api/form_handlers.go

/*
Copyright © 2023 Thomas von Dein

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

package api

import (
	//"github.com/alecthomas/repr"
	"github.com/gofiber/fiber/v2"
	"github.com/google/uuid"
	"github.com/tlinden/cenophane/cfg"
	"github.com/tlinden/cenophane/common"

	"bytes"
	"html/template"
	"strings"
	"time"
)

func FormCreate(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
	id := uuid.NewString()

	var formdata common.Form

	// init form obj
	entry := &common.Form{Id: id, Created: common.Timestamp{Time: time.Now()}}

	// retrieve the API Context name from the session
	apicontext, err := SessionGetApicontext(c)
	if err != nil {
		return JsonStatus(c, fiber.StatusInternalServerError,
			"Unable to initialize session store from context: "+err.Error())
	}
	entry.Context = apicontext

	// extract auxilliary form data (expire field et al)
	if err := c.BodyParser(&formdata); err != nil {
		return JsonStatus(c, fiber.StatusInternalServerError,
			"bodyparser error : "+err.Error())
	}

	// post process expire
	if len(formdata.Expire) == 0 {
		entry.Expire = "asap"
	} else {
		ex, err := common.Untaint(formdata.Expire, cfg.RegDuration) // duration or asap allowed
		if err != nil {
			return JsonStatus(c, fiber.StatusForbidden,
				"Invalid data: "+err.Error())
		}
		entry.Expire = ex
	}

	// get url [and zip if there are multiple files]
	returnUrl := strings.Join([]string{cfg.Url, "form", id}, "/")
	entry.Url = returnUrl

	Log("Now serving %s", returnUrl)
	Log("Expire set to: %s", entry.Expire)
	Log("Form created with API-Context %s", entry.Context)

	// we do this in the background to not thwart the server
	go db.Insert(id, entry)

	// everything went well so far
	res := &common.Response{Forms: []*common.Form{entry}}
	res.Success = true
	res.Code = fiber.StatusOK
	return c.Status(fiber.StatusOK).JSON(res)
}

// delete form
func FormDelete(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
	id, err := common.Untaint(c.Params("id"), cfg.RegKey)
	if err != nil {
		return JsonStatus(c, fiber.StatusForbidden,
			"Invalid id provided!")
	}

	if len(id) == 0 {
		return JsonStatus(c, fiber.StatusForbidden,
			"No id specified!")
	}

	// retrieve the API Context name from the session
	apicontext, err := SessionGetApicontext(c)
	if err != nil {
		return JsonStatus(c, fiber.StatusInternalServerError,
			"Unable to initialize session store from context: "+err.Error())
	}

	err = db.Delete(apicontext, id)
	if err != nil {
		// non existent db entry with that id, or other db error, see logs
		return JsonStatus(c, fiber.StatusForbidden,
			"No form with that id could be found!")
	}

	return nil
}

// returns the whole list + error code, no post processing by server
func FormsList(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
	// fetch filter from body(json expected)
	setcontext := new(SetContext)
	if err := c.BodyParser(setcontext); err != nil {
		return JsonStatus(c, fiber.StatusForbidden,
			"Unable to parse body: "+err.Error())
	}

	filter, err := common.Untaint(setcontext.Apicontext, cfg.RegKey)
	if err != nil {
		return JsonStatus(c, fiber.StatusForbidden,
			"Invalid api context filter provided!")
	}

	// retrieve the API Context name from the session
	apicontext, err := SessionGetApicontext(c)
	if err != nil {
		return JsonStatus(c, fiber.StatusInternalServerError,
			"Unable to initialize session store from context: "+err.Error())
	}

	// get list
	response, err := db.List(apicontext, filter, common.TypeForm)
	if err != nil {
		return JsonStatus(c, fiber.StatusForbidden,
			"Unable to list forms: "+err.Error())
	}

	// if we reached this point we can signal success
	response.Success = true
	response.Code = fiber.StatusOK

	return c.Status(fiber.StatusOK).JSON(response)
}

// returns just one form obj + error code
func FormDescribe(c *fiber.Ctx, cfg *cfg.Config, db *Db) error {
	id, err := common.Untaint(c.Params("id"), cfg.RegKey)
	if err != nil {
		return JsonStatus(c, fiber.StatusForbidden,
			"Invalid id provided!")
	}

