Mercurial > gemma

annotate pkg/controllers/routes.go @ 431:7cd1536a6797

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Replaced sys-admin db user with a metamorphic one.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Mon, 20 Aug 2018 15:29:57 +0200
parents 4a03d000c854
children 1504f8eff12e
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
226
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
1 package controllers
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
2
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
3 import (
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
4 "net/http"
346
ad0e47c1fedf Use httputil.ReverseProxy for WFS proxying.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 335
diff changeset
5 "net/http/httputil"
226
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
6
414
c1047fd04a3a Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 408
diff changeset
7 "github.com/gorilla/mux"
226
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
8
414
c1047fd04a3a Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 408
diff changeset
9 "gemma.intevation.de/gemma/pkg/auth"
419
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
10 "gemma.intevation.de/gemma/pkg/middleware"
226
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
11 )
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
12
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
13 func BindRoutes(m *mux.Router) {
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
14
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
15 api := m.PathPrefix("/api").Subrouter()
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
16
270
d1b0d964af09 Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 254
diff changeset
17 var (
d1b0d964af09 Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 254
diff changeset
18 sysAdmin = auth.EnsureRole("sys_admin")
d1b0d964af09 Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 254
diff changeset
19 all = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user")
d1b0d964af09 Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 254
diff changeset
20 )
226
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
21
335
bd292a554b6e Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 304
diff changeset
22 // User management.
281
3c5420976910 A user should see her/him self if asking for users listing.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 270
diff changeset
23 api.Handle("/users", all(&JSONHandler{
250
deabc2712634 Implemented /users GET as list of users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 242
diff changeset
24 Handle: listUsers,
deabc2712634 Implemented /users GET as list of users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 242
diff changeset
25 })).Methods(http.MethodGet)
deabc2712634 Implemented /users GET as list of users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 242
diff changeset
26
deabc2712634 Implemented /users GET as list of users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 242
diff changeset
27 api.Handle("/users", sysAdmin(&JSONHandler{
239
713234a04a87 Renamed JSONHandler.Process to JSONHandler.Handler as it sounds more symmetrical.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 237
diff changeset
28 Input: func() interface{} { return new(User) },
713234a04a87 Renamed JSONHandler.Process to JSONHandler.Handler as it sounds more symmetrical.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 237
diff changeset
29 Handle: createUser,
237
3771788d3dae Reduce boilerplate code when writing JSON parsing/generating endpoints.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 235
diff changeset
30 })).Methods(http.MethodPost)
3771788d3dae Reduce boilerplate code when writing JSON parsing/generating endpoints.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 235
diff changeset
31
270
d1b0d964af09 Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 254
diff changeset
32 api.Handle("/users/{user}", all(&JSONHandler{
254
de6fdb316b8f Implemented /users/{user} GET a listing of given user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 250
diff changeset
33 Handle: listUser,
de6fdb316b8f Implemented /users/{user} GET a listing of given user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 250
diff changeset
34 })).Methods(http.MethodGet)
de6fdb316b8f Implemented /users/{user} GET a listing of given user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 250
diff changeset
35
270
d1b0d964af09 Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 254
diff changeset
36 api.Handle("/users/{user}", all(&JSONHandler{
239
713234a04a87 Renamed JSONHandler.Process to JSONHandler.Handler as it sounds more symmetrical.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 237
diff changeset
37 Input: func() interface{} { return new(User) },
713234a04a87 Renamed JSONHandler.Process to JSONHandler.Handler as it sounds more symmetrical.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 237
diff changeset
38 Handle: updateUser,
237
3771788d3dae Reduce boilerplate code when writing JSON parsing/generating endpoints.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 235
diff changeset
39 })).Methods(http.MethodPut)
226
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
40
240
9012e4045da4 Implemented /user delete controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 239
diff changeset
41 api.Handle("/users/{user}", sysAdmin(&JSONHandler{
9012e4045da4 Implemented /user delete controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 239
diff changeset
42 Handle: deleteUser,
242
24eb518b0394 /users delete should be handled by HTTP DELETE not PUT.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 240
diff changeset
43 })).Methods(http.MethodDelete)
240
9012e4045da4 Implemented /user delete controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 239
diff changeset
44
335
bd292a554b6e Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 304
diff changeset
45 // Password resets.
