Commit 9033286899d1bcad006a5156db1c518558a3a4d1
1 parent
2529f43f82
Exists in
master
and in
1 other branch
removed printf
Showing
1 changed file
with
0 additions
and
2 deletions
Show diff stats
http_utility.go
| 1 | package webutility | 1 | package webutility |
| 2 | 2 | ||
| 3 | import ( | 3 | import ( |
| 4 | "net/http" | 4 | "net/http" |
| 5 | "encoding/json" | 5 | "encoding/json" |
| 6 | "fmt" | ||
| 7 | ) | 6 | ) |
| 8 | 7 | ||
| 9 | const templateHttpErr500_EN = "An internal server error has occurred." | 8 | const templateHttpErr500_EN = "An internal server error has occurred." |
| 10 | const templateHttpErr500_RS = "Došlo je do greške na serveru." | 9 | const templateHttpErr500_RS = "Došlo je do greške na serveru." |
| 11 | const templateHttpErr400_EN = "Bad request: invalid request body." | 10 | const templateHttpErr400_EN = "Bad request: invalid request body." |
| 12 | const templateHttpErr400_RS = "Neispravan zahtev." | 11 | const templateHttpErr400_RS = "Neispravan zahtev." |
| 13 | const templateHttpErr401_EN = "Unauthorized request." | 12 | const templateHttpErr401_EN = "Unauthorized request." |
| 14 | const templateHttpErr401_RS = "Neautorizovan zahtev." | 13 | const templateHttpErr401_RS = "Neautorizovan zahtev." |
| 15 | 14 | ||
| 16 | type httpError struct { | 15 | type httpError struct { |
| 17 | Error []HttpErrorDesc `json:"error"` | 16 | Error []HttpErrorDesc `json:"error"` |
| 18 | Request string `json:"request"` | 17 | Request string `json:"request"` |
| 19 | } | 18 | } |
| 20 | 19 | ||
| 21 | type HttpErrorDesc struct { | 20 | type HttpErrorDesc struct { |
| 22 | Lang string `json:"lang"` | 21 | Lang string `json:"lang"` |
| 23 | Desc string `json:"description"` | 22 | Desc string `json:"description"` |
| 24 | } | 23 | } |
| 25 | 24 | ||
| 26 | // ErrorResponse writes HTTP error to w. | 25 | // ErrorResponse writes HTTP error to w. |
| 27 | func ErrorResponse(w http.ResponseWriter, r *http.Request, code int, desc []HttpErrorDesc) { | 26 | func ErrorResponse(w http.ResponseWriter, r *http.Request, code int, desc []HttpErrorDesc) { |
| 28 | err := httpError{ desc, r.Method + " " + r.URL.Path } | 27 | err := httpError{ desc, r.Method + " " + r.URL.Path } |
| 29 | w.WriteHeader(code) | 28 | w.WriteHeader(code) |
| 30 | json.NewEncoder(w).Encode(err) | 29 | json.NewEncoder(w).Encode(err) |
| 31 | } | 30 | } |
| 32 | 31 | ||
| 33 | // BadRequestResponse writes HTTP error 400 to w. | 32 | // BadRequestResponse writes HTTP error 400 to w. |
| 34 | func BadRequestResponse(w http.ResponseWriter, req *http.Request) { | 33 | func BadRequestResponse(w http.ResponseWriter, req *http.Request) { |
| 35 | ErrorResponse(w, req, http.StatusBadRequest, []HttpErrorDesc{ | 34 | ErrorResponse(w, req, http.StatusBadRequest, []HttpErrorDesc{ |
| 36 | { "en", templateHttpErr400_EN }, | 35 | { "en", templateHttpErr400_EN }, |
| 37 | { "rs", templateHttpErr400_RS }, | 36 | { "rs", templateHttpErr400_RS }, |
| 38 | }) | 37 | }) |
| 39 | } | 38 | } |
| 40 | 39 | ||
| 41 | // InternalSeverErrorResponse writes HTTP error 500 to w. | 40 | // InternalSeverErrorResponse writes HTTP error 500 to w. |
| 42 | func InternalServerErrorResponse(w http.ResponseWriter, req *http.Request) { | 41 | func InternalServerErrorResponse(w http.ResponseWriter, req *http.Request) { |
| 43 | ErrorResponse(w, req, http.StatusInternalServerError, []HttpErrorDesc{ | 42 | ErrorResponse(w, req, http.StatusInternalServerError, []HttpErrorDesc{ |
| 44 | { "en", templateHttpErr500_EN }, | 43 | { "en", templateHttpErr500_EN }, |
| 45 | { "rs", templateHttpErr500_RS }, | 44 | { "rs", templateHttpErr500_RS }, |
| 46 | }) | 45 | }) |
| 47 | } | 46 | } |
| 48 | 47 | ||
| 49 | // UnauthorizedError writes HTTP error 401 to w. | 48 | // UnauthorizedError writes HTTP error 401 to w. |