	// retrieve the API Context name from the session
	apicontext, err := SessionGetApicontext(c)
	if err != nil {
		return JsonStatus(c, fiber.StatusInternalServerError,
			"Unable to initialize session store from context: "+err.Error())
	}

	response, err := db.Get(apicontext, id, common.TypeForm)
	if err != nil {
		return JsonStatus(c, fiber.StatusForbidden,
			"No form with that id could be found!")
	}

	for _, form := range response.Forms {
		form.Url = strings.Join([]string{cfg.Url, "form", id}, "/")
	}

	// if we reached this point we can signal success
	response.Success = true
	response.Code = fiber.StatusOK

	return c.Status(fiber.StatusOK).JSON(response)
}

/*
   Render the upload  html form. Template given  by --formpage, stored
   as  text  in  cfg.Formpage.  It will  be  rendered  using  golang's
   template engine,  data to  be filled  in is  the form  matching the
   given id.
*/
func FormPage(c *fiber.Ctx, cfg *cfg.Config, db *Db, shallexpire bool) error {
	id, err := common.Untaint(c.Params("id"), cfg.RegKey)
	if err != nil {
		return c.Status(fiber.StatusForbidden).SendString("Invalid id provided!")
	}

	apicontext, err := SessionGetApicontext(c)
	if err != nil {
		return c.Status(fiber.StatusInternalServerError).SendString("Unable to initialize session store from context:" + err.Error())
	}

	response, err := db.Get(apicontext, id, common.TypeForm)
	if err != nil || len(response.Forms) == 0 {
		return c.Status(fiber.StatusForbidden).SendString("No form with that id could be found!")
	}

	t := template.New("form")
	if t, err = t.Parse(cfg.Formpage); err != nil {
		return c.Status(fiber.StatusInternalServerError).SendString("Unable to load form template: " + err.Error())
	}

	// prepare upload url
	uploadurl := strings.Join([]string{cfg.ApiPrefix + ApiVersion, "uploads"}, "/")
	response.Forms[0].Url = uploadurl

	var out bytes.Buffer
	if err := t.Execute(&out, response.Forms[0]); err != nil {
		return c.Status(fiber.StatusInternalServerError).SendString("Unable to render form template: " + err.Error())
	}

	c.Set("Content-type", "text/html; charset=utf-8")
	return c.Status(fiber.StatusOK).SendString(out.String())
}
. 2023-02-20 20:25:38 +01:00			`/*`
			`Copyright © 2023 Thomas von Dein`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

couple of enhancements, reorg etc 2023-02-24 12:16:03 +01:00			`package api`
. 2023-02-20 20:25:38 +01:00
			`import (`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`//"github.com/alecthomas/repr"`
couple of enhancements, reorg etc 2023-02-24 12:16:03 +01:00			`"github.com/gofiber/fiber/v2"`
. 2023-02-20 20:25:38 +01:00			`"github.com/google/uuid"`
mv upd cenod 2023-03-17 19:30:03 +01:00			`"github.com/tlinden/cenophane/cfg"`
put shared code into own mod (common), + apicontext env vars 2023-03-19 12:33:15 +01:00			`"github.com/tlinden/cenophane/common"`
implemented various things 2023-02-28 19:05:09 +01:00
added more form functions 2023-03-26 20:19:31 +02:00			`"bytes"`
			`"html/template"`
add download, fix empty apicontext, add url to describe 2023-03-17 13:04:52 +01:00			`"strings"`
. 2023-02-20 20:25:38 +01:00			`"time"`
			`)`

generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`func FormCreate(c fiber.Ctx, cfg cfg.Config, db *Db) error {`
. 2023-02-20 20:25:38 +01:00			`id := uuid.NewString()`

generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`var formdata common.Form`
. 2023-02-20 20:25:38 +01:00
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`// init form obj`
			`entry := &common.Form{Id: id, Created: common.Timestamp{Time: time.Now()}}`
. 2023-02-20 20:25:38 +01:00
added authorization checks 2023-03-16 15:04:03 +01:00			`// retrieve the API Context name from the session`
changes: - added working upload formm which can also create an upload - cleaned up auth.go - enhanced server/SetupAuthStore() to also look up form ids - added form template (put into .go file by Makefile 2023-03-27 13:26:31 +02:00			`apicontext, err := SessionGetApicontext(c)`
added authorization checks 2023-03-16 15:04:03 +01:00			`if err != nil {`
			`return JsonStatus(c, fiber.StatusInternalServerError,`
			`"Unable to initialize session store from context: "+err.Error())`
			`}`
			`entry.Context = apicontext`

