Mercurial > gemma

view pkg/controllers/routes.go @ 426:4a03d000c854

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed wrong comments.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Thu, 16 Aug 2018 17:37:29 +0200
parents c37457f12b8e
children 1504f8eff12e
line wrap: on
line source

package controllers

import (
	"net/http"
	"net/http/httputil"

	"github.com/gorilla/mux"

	"gemma.intevation.de/gemma/pkg/auth"
	"gemma.intevation.de/gemma/pkg/middleware"
)

func BindRoutes(m *mux.Router) {

	api := m.PathPrefix("/api").Subrouter()

	var (
		sysAdmin = auth.EnsureRole("sys_admin")
		all      = auth.EnsureRole("sys_admin", "waterway_admin", "waterway_user")
	)

	// User management.
	api.Handle("/users", all(&JSONHandler{
		Handle: listUsers,
	})).Methods(http.MethodGet)

	api.Handle("/users", sysAdmin(&JSONHandler{
		Input:  func() interface{} { return new(User) },
		Handle: createUser,
	})).Methods(http.MethodPost)

	api.Handle("/users/{user}", all(&JSONHandler{
		Handle: listUser,
	})).Methods(http.MethodGet)

	api.Handle("/users/{user}", all(&JSONHandler{
		Input:  func() interface{} { return new(User) },
		Handle: updateUser,
	})).Methods(http.MethodPut)

	api.Handle("/users/{user}", sysAdmin(&JSONHandler{
		Handle: deleteUser,
	})).Methods(http.MethodDelete)

	// Password resets.
	api.Handle("/users/passwordreset", &JSONHandler{
		Input:  func() interface{} { return new(PWResetUser) },
		Handle: passwordResetRequest,
	}).Methods(http.MethodPost)

	api.Handle("/users/passwordreset/{hash}", &JSONHandler{
		Handle: passwordReset,
	}).Methods(http.MethodGet)

	// External proxies.
	proxy := &httputil.ReverseProxy{
		Director:       proxyDirector(findProxy("external")),
		ModifyResponse: proxyModifyResponse("/api/external/"),
	}

	api.Handle("/external/{hash}/{url}", proxy).
		Methods(
			http.MethodGet, http.MethodPost,
			http.MethodPut, http.MethodDelete)

	api.Handle("/external/{entry}", proxy).
		Methods(
			http.MethodGet, http.MethodPost,
			http.MethodPut, http.MethodDelete)

	// Internal proxies.
	internal := &httputil.ReverseProxy{
		Director:       proxyDirector(findProxy("internal")),
		ModifyResponse: proxyModifyResponse("/api/internal/"),
	}

	internalAuth := all(
		middleware.ModifyQuery(internal, middleware.InjectUser))

	api.Handle("/internal/{hash}/{url}", internalAuth).
		Methods(
			http.MethodGet, http.MethodPost,
			http.MethodPut, http.MethodDelete)

	api.Handle("/internal/{entry}", internalAuth).
		Methods(
			http.MethodGet, http.MethodPost,
			http.MethodPut, http.MethodDelete)

	// Token handling: Login/Logout.
	api.HandleFunc("/login", login).
		Methods(http.MethodGet, http.MethodPost)
	api.Handle("/logout", auth.SessionMiddleware(http.HandlerFunc(logout))).
		Methods(http.MethodGet, http.MethodPost)
	api.Handle("/renew", auth.SessionMiddleware(http.HandlerFunc(renew))).
		Methods(http.MethodGet, http.MethodPost)
}