posti-dm/server/server.go

package main

import (
	"fmt"
	"log"
	"net/http"

	"git.phc.dm.unipi.it/aziis98/posti-dm/server/auth"
	"git.phc.dm.unipi.it/aziis98/posti-dm/server/db"
	"git.phc.dm.unipi.it/aziis98/posti-dm/server/httputil"
	"git.phc.dm.unipi.it/aziis98/posti-dm/server/httputil/serverevents"
	"git.phc.dm.unipi.it/aziis98/posti-dm/server/util"
	"github.com/go-chi/chi/v5"
)

type Server struct {
	authService *auth.AuthService

	roomServerEventStreams map[string]serverevents.Handler

	Database db.Store
	ApiRoute chi.Router
}

func NewServer() *Server {
	sessions := make(map[string]*db.User)
	database := db.NewInMemoryStore()

	server := &Server{
		Database: database,
		authService: &auth.AuthService{
			CheckUserPassword: func(userID, password string) error {
				if password != "phc" {
					return fmt.Errorf(`invalid password`)
				}

				// FIXME: al momento quando la password è giusta creiamo tutti gli account necessari
				err := database.CreateUser(&db.User{
					ID:          userID,
					Permissions: make(util.StringSet),
				})
				if err != nil {
					log.Printf(`got "%v" while trying to log as @%s`, err, userID)
					return nil
				}

				return nil
			},
			UserPermissions: func(userID string) ([]string, error) {
				user, err := database.GetUser(userID)
				if err != nil {
					return nil, err
				}

				return user.Permissions.Elements(), nil
			},
			SessionTokenFromUser: func(userID string) (string, error) {
				user, err := database.GetUser(userID)
				if err != nil {
					return "", err
				}

				token := util.RandomHash(20)
				sessions[token] = user

				return token, nil
			},
			UserFromSessionToken: func(session string) (string, error) {
				user, present := sessions[session]
				if !present {
					return "", auth.ErrNoUserForSession
				}

				return user.ID, nil
			},
			AuthenticationFailed: func(err error) http.Handler {
				return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
					http.Error(w, err.Error(), http.StatusUnauthorized)
				})
			},
			OtherError: func(err error) http.Handler {
				return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
					http.Error(w, err.Error(), http.StatusInternalServerError)
				})
			},
		},

		roomServerEventStreams: make(map[string]serverevents.Handler),

		ApiRoute: chi.NewRouter(),
	}

	roomIDs, _ := database.GetRooms()
	for _, roomID := range roomIDs {
		server.roomServerEventStreams[roomID] = serverevents.New(&serverevents.Config{})
	}

	server.setupRoutes()

	return server
}

func (server *Server) setupRoutes() {
	api := server.ApiRoute
	database := server.Database
	auth := server.authService

	// FIXME: in realtà tutte le routes che interagiscono con il db dovrebbero essere in transazione con
	// database.BeginTransaction()
	// defer database.EndTransaction()

	// Authenticated Routes

	api.Post("/login", func(w http.ResponseWriter, r *http.Request) {
		var credentials struct {
			Username string `json:"username"`
			Password string `json:"password"`
		}

		if err := httputil.ReadJSON(r, &credentials); err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		err := auth.Login(w, r, credentials.Username, credentials.Password)
		if err != nil {
			http.Error(w, err.Error(), http.StatusUnauthorized)
			return
		}

		httputil.WriteJSON(w, "ok")
	})

	api.With(auth.LoggedMiddleware()).
		Post("/logout", func(w http.ResponseWriter, r *http.Request) {
			auth.Logout(w)
			httputil.WriteJSON(w, "ok")
		})

	api.Get("/user", func(w http.ResponseWriter, r *http.Request) {
		userID, err := auth.RequestUser(r)
		if err != nil {
			httputil.WriteJSON(w, nil)
			return
		}

		user, err := database.GetUser(userID)
		if err != nil {
			http.Error(w, err.Error(), http.StatusNotFound)
		}

		httputil.WriteJSON(w, user)
	})

	api.Get("/room/seats", func(w http.ResponseWriter, r *http.Request) {
		roomID, ok := r.URL.Query()["id"]
		if !ok {
			http.Error(w, `missing room id`, http.StatusBadRequest)
		}

		room, err := database.GetRoom(roomID[0])
		if err != nil {
			http.Error(w, err.Error(), http.StatusNotFound)
			return
		}

		seats := []*db.Seat{}
		for _, seatID := range room.SeatIDs {
			seat, err := database.GetSeat(seatID)
			if err != nil {
				http.Error(w, err.Error(), http.StatusNotFound)
				return
			}

			seats = append(seats, seat)
		}

		httputil.WriteJSON(w, seats)
	})

