Mercurial > gemma
view pkg/controllers/routes.go @ 484:2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Fri, 24 Aug 2018 11:36:11 +0200 |
parents | 11d80120ed3d |
children | b2dc9c2f69e0 |
line wrap: on
line source
package controllers import ( "net/http" "net/http/httputil" "github.com/gorilla/mux" "gemma.intevation.de/gemma/pkg/auth" "gemma.intevation.de/gemma/pkg/middleware" "gemma.intevation.de/gemma/pkg/models" ) func BindRoutes(m *mux.Router) { api := m.PathPrefix("/api").Subrouter() var ( sysAdmin = auth.EnsureRole("sys_admin") any = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user") ) // User management. api.Handle("/users", any(&JSONHandler{ Handle: listUsers, })).Methods(http.MethodGet) api.Handle("/users", sysAdmin(&JSONHandler{ Input: func() interface{} { return new(models.User) }, Handle: createUser, })).Methods(http.MethodPost) api.Handle("/users/{user}", any(&JSONHandler{ Handle: listUser, })).Methods(http.MethodGet) api.Handle("/users/{user}", any(&JSONHandler{ Input: func() interface{} { return new(models.User) }, Handle: updateUser, })).Methods(http.MethodPut) api.Handle("/users/{user}", sysAdmin(&JSONHandler{ Handle: deleteUser, })).Methods(http.MethodDelete) // Password resets. api.Handle("/users/passwordreset", &JSONHandler{ Input: func() interface{} { return new(models.PWResetUser) }, Handle: passwordResetRequest, }).Methods(http.MethodPost) api.Handle("/users/passwordreset/{hash}", &JSONHandler{ Handle: passwordReset, }).Methods(http.MethodGet) // External proxies. external := &httputil.ReverseProxy{ Director: proxyDirector(models.ExternalServices.Find), ModifyResponse: proxyModifyResponse("/api/external/"), } externalAuth := any(external) api.Handle("/external/{hash}/{url}", externalAuth). Methods( http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete) api.Handle("/external/{entry}", externalAuth). Methods( http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete) // Internal proxies. internal := &httputil.ReverseProxy{ Director: proxyDirector(models.InternalServices.Find), ModifyResponse: proxyModifyResponse("/api/internal/"), } internalAuth := any( middleware.ModifyQuery(internal, middleware.InjectUser)) api.Handle("/internal/{hash}/{url}", internalAuth). Methods( http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete) api.Handle("/internal/{entry}", internalAuth). Methods( http.MethodGet, http.MethodPost, http.MethodPut, http.MethodDelete) api.Handle("/published", any(&JSONHandler{ Handle: published, })).Methods(http.MethodGet) // Token handling: Login/Logout. api.HandleFunc("/login", login). Methods(http.MethodPost) api.Handle("/logout", auth.SessionMiddleware(http.HandlerFunc(logout))). Methods(http.MethodGet, http.MethodPost) api.Handle("/renew", auth.SessionMiddleware(http.HandlerFunc(renew))). Methods(http.MethodGet, http.MethodPost) }