handler refactor

backend/handlers.go

@@ -8,6 +8,7 @@ import (
 	"os"
 
 	"github.com/honeynet/ochi/backend/entities"
+
 	"github.com/julienschmidt/httprouter"
 	"google.golang.org/api/idtoken"
 )
@@ -86,7 +87,7 @@ type response struct {
 
 // sessionHandler creates a new token for the user
 func (cs *server) sessionHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	userID := r.Context().Value(userID("userID")).(string)
+	userID := userIDFromCtx(r.Context())
 	user, err := cs.uRepo.Get(userID)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -156,7 +157,7 @@ func (cs *server) loginHandler(w http.ResponseWriter, r *http.Request, _ httprou
 
 // getQueriesHandler returns a list of queries belonging to ther user.
 func (cs *server) getQueriesHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	userID := r.Context().Value(userID("userID")).(string)
+	userID := userIDFromCtx(r.Context())
 	queries, err := cs.queryRepo.FindByOwnerId(userID)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -172,7 +173,7 @@ func (cs *server) getQueriesHandler(w http.ResponseWriter, r *http.Request, _ ht
 
 // createQueryHandler creates a new query.
 func (cs *server) createQueryHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	userID := r.Context().Value(userID("userID")).(string)
+	userID := userIDFromCtx(r.Context())
 	decoder := json.NewDecoder(r.Body)
 	defer r.Body.Close()
 	var t entities.Query
@@ -196,7 +197,7 @@ func (cs *server) createQueryHandler(w http.ResponseWriter, r *http.Request, _ h
 
 // udpateQueryHandler updates an existing query making sure the user owns the query.
 func (cs *server) updateQueryHandler(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
-	userID := r.Context().Value(userID("userID")).(string)
+	userID := userIDFromCtx(r.Context())
 	id := p.ByName("id")
 	q, err := cs.queryRepo.GetByID(id)
 	if err != nil {
@@ -219,7 +220,7 @@ func (cs *server) updateQueryHandler(w http.ResponseWriter, r *http.Request, p h
 		return
 	}
 	if id != q.ID {
-		http.Error(w, "Ids dont match", http.StatusBadRequest)
+		http.Error(w, "Ids don't match", http.StatusBadRequest)
 		return
 	}
 	err = cs.queryRepo.Update(q.ID, q.Content, q.Description, q.Active)
@@ -232,7 +233,7 @@ func (cs *server) updateQueryHandler(w http.ResponseWriter, r *http.Request, p h
 
 // deleteQueryHandler deletes a query making sure the user owns the query.
 func (cs *server) deleteQueryHandler(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
-	userID := r.Context().Value(userID("userID")).(string)
+	userID := userIDFromCtx(r.Context())
 	id := p.ByName("id")
 	q, err := cs.queryRepo.GetByID(id)
 	if err != nil {
@@ -261,7 +262,7 @@ func (cs *server) deleteQueryHandler(w http.ResponseWriter, r *http.Request, p h
 
 // createEventHandler creates a new event
 func (cs *server) createEventHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	userID := r.Context().Value(userID("userID")).(string)
+	userID := userIDFromCtx(r.Context())
 	decoder := json.NewDecoder(r.Body)
 	defer r.Body.Close()
 	var event entities.Event
@@ -285,7 +286,7 @@ func (cs *server) createEventHandler(w http.ResponseWriter, r *http.Request, _ h
 
 // deleteEventHandler deletes an event making sure the user owns the query.
 func (cs *server) deleteEventHandler(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
-	userID := r.Context().Value(userID("userID")).(string)
+	userID := userIDFromCtx(r.Context())
 	id := p.ByName("id")
 	event, err := cs.eventRepo.GetByID(id)
 	if err != nil {
@@ -310,7 +311,7 @@ func (cs *server) deleteEventHandler(w http.ResponseWriter, r *http.Request, p h
 
 // getEventsHandler returns a list of events belonging to ther user.
 func (cs *server) getEventsHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
-	userID := r.Context().Value(userID("userID")).(string)
+	userID := userIDFromCtx(r.Context())
 	events, err := cs.eventRepo.FindByOwnerId(userID)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)

backend/middleware.go → backend/handlers/auth.go

@@ -1,4 +1,4 @@
-package backend
+package handlers
 
 import (
 	"context"
@@ -9,7 +9,7 @@ import (
 	"github.com/julienschmidt/httprouter"
 )
 
