Commit 33fd58161a627305c9c343cb31ea018b4b5d0ac0

Authored by markotikvic
1 parent 437859ae90
Exists in master and in 1 other branch v2

minor changes, should update dependant apps

... ... @@ -27,24 +27,22 @@ type CredentialsStruct struct {
27 27 Password string `json:"password"`
28 28 }
29 29  
30   -func GenerateSalt() (string, error) {
31   - salt := ""
  30 +func generateSalt() (salt string, error) {
32 31 rawsalt := make([]byte, saltSize)
  32 +
33 33 _, err := rand.Read(rawsalt)
34 34 if err != nil {
35 35 return "", err
36 36 }
  37 +
37 38 salt = hex.EncodeToString(rawsalt)
38 39 return salt, nil
39 40 }
40 41  
41   -func HashMessage(message string, presalt string) (string, string, error) {
42   - hash, salt := "", ""
43   - var err error
44   -
  42 +func HashString(str string, presalt string) (hash, salt string, err error) {
45 43 // chech if message is presalted
46 44 if presalt == "" {
47   - salt, err = GenerateSalt()
  45 + salt, err = generateSalt()
48 46 if err != nil {
49 47 return "", "", err
50 48 }
... ... @@ -53,24 +51,26 @@ func HashMessage(message string, presalt string) (string, string, error) {
53 51 }
54 52  
55 53 // convert strings to raw byte slices
56   - rawmessage := []byte(message)
  54 + rawstr := []byte(str)
57 55 rawsalt, err := hex.DecodeString(salt)
58 56 if err != nil {
59 57 return "", "", err
60 58 }
61   - rawdata := make([]byte, len(rawmessage) + len(rawsalt))
62   - rawdata = append(rawdata, rawmessage...)
  59 +
  60 + rawdata := make([]byte, len(rawstr) + len(rawsalt))
  61 + rawdata = append(rawdata, rawstr...)
63 62 rawdata = append(rawdata, rawsalt...)
64 63  
65 64 // hash message + salt
66 65 hasher := sha256.New()
67 66 hasher.Write(rawdata)
68 67 rawhash := hasher.Sum(nil)
  68 +
69 69 hash = hex.EncodeToString(rawhash)
70 70 return hash, salt, nil
71 71 }
72 72  
73   -func IssueAPIToken(username, role string) (string, error) {
  73 +func CreateAPIToken(username, role string) (string, error) {
74 74 var apiToken string
75 75 var err error
76 76  
... ...
format_utility.go
... ... @@ -4,30 +4,30 @@ import (
4 4 "time"
5 5 )
6 6  
7   -func UnixToDate(input int64) time.Time {
8   - return time.Unix(input, 0)
  7 +func UnixToDate(unix int64) time.Time {
  8 + return time.Unix(unix, 0)
9 9 }
10 10  
11   -func DateToUnix(input interface{}) int64 {
12   - if input != nil {
13   - t := input.(time.Time)
  11 +func DateToUnix(date interface{}) int64 {
  12 + if date != nil {
  13 + t := date.(time.Time)
14 14 return t.Unix()
15 15  
16 16 }
17 17 return 0
18 18 }
19 19  
20   -func EqualQuotes(input string) string {
21   - if input != "" {
22   - return " = '" + input + "'"
  20 +func EqualQuotes(stmt string) string {
  21 + if stmt != "" {
  22 + stmt = " = '" + stmt + "'"
23 23 }
24   - return ""
  24 + return stmt
25 25 }
26 26  
27   -func LikeQuotes(input string) string {
28   - if input != "" {
29   - return " LIKE UPPER('%" + input + "%')"
  27 +func LikeQuotes(stmt string) string {
  28 + if stmt != "" {
  29 + stmt " LIKE UPPER('%" + stmt + "%')"
30 30 }
31   - return ""
  31 + return stmt
32 32 }
33 33  
... ...