	api.HandleFunc("/room_events", func(w http.ResponseWriter, r *http.Request) {
		roomID, ok := r.URL.Query()["id"]
		if !ok {
			http.Error(w, `missing room id`, http.StatusBadRequest)
			return
		}

		server.roomServerEventStreams[roomID[0]].ServeHTTP(w, r)
	})

	api.With(auth.LoggedMiddleware()).
		Post("/seat/occupy", func(w http.ResponseWriter, r *http.Request) {
			database.BeginTransaction()
			defer database.EndTransaction()

			userID, err := auth.RequestUser(r)
			if err != nil {
				http.Error(w, err.Error(), http.StatusUnauthorized)
				return
			}

			user, err := database.GetUser(userID)
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			seatID, ok := r.URL.Query()["id"]
			if !ok {
				http.Error(w, `missing seat id`, http.StatusBadRequest)
				return
			}

			seat, err := database.GetSeat(seatID[0])
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			// a seat can be occupied only if empty; simple users can occupy a seat only if they have occupied no other seat; admins and moderator (for now) can occupy even more than one seat (as occupied by an anonymous?) to fix the free seat count of the room
			if len(seat.OccupiedBy) == 0 {
				userSeats, err := database.GetUserSeats(userID)
				if err != nil {
					http.Error(w, err.Error(), http.StatusInternalServerError)
					return
				}

				if !user.Permissions.HasAny(db.PermissionAdmin, db.PermissionModerator) && len(userSeats) > 0 {
					http.Error(w, `you can occupy only one seat at a time`, http.StatusUnprocessableEntity)
					return
				}

				if err := database.OccupySeat(seatID[0], userID); err != nil {
					http.Error(w, err.Error(), http.StatusInternalServerError)
					return
				}

				server.roomServerEventStreams[seat.RoomID].Broadcast("refresh")
				httputil.WriteJSON(w, "ok")
			} else {
				http.Error(w, `seat already occupied`, http.StatusUnprocessableEntity)
			}
		})

	api.With(auth.LoggedMiddleware()).
		Post("/seat/leave", func(w http.ResponseWriter, r *http.Request) {
			userID, err := auth.RequestUser(r)
			if err != nil {
				http.Error(w, err.Error(), http.StatusUnauthorized)
				return
			}

			user, err := database.GetUser(userID)
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			seatID, ok := r.URL.Query()["id"]
			if !ok {
				http.Error(w, `missing seat id`, http.StatusBadRequest)
				return
			}

			seat, err := database.GetSeat(seatID[0])
			if err != nil {
				http.Error(w, err.Error(), http.StatusInternalServerError)
				return
			}

			// Check permissions, if the place is occupied then only its owner, a moderator or an admin can clear it
			if len(seat.OccupiedBy) > 0 {
				if user.ID == seat.OccupiedBy[0] || user.Permissions.HasAny(db.PermissionAdmin, db.PermissionModerator) {
					if err := database.FreeSeat(seatID[0]); err != nil {
						http.Error(w, err.Error(), http.StatusInternalServerError)
						return
					}

					server.roomServerEventStreams[seat.RoomID].Broadcast("refresh")
					httputil.WriteJSON(w, "ok")
				} else {
					http.Error(w, `seat can be freed only by its owner, a moderator or an admin`, http.StatusUnauthorized)
				}
			} else {
				http.Error(w, `seat already empty`, http.StatusUnprocessableEntity)
			}
		})
}

// func (server *Server) ConnectedToRoom(roomID string, client chan string)
Login technically works 3 years ago			`package main`

			`import (`
			`"fmt"`
Minor code reorganization and polishing 3 years ago			`"log"`
Login technically works 3 years ago			`"net/http"`

			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/auth"`
			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/db"`
			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/httputil"`
Raggiunto primo stato presentabile 3 years ago			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/httputil/serverevents"`
Login technically works 3 years ago			`"git.phc.dm.unipi.it/aziis98/posti-dm/server/util"`
			`"github.com/go-chi/chi/v5"`
			`)`

			`type Server struct {`
			`authService *auth.AuthService`

Raggiunto primo stato presentabile 3 years ago			`roomServerEventStreams map[string]serverevents.Handler`

Login technically works 3 years ago			`Database db.Store`
			`ApiRoute chi.Router`
			`}`

			`func NewServer() *Server {`
Raggiunto primo stato presentabile 3 years ago			`sessions := make(map[string]*db.User)`
			`database := db.NewInMemoryStore()`
Login technically works 3 years ago
Raggiunto primo stato presentabile 3 years ago			`server := &Server{`
			`Database: database,`
			`authService: &auth.AuthService{`
			`CheckUserPassword: func(userID, password string) error {`
			`if password != "phc" {`
			return fmt.Errorf(`invalid password`)
			`}`

