posti-dm/server/server.go

package main

import (
	"net/http"

	"git.phc.dm.unipi.it/aziis98/posti-dm/server/auth"
	"git.phc.dm.unipi.it/aziis98/posti-dm/server/db"
	"git.phc.dm.unipi.it/aziis98/posti-dm/server/httputil"
	"git.phc.dm.unipi.it/aziis98/posti-dm/server/httputil/serverevents"
	"github.com/go-chi/chi/v5"
)

type Server struct {
	auth *auth.AuthSessionService

	roomServerEventStreams map[string]serverevents.Handler

	Database db.Database
	ApiRoute chi.Router
}

func NewServer() *Server {
	database := db.NewInMemoryStore()

	server := &Server{
		Database: database,
		auth: auth.NewAuthSessionService(
			&simpleAuthenticator{
				make(map[string]string),
				database,
			},
		),

		roomServerEventStreams: make(map[string]serverevents.Handler),

		ApiRoute: chi.NewRouter(),
	}

	roomIDs, _ := database.GetRooms()
	for _, roomID := range roomIDs {
		server.roomServerEventStreams[roomID] = serverevents.New(&serverevents.Config{})
	}

	server.setupRoutes()

	return server
}

func (server *Server) setupRoutes() {
	api := server.ApiRoute
	database := server.Database
	auth := server.auth

	// FIXME: in realtà tutte le routes che interagiscono con il db dovrebbero essere in transazione con
	// database.BeginTransaction()
	// defer database.EndTransaction()

	// Authenticated Routes

	api.Post("/login", func(w http.ResponseWriter, r *http.Request) {
		var credentials struct {
			Username string `json:"username"`
			Password string `json:"password"`
		}

		if err := httputil.ReadJSON(r, &credentials); err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		err := auth.Login(w, credentials.Username, credentials.Password)
		if err != nil {
			http.Error(w, err.Error(), http.StatusUnauthorized)
			return
		}

		httputil.WriteJSON(w, "ok")
	})

	api.With(auth.LoggedMiddleware()).
		Post("/logout", func(w http.ResponseWriter, r *http.Request) {
			auth.Logout(w)
			httputil.WriteJSON(w, "ok")
		})

	api.Get("/user", func(w http.ResponseWriter, r *http.Request) {
		userID, err := auth.RequestUser(r)
		if err != nil {
			httputil.WriteJSON(w, nil)
			return
		}

		user, err := database.GetUser(userID)
		if err != nil {
			http.Error(w, err.Error(), http.StatusNotFound)
		}

		httputil.WriteJSON(w, user)
	})

	api.Get("/room/seats", func(w http.ResponseWriter, r *http.Request) {
		roomID, ok := r.URL.Query()["id"]
		if !ok {
			http.Error(w, `missing room id`, http.StatusBadRequest)
		}

		room, err := database.GetRoom(roomID[0])
		if err != nil {
			http.Error(w, err.Error(), http.StatusNotFound)
			return
		}

		seats := []*db.Seat{}
		for _, seatID := range room.SeatIDs {
			seat, err := database.GetSeat(seatID)
			if err != nil {
				http.Error(w, err.Error(), http.StatusNotFound)
				return
			}

			seats = append(seats, seat)
		}

		httputil.WriteJSON(w, seats)
	})

	api.HandleFunc("/room_events", func(w http.ResponseWriter, r *http.Request) {
		roomID, ok := r.URL.Query()["id"]
		if !ok {
			http.Error(w, `missing room id`, http.StatusBadRequest)
			return
		}

		server.roomServerEventStreams[roomID[0]].ServeHTTP(w, r)
	})

	api.With(auth.LoggedMiddleware()).
		Post("/seat/occupy", func(w http.ResponseWriter, r *http.Request) {
			database.BeginTransaction()
			defer database.EndTransaction()

			userID, err := auth.RequestUser(r)
			if err != nil {
				http.Error(w, err.Error(), http.StatusUnauthorized)
				return
			}