some changes: - reorganized client code, using cobra subcommands - more reorg in upd code 2023-03-02 18:31:07 +01:00			`// extract auxilliary form data (expire field et al)`
couple of enhancements, reorg etc 2023-02-24 12:16:03 +01:00			`if err := c.BodyParser(&formdata); err != nil {`
enhanced output 2023-03-13 18:48:38 +01:00			`return JsonStatus(c, fiber.StatusInternalServerError,`
			`"bodyparser error : "+err.Error())`
switched from resty to imroc/req, fixed zipping, added progress bar 2023-02-21 12:43:10 +01:00			`}`
couple of enhancements, reorg etc 2023-02-24 12:16:03 +01:00
some changes: - reorganized client code, using cobra subcommands - more reorg in upd code 2023-03-02 18:31:07 +01:00			`// post process expire`
switched from resty to imroc/req, fixed zipping, added progress bar 2023-02-21 12:43:10 +01:00			`if len(formdata.Expire) == 0 {`
			`entry.Expire = "asap"`
			`} else {`
put shared code into own mod (common), + apicontext env vars 2023-03-19 12:33:15 +01:00			`ex, err := common.Untaint(formdata.Expire, cfg.RegDuration) // duration or asap allowed`
added basic input validation/cleanup + tests 2023-03-01 19:48:49 +01:00			`if err != nil {`
enhanced output 2023-03-13 18:48:38 +01:00			`return JsonStatus(c, fiber.StatusForbidden,`
			`"Invalid data: "+err.Error())`
added basic input validation/cleanup + tests 2023-03-01 19:48:49 +01:00			`}`
			`entry.Expire = ex`
switched from resty to imroc/req, fixed zipping, added progress bar 2023-02-21 12:43:10 +01:00			`}`

some changes: - reorganized client code, using cobra subcommands - more reorg in upd code 2023-03-02 18:31:07 +01:00			`// get url [and zip if there are multiple files]`
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`returnUrl := strings.Join([]string{cfg.Url, "form", id}, "/")`
fix endpoints 2023-03-23 18:44:14 +01:00			`entry.Url = returnUrl`
. 2023-02-20 20:25:38 +01:00
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`Log("Now serving %s", returnUrl)`
. 2023-02-20 20:25:38 +01:00			`Log("Expire set to: %s", entry.Expire)`
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`Log("Form created with API-Context %s", entry.Context)`
. 2023-02-20 20:25:38 +01:00
implemented various things 2023-02-28 19:05:09 +01:00			`// we do this in the background to not thwart the server`
using own Db wrapper class around bolt db 2023-03-01 13:31:44 +01:00			`go db.Insert(id, entry)`
. 2023-02-20 20:25:38 +01:00
enhanced output 2023-03-13 18:48:38 +01:00			`// everything went well so far`
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`res := &common.Response{Forms: []*common.Form{entry}}`
enhanced output 2023-03-13 18:48:38 +01:00			`res.Success = true`
			`res.Code = fiber.StatusOK`
			`return c.Status(fiber.StatusOK).JSON(res)`
implemented various things 2023-02-28 19:05:09 +01:00			`}`
. 2023-02-20 20:25:38 +01:00
added more form functions 2023-03-26 20:19:31 +02:00			`// delete form`
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`func FormDelete(c fiber.Ctx, cfg cfg.Config, db *Db) error {`
put shared code into own mod (common), + apicontext env vars 2023-03-19 12:33:15 +01:00			`id, err := common.Untaint(c.Params("id"), cfg.RegKey)`
added basic input validation/cleanup + tests 2023-03-01 19:48:49 +01:00			`if err != nil {`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`return JsonStatus(c, fiber.StatusForbidden,`
			`"Invalid id provided!")`
added basic input validation/cleanup + tests 2023-03-01 19:48:49 +01:00			`}`
implemented various things 2023-02-28 19:05:09 +01:00
			`if len(id) == 0 {`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`return JsonStatus(c, fiber.StatusForbidden,`
			`"No id specified!")`
implemented various things 2023-02-28 19:05:09 +01:00			`}`

