// Copyright (c) Mainflux // SPDX-License-Identifier: Apache-2.0 package api import ( "context" "encoding/json" "io" "net/http" "strconv" "github.com/mainflux/mainflux/certs" "github.com/mainflux/mainflux/pkg/errors" kithttp "github.com/go-kit/kit/transport/http" "github.com/go-zoo/bone" "github.com/mainflux/mainflux" "github.com/prometheus/client_golang/prometheus/promhttp" ) const ( contentType = "application/json" offset = "offset" limit = "limit" defOffset = 0 defLimit = 10 ) var ( errUnsupportedContentType = errors.New("unsupported content type") errUnauthorized = errors.New("missing or invalid credentials provided") errInvalidQueryParams = errors.New("invalid query params") errMalformedEntity = errors.New("malformed entity") errConflict = errors.New("entity already exists") ) // MakeHandler returns a HTTP handler for API endpoints. func MakeHandler(svc certs.Service) http.Handler { opts := []kithttp.ServerOption{ kithttp.ServerErrorEncoder(encodeError), } r := bone.New() r.Post("/certs", kithttp.NewServer( issueCert(svc), decodeCerts, encodeResponse, opts..., )) r.Get("/certs", kithttp.NewServer( listCerts(svc), decodeListCerts, encodeResponse, opts..., )) r.Delete("/certs/revoke", kithttp.NewServer( revokeCert(svc), decodeRevokeCerts, encodeResponse, opts..., )) r.Handle("/metrics", promhttp.Handler()) r.GetFunc("/version", mainflux.Version("certs")) return r } func encodeResponse(_ context.Context, w http.ResponseWriter, response interface{}) error { w.Header().Set("Content-Type", contentType) if ar, ok := response.(mainflux.Response); ok { for k, v := range ar.Headers() { w.Header().Set(k, v) } w.WriteHeader(ar.Code()) if ar.Empty() { return nil } } return json.NewEncoder(w).Encode(response) } func decodeListCerts(_ context.Context, r *http.Request) (interface{}, error) { l, err := readUintQuery(r, limit, defLimit) if err != nil { return nil, err } o, err := readUintQuery(r, offset, defOffset) if err != nil { return nil, err } req := listReq{ token: r.Header.Get("Authorization"), limit: l, offset: o, } return req, nil } func readUintQuery(r *http.Request, key string, def uint64) (uint64, error) { vals := bone.GetQuery(r, key) if len(vals) > 1 { return 0, errInvalidQueryParams } if len(vals) == 0 { return def, nil } strval := vals[0] val, err := strconv.ParseUint(strval, 10, 64) if err != nil { return 0, errInvalidQueryParams } return val, nil } func decodeCerts(_ context.Context, r *http.Request) (interface{}, error) { if r.Header.Get("Content-Type") != contentType { return nil, errUnsupportedContentType } req := addCertsReq{token: r.Header.Get("Authorization")} if err := json.NewDecoder(r.Body).Decode(&req); err != nil { return nil, err } return req, nil } func decodeRevokeCerts(_ context.Context, r *http.Request) (interface{}, error) { if r.Header.Get("Content-Type") != contentType { return nil, errUnsupportedContentType } req := revokeReq{token: r.Header.Get("Authorization")} if err := json.NewDecoder(r.Body).Decode(&req); err != nil { return nil, err } return req, nil } func encodeError(_ context.Context, err error, w http.ResponseWriter) { w.Header().Set("Content-Type", contentType) switch err { case errUnsupportedContentType: w.WriteHeader(http.StatusUnsupportedMediaType) case io.EOF, errMalformedEntity: w.WriteHeader(http.StatusBadRequest) case errConflict: w.WriteHeader(http.StatusConflict) default: switch err.(type) { case *json.SyntaxError: w.WriteHeader(http.StatusBadRequest) case *json.UnmarshalTypeError: w.WriteHeader(http.StatusBadRequest) default: w.WriteHeader(http.StatusInternalServerError) } } }