			`// FIXME: al momento quando la password è giusta creiamo tutti gli account necessari`
Minor code reorganization and polishing 3 years ago			`err := database.CreateUser(&db.User{`
Raggiunto primo stato presentabile 3 years ago			`ID: userID,`
feat: now simple users can only occupy one seat at a time 3 years ago			`Permissions: make(util.StringSet),`
Raggiunto primo stato presentabile 3 years ago			`})`
Minor code reorganization and polishing 3 years ago			`if err != nil {`
			log.Printf(`got "%v" while trying to log as @%s`, err, userID)
			`return nil`
			`}`
Raggiunto primo stato presentabile 3 years ago
			`return nil`
			`},`
			`UserPermissions: func(userID string) ([]string, error) {`
			`user, err := database.GetUser(userID)`
			`if err != nil {`
			`return nil, err`
			`}`

feat: now simple users can only occupy one seat at a time 3 years ago			`return user.Permissions.Elements(), nil`
Raggiunto primo stato presentabile 3 years ago			`},`
			`SessionTokenFromUser: func(userID string) (string, error) {`
			`user, err := database.GetUser(userID)`
			`if err != nil {`
			`return "", err`
			`}`

Minor code reorganization and polishing 3 years ago			`token := util.RandomHash(20)`
Raggiunto primo stato presentabile 3 years ago			`sessions[token] = user`

			`return token, nil`
			`},`
			`UserFromSessionToken: func(session string) (string, error) {`
			`user, present := sessions[session]`
			`if !present {`
			`return "", auth.ErrNoUserForSession`
			`}`

			`return user.ID, nil`
			`},`
			`AuthenticationFailed: func(err error) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`http.Error(w, err.Error(), http.StatusUnauthorized)`
			`})`
			`},`
			`OtherError: func(err error) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`})`
			`},`
Login technically works 3 years ago			`},`

Raggiunto primo stato presentabile 3 years ago			`roomServerEventStreams: make(map[string]serverevents.Handler),`
Login technically works 3 years ago
Raggiunto primo stato presentabile 3 years ago			`ApiRoute: chi.NewRouter(),`
			`}`
Login technically works 3 years ago
Raggiunto primo stato presentabile 3 years ago			`roomIDs, _ := database.GetRooms()`
			`for _, roomID := range roomIDs {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`server.roomServerEventStreams[roomID] = serverevents.New(&serverevents.Config{})`
Login technically works 3 years ago			`}`

			`server.setupRoutes()`

			`return server`
			`}`

			`func (server *Server) setupRoutes() {`
			`api := server.ApiRoute`
Raggiunto primo stato presentabile 3 years ago			`database := server.Database`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`auth := server.authService`
Login technically works 3 years ago
feat: now simple users can only occupy one seat at a time 3 years ago			`// FIXME: in realtà tutte le routes che interagiscono con il db dovrebbero essere in transazione con`
			`// database.BeginTransaction()`
			`// defer database.EndTransaction()`

Login technically works 3 years ago			`// Authenticated Routes`

			`api.Post("/login", func(w http.ResponseWriter, r *http.Request) {`
			`var credentials struct {`
			Username string `json:"username"`
			Password string `json:"password"`
			`}`

			`if err := httputil.ReadJSON(r, &credentials); err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

Added some documentation 3 years ago			`err := auth.Login(w, r, credentials.Username, credentials.Password)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusUnauthorized)`
			`return`
			`}`

			`httputil.WriteJSON(w, "ok")`
Login technically works 3 years ago			`})`

Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`api.With(auth.LoggedMiddleware()).`
Login technically works 3 years ago			`Post("/logout", func(w http.ResponseWriter, r *http.Request) {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`auth.Logout(w)`
Added some documentation 3 years ago			`httputil.WriteJSON(w, "ok")`
Login technically works 3 years ago			`})`

Raggiunto primo stato presentabile 3 years ago			`api.Get("/user", func(w http.ResponseWriter, r *http.Request) {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`userID, err := auth.RequestUser(r)`
Raggiunto primo stato presentabile 3 years ago			`if err != nil {`
			`httputil.WriteJSON(w, nil)`
			`return`
			`}`

			`user, err := database.GetUser(userID)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusNotFound)`
			`}`

			`httputil.WriteJSON(w, user)`
			`})`

			`api.Get("/room/seats", func(w http.ResponseWriter, r *http.Request) {`
			`roomID, ok := r.URL.Query()["id"]`
			`if !ok {`
			http.Error(w, `missing room id`, http.StatusBadRequest)
			`}`

			`room, err := database.GetRoom(roomID[0])`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusNotFound)`
			`return`
			`}`

			`seats := []*db.Seat{}`
			`for _, seatID := range room.SeatIDs {`
			`seat, err := database.GetSeat(seatID)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusNotFound)`
			`return`
			`}`

