Mainflux.mainflux/authn/api/http/transport.go

// Copyright (c) Mainflux
// SPDX-License-Identifier: Apache-2.0

package http

import (
	"context"
	"encoding/json"
	"errors"
	"io"
	"net/http"
	"strings"

	kitot "github.com/go-kit/kit/tracing/opentracing"
	kithttp "github.com/go-kit/kit/transport/http"
	"github.com/go-zoo/bone"
	"github.com/mainflux/mainflux"
	"github.com/mainflux/mainflux/authn"
	"github.com/opentracing/opentracing-go"
	"github.com/prometheus/client_golang/prometheus/promhttp"
)

const contentType = "application/json"

var errUnsupportedContentType = errors.New("unsupported content type")

// MakeHandler returns a HTTP handler for API endpoints.
func MakeHandler(svc authn.Service, tracer opentracing.Tracer) http.Handler {
	opts := []kithttp.ServerOption{
		kithttp.ServerErrorEncoder(encodeError),
	}

	mux := bone.New()

	mux.Post("/keys", kithttp.NewServer(
		kitot.TraceServer(tracer, "issue")(issueEndpoint(svc)),
		decodeIssue,
		encodeResponse,
		opts...,
	))

	mux.Get("/keys/:id", kithttp.NewServer(
		kitot.TraceServer(tracer, "retrieve")(retrieveEndpoint(svc)),
		decodeKeyReq,
		encodeResponse,
		opts...,
	))

	mux.Delete("/keys/:id", kithttp.NewServer(
		kitot.TraceServer(tracer, "revoke")(revokeEndpoint(svc)),
		decodeKeyReq,
		encodeResponse,
		opts...,
	))

	mux.GetFunc("/version", mainflux.Version("auth"))
	mux.Handle("/metrics", promhttp.Handler())

	return mux
}

func decodeIssue(_ context.Context, r *http.Request) (interface{}, error) {
	if !strings.Contains(r.Header.Get("Content-Type"), contentType) {
		return nil, errUnsupportedContentType
	}
	req := issueKeyReq{
		issuer: r.Header.Get("Authorization"),
	}
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
		return nil, err
	}

	return req, nil
}

func decodeKeyReq(_ context.Context, r *http.Request) (interface{}, error) {
	req := keyReq{
		issuer: r.Header.Get("Authorization"),
		id:     bone.GetValue(r, "id"),
	}
	return req, nil
}

func encodeResponse(_ context.Context, w http.ResponseWriter, response interface{}) error {
	w.Header().Set("Content-Type", contentType)

	if ar, ok := response.(mainflux.Response); ok {
		for k, v := range ar.Headers() {
			w.Header().Set(k, v)
		}

		w.WriteHeader(ar.Code())

		if ar.Empty() {
			return nil
		}
	}

	return json.NewEncoder(w).Encode(response)
}

func encodeError(_ context.Context, err error, w http.ResponseWriter) {
	w.Header().Set("Content-Type", contentType)

	switch err {
	case authn.ErrMalformedEntity:
		w.WriteHeader(http.StatusBadRequest)
	case authn.ErrUnauthorizedAccess:
		w.WriteHeader(http.StatusForbidden)
	case authn.ErrNotFound:
		w.WriteHeader(http.StatusNotFound)
	case authn.ErrConflict:
		w.WriteHeader(http.StatusConflict)
	case io.EOF, io.ErrUnexpectedEOF:
		w.WriteHeader(http.StatusBadRequest)
	case errUnsupportedContentType:
		w.WriteHeader(http.StatusUnsupportedMediaType)
	default:
		switch err.(type) {
		case *json.SyntaxError:
			w.WriteHeader(http.StatusBadRequest)
		case *json.UnmarshalTypeError:
			w.WriteHeader(http.StatusBadRequest)
		default:
			w.WriteHeader(http.StatusInternalServerError)
		}
	}
}
MF-932 - User API keys (#941) * Add inital Auth implementation Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract IssuedAt on transport layer Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add token type Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Auth service URL in Things service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Add User Keys revocation check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update tests Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused tracing methods Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix Key retrival and parsing Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unused code Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix compose files Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos Simplify tests. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix typos and remove useless comments Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename Auth to Authn Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename database.go to tracin.go A new name (`tracing.go`) describes better the purpose of the file. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Fix typo. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Increase test coverage Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove token from Users service Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Fix identify login keys Rename token parsing method. Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Extract tokenizer to interface Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove pointer time Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use pointer for expiration time in response Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use uppercase N Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove unnecessary email check Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Cleanup unused code and env vars Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Rename tokenizer field Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Use slices and named fields in test cases Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Update AuthN keys naming Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove package-lock.json changes Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> * Remove Secret from issuing request Signed-off-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com> 2019-12-16 16:22:09 +01:00			`// Copyright (c) Mainflux`
			`// SPDX-License-Identifier: Apache-2.0`