... ... @@ -5,24 +5,14 @@ import (
5 5 "encoding/json"
6 6 )
7 7  
8   -var _apiVersion = "/api/v1"
9   -var _authEndPoint = "/token"
10   -
11   -func SetApiVersion(ver string) string {
12   - _apiVersion = ver
13   - return _apiVersion
14   -}
15   -
16   -func SetAuthEndpoint(ep string) {
17   - _authEndPoint = ep
18   -}
19   -
20 8 const templateHttpErr500_EN = "An internal server error has occurred."
21 9 const templateHttpErr500_RS = "Došlo je do greške na serveru."
22 10 const templateHttpErr400_EN = "Bad request: invalid request body."
23 11 const templateHttpErr400_RS = "Neispravan zahtev."
  12 +const templateHttpErr401_EN = "Unauthorized request."
  13 +const templateHttpErr401_RS = "Neautorizovan zahtev."
24 14  
25   -type HttpError struct {
  15 +type httpError struct {
26 16 Error []HttpErrorDesc `json:"error"`
27 17 Request string `json:"request"`
28 18 }
... ... @@ -32,81 +22,64 @@ type HttpErrorDesc struct {
32 22 Desc string `json:"description"`
33 23 }
34 24  
35   -func RespondWithHttpError(w http.ResponseWriter,
36   - req *http.Request,
37   - code int,
38   - httpErr []HttpErrorDesc) {
39   -
40   - err := HttpError{
41   - Error: httpErr,
42   - Request: req.Method + " " + req.URL.Path,
43   - }
  25 +func ErrorResponse(w http.ResponseWriter, r *http.Request, code int, desc []HttpErrorDesc) {
  26 + err := httpError{ desc, r.Method + " " + r.URL.Path }
44 27 w.WriteHeader(code)
45 28 json.NewEncoder(w).Encode(err)
46 29 }
47 30  
48   -func RespondWithHttpError400(w http.ResponseWriter, req *http.Request) {
49   - RespondWithHttpError(w, req, http.StatusBadRequest, []HttpErrorDesc{
50   - {Lang: "en", Desc: templateHttpErr400_EN},
51   - {Lang: "rs", Desc: templateHttpErr400_RS},
  31 +func BadRequestResponse(w http.ResponseWriter, req *http.Request) {
  32 + ErrorResponse(w, req, http.StatusBadRequest, []HttpErrorDesc{
  33 + { "en", templateHttpErr400_EN },
  34 + { "rs", templateHttpErr400_RS },
52 35 })
53 36 }
54 37  
55   -func RespondWithHttpError500(w http.ResponseWriter, req *http.Request) {
56   - RespondWithHttpError(w, req, http.StatusInternalServerError, []HttpErrorDesc{
57   - {Lang: "en", Desc: templateHttpErr500_EN},
58   - {Lang: "rs", Desc: templateHttpErr500_RS},
  38 +func InternalServerErrorResponse(w http.ResponseWriter, req *http.Request) {
  39 + ErrorResponse(w, req, http.StatusInternalServerError, []HttpErrorDesc{
  40 + { "en", templateHttpErr500_EN },
  41 + { "rs", templateHttpErr500_RS },
59 42 })
60 43 }
61 44  
62   -//TODO: Add parameters to enable/disable roles authorization checks
  45 +func UnauthorizedResponse(w http.ResponseWriter, req *http.Request) {
  46 + ErrorResponse(w, req, http.StatusUnauthorized, []HttpErrorDesc{
  47 + { "en", templateHttpErr500_EN },
  48 + { "rs", templateHttpErr500_RS },
  49 + })
  50 +}
  51 +
  52 +// TODO: Add parameters to enable/disable roles authorization checks
  53 +// TODO: Check for content type
63 54 // Sets common headers and checks for token validity.