added authorization checks 2023-03-16 15:04:03 +01:00			`// retrieve the API Context name from the session`
changes: - added working upload formm which can also create an upload - cleaned up auth.go - enhanced server/SetupAuthStore() to also look up form ids - added form template (put into .go file by Makefile 2023-03-27 13:26:31 +02:00			`apicontext, err := SessionGetApicontext(c)`
added authorization checks 2023-03-16 15:04:03 +01:00			`if err != nil {`
			`return JsonStatus(c, fiber.StatusInternalServerError,`
			`"Unable to initialize session store from context: "+err.Error())`
			`}`
implemented various things 2023-02-28 19:05:09 +01:00
added authorization checks 2023-03-16 15:04:03 +01:00			`err = db.Delete(apicontext, id)`
implemented various things 2023-02-28 19:05:09 +01:00			`if err != nil {`
			`// non existent db entry with that id, or other db error, see logs`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`return JsonStatus(c, fiber.StatusForbidden,`
added more form functions 2023-03-26 20:19:31 +02:00			`"No form with that id could be found!")`
implemented various things 2023-02-28 19:05:09 +01:00			`}`

			`return nil`
. 2023-02-20 20:25:38 +01:00			`}`
fixed error handling, added list command, switched to koanf 2023-03-07 20:06:13 +01:00
changes: - added cleaner goroutine - added delete cmd - added list cmd - refactoring 2023-03-08 19:31:42 +01:00			`// returns the whole list + error code, no post processing by server`
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`func FormsList(c fiber.Ctx, cfg cfg.Config, db *Db) error {`
impl authorization + filter 2023-03-16 16:35:55 +01:00			`// fetch filter from body(json expected)`
			`setcontext := new(SetContext)`
			`if err := c.BodyParser(setcontext); err != nil {`
			`return JsonStatus(c, fiber.StatusForbidden,`
			`"Unable to parse body: "+err.Error())`
			`}`

put shared code into own mod (common), + apicontext env vars 2023-03-19 12:33:15 +01:00			`filter, err := common.Untaint(setcontext.Apicontext, cfg.RegKey)`
fixed error handling, added list command, switched to koanf 2023-03-07 20:06:13 +01:00			`if err != nil {`
changes: - added cleaner goroutine - added delete cmd - added list cmd - refactoring 2023-03-08 19:31:42 +01:00			`return JsonStatus(c, fiber.StatusForbidden,`
impl authorization + filter 2023-03-16 16:35:55 +01:00			`"Invalid api context filter provided!")`
			`}`

			`// retrieve the API Context name from the session`
changes: - added working upload formm which can also create an upload - cleaned up auth.go - enhanced server/SetupAuthStore() to also look up form ids - added form template (put into .go file by Makefile 2023-03-27 13:26:31 +02:00			`apicontext, err := SessionGetApicontext(c)`
impl authorization + filter 2023-03-16 16:35:55 +01:00			`if err != nil {`
			`return JsonStatus(c, fiber.StatusInternalServerError,`
			`"Unable to initialize session store from context: "+err.Error())`
fixed error handling, added list command, switched to koanf 2023-03-07 20:06:13 +01:00			`}`

impl authorization + filter 2023-03-16 16:35:55 +01:00			`// get list`
added more form functions 2023-03-26 20:19:31 +02:00			`response, err := db.List(apicontext, filter, common.TypeForm)`
fixed error handling, added list command, switched to koanf 2023-03-07 20:06:13 +01:00			`if err != nil {`
changes: - added cleaner goroutine - added delete cmd - added list cmd - refactoring 2023-03-08 19:31:42 +01:00			`return JsonStatus(c, fiber.StatusForbidden,`
added more form functions 2023-03-26 20:19:31 +02:00			`"Unable to list forms: "+err.Error())`
fixed error handling, added list command, switched to koanf 2023-03-07 20:06:13 +01:00			`}`

changes: - added cleaner goroutine - added delete cmd - added list cmd - refactoring 2023-03-08 19:31:42 +01:00			`// if we reached this point we can signal success`
added more form functions 2023-03-26 20:19:31 +02:00			`response.Success = true`
			`response.Code = fiber.StatusOK`
fixed error handling, added list command, switched to koanf 2023-03-07 20:06:13 +01:00
added more form functions 2023-03-26 20:19:31 +02:00			`return c.Status(fiber.StatusOK).JSON(response)`
fixed error handling, added list command, switched to koanf 2023-03-07 20:06:13 +01:00			`}`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00
added more form functions 2023-03-26 20:19:31 +02:00			`// returns just one form obj + error code`
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`func FormDescribe(c fiber.Ctx, cfg cfg.Config, db *Db) error {`
put shared code into own mod (common), + apicontext env vars 2023-03-19 12:33:15 +01:00			`id, err := common.Untaint(c.Params("id"), cfg.RegKey)`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`if err != nil {`
			`return JsonStatus(c, fiber.StatusForbidden,`
			`"Invalid id provided!")`
			`}`

