Mercurial > gemma
annotate pkg/controllers/routes.go @ 431:7cd1536a6797
Replaced sys-admin db user with a metamorphic one.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Mon, 20 Aug 2018 15:29:57 +0200 |
parents | 4a03d000c854 |
children | 1504f8eff12e |
rev | line source |
---|---|
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
1 package controllers |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
2 |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
3 import ( |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
4 "net/http" |
346
ad0e47c1fedf
Use httputil.ReverseProxy for WFS proxying.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
335
diff
changeset
|
5 "net/http/httputil" |
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
6 |
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
7 "github.com/gorilla/mux" |
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
8 |
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
9 "gemma.intevation.de/gemma/pkg/auth" |
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
10 "gemma.intevation.de/gemma/pkg/middleware" |
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
11 ) |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
12 |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
13 func BindRoutes(m *mux.Router) { |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 api := m.PathPrefix("/api").Subrouter() |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 |
270
d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
254
diff
changeset
|
17 var ( |
d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
254
diff
changeset
|
18 sysAdmin = auth.EnsureRole("sys_admin") |
d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
254
diff
changeset
|
19 all = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user") |
d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
254
diff
changeset
|
20 ) |
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 |
335
bd292a554b6e
Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
304
diff
changeset
|
22 // User management. |
281
3c5420976910
A user should see her/him self if asking for users listing.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
270
diff
changeset
|
23 api.Handle("/users", all(&JSONHandler{ |
250
deabc2712634
Implemented /users GET as list of users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
242
diff
changeset
|
24 Handle: listUsers, |
deabc2712634
Implemented /users GET as list of users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
242
diff
changeset
|
25 })).Methods(http.MethodGet) |
deabc2712634
Implemented /users GET as list of users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
242
diff
changeset
|
26 |
deabc2712634
Implemented /users GET as list of users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
242
diff
changeset
|
27 api.Handle("/users", sysAdmin(&JSONHandler{ |
239
713234a04a87
Renamed JSONHandler.Process to JSONHandler.Handler as it sounds more symmetrical.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
237
diff
changeset
|
28 Input: func() interface{} { return new(User) }, |
713234a04a87
Renamed JSONHandler.Process to JSONHandler.Handler as it sounds more symmetrical.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
237
diff
changeset
|
29 Handle: createUser, |
237
3771788d3dae
Reduce boilerplate code when writing JSON parsing/generating endpoints.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
235
diff
changeset
|
30 })).Methods(http.MethodPost) |
3771788d3dae
Reduce boilerplate code when writing JSON parsing/generating endpoints.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
235
diff
changeset
|
31 |
270
d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
254
diff
changeset
|
32 api.Handle("/users/{user}", all(&JSONHandler{ |
254
de6fdb316b8f
Implemented /users/{user} GET a listing of given user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
250
diff
changeset
|
33 Handle: listUser, |
de6fdb316b8f
Implemented /users/{user} GET a listing of given user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
250
diff
changeset
|
34 })).Methods(http.MethodGet) |
de6fdb316b8f
Implemented /users/{user} GET a listing of given user.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
250
diff
changeset
|
35 |
270
d1b0d964af09
Dont restrict listing/updating of users to sys_admins.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
254
diff
changeset
|
36 api.Handle("/users/{user}", all(&JSONHandler{ |
239
713234a04a87
Renamed JSONHandler.Process to JSONHandler.Handler as it sounds more symmetrical.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
237
diff
changeset
|
37 Input: func() interface{} { return new(User) }, |
713234a04a87
Renamed JSONHandler.Process to JSONHandler.Handler as it sounds more symmetrical.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
237
diff
changeset
|
38 Handle: updateUser, |
237
3771788d3dae
Reduce boilerplate code when writing JSON parsing/generating endpoints.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
235
diff
changeset
|
39 })).Methods(http.MethodPut) |
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
40 |
240
9012e4045da4
Implemented /user delete controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
239
diff
changeset
|
41 api.Handle("/users/{user}", sysAdmin(&JSONHandler{ |
9012e4045da4
Implemented /user delete controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
239
diff
changeset
|
42 Handle: deleteUser, |
242
24eb518b0394
/users delete should be handled by HTTP DELETE not PUT.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
240
diff
changeset
|
43 })).Methods(http.MethodDelete) |
240
9012e4045da4
Implemented /user delete controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
239
diff
changeset
|
44 |
335
bd292a554b6e
Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
304
diff
changeset
|
45 // Password resets. |
302
0777aa6de45b
Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