			user, err := database.GetUser(userID)
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			seatID, ok := r.URL.Query()["id"]
			if !ok {
				http.Error(w, `missing seat id`, http.StatusBadRequest)
				return
			}

			seat, err := database.GetSeat(seatID[0])
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			// a seat can be occupied only if empty; simple users can occupy a seat only if they have occupied no other seat; admins and moderator (for now) can occupy even more than one seat (as occupied by an anonymous?) to fix the free seat count of the room
			if len(seat.OccupiedBy) == 0 {
				userSeats, err := database.GetUserSeats(userID)
				if err != nil {
					http.Error(w, err.Error(), http.StatusInternalServerError)
					return
				}

				if !user.Permissions.HasAny(db.PermissionAdmin, db.PermissionModerator) && len(userSeats) > 0 {
					http.Error(w, `you can occupy only one seat at a time`, http.StatusUnprocessableEntity)
					return
				}

				if err := database.OccupySeat(seatID[0], userID); err != nil {
					http.Error(w, err.Error(), http.StatusInternalServerError)
					return
				}

				server.roomServerEventStreams[seat.RoomID].Broadcast("refresh")
				httputil.WriteJSON(w, "ok")
			} else {
				http.Error(w, `seat already occupied`, http.StatusUnprocessableEntity)
			}
		})

	api.With(auth.LoggedMiddleware()).
		Post("/seat/leave", func(w http.ResponseWriter, r *http.Request) {
			userID, err := auth.RequestUser(r)
			if err != nil {
				http.Error(w, err.Error(), http.StatusUnauthorized)
				return
			}

			user, err := database.GetUser(userID)
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			seatID, ok := r.URL.Query()["id"]
			if !ok {
				http.Error(w, `missing seat id`, http.StatusBadRequest)
				return
			}

			seat, err := database.GetSeat(seatID[0])
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			// Check permissions, if the place is occupied then only its owner, a moderator or an admin can clear it
			if len(seat.OccupiedBy) > 0 {
				if user.ID == seat.OccupiedBy[0] || user.Permissions.HasAny(db.PermissionAdmin, db.PermissionModerator) {
					if err := database.FreeSeat(seatID[0]); err != nil {
						http.Error(w, err.Error(), http.StatusInternalServerError)
						return
					}

					server.roomServerEventStreams[seat.RoomID].Broadcast("refresh")
					httputil.WriteJSON(w, "ok")
				} else {
					http.Error(w, `seat can be freed only by its owner, a moderator or an admin`, http.StatusUnauthorized)
				}
			} else {
				http.Error(w, `seat already empty`, http.StatusUnprocessableEntity)
			}
		})
}

// func (server *Server) ConnectedToRoom(roomID string, client chan string)
Login technically works 3 years ago			`package main`

			`import (`
			`"net/http"`

			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/auth"`
			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/db"`
			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/httputil"`
Raggiunto primo stato presentabile 3 years ago			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/httputil/serverevents"`
Login technically works 3 years ago			`"github.com/go-chi/chi/v5"`
			`)`

			`type Server struct {`
Migliorata la struttura della libreria che gestisce le sessioni di autenticazione 3 years ago			`auth *auth.AuthSessionService`
Login technically works 3 years ago
Raggiunto primo stato presentabile 3 years ago			`roomServerEventStreams map[string]serverevents.Handler`

Migliorata la struttura della libreria che gestisce le sessioni di autenticazione 3 years ago			`Database db.Database`
Login technically works 3 years ago			`ApiRoute chi.Router`
			`}`