added authorization checks 2023-03-16 15:04:03 +01:00			`// retrieve the API Context name from the session`
changes: - added working upload formm which can also create an upload - cleaned up auth.go - enhanced server/SetupAuthStore() to also look up form ids - added form template (put into .go file by Makefile 2023-03-27 13:26:31 +02:00			`apicontext, err := SessionGetApicontext(c)`
added authorization checks 2023-03-16 15:04:03 +01:00			`if err != nil {`
			`return JsonStatus(c, fiber.StatusInternalServerError,`
			`"Unable to initialize session store from context: "+err.Error())`
			`}`

added more form functions 2023-03-26 20:19:31 +02:00			`response, err := db.Get(apicontext, id, common.TypeForm)`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`if err != nil {`
			`return JsonStatus(c, fiber.StatusForbidden,`
added more form functions 2023-03-26 20:19:31 +02:00			`"No form with that id could be found!")`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`}`

added more form functions 2023-03-26 20:19:31 +02:00			`for _, form := range response.Forms {`
			`form.Url = strings.Join([]string{cfg.Url, "form", id}, "/")`
add download, fix empty apicontext, add url to describe 2023-03-17 13:04:52 +01:00			`}`

Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`// if we reached this point we can signal success`
added more form functions 2023-03-26 20:19:31 +02:00			`response.Success = true`
			`response.Code = fiber.StatusOK`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00
added more form functions 2023-03-26 20:19:31 +02:00			`return c.Status(fiber.StatusOK).JSON(response)`
Changes: - added describe command - fixed v4+v6 handling 2023-03-09 20:24:20 +01:00			`}`
added more form functions 2023-03-26 20:19:31 +02:00
			`/*`
			`Render the upload html form. Template given by --formpage, stored`
			`as text in cfg.Formpage. It will be rendered using golang's`
			`template engine, data to be filled in is the form matching the`
			`given id.`
generalized DB engine to support multiple types (upload+form) 2023-03-25 16:20:42 +01:00			`*/`
added more form functions 2023-03-26 20:19:31 +02:00			`func FormPage(c fiber.Ctx, cfg cfg.Config, db *Db, shallexpire bool) error {`
			`id, err := common.Untaint(c.Params("id"), cfg.RegKey)`
			`if err != nil {`
			`return c.Status(fiber.StatusForbidden).SendString("Invalid id provided!")`
			`}`

changes: - added working upload formm which can also create an upload - cleaned up auth.go - enhanced server/SetupAuthStore() to also look up form ids - added form template (put into .go file by Makefile 2023-03-27 13:26:31 +02:00			`apicontext, err := SessionGetApicontext(c)`
added more form functions 2023-03-26 20:19:31 +02:00			`if err != nil {`
			`return c.Status(fiber.StatusInternalServerError).SendString("Unable to initialize session store from context:" + err.Error())`
			`}`

			`response, err := db.Get(apicontext, id, common.TypeForm)`
			`if err != nil \|\| len(response.Forms) == 0 {`
			`return c.Status(fiber.StatusForbidden).SendString("No form with that id could be found!")`
			`}`

			`t := template.New("form")`
			`if t, err = t.Parse(cfg.Formpage); err != nil {`
			`return c.Status(fiber.StatusInternalServerError).SendString("Unable to load form template: " + err.Error())`
			`}`

changes: - added working upload formm which can also create an upload - cleaned up auth.go - enhanced server/SetupAuthStore() to also look up form ids - added form template (put into .go file by Makefile 2023-03-27 13:26:31 +02:00			`// prepare upload url`
			`uploadurl := strings.Join([]string{cfg.ApiPrefix + ApiVersion, "uploads"}, "/")`
			`response.Forms[0].Url = uploadurl`

added more form functions 2023-03-26 20:19:31 +02:00			`var out bytes.Buffer`
			`if err := t.Execute(&out, response.Forms[0]); err != nil {`
			`return c.Status(fiber.StatusInternalServerError).SendString("Unable to render form template: " + err.Error())`
			`}`

			`c.Set("Content-type", "text/html; charset=utf-8")`
			`return c.Status(fiber.StatusOK).SendString(out.String())`
			`}`