281
diff
changeset
|
46 api.Handle("/users/passwordreset", &JSONHandler{ |
0777aa6de45b
Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
281
diff
changeset
|
47 Input: func() interface{} { return new(PWResetUser) }, |
304
69e291f26bbd
Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
302
diff
changeset
|
48 Handle: passwordResetRequest, |
69e291f26bbd
Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
302
diff
changeset
|
49 }).Methods(http.MethodPost) |
69e291f26bbd
Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
302
diff
changeset
|
50 |
69e291f26bbd
Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
302
diff
changeset
|
51 api.Handle("/users/passwordreset/{hash}", &JSONHandler{ |
302
0777aa6de45b
Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
281
diff
changeset
|
52 Handle: passwordReset, |
304
69e291f26bbd
Password reset: Part II.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
302
diff
changeset
|
53 }).Methods(http.MethodGet) |
302
0777aa6de45b
Password reset. Part I
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
281
diff
changeset
|
54 |
426
4a03d000c854
Fixed wrong comments.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
421
diff
changeset
|
55 // External proxies. |
408
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
359
diff
changeset
|
56 proxy := &httputil.ReverseProxy{ |
421
c37457f12b8e
Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
419
diff
changeset
|
57 Director: proxyDirector(findProxy("external")), |
c37457f12b8e
Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
419
diff
changeset
|
58 ModifyResponse: proxyModifyResponse("/api/external/"), |
346
ad0e47c1fedf
Use httputil.ReverseProxy for WFS proxying.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
335
diff
changeset
|
59 } |
ad0e47c1fedf
Use httputil.ReverseProxy for WFS proxying.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
335
diff
changeset
|
60 |
421
c37457f12b8e
Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
419
diff
changeset
|
61 api.Handle("/external/{hash}/{url}", proxy). |
408
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
359
diff
changeset
|
62 Methods( |
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
359
diff
changeset
|
63 http.MethodGet, http.MethodPost, |
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
359
diff
changeset
|
64 http.MethodPut, http.MethodDelete) |
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
359
diff
changeset
|
65 |
421
c37457f12b8e
Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
419
diff
changeset
|
66 api.Handle("/external/{entry}", proxy). |
335
bd292a554b6e
Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
304
diff
changeset
|
67 Methods( |
bd292a554b6e
Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
304
diff
changeset
|
68 http.MethodGet, http.MethodPost, |
bd292a554b6e
Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
304
diff
changeset
|
69 http.MethodPut, http.MethodDelete) |
bd292a554b6e
Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
304
diff
changeset
|
70 |
426
4a03d000c854
Fixed wrong comments.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
421
diff
changeset
|
71 // Internal proxies. |
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
72 internal := &httputil.ReverseProxy{ |
421
c37457f12b8e
Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
419
diff
changeset
|
73 Director: proxyDirector(findProxy("internal")), |
c37457f12b8e
Differ between internal and external proxies.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
419
diff
changeset
|
74 ModifyResponse: proxyModifyResponse("/api/internal/"), |
419
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
75 } |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
76 |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
77 internalAuth := all( |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
78 middleware.ModifyQuery(internal, middleware.InjectUser)) |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
79 |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
80 api.Handle("/internal/{hash}/{url}", internalAuth). |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
81 Methods( |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
82 http.MethodGet, http.MethodPost, |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
83 http.MethodPut, http.MethodDelete) |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
84 |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
85 api.Handle("/internal/{entry}", internalAuth). |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
86 Methods( |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
87 http.MethodGet, http.MethodPost, |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
88 http.MethodPut, http.MethodDelete) |
6627c48363a0
First attempt for user injection of proxy for using GeoServer with role based security.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
89 |
335
bd292a554b6e
Made gemma a WFS proxy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
304
diff
changeset
|
90 // Token handling: Login/Logout. |
231
694f959ba3e7
Fixed bad route to /logout controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
226
diff
changeset
|
91 api.HandleFunc("/login", login). |
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
92 Methods(http.MethodGet, http.MethodPost) |
231
694f959ba3e7
Fixed bad route to /logout controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
226
diff
changeset
|
93 api.Handle("/logout", auth.SessionMiddleware(http.HandlerFunc(logout))). |
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
94 Methods(http.MethodGet, http.MethodPost) |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
95 api.Handle("/renew", auth.SessionMiddleware(http.HandlerFunc(renew))). |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
96 Methods(http.MethodGet, http.MethodPost) |
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
97 } |