			`seats = append(seats, seat)`
			`}`

			`httputil.WriteJSON(w, seats)`
			`})`

			`api.HandleFunc("/room_events", func(w http.ResponseWriter, r *http.Request) {`
			`roomID, ok := r.URL.Query()["id"]`
			`if !ok {`
			http.Error(w, `missing room id`, http.StatusBadRequest)
			`return`
			`}`

			`server.roomServerEventStreams[roomID[0]].ServeHTTP(w, r)`
			`})`

Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`api.With(auth.LoggedMiddleware()).`
Raggiunto primo stato presentabile 3 years ago			`Post("/seat/occupy", func(w http.ResponseWriter, r *http.Request) {`
feat: now simple users can only occupy one seat at a time 3 years ago			`database.BeginTransaction()`
			`defer database.EndTransaction()`

Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`userID, err := auth.RequestUser(r)`
Login technically works 3 years ago			`if err != nil {`
Raggiunto primo stato presentabile 3 years ago			`http.Error(w, err.Error(), http.StatusUnauthorized)`
			`return`
			`}`

Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`user, err := database.GetUser(userID)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

Raggiunto primo stato presentabile 3 years ago			`seatID, ok := r.URL.Query()["id"]`
			`if !ok {`
			http.Error(w, `missing seat id`, http.StatusBadRequest)
Login technically works 3 years ago			`return`
			`}`

Raggiunto primo stato presentabile 3 years ago			`seat, err := database.GetSeat(seatID[0])`
Login technically works 3 years ago			`if err != nil {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`http.Error(w, err.Error(), http.StatusInternalServerError)`
Raggiunto primo stato presentabile 3 years ago			`return`
			`}`

feat: now simple users can only occupy one seat at a time 3 years ago			`// a seat can be occupied only if empty; simple users can occupy a seat only if they have occupied no other seat; admins and moderator (for now) can occupy even more than one seat (as occupied by an anonymous?) to fix the free seat count of the room`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`if len(seat.OccupiedBy) == 0 {`
feat: now simple users can only occupy one seat at a time 3 years ago			`userSeats, err := database.GetUserSeats(userID)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`if !user.Permissions.HasAny(db.PermissionAdmin, db.PermissionModerator) && len(userSeats) > 0 {`
			http.Error(w, `you can occupy only one seat at a time`, http.StatusUnprocessableEntity)
			`return`
			`}`

			`if err := database.OccupySeat(seatID[0], userID); err != nil {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`server.roomServerEventStreams[seat.RoomID].Broadcast("refresh")`
			`httputil.WriteJSON(w, "ok")`
			`} else {`
			http.Error(w, `seat already occupied`, http.StatusUnprocessableEntity)
			`}`
			`})`

			`api.With(auth.LoggedMiddleware()).`
			`Post("/seat/leave", func(w http.ResponseWriter, r *http.Request) {`
			`userID, err := auth.RequestUser(r)`
			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusUnauthorized)`
			`return`
			`}`
Raggiunto primo stato presentabile 3 years ago
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`user, err := database.GetUser(userID)`
			`if err != nil {`
Login technically works 3 years ago			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

Raggiunto primo stato presentabile 3 years ago			`seatID, ok := r.URL.Query()["id"]`
			`if !ok {`
			http.Error(w, `missing seat id`, http.StatusBadRequest)
Login technically works 3 years ago			`return`
			`}`

Raggiunto primo stato presentabile 3 years ago			`seat, err := database.GetSeat(seatID[0])`
Login technically works 3 years ago			`if err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

feat: now simple users can only occupy one seat at a time 3 years ago			`// Check permissions, if the place is occupied then only its owner, a moderator or an admin can clear it`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`if len(seat.OccupiedBy) > 0 {`
feat: now simple users can only occupy one seat at a time 3 years ago			`if user.ID == seat.OccupiedBy[0] \|\| user.Permissions.HasAny(db.PermissionAdmin, db.PermissionModerator) {`
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`if err := database.FreeSeat(seatID[0]); err != nil {`
			`http.Error(w, err.Error(), http.StatusInternalServerError)`
			`return`
			`}`

			`server.roomServerEventStreams[seat.RoomID].Broadcast("refresh")`
			`httputil.WriteJSON(w, "ok")`
			`} else {`
			http.Error(w, `seat can be freed only by its owner, a moderator or an admin`, http.StatusUnauthorized)
			`}`
			`} else {`
			http.Error(w, `seat already empty`, http.StatusUnprocessableEntity)
			`}`
Login technically works 3 years ago			`})`
			`}`
Raggiunto primo stato presentabile 3 years ago
Added checks for occupying and leaving a seat based on permissions and user identity 3 years ago			`// func (server *Server) ConnectedToRoom(roomID string, client chan string)`