| 50 | func UnauthorizedResponse(w http.ResponseWriter, req *http.Request) { | 49 | func UnauthorizedResponse(w http.ResponseWriter, req *http.Request) { |
| 51 | ErrorResponse(w, req, http.StatusUnauthorized, []HttpErrorDesc{ | 50 | ErrorResponse(w, req, http.StatusUnauthorized, []HttpErrorDesc{ |
| 52 | { "en", templateHttpErr401_EN }, | 51 | { "en", templateHttpErr401_EN }, |
| 53 | { "rs", templateHttpErr401_RS }, | 52 | { "rs", templateHttpErr401_RS }, |
| 54 | }) | 53 | }) |
| 55 | } | 54 | } |
| 56 | 55 | ||
| 57 | // TODO: Check for content type | 56 | // TODO: Check for content type |
| 58 | // WrapHandler sets common headers, checks for token validity and performs access control checks. | 57 | // WrapHandler sets common headers, checks for token validity and performs access control checks. |
| 59 | // If authentication passes it calls the handlerFunc. | 58 | // If authentication passes it calls the handlerFunc. |
| 60 | func WrapHandler(handlerFunc http.HandlerFunc, authorizedRoles []string) http.HandlerFunc { | 59 | func WrapHandler(handlerFunc http.HandlerFunc, authorizedRoles []string) http.HandlerFunc { |
| 61 | return func(w http.ResponseWriter, req *http.Request) { | 60 | return func(w http.ResponseWriter, req *http.Request) { |
| 62 | w.Header().Set("Access-Control-Allow-Origin", "*") | 61 | w.Header().Set("Access-Control-Allow-Origin", "*") |
| 63 | 62 | ||
| 64 | w.Header().Set("Access-Control-Allow-Methods", | 63 | w.Header().Set("Access-Control-Allow-Methods", |
| 65 | "POST, GET, PUT, DELETE, OPTIONS") | 64 | "POST, GET, PUT, DELETE, OPTIONS") |
| 66 | 65 | ||
| 67 | w.Header().Set("Access-Control-Allow-Headers", | 66 | w.Header().Set("Access-Control-Allow-Headers", |
| 68 | `Accept, Content-Type, Content-Length, | 67 | `Accept, Content-Type, Content-Length, |
| 69 | Accept-Encoding, X-CSRF-Token, Authorization`) | 68 | Accept-Encoding, X-CSRF-Token, Authorization`) |
| 70 | 69 | ||
| 71 | w.Header().Set("Content-Type", "application/json; charset=utf-8") | 70 | w.Header().Set("Content-Type", "application/json; charset=utf-8") |
| 72 | 71 | ||
| 73 | if req.Method == "OPTIONS" { | 72 | if req.Method == "OPTIONS" { |
| 74 | return | 73 | return |
| 75 | } | 74 | } |
| 76 | 75 | ||
| 77 | if authorizedRoles != nil { | 76 | if authorizedRoles != nil { |
| 78 | token := req.Header.Get("Authorization") | 77 | token := req.Header.Get("Authorization") |
| 79 | claims, err := ParseAPIToken(token); | 78 | claims, err := ParseAPIToken(token); |
| 80 | if err != nil || !roleAuthorized(authorizedRoles, claims) { | 79 | if err != nil || !roleAuthorized(authorizedRoles, claims) { |
| 81 | fmt.Printf("not authorized %s %s...\n", claims.Username, claims.Role) | ||
| 82 | UnauthorizedResponse(w, req) | 80 | UnauthorizedResponse(w, req) |
| 83 | return | 81 | return |
| 84 | } | 82 | } |
| 85 | } | 83 | } |
| 86 | 84 | ||
| 87 | err := req.ParseForm() | 85 | err := req.ParseForm() |
| 88 | if err != nil { | 86 | if err != nil { |
| 89 | BadRequestResponse(w, req) | 87 | BadRequestResponse(w, req) |
| 90 | return | 88 | return |
| 91 | } | 89 | } |
| 92 | 90 | ||
| 93 | // execute HandlerFunc | 91 | // execute HandlerFunc |
| 94 | handlerFunc(w, req) | 92 | handlerFunc(w, req) |
| 95 | } | 93 | } |
| 96 | } | 94 | } |
| 97 | 95 | ||
| 98 | // NotFoundHandler writes HTTP error 404 to w. | 96 | // NotFoundHandler writes HTTP error 404 to w. |
| 99 | func NotFoundHandler(w http.ResponseWriter, req *http.Request) { | 97 | func NotFoundHandler(w http.ResponseWriter, req *http.Request) { |
| 100 | ErrorResponse(w, req, http.StatusNotFound, []HttpErrorDesc{ | 98 | ErrorResponse(w, req, http.StatusNotFound, []HttpErrorDesc{ |
| 101 | { "en", "Not found." }, | 99 | { "en", "Not found." }, |
| 102 | { "rs", "Traženi resurs ne postoji." }, | 100 | { "rs", "Traženi resurs ne postoji." }, |
| 103 | }) | 101 | }) |
| 104 | } | 102 | } |
| 105 | 103 |