http_utility.go 3.11 KB
package restutility

import (
	"net/http"
	"encoding/json"
)

var _apiVersion   = "/api/v1"
var _authEndPoint = "/token"

func SetApiVersion(ver string) string {
	_apiVersion = ver
	return _apiVersion
}

func SetAuthEndpoint(ep string) {
	_authEndPoint = ep
}

const templateHttpErr500_EN = "An internal server error has occurred."
const templateHttpErr500_RS = "Došlo je do greške na serveru."
const templateHttpErr400_EN = "Bad request: invalid request body."
const templateHttpErr400_RS = "Neispravan zahtev."

type HttpError struct {
	Error   []HttpErrorDesc `json:"error"`
	Request string          `json:"request"`
}

type HttpErrorDesc struct {
	Lang string `json:"lang"`
	Desc string `json:"description"`
}

func RespondWithHttpError(w http.ResponseWriter,
	req *http.Request,
	code int,
	httpErr []HttpErrorDesc) {

	err := HttpError{
		Error: httpErr,
		Request: req.Method + " " + req.URL.Path,
	}
	w.WriteHeader(code)
	json.NewEncoder(w).Encode(err)
}

func RespondWithHttpError400(w http.ResponseWriter, req *http.Request) {
	RespondWithHttpError(w, req, http.StatusBadRequest, []HttpErrorDesc{
		{Lang: "en", Desc: templateHttpErr400_EN},
		{Lang: "rs", Desc: templateHttpErr400_RS},
	})
}

func RespondWithHttpError500(w http.ResponseWriter, req *http.Request) {
	RespondWithHttpError(w, req, http.StatusInternalServerError, []HttpErrorDesc{
		{Lang: "en", Desc: templateHttpErr500_EN},
		{Lang: "rs", Desc: templateHttpErr500_RS},
	})
}

//TODO: Add parameters to enable/disable roles authorization checks
// Sets common headers and checks for token validity.
func HttpPreProc(handlerFunc http.HandlerFunc, authEnabled bool) http.HandlerFunc {
	return func(w http.ResponseWriter, req *http.Request) {
//		@TODO: check Content-type header (must be application/json)
//		ctype := w.Header.Get("Content-Type")
//		if req.Method != "GET" && ctype != "application/json" {
//			replyWithHttpError(w, req, http.StatusBadRequest,
//				"Not a supported content type: " + ctype)
//		}

		w.Header().Set("Access-Control-Allow-Origin", "*")
		w.Header().Set("Access-Control-Allow-Methods",
			`POST,
			GET,
			PUT,
			DELETE,
			OPTIONS`)
		w.Header().Set("Access-Control-Allow-Headers",
			`Accept,
			Content-Type,
			Content-Length,
			Accept-Encoding,
			X-CSRF-Token,
			Authorization`)
		w.Header().Set("Content-Type", "application/json; charset=utf-8")

		if req.Method == "OPTIONS" {
			return
		}

		if authEnabled {
			if req.URL.Path != _apiVersion + _authEndPoint {
				token := req.Header.Get("Authorization")
				if _, err := ParseAPIToken(token); err != nil {
					RespondWithHttpError(w, req, http.StatusUnauthorized,
						[]HttpErrorDesc{
							{Lang: "en", Desc: "Unauthorized request."},
							{Lang: "rs", Desc: "Neautorizovani zahtev."},
						})
					return
				}
			}
		}

		err := req.ParseForm()
		if err != nil {
			RespondWithHttpError400(w, req)
			return
		}

		// execute HandlerFunc
		handlerFunc(w, req)
	}
}

func NotFoundHandler(w http.ResponseWriter, req *http.Request) {
	RespondWithHttpError(w, req, http.StatusNotFound, []HttpErrorDesc{
		{Lang: "en", Desc: "Not found."},
		{Lang: "rs", Desc: "Traženi resurs ne postoji."},
	})
}