package webutility import ( "net/http" "encoding/json" ) const templateHttpErr500_EN = "An internal server error has occurred." const templateHttpErr500_RS = "Došlo je do greške na serveru." const templateHttpErr400_EN = "Bad request: invalid request body." const templateHttpErr400_RS = "Neispravan zahtev." const templateHttpErr401_EN = "Unauthorized request." const templateHttpErr401_RS = "Neautorizovan zahtev." type httpError struct { Error []HttpErrorDesc `json:"error"` Request string `json:"request"` } type HttpErrorDesc struct { Lang string `json:"lang"` Desc string `json:"description"` } // ErrorResponse writes HTTP error to w. func ErrorResponse(w http.ResponseWriter, r *http.Request, code int, desc []HttpErrorDesc) { err := httpError{ desc, r.Method + " " + r.URL.Path } w.WriteHeader(code) json.NewEncoder(w).Encode(err) } // BadRequestResponse writes HTTP error 400 to w. func BadRequestResponse(w http.ResponseWriter, req *http.Request) { ErrorResponse(w, req, http.StatusBadRequest, []HttpErrorDesc{ { "en", templateHttpErr400_EN }, { "rs", templateHttpErr400_RS }, }) } // InternalSeverErrorResponse writes HTTP error 500 to w. func InternalServerErrorResponse(w http.ResponseWriter, req *http.Request) { ErrorResponse(w, req, http.StatusInternalServerError, []HttpErrorDesc{ { "en", templateHttpErr500_EN }, { "rs", templateHttpErr500_RS }, }) } // UnauthorizedError writes HTTP error 401 to w. func UnauthorizedResponse(w http.ResponseWriter, req *http.Request) { ErrorResponse(w, req, http.StatusUnauthorized, []HttpErrorDesc{ { "en", templateHttpErr401_EN }, { "rs", templateHttpErr401_RS }, }) } // TODO: Check for content type // WrapHandler sets common headers, checks for token validity and performs access control checks. // If authentication passes it calls the handlerFunc. func WrapHandler(handlerFunc http.HandlerFunc, authorizedRoles []string) http.HandlerFunc { return func(w http.ResponseWriter, req *http.Request) { w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS") w.Header().Set("Access-Control-Allow-Headers", `Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization`) w.Header().Set("Content-Type", "application/json; charset=utf-8") if req.Method == "OPTIONS" { return } if authorizedRoles != nil { token := req.Header.Get("Authorization") claims, err := ParseAPIToken(token); if err != nil || !roleAuthorized(authorizedRoles, claims) { UnauthorizedResponse(w, req) return } } err := req.ParseForm() if err != nil { BadRequestResponse(w, req) return } // execute HandlerFunc handlerFunc(w, req) } } // NotFoundHandler writes HTTP error 404 to w. func NotFoundHandler(w http.ResponseWriter, req *http.Request) { ErrorResponse(w, req, http.StatusNotFound, []HttpErrorDesc{ { "en", "Not found." }, { "rs", "Traženi resurs ne postoji." }, }) }