64   -func HttpPreProc(handlerFunc http.HandlerFunc, authEnabled bool) http.HandlerFunc {
  55 +func WrapHandler(handlerFunc http.HandlerFunc, needauth bool) http.HandlerFunc {
65 56 return func(w http.ResponseWriter, req *http.Request) {
66   -// @TODO: check Content-type header (must be application/json)
67   -// ctype := w.Header.Get("Content-Type")
68   -// if req.Method != "GET" && ctype != "application/json" {
69   -// replyWithHttpError(w, req, http.StatusBadRequest,
70   -// "Not a supported content type: " + ctype)
71   -// }
72   -
73 57 w.Header().Set("Access-Control-Allow-Origin", "*")
  58 +
74 59 w.Header().Set("Access-Control-Allow-Methods",
75   - `POST,
76   - GET,
77   - PUT,
78   - DELETE,
79   - OPTIONS`)
  60 + "POST, GET, PUT, DELETE, OPTIONS")
  61 +
80 62 w.Header().Set("Access-Control-Allow-Headers",
81   - `Accept,
82   - Content-Type,
83   - Content-Length,
84   - Accept-Encoding,
85   - X-CSRF-Token,
86   - Authorization`)
  63 + "Accept, Content-Type, Content-Length, "
  64 + "Accept-Encoding, X-CSRF-Token, Authorization")
  65 +
87 66 w.Header().Set("Content-Type", "application/json; charset=utf-8")
88 67  
89 68 if req.Method == "OPTIONS" {
90 69 return
91 70 }
92 71  
93   - if authEnabled {
94   - if req.URL.Path != _apiVersion + _authEndPoint {
95   - token := req.Header.Get("Authorization")
96   - if _, err := ParseAPIToken(token); err != nil {
97   - RespondWithHttpError(w, req, http.StatusUnauthorized,
98   - []HttpErrorDesc{
99   - {Lang: "en", Desc: "Unauthorized request."},
100   - {Lang: "rs", Desc: "Neautorizovani zahtev."},
101   - })
102   - return
103   - }
  72 + if needauth {
  73 + token := req.Header.Get("Authorization")
  74 + if _, err := ParseAPIToken(token); err != nil {
  75 + UnathorizedResponse(w, req, http.StatusUnauthorized)
  76 + return
104 77 }
105 78 }
106 79  
107 80 err := req.ParseForm()
108 81 if err != nil {
109   - RespondWithHttpError400(w, req)
  82 + BadRequestResponse(w, req)
110 83 return
111 84 }
112 85  
... ... @@ -116,8 +89,8 @@ func HttpPreProc(handlerFunc http.HandlerFunc, authEnabled bool) http.HandlerFun
116 89 }
117 90  
118 91 func NotFoundHandler(w http.ResponseWriter, req *http.Request) {
119   - RespondWithHttpError(w, req, http.StatusNotFound, []HttpErrorDesc{
120   - {Lang: "en", Desc: "Not found."},
121   - {Lang: "rs", Desc: "Traženi resurs ne postoji."},
  92 + ErrorResponse(w, req, http.StatusNotFound, []HttpErrorDesc{
  93 + { "en", "Not found." },
  94 + { "rs", "Traženi resurs ne postoji." },
122 95 })
123 96 }
... ...
... ... @@ -24,8 +24,7 @@ func GetSelectConfig(db *ora.Ses, otype string) ([]SelectConfig, error) {
24 24 AND b.LIST_TYPE = a.LIST_OBJECT_TYPE
25 25 AND b.OBJECT_TYPE = a.OBJECT_TYPE`
26 26  
27   - stmt, err = db.Prep(query, ora.S, ora.S, ora.S, ora.S, ora.S,
28   - ora.S)
  27 + stmt, err = db.Prep(query, ora.S, ora.S, ora.S, ora.S, ora.S, ora.S)
29 28 defer stmt.Close()
30 29 if err != nil {
31 30 return nil, err
... ... @@ -50,5 +49,4 @@ func GetSelectConfig(db *ora.Ses, otype string) ([]SelectConfig, error) {
50 49 }
51 50  
52 51 return resp, nil
53   -
54 52 }
... ...