.Request) {`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`if req.Method == "GET" {`
			`// TODO: perhaps have a nicely formatted page with info as root if`
			`// go-get=1 not in request?`
simple in-memory storage working for POST/GET 2016-02-13 01:18:06 -08:00			`fmt.Fprintf(w, "<!DOCTYPE html>\n<html><head>\n")`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`for _, p := range s.db.Pkgs() {`
simple in-memory storage working for POST/GET 2016-02-13 01:18:06 -08:00			`fmt.Fprintf(w, "%s\n", p)`
			`}`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`fmt.Fprintf(w, "</head>\n<body><p>go tool metadata in head</p></body>\n</html>\n")`
			`return`
			`}`

			`const prefix = "Bearer "`
			`var tok string`
			`auth := req.Header.Get("Authorization")`
			`if strings.HasPrefix(auth, prefix) {`
			`tok = strings.TrimPrefix(auth, prefix)`
			`}`
			`if tok == "" {`
			`http.Error(w, "missing token", http.StatusUnauthorized)`
			`return`
			`}`
			`ns, err := parseNamespace(req.URL.Path)`
			`if err != nil {`
			`http.Error(w, fmt.Sprintf("could not parse namespace:%v", err), http.StatusBadRequest)`
			`return`
			`}`

			`if err := verrors.ToHTTP(s.db.NSForToken(ns, tok)); err != nil {`
			`http.Error(w, err.Message, err.Code)`
			`return`
			`}`

			`switch req.Method {`
stubbed out supported methods on / 2016-02-11 12:12:13 -08:00			`case "POST":`
simple in-memory storage working for POST/GET 2016-02-13 01:18:06 -08:00			`if req.URL.Path == "/" {`
			`http.Error(w, fmt.Sprintf("invalid path %q", req.URL.Path), http.StatusBadRequest)`
			`return`
			`}`
			`p := Package{}`
			`if err := json.NewDecoder(req.Body).Decode(&p); err != nil {`
Addressing go vet / golint 2016-02-15 01:10:14 -08:00			`http.Error(w, fmt.Sprintf("unable to parse json from body: %v", err), http.StatusBadRequest)`
			`return`
			`}`
			`if p.Repo == "" {`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`http.Error(w, fmt.Sprintf("invalid repository %q", p.Repo), http.StatusBadRequest)`
simple in-memory storage working for POST/GET 2016-02-13 01:18:06 -08:00			`return`
			`}`
vcs as string, not int. No longer do we keep track of const iota style. Just encode the behavior in the server for defaults, add a validation function, call it a day. Change-Id: I603e9dd287a57084c78c543f1ce83b0acf47a765 2016-02-23 22:09:29 -08:00			`if p.Vcs == "" {`
			`p.Vcs = "git"`
			`}`
			`if !valid(p.Vcs) {`
			`http.Error(w, fmt.Sprintf("invalid vcs %q", p.Vcs), http.StatusBadRequest)`
			`return`
			`}`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`p.Path = fmt.Sprintf("%s/%s", req.Host, strings.Trim(req.URL.Path, "/"))`
			`p.Ns = ns`
			`if !Valid(p.Path, s.db.Pkgs()) {`
Prevent addition of duplicate path prefixes. I think I understand this now; the failure comes from here: https://golang.org/src/cmd/go/vcs.go#L818 and makes it so one can't both host: - github.com/foo - github.com/foo/bar which would have to clone the latter inside of the former. Fixes #1. 2016-02-13 10:44:41 -08:00			`http.Error(w, fmt.Sprintf("invalid path; prefix already taken %q", req.URL.Path), http.StatusConflict)`
			`return`
			`}`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`if err := s.db.AddPackage(p); err != nil {`
Added Save/Load to db Fixes #3. Fixes #2 2016-02-14 22:19:41 -08:00			`http.Error(w, fmt.Sprintf("unable to add package: %v", err), http.StatusInternalServerError)`
			`return`
			`}`
Adds DELETE. Fixes #11 Change-Id: I3b4aadc85055f2d2f4efb9e2e95bde6924320f35 2016-03-01 23:34:31 -08:00			`case "DELETE":`
			`p := fmt.Sprintf("%s/%s", req.Host, strings.Trim(req.URL.Path, "/"))`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`if !s.db.PackageExists(p) {`
Adds DELETE. Fixes #11 Change-Id: I3b4aadc85055f2d2f4efb9e2e95bde6924320f35 2016-03-01 23:34:31 -08:00			`http.Error(w, fmt.Sprintf("package %q not found", p), http.StatusNotFound)`
			`return`
			`}`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00
			`if err := s.db.RemovePackage(p); err != nil {`
Adds DELETE. Fixes #11 Change-Id: I3b4aadc85055f2d2f4efb9e2e95bde6924320f35 2016-03-01 23:34:31 -08:00			`http.Error(w, fmt.Sprintf("unable to delete package: %v", err), http.StatusInternalServerError)`
			`return`
			`}`
stubbed out supported methods on / 2016-02-11 12:12:13 -08:00			`default:`
Adds DELETE. Fixes #11 Change-Id: I3b4aadc85055f2d2f4efb9e2e95bde6924320f35 2016-03-01 23:34:31 -08:00			`http.Error(w, fmt.Sprintf("unsupported method %q; accepted: POST, GET, DELETE", req.Method), http.StatusMethodNotAllowed)`
stubbed out supported methods on / 2016-02-11 12:12:13 -08:00			`}`
			`}`
vcs as string, not int. No longer do we keep track of const iota style. Just encode the behavior in the server for defaults, add a validation function, call it a day. Change-Id: I603e9dd287a57084c78c543f1ce83b0acf47a765 2016-02-23 22:09:29 -08:00
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`func (s Server) register(w http.ResponseWriter, req http.Request) {`
			`req.ParseForm()`
			`email, ok := req.Form["email"]`
			`if !ok \|\| len(email) != 1 {`
			`http.Error(w, "must provide one email parameter", http.StatusBadRequest)`
			`return`
			`}`
validate email on register/forgot Fixes #21. Change-Id: I21bfd87d6fd730e8a90ceec77c9b23a90bc397e9 2016-04-22 23:50:23 -07:00
			`addr := email[0]`
			`if _, err := mail.ParseAddress(addr); err != nil {`
			`http.Error(w, fmt.Sprintf("invalid email detected: %v", err), http.StatusBadRequest)`
			`return`
			`}`