-func tokenMiddleware(h httprouter.Handle, secret string) httprouter.Handle {
+func TokenMiddleware(h httprouter.Handle, secret string) httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 		token, ok := r.URL.Query()["token"]
 		if !ok || len(token) == 0 || token[0] != secret {
@@ -21,9 +21,9 @@ func tokenMiddleware(h httprouter.Handle, secret string) httprouter.Handle {
 	}
 }
 
-type userID string
+type UserID string
 
-func bearerMiddleware(h httprouter.Handle, secret string) httprouter.Handle {
+func BearerMiddleware(h httprouter.Handle, secret string) httprouter.Handle {
 	return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
 		authHeader := r.Header.Get("Authorization")
 		authFields := strings.Fields(authHeader)
@@ -43,7 +43,7 @@ func bearerMiddleware(h httprouter.Handle, secret string) httprouter.Handle {
 			return
 		}
 
-		r = r.WithContext(context.WithValue(r.Context(), userID("userID"), claims.UserID))
+		r = r.WithContext(context.WithValue(r.Context(), UserID("userID"), claims.UserID))
 
 		h(w, r, ps)
 	}

backend/handlers/cors.go

@@ -8,7 +8,6 @@ import (
 
 // CorsOptionsHandler defines a global handler for HTTP OPTIONS requests.
 func CorsOptionsHandler(w http.ResponseWriter, r *http.Request) {
-
 	if r.Header.Get("Access-Control-Request-Method") != "" {
 		// Set CORS headers
 		header := w.Header()

backend/routes.go

@@ -31,24 +31,24 @@ func newRouter(cs *server) (*httprouter.Router, error) {
 
 	// websocket
 	r.GET("/subscribe", cs.subscribeHandler)
-	r.POST("/publish", tokenMiddleware(cs.publishHandler, os.Args[2]))
+	r.POST("/publish", handlers.TokenMiddleware(cs.publishHandler, os.Args[2]))
 
 	// user
 	r.POST("/login", cs.loginHandler)
-	r.GET("/session", handlers.CorsMiddleware(bearerMiddleware(cs.sessionHandler, os.Args[3])))
+	r.GET("/session", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.sessionHandler, os.Args[3])))
 
 	// query
 	// TODO: make CorsMiddleware more generic instead of specifying it on every handler.
-	r.GET("/queries", handlers.CorsMiddleware(bearerMiddleware(cs.getQueriesHandler, os.Args[3])))
-	r.POST("/queries", handlers.CorsMiddleware(bearerMiddleware(cs.createQueryHandler, os.Args[3])))
-	r.PATCH("/queries/:id", handlers.CorsMiddleware(bearerMiddleware(cs.updateQueryHandler, os.Args[3])))
-	r.DELETE("/queries/:id", handlers.CorsMiddleware(bearerMiddleware(cs.deleteQueryHandler, os.Args[3])))
+	r.GET("/queries", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.getQueriesHandler, os.Args[3])))
+	r.POST("/queries", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.createQueryHandler, os.Args[3])))
+	r.PATCH("/queries/:id", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.updateQueryHandler, os.Args[3])))
+	r.DELETE("/queries/:id", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.deleteQueryHandler, os.Args[3])))
 
 	// event
-	r.POST("/api/events", handlers.CorsMiddleware(bearerMiddleware(cs.createEventHandler, os.Args[3])))
-	r.DELETE("/api/events/:id", handlers.CorsMiddleware(bearerMiddleware(cs.deleteEventHandler, os.Args[3])))
-	r.GET("/api/events", handlers.CorsMiddleware(bearerMiddleware(cs.getEventsHandler, os.Args[3])))
-	r.GET("/api/events/:id", handlers.CorsMiddleware(bearerMiddleware(cs.getEventByIDHandler, os.Args[3])))
+	r.POST("/api/events", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.createEventHandler, os.Args[3])))
+	r.DELETE("/api/events/:id", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.deleteEventHandler, os.Args[3])))
+	r.GET("/api/events", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.getEventsHandler, os.Args[3])))
+	r.GET("/api/events/:id", handlers.CorsMiddleware(handlers.BearerMiddleware(cs.getEventByIDHandler, os.Args[3])))
 
 	return r, nil
 }

backend/utils.go

@@ -1,7 +1,16 @@
 package backend
 
-import "strings"
+import (
+	"context"
+	"strings"
+
+	"github.com/honeynet/ochi/backend/handlers"
+)
 
 func isNotFoundError(e error) bool {
 	return strings.Contains(e.Error(), "no rows in result set")
 }
+
+func userIDFromCtx(ctx context.Context) string {
+	return ctx.Value(handlers.UserID("userID")).(string)
+}