restutility -> webutility

Marko Tikvić
2 parents 7c41a4c3ed d5192378d3
Showing 7 changed files Show diff stats
auth_utility.go
format_utility.go
http_utility.go
json_utility.go
list_config.go
select_config.go
sql_sequrity.go
-package restutility
+package webutility
  
 import (
 	"errors"
@@ -27,24 +27,22 @@ type CredentialsStruct struct {
 	Password string `json:"password"`
 }
  
-func GenerateSalt() (string, error) {
-	salt := ""
+func generateSalt() (salt string, err error) {
 	rawsalt := make([]byte, saltSize)
-	_, err := rand.Read(rawsalt)
+
+	_, err = rand.Read(rawsalt)
 	if err != nil {
 		return "", err
 	}
+
 	salt = hex.EncodeToString(rawsalt)
 	return salt, nil
 }
  
-func HashMessage(message string, presalt string) (string, string, error) {
-	hash, salt := "", ""
-	var err error
-
+func HashString(str string, presalt string) (hash, salt string, err error) {
 	// chech if message is presalted
 	if presalt == "" {
-		salt, err = GenerateSalt()
+		salt, err = generateSalt()
 		if err != nil {
 			return "", "", err
 		}
@@ -53,24 +51,26 @@ func HashMessage(message string, presalt string) (string, string, error) {
 	}
  
 	// convert strings to raw byte slices
-	rawmessage := []byte(message)
+	rawstr := []byte(str)
 	rawsalt, err := hex.DecodeString(salt)
 	if err != nil {
 		return "", "", err
 	}
-	rawdata := make([]byte, len(rawmessage) + len(rawsalt))
-	rawdata = append(rawdata, rawmessage...)
+
+	rawdata := make([]byte, len(rawstr) + len(rawsalt))
+	rawdata = append(rawdata, rawstr...)
 	rawdata = append(rawdata, rawsalt...)
  
 	// hash message + salt
 	hasher := sha256.New()
 	hasher.Write(rawdata)
 	rawhash := hasher.Sum(nil)
+
 	hash = hex.EncodeToString(rawhash)
 	return hash, salt, nil
 }
  
-func IssueAPIToken(username, role string) (string, error) {
+func CreateAPIToken(username, role string) (string, error) {
 	var apiToken string
 	var err error
  
-package restutility
+package webutility
  
 import (
 	"time"
+	"fmt"
 )
  
-func UnixToDate(input int64) time.Time {
-	return time.Unix(input, 0)
+func UnixToDate(unix int64) time.Time {
+	return time.Unix(unix, 0)
 }
  
-func DateToUnix(input interface{}) int64 {
-	if input != nil {
-		t := input.(time.Time)
+func DateToUnix(date interface{}) int64 {
+	if date != nil {
+		t := date.(time.Time)
 		return t.Unix()
  
 	}
 	return 0
 }
  
-func EqualQuotes(input string) string {
-	if input != "" {
-		return " = '" + input + "'"
+func EqualQuotes(stmt string) string {
+	if stmt != "" {
+		stmt = fmt.Sprintf(" = '%s'", stmt)
 	}
-	return ""
+	return stmt
 }
  
-func LikeQuotes(input string) string {
-	if input != "" {
-		return " LIKE UPPER('%" + input + "%')"
+func LikeQuotes(stmt string) string {
+	if stmt != "" {
+		stmt = fmt.Sprintf(" LIKE UPPER('%s%s%s')", "%", stmt, "%")
 	}
-	return ""
+	return stmt
 }
  
-package restutility
+package webutility
  
 import (
 	"net/http"
 	"encoding/json"
 )
  
-var _apiVersion   = "/api/v1"
-var _authEndPoint = "/token"
-
-func SetApiVersion(ver string) string {
-	_apiVersion = ver
-	return _apiVersion
-}
-
-func SetAuthEndpoint(ep string) {
-	_authEndPoint = ep
-}
-
 const templateHttpErr500_EN = "An internal server error has occurred."
 const templateHttpErr500_RS = "Došlo je do greške na serveru."
 const templateHttpErr400_EN = "Bad request: invalid request body."
 const templateHttpErr400_RS = "Neispravan zahtev."
+const templateHttpErr401_EN = "Unauthorized request."
+const templateHttpErr401_RS = "Neautorizovan zahtev."
  