			`package http`

			`import (`
			`"context"`
			`"encoding/json"`
			`"errors"`
			`"io"`
			`"net/http"`
			`"strings"`

			`kitot "github.com/go-kit/kit/tracing/opentracing"`
			`kithttp "github.com/go-kit/kit/transport/http"`
			`"github.com/go-zoo/bone"`
			`"github.com/mainflux/mainflux"`
			`"github.com/mainflux/mainflux/authn"`
			`"github.com/opentracing/opentracing-go"`
			`"github.com/prometheus/client_golang/prometheus/promhttp"`
			`)`

			`const contentType = "application/json"`

			`var errUnsupportedContentType = errors.New("unsupported content type")`

			`// MakeHandler returns a HTTP handler for API endpoints.`
			`func MakeHandler(svc authn.Service, tracer opentracing.Tracer) http.Handler {`
			`opts := []kithttp.ServerOption{`
			`kithttp.ServerErrorEncoder(encodeError),`
			`}`

			`mux := bone.New()`

			`mux.Post("/keys", kithttp.NewServer(`
			`kitot.TraceServer(tracer, "issue")(issueEndpoint(svc)),`
			`decodeIssue,`
			`encodeResponse,`
			`opts...,`
			`))`

			`mux.Get("/keys/:id", kithttp.NewServer(`
			`kitot.TraceServer(tracer, "retrieve")(retrieveEndpoint(svc)),`
			`decodeKeyReq,`
			`encodeResponse,`
			`opts...,`
			`))`

			`mux.Delete("/keys/:id", kithttp.NewServer(`
			`kitot.TraceServer(tracer, "revoke")(revokeEndpoint(svc)),`
			`decodeKeyReq,`
			`encodeResponse,`
			`opts...,`
			`))`

			`mux.GetFunc("/version", mainflux.Version("auth"))`
			`mux.Handle("/metrics", promhttp.Handler())`

			`return mux`
			`}`

			`func decodeIssue(_ context.Context, r *http.Request) (interface{}, error) {`
			`if !strings.Contains(r.Header.Get("Content-Type"), contentType) {`
			`return nil, errUnsupportedContentType`
			`}`
			`req := issueKeyReq{`
			`issuer: r.Header.Get("Authorization"),`
			`}`
			`if err := json.NewDecoder(r.Body).Decode(&req); err != nil {`
			`return nil, err`
			`}`

			`return req, nil`
			`}`

			`func decodeKeyReq(_ context.Context, r *http.Request) (interface{}, error) {`
			`req := keyReq{`
			`issuer: r.Header.Get("Authorization"),`
			`id: bone.GetValue(r, "id"),`
			`}`
			`return req, nil`
			`}`

			`func encodeResponse(_ context.Context, w http.ResponseWriter, response interface{}) error {`
			`w.Header().Set("Content-Type", contentType)`

			`if ar, ok := response.(mainflux.Response); ok {`
			`for k, v := range ar.Headers() {`
			`w.Header().Set(k, v)`
			`}`

			`w.WriteHeader(ar.Code())`

			`if ar.Empty() {`
			`return nil`
			`}`
			`}`

			`return json.NewEncoder(w).Encode(response)`
			`}`

			`func encodeError(_ context.Context, err error, w http.ResponseWriter) {`
			`w.Header().Set("Content-Type", contentType)`

			`switch err {`
			`case authn.ErrMalformedEntity:`
			`w.WriteHeader(http.StatusBadRequest)`
			`case authn.ErrUnauthorizedAccess:`
			`w.WriteHeader(http.StatusForbidden)`
			`case authn.ErrNotFound:`
			`w.WriteHeader(http.StatusNotFound)`
			`case authn.ErrConflict:`
			`w.WriteHeader(http.StatusConflict)`
			`case io.EOF, io.ErrUnexpectedEOF:`
			`w.WriteHeader(http.StatusBadRequest)`
			`case errUnsupportedContentType:`
			`w.WriteHeader(http.StatusUnsupportedMediaType)`
			`default:`
			`switch err.(type) {`
			`case *json.SyntaxError:`
			`w.WriteHeader(http.StatusBadRequest)`
			`case *json.UnmarshalTypeError:`
			`w.WriteHeader(http.StatusBadRequest)`
			`default:`
			`w.WriteHeader(http.StatusInternalServerError)`
			`}`
			`}`
			`}`