Access lists basics

2023-01-13 15:03:28 +10:00
parent a239be993c
commit 6c76c041c4
17 changed files with 732 additions and 2 deletions
--- a/backend/internal/api/handler/access_lists.go
+++ b/backend/internal/api/handler/access_lists.go
@ -0,0 +1,129 @@
+package handler
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	c "npm/internal/api/context"
+	h "npm/internal/api/http"
+	"npm/internal/api/middleware"
+	"npm/internal/entity/accesslist"
+)
+
+// GetAccessLists will return a list of Access Lists
+// Route: GET /access-lists
+func GetAccessLists() func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		pageInfo, err := getPageInfoFromRequest(r)
+		if err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+			return
+		}
+
+		items, err := accesslist.List(pageInfo, middleware.GetFiltersFromContext(r))
+		if err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+		} else {
+			h.ResultResponseJSON(w, r, http.StatusOK, items)
+		}
+	}
+}
+
+// GetAccessList will return a single access list
+// Route: GET /access-lists/{accessListID}
+func GetAccessList() func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var err error
+		var accessListID int
+		if accessListID, err = getURLParamInt(r, "accessListID"); err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+			return
+		}
+
+		item, err := accesslist.GetByID(accessListID)
+		if err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+		} else {
+			h.ResultResponseJSON(w, r, http.StatusOK, item)
+		}
+	}
+}
+
+// CreateAccessList will create an access list
+// Route: POST /access-lists
+func CreateAccessList() func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		bodyBytes, _ := r.Context().Value(c.BodyCtxKey).([]byte)
+
+		var newItem accesslist.Model
+		err := json.Unmarshal(bodyBytes, &newItem)
+		if err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, h.ErrInvalidPayload.Error(), nil)
+			return
+		}
+
+		// Get userID from token
+		userID, _ := r.Context().Value(c.UserIDCtxKey).(int)
+		newItem.UserID = userID
+
+		if err = newItem.Save(); err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, fmt.Sprintf("Unable to save Access List: %s", err.Error()), nil)
+			return
+		}
+
+		h.ResultResponseJSON(w, r, http.StatusOK, newItem)
+	}
+}
+
+// UpdateAccessList is self explanatory
+// Route: PUT /access-lists/{accessListID}
+func UpdateAccessList() func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var err error
+		var accessListID int
+		if accessListID, err = getURLParamInt(r, "accessListID"); err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+			return
+		}
+
+		item, err := accesslist.GetByID(accessListID)
+		if err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+		} else {
+			bodyBytes, _ := r.Context().Value(c.BodyCtxKey).([]byte)
+			err := json.Unmarshal(bodyBytes, &item)
+			if err != nil {
+				h.ResultErrorJSON(w, r, http.StatusBadRequest, h.ErrInvalidPayload.Error(), nil)
+				return
+			}
+
+			if err = item.Save(); err != nil {
+				h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+				return
+			}
+
+			h.ResultResponseJSON(w, r, http.StatusOK, item)
+		}
+	}
+}
+
+// DeleteAccessList is self explanatory
+// Route: DELETE /access-lists/{accessListID}
+func DeleteAccessList() func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var err error
+		var accessListID int
+		if accessListID, err = getURLParamInt(r, "accessListID"); err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+			return
+		}
+
+		item, err := accesslist.GetByID(accessListID)
+		if err != nil {
+			h.ResultErrorJSON(w, r, http.StatusBadRequest, err.Error(), nil)
+		} else {
+			h.ResultResponseJSON(w, r, http.StatusOK, item.Delete())
+		}
+	}
+}
--- a/backend/internal/api/router.go
+++ b/backend/internal/api/router.go
@ -8,6 +8,7 @@ import (
 	"npm/internal/api/middleware"
 	"npm/internal/api/schema"
 	"npm/internal/config"
+	"npm/internal/entity/accesslist"
 	"npm/internal/entity/certificate"
 	"npm/internal/entity/certificateauthority"
 	"npm/internal/entity/dnsprovider"
@ -114,6 +115,18 @@ func applyRoutes(r chi.Router) chi.Router {
 				Put("/{name}", handler.UpdateSetting())
 		})

+		// Access Lists
+		r.With(middleware.EnforceSetup(true)).Route("/access-lists", func(r chi.Router) {
+			r.With(middleware.Filters(accesslist.GetFilterSchema()), middleware.Enforce(user.CapabilityAccessListsView)).
+				Get("/", handler.GetAccessLists())
+			r.With(middleware.Enforce(user.CapabilityAccessListsView)).Get("/{accessListID:[0-9]+}", handler.GetAccessList())
+			r.With(middleware.Enforce(user.CapabilityAccessListsManage)).Delete("/{accessListID:[0-9]+}", handler.DeleteAccessList())
+			r.With(middleware.Enforce(user.CapabilityAccessListsManage)).With(middleware.EnforceRequestSchema(schema.CreateAccessList())).
+				Post("/", handler.CreateAccessList())
+			r.With(middleware.Enforce(user.CapabilityAccessListsManage)).With(middleware.EnforceRequestSchema(schema.UpdateAccessList())).
+				Put("/{accessListID:[0-9]+}", handler.UpdateAccessList())
+		})
+
 		// DNS Providers
 		r.With(middleware.EnforceSetup(true)).Route("/dns-providers", func(r chi.Router) {
 			r.With(middleware.Filters(dnsprovider.GetFilterSchema()), middleware.Enforce(user.CapabilityDNSProvidersView)).
@ -125,7 +138,7 @@ func applyRoutes(r chi.Router) chi.Router {
 			r.With(middleware.Enforce(user.CapabilityDNSProvidersManage)).With(middleware.EnforceRequestSchema(schema.UpdateDNSProvider())).
 				Put("/{providerID:[0-9]+}", handler.UpdateDNSProvider())

-			r.With(middleware.EnforceSetup(true), middleware.Enforce(user.CapabilityDNSProvidersView)).Route("/acmesh", func(r chi.Router) {
+			r.With(middleware.Enforce(user.CapabilityDNSProvidersView)).Route("/acmesh", func(r chi.Router) {
 				r.Get("/{acmeshID:[a-z0-9_]+}", handler.GetAcmeshProvider())
 				r.Get("/", handler.GetAcmeshProviders())
 			})
--- a/backend/internal/api/schema/create_access_list.go
+++ b/backend/internal/api/schema/create_access_list.go
@ -0,0 +1,21 @@
+package schema
+
+import (
+	"fmt"
+)
+
+// CreateAccessList is the schema for incoming data validation
+func CreateAccessList() string {
+	return fmt.Sprintf(`
+		{
+			"type": "object",
+			"additionalProperties": false,
+			"required": [
+				"name"
+			],
+			"properties": {
+				"name": %s
+			}
+		}
+	`, stringMinMax(2, 100))
+}
--- a/backend/internal/api/schema/update_access_list.go
+++ b/backend/internal/api/schema/update_access_list.go
@ -0,0 +1,17 @@
+package schema
+
+import "fmt"
+
+// UpdateAccessList is the schema for incoming data validation
+func UpdateAccessList() string {
+	return fmt.Sprintf(`
+		{
+			"type": "object",
+			"additionalProperties": false,
+			"minProperties": 1,
+			"properties": {
+				"name": %s
+			}
+		}
+	`, stringMinMax(2, 100))
+}