			`func NewServer() *Server {`
Raggiunto primo stato presentabile 3 years ago			`database := db.NewInMemoryStore()`
Login technically works 3 years ago
Raggiunto primo stato presentabile 3 years ago			`server := &Server{`
			`Database: database,`
Migliorata la struttura della libreria che gestisce le sessioni di autenticazione 3 years ago			`auth: auth.NewAuthSessionService(`
			`&simpleAuthenticator{`
			`make(map[string]string),`
			`database,`
Raggiunto primo stato presentabile 3 years ago			`},`
Migliorata la struttura della libreria che gestisce le sessioni di autenticazione 3 years ago			`),`
Login technically works 3 years ago
Raggiunto primo stato presentabile 3 years ago			`roomServerEventStreams: make(map[string]serverevents.Handler),`
Login technically works 3 years ago
Raggiunto primo stato presentabile 3 years ago			`ApiRoute: chi.NewRouter(),`
			`}`
Login technically works 3 years ago
Raggiunto primo stato presentabile 3 years ago			`roomIDs, _ := database.GetRooms()`
			`for _, roomID := range roomIDs {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`server.roomServerEventStreams[roomID] = serverevents.New(&serverevents.Config{})`
Login technically works 3 years ago			`}`

			`server.setupRoutes()`

			`return server`
			`}`

			`func (server *Server) setupRoutes() {`
			`api := server.ApiRoute`
Raggiunto primo stato presentabile 3 years ago			`database := server.Database`
Migliorata la struttura della libreria che gestisce le sessioni di autenticazione 3 years ago			`auth := server.auth`
Login technically works 3 years ago
feat: now simple users can only occupy one seat at a time 3 years ago			`// FIXME: in realtà tutte le routes che interagiscono con il db dovrebbero essere in transazione con`
			`// database.BeginTransaction()`
			`// defer database.EndTransaction()`

Login technically works 3 years ago			`// Authenticated Routes`

			`api.Post("/login", func(w http.ResponseWriter, r *http.Request) {`
			`var credentials struct {`
			Username string `json:"username"`
			Password string `json:"password"`
			`}`

			`if err := httputil.ReadJSON(r, &credentials); err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

Migliorata la struttura della libreria che gestisce le sessioni di autenticazione 3 years ago			`err := auth.Login(w, credentials.Username, credentials.Password)`
Added some documentation 3 years ago			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusUnauthorized)`
			`return`
			`}`

			`httputil.WriteJSON(w, "ok")`
Login technically works 3 years ago			`})`

Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`api.With(auth.LoggedMiddleware()).`
Login technically works 3 years ago			`Post("/logout", func(w http.ResponseWriter, r *http.Request) {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`auth.Logout(w)`
Added some documentation 3 years ago			`httputil.WriteJSON(w, "ok")`
Login technically works 3 years ago			`})`

Raggiunto primo stato presentabile 3 years ago			`api.Get("/user", func(w http.ResponseWriter, r *http.Request) {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`userID, err := auth.RequestUser(r)`
Raggiunto primo stato presentabile 3 years ago			`if err != nil {`
			`httputil.WriteJSON(w, nil)`
			`return`
			`}`

			`user, err := database.GetUser(userID)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusNotFound)`
			`}`

			`httputil.WriteJSON(w, user)`
			`})`

			`api.Get("/room/seats", func(w http.ResponseWriter, r *http.Request) {`
			`roomID, ok := r.URL.Query()["id"]`
			`if !ok {`
			http.Error(w, `missing room id`, http.StatusBadRequest)
			`}`

			`room, err := database.GetRoom(roomID[0])`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusNotFound)`
			`return`
			`}`

			`seats := []*db.Seat{}`
			`for _, seatID := range room.SeatIDs {`
			`seat, err := database.GetSeat(seatID)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusNotFound)`
			`return`
			`}`

			`seats = append(seats, seat)`
			`}`

			`httputil.WriteJSON(w, seats)`
			`})`

			`api.HandleFunc("/room_events", func(w http.ResponseWriter, r *http.Request) {`
			`roomID, ok := r.URL.Query()["id"]`
			`if !ok {`
			http.Error(w, `missing room id`, http.StatusBadRequest)
			`return`
			`}`