302
0777aa6de45b Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 281
diff changeset
46 api.Handle("/users/passwordreset", &JSONHandler{
0777aa6de45b Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 281
diff changeset
47 Input: func() interface{} { return new(PWResetUser) },
304
69e291f26bbd Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 302
diff changeset
48 Handle: passwordResetRequest,
69e291f26bbd Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 302
diff changeset
49 }).Methods(http.MethodPost)
69e291f26bbd Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 302
diff changeset
50
69e291f26bbd Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 302
diff changeset
51 api.Handle("/users/passwordreset/{hash}", &JSONHandler{
302
0777aa6de45b Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 281
diff changeset
52 Handle: passwordReset,
304
69e291f26bbd Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 302
diff changeset
53 }).Methods(http.MethodGet)
302
0777aa6de45b Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 281
diff changeset
54
426
4a03d000c854 Fixed wrong comments.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 421
diff changeset
55 // External proxies.
408
ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 359
diff changeset
56 proxy := &httputil.ReverseProxy{
421
c37457f12b8e Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 419
diff changeset
57 Director: proxyDirector(findProxy("external")),
c37457f12b8e Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 419
diff changeset
58 ModifyResponse: proxyModifyResponse("/api/external/"),
346
ad0e47c1fedf Use httputil.ReverseProxy for WFS proxying.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 335
diff changeset
59 }
ad0e47c1fedf Use httputil.ReverseProxy for WFS proxying.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 335
diff changeset
60
421
c37457f12b8e Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 419
diff changeset
61 api.Handle("/external/{hash}/{url}", proxy).
408
ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 359
diff changeset
62 Methods(
ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 359
diff changeset
63 http.MethodGet, http.MethodPost,
ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 359
diff changeset
64 http.MethodPut, http.MethodDelete)
ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 359
diff changeset
65
421
c37457f12b8e Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 419
diff changeset
66 api.Handle("/external/{entry}", proxy).
335
bd292a554b6e Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 304
diff changeset
67 Methods(
bd292a554b6e Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 304
diff changeset
68 http.MethodGet, http.MethodPost,
bd292a554b6e Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 304
diff changeset
69 http.MethodPut, http.MethodDelete)
bd292a554b6e Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 304
diff changeset
70
426
4a03d000c854 Fixed wrong comments.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 421
diff changeset
71 // Internal proxies.
419
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
72 internal := &httputil.ReverseProxy{
421
c37457f12b8e Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 419
diff changeset
73 Director: proxyDirector(findProxy("internal")),
c37457f12b8e Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 419
diff changeset
74 ModifyResponse: proxyModifyResponse("/api/internal/"),
419
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
75 }
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
76
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
77 internalAuth := all(
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
78 middleware.ModifyQuery(internal, middleware.InjectUser))
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
79
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
80 api.Handle("/internal/{hash}/{url}", internalAuth).
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
81 Methods(
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
82 http.MethodGet, http.MethodPost,
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
83 http.MethodPut, http.MethodDelete)
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
84
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
85 api.Handle("/internal/{entry}", internalAuth).
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
86 Methods(
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
87 http.MethodGet, http.MethodPost,
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
88 http.MethodPut, http.MethodDelete)
6627c48363a0 First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
89
335
bd292a554b6e Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 304
diff changeset
90 // Token handling: Login/Logout.
231
694f959ba3e7 Fixed bad route to /logout controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 226
diff changeset
91 api.HandleFunc("/login", login).
226
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
92 Methods(http.MethodGet, http.MethodPost)
231
694f959ba3e7 Fixed bad route to /logout controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 226
diff changeset
93 api.Handle("/logout", auth.SessionMiddleware(http.HandlerFunc(logout))).
226
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
94 Methods(http.MethodGet, http.MethodPost)
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
95 api.Handle("/renew", auth.SessionMiddleware(http.HandlerFunc(renew))).
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
96 Methods(http.MethodGet, http.MethodPost)
63dd5216eee4 Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
97 }