-type HttpError struct {
+type httpError struct {
 	Error   []HttpErrorDesc `json:"error"`
 	Request string          `json:"request"`
 }
@@ -32,81 +22,63 @@ type HttpErrorDesc struct {
 	Desc string `json:"description"`
 }
  
-func RespondWithHttpError(w http.ResponseWriter,
-	req *http.Request,
-	code int,
-	httpErr []HttpErrorDesc) {
-
-	err := HttpError{
-		Error: httpErr,
-		Request: req.Method + " " + req.URL.Path,
-	}
+func ErrorResponse(w http.ResponseWriter, r *http.Request, code int, desc []HttpErrorDesc) {
+	err := httpError{ desc, r.Method + " " + r.URL.Path }
 	w.WriteHeader(code)
 	json.NewEncoder(w).Encode(err)
 }
  
-func RespondWithHttpError400(w http.ResponseWriter, req *http.Request) {
-	RespondWithHttpError(w, req, http.StatusBadRequest, []HttpErrorDesc{
-		{Lang: "en", Desc: templateHttpErr400_EN},
-		{Lang: "rs", Desc: templateHttpErr400_RS},
+func BadRequestResponse(w http.ResponseWriter, req *http.Request) {
+	ErrorResponse(w, req, http.StatusBadRequest, []HttpErrorDesc{
+		{ "en", templateHttpErr400_EN },
+		{ "rs", templateHttpErr400_RS },
 	})
 }
  
-func RespondWithHttpError500(w http.ResponseWriter, req *http.Request) {
-	RespondWithHttpError(w, req, http.StatusInternalServerError, []HttpErrorDesc{
-		{Lang: "en", Desc: templateHttpErr500_EN},
-		{Lang: "rs", Desc: templateHttpErr500_RS},
+func InternalServerErrorResponse(w http.ResponseWriter, req *http.Request) {
+	ErrorResponse(w, req, http.StatusInternalServerError, []HttpErrorDesc{
+		{ "en", templateHttpErr500_EN },
+		{ "rs", templateHttpErr500_RS },
 	})
 }
  
-//TODO: Add parameters to enable/disable roles authorization checks
+func UnauthorizedResponse(w http.ResponseWriter, req *http.Request) {
+	ErrorResponse(w, req, http.StatusUnauthorized, []HttpErrorDesc{
+		{ "en", templateHttpErr500_EN },
+		{ "rs", templateHttpErr500_RS },
+	})
+}
+
+// TODO: Check for content type
 // Sets common headers and checks for token validity.
-func HttpPreProc(handlerFunc http.HandlerFunc, authEnabled bool) http.HandlerFunc {
+func WrapHandler(handlerFunc http.HandlerFunc, auth bool) http.HandlerFunc {
 	return func(w http.ResponseWriter, req *http.Request) {
-//		@TODO: check Content-type header (must be application/json)
-//		ctype := w.Header.Get("Content-Type")
-//		if req.Method != "GET" && ctype != "application/json" {
-//			replyWithHttpError(w, req, http.StatusBadRequest,
-//				"Not a supported content type: " + ctype)
-//		}
-
 		w.Header().Set("Access-Control-Allow-Origin", "*")
+
 		w.Header().Set("Access-Control-Allow-Methods",
-			`POST,
-			GET,
-			PUT,
-			DELETE,
-			OPTIONS`)
+			"POST, GET, PUT, DELETE, OPTIONS")
+
 		w.Header().Set("Access-Control-Allow-Headers",
-			`Accept,
-			Content-Type,
-			Content-Length,
-			Accept-Encoding,
-			X-CSRF-Token,
-			Authorization`)
+			`Accept, Content-Type, Content-Length,
+			Accept-Encoding, X-CSRF-Token, Authorization`)
+
 		w.Header().Set("Content-Type", "application/json; charset=utf-8")
  
 		if req.Method == "OPTIONS" {
 			return
 		}
  
-		if authEnabled {
-			if req.URL.Path != _apiVersion + _authEndPoint {
-				token := req.Header.Get("Authorization")
-				if _, err := ParseAPIToken(token); err != nil {
-					RespondWithHttpError(w, req, http.StatusUnauthorized,
-						[]HttpErrorDesc{
-							{Lang: "en", Desc: "Unauthorized request."},
-							{Lang: "rs", Desc: "Neautorizovani zahtev."},
-						})
-					return
-				}
+		if auth {
+			token := req.Header.Get("Authorization")
+			if _, err := ParseAPIToken(token); err != nil {
+				UnauthorizedResponse(w, req)
+				return
 			}
 		}
  
 		err := req.ParseForm()
 		if err != nil {
-			RespondWithHttpError400(w, req)
+			BadRequestResponse(w, req)
 			return
 		}
  
@@ -116,8 +88,8 @@ func HttpPreProc(handlerFunc http.HandlerFunc, authEnabled bool) http.HandlerFun
 }
  
 func NotFoundHandler(w http.ResponseWriter, req *http.Request) {
-	RespondWithHttpError(w, req, http.StatusNotFound, []HttpErrorDesc{
-		{Lang: "en", Desc: "Not found."},
-		{Lang: "rs", Desc: "Traženi resurs ne postoji."},
+	ErrorResponse(w, req, http.StatusNotFound, []HttpErrorDesc{
+		{ "en", "Not found." },
+		{ "rs", "Traženi resurs ne postoji." },
 	})
 }
-package restutility
+package webutility
  
 import (
 	"net/http"
@@ -7,8 +7,10 @@ import (
 	"gopkg.in/rana/ora.v3"
 	"io"
 	"io/ioutil"
+	"sync"
 )
  