			`tok, err := s.db.Register(addr)`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`if err := verrors.ToHTTP(err); err != nil {`
			`http.Error(w, err.Message, err.Code)`
			`return`
			`}`
Add TLS support Fixes #20. Change-Id: I9c6b4ff3195f05e8a3c17d6704ee06b1f77db562 2016-04-17 18:26:45 -07:00			`proto := "https"`
			`if req.TLS == nil {`
			`proto = "http"`
			`}`
			`log.Printf("%s://%s/api/v0/confirm/%+v", proto, req.Host, tok)`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`fmt.Fprintf(w, "please check your email\n")`
			`}`

			`func (s Server) confirm(w http.ResponseWriter, req http.Request) {`
			`tok := req.URL.Path[len(prefix["confirm"]):]`
			`tok = strings.TrimRight(tok, "/")`
			`if tok == "" {`
			`http.Error(w, "must provide one email parameter", http.StatusBadRequest)`
			`return`
			`}`
			`tok, err := s.db.Confirm(tok)`
			`if err := verrors.ToHTTP(err); err != nil {`
			`http.Error(w, err.Message, err.Code)`
			`return`
			`}`
			`fmt.Fprintf(w, "new token: %s\n", tok)`
			`}`

			`func (s Server) forgot(w http.ResponseWriter, req http.Request) {`
			`req.ParseForm()`
			`email, ok := req.Form["email"]`
			`if !ok \|\| len(email) != 1 {`
			`http.Error(w, "must provide one email parameter", http.StatusBadRequest)`
			`return`
			`}`
validate email on register/forgot Fixes #21. Change-Id: I21bfd87d6fd730e8a90ceec77c9b23a90bc397e9 2016-04-22 23:50:23 -07:00
			`addr := email[0]`
			`if _, err := mail.ParseAddress(addr); err != nil {`
			`http.Error(w, fmt.Sprintf("invalid email detected: %v", err), http.StatusBadRequest)`
			`return`
			`}`

			`tok, err := s.db.forgot(addr)`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`if err := verrors.ToHTTP(err); err != nil {`
			`http.Error(w, err.Message, err.Code)`
			`return`
			`}`
			`log.Printf("http://%s/api/v0/confirm/%+v", req.Host, tok)`
			`fmt.Fprintf(w, "please check your email\n")`
			`}`
			`func (s Server) pkgs(w http.ResponseWriter, req http.Request) {`
vcs as string, not int. No longer do we keep track of const iota style. Just encode the behavior in the server for defaults, add a validation function, call it a day. Change-Id: I603e9dd287a57084c78c543f1ce83b0acf47a765 2016-02-23 22:09:29 -08:00			`w.Header().Set("Content-type", "application/json")`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00			`json.NewEncoder(w).Encode(s.db.Pkgs())`
vcs as string, not int. No longer do we keep track of const iota style. Just encode the behavior in the server for defaults, add a validation function, call it a day. Change-Id: I603e9dd287a57084c78c543f1ce83b0acf47a765 2016-02-23 22:09:29 -08:00			`}`

			`func addRoutes(sm http.ServeMux, s Server) {`
			`sm.Handle("/", s)`
Added simple user auth Fixes #14. Change-Id: I748933214f43ac7298f1e93c14bb0ee881976d43 2016-04-11 20:43:18 -07:00
			`sm.HandleFunc(prefix["pkgs"], s.pkgs)`
			`sm.HandleFunc(prefix["register"], s.register)`
			`sm.HandleFunc(prefix["confirm"], s.confirm)`
			`sm.HandleFunc(prefix["forgot"], s.forgot)`
vcs as string, not int. No longer do we keep track of const iota style. Just encode the behavior in the server for defaults, add a validation function, call it a day. Change-Id: I603e9dd287a57084c78c543f1ce83b0acf47a765 2016-02-23 22:09:29 -08:00			`}`