			`server.roomServerEventStreams[roomID[0]].ServeHTTP(w, r)`
			`})`

Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`api.With(auth.LoggedMiddleware()).`
Raggiunto primo stato presentabile 3 years ago			`Post("/seat/occupy", func(w http.ResponseWriter, r *http.Request) {`
feat: now simple users can only occupy one seat at a time 3 years ago			`database.BeginTransaction()`
			`defer database.EndTransaction()`

Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`userID, err := auth.RequestUser(r)`
Login technically works 3 years ago			`if err != nil {`
Raggiunto primo stato presentabile 3 years ago			`http.Error(w, err.Error(), http.StatusUnauthorized)`
			`return`
			`}`

Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`user, err := database.GetUser(userID)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

Raggiunto primo stato presentabile 3 years ago			`seatID, ok := r.URL.Query()["id"]`
			`if !ok {`
			http.Error(w, `missing seat id`, http.StatusBadRequest)
Login technically works 3 years ago			`return`
			`}`

Raggiunto primo stato presentabile 3 years ago			`seat, err := database.GetSeat(seatID[0])`
Login technically works 3 years ago			`if err != nil {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`http.Error(w, err.Error(), http.StatusInternalServerError)`
Raggiunto primo stato presentabile 3 years ago			`return`
			`}`

feat: now simple users can only occupy one seat at a time 3 years ago			`// a seat can be occupied only if empty; simple users can occupy a seat only if they have occupied no other seat; admins and moderator (for now) can occupy even more than one seat (as occupied by an anonymous?) to fix the free seat count of the room`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`if len(seat.OccupiedBy) == 0 {`
feat: now simple users can only occupy one seat at a time 3 years ago			`userSeats, err := database.GetUserSeats(userID)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`if !user.Permissions.HasAny(db.PermissionAdmin, db.PermissionModerator) && len(userSeats) > 0 {`
			http.Error(w, `you can occupy only one seat at a time`, http.StatusUnprocessableEntity)
			`return`
			`}`

			`if err := database.OccupySeat(seatID[0], userID); err != nil {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`server.roomServerEventStreams[seat.RoomID].Broadcast("refresh")`
			`httputil.WriteJSON(w, "ok")`
			`} else {`
			http.Error(w, `seat already occupied`, http.StatusUnprocessableEntity)
			`}`
			`})`

			`api.With(auth.LoggedMiddleware()).`
			`Post("/seat/leave", func(w http.ResponseWriter, r *http.Request) {`
			`userID, err := auth.RequestUser(r)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusUnauthorized)`
			`return`
			`}`
Raggiunto primo stato presentabile 3 years ago
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`user, err := database.GetUser(userID)`
			`if err != nil {`
Login technically works 3 years ago			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

Raggiunto primo stato presentabile 3 years ago			`seatID, ok := r.URL.Query()["id"]`
			`if !ok {`
			http.Error(w, `missing seat id`, http.StatusBadRequest)
Login technically works 3 years ago			`return`
			`}`

Raggiunto primo stato presentabile 3 years ago			`seat, err := database.GetSeat(seatID[0])`
Login technically works 3 years ago			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

feat: now simple users can only occupy one seat at a time 3 years ago			`// Check permissions, if the place is occupied then only its owner, a moderator or an admin can clear it`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`if len(seat.OccupiedBy) > 0 {`
feat: now simple users can only occupy one seat at a time 3 years ago			`if user.ID == seat.OccupiedBy[0] \|\| user.Permissions.HasAny(db.PermissionAdmin, db.PermissionModerator) {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`if err := database.FreeSeat(seatID[0]); err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`server.roomServerEventStreams[seat.RoomID].Broadcast("refresh")`
			`httputil.WriteJSON(w, "ok")`
			`} else {`
			http.Error(w, `seat can be freed only by its owner, a moderator or an admin`, http.StatusUnauthorized)
			`}`
			`} else {`
			http.Error(w, `seat already empty`, http.StatusUnprocessableEntity)
			`}`
Login technically works 3 years ago			`})`
			`}`
Raggiunto primo stato presentabile 3 years ago
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`// func (server *Server) ConnectedToRoom(roomID string, client chan string)`