+var mu = &sync.Mutex{}
 var allPayloads []payloadBuff
  
 type LangMap map[string]map[string]string
@@ -134,6 +136,8 @@ func loadCorrelations(id string) []CorrelationField {
  
 func InitTables(db *ora.Ses, project string) error {
 	jsonbuf, _ := fetchJSON(db, EqualQuotes(project))
+	mu.Lock()
+	defer mu.Unlock()
 	json.Unmarshal(jsonbuf, &allPayloads)
 	if len(allPayloads) == 0 {
 		return errors.New("tables config is corrupt")
@@ -171,3 +175,6 @@ func fetchJSON(db *ora.Ses, project string) ([]byte, error) {
 	return bytes, nil
 }
  
+func DecodeJSON(r io.Reader, v interface{}) error {
+	return json.NewDecoder(r).Decode(v)
+}
-package restutility
+package webutility
  
 import (
 	"gopkg.in/rana/ora.v3"
-package restutility
+package webutility
  
 import (
 	"gopkg.in/rana/ora.v3"
@@ -24,8 +24,7 @@ func GetSelectConfig(db *ora.Ses, otype string) ([]SelectConfig, error) {
 		AND b.LIST_TYPE = a.LIST_OBJECT_TYPE
 		AND b.OBJECT_TYPE = a.OBJECT_TYPE`
  
-	stmt, err = db.Prep(query, ora.S, ora.S, ora.S, ora.S, ora.S,
-		ora.S)
+	stmt, err = db.Prep(query, ora.S, ora.S, ora.S, ora.S, ora.S, ora.S)
 	defer stmt.Close()
 	if err != nil {
 		return nil, err
@@ -50,5 +49,4 @@ func GetSelectConfig(db *ora.Ses, otype string) ([]SelectConfig, error) {
 	}
  
 	return resp, nil
-
 }
-package restutility
+package webutility
  
 import (
 	"strings"
 )
  
-func SQLProtect(in string) string {
-	patern := "\"';&*<>=\\`:"
+var patern string = "\"';&*<>=\\`:"
+
+func SQLSafeString(s string) string {
 	for _, c := range patern {
-		in = strings.Replace(in, string(c), "", -1)
+		s = strings.Replace(s, string(c), "", -1)
 	}
-	return in
+	return s
 }
1		-package restutility
	1	+package webutility
2	2
3	3	import (
4	4	"errors"
...	...	@@ -27,24 +27,22 @@ type CredentialsStruct struct {
27	27	Password string `json:"password"`
28	28	}
29	29
30		-func GenerateSalt() (string, error) {
31		- salt := ""
	30	+func generateSalt() (salt string, err error) {
32	31	rawsalt := make([]byte, saltSize)
33		- _, err := rand.Read(rawsalt)
	32	+
	33	+ _, err = rand.Read(rawsalt)
34	34	if err != nil {
35	35	return "", err
36	36	}
	37	+
37	38	salt = hex.EncodeToString(rawsalt)
38	39	return salt, nil
39	40	}
40	41
41		-func HashMessage(message string, presalt string) (string, string, error) {
42		- hash, salt := "", ""
43		- var err error
44		-
	42	+func HashString(str string, presalt string) (hash, salt string, err error) {
45	43	// chech if message is presalted
46	44	if presalt == "" {
47		- salt, err = GenerateSalt()
	45	+ salt, err = generateSalt()
48	46	if err != nil {
49	47	return "", "", err
50	48	}
...	...	@@ -53,24 +51,26 @@ func HashMessage(message string, presalt string) (string, string, error) {
53	51	}
54	52
55	53	// convert strings to raw byte slices
56		- rawmessage := []byte(message)
	54	+ rawstr := []byte(str)
57	55	rawsalt, err := hex.DecodeString(salt)
58	56	if err != nil {
59	57	return "", "", err
60	58	}
61		- rawdata := make([]byte, len(rawmessage) + len(rawsalt))
62		- rawdata = append(rawdata, rawmessage...)
	59	+
	60	+ rawdata := make([]byte, len(rawstr) + len(rawsalt))
	61	+ rawdata = append(rawdata, rawstr...)
63	62	rawdata = append(rawdata, rawsalt...)
64	63
65	64	// hash message + salt
66	65	hasher := sha256.New()
67	66	hasher.Write(rawdata)
68	67	rawhash := hasher.Sum(nil)
	68	+
69	69	hash = hex.EncodeToString(rawhash)
70	70	return hash, salt, nil
71	71	}
72	72
73		-func IssueAPIToken(username, role string) (string, error) {
	73	+func CreateAPIToken(username, role string) (string, error) {
74	74	var apiToken string
75	75	var err error
76	76
...	...