arimelody-web/api/api.go

package api

import (
	"context"
	"fmt"
	"net/http"
	"os"
	"strings"

	"arimelody-web/controller"
	"arimelody-web/model"
)

func Handler(app *model.AppState) http.Handler {
    mux := http.NewServeMux()

    // TODO: generate API keys on the frontend

    // ARTIST ENDPOINTS

    mux.Handle("GET /v1/artist/{id}", ServeArtist(app))
    mux.Handle("PUT /v1/artist/{id}", requireAccount(UpdateArtist(app)))
    mux.Handle("DELETE /v1/artist/{id}", requireAccount(DeleteArtist(app)))

    mux.Handle("GET /v1/artist/", ServeAllArtists(app))
    mux.Handle("GET /v1/artist", ServeAllArtists(app))
    mux.Handle("POST /v1/artist/", requireAccount(CreateArtist(app)))
    mux.Handle("POST /v1/artist", requireAccount(CreateArtist(app)))

    // RELEASE ENDPOINTS

    mux.Handle("GET /v1/music/{id}", ServeRelease(app))
    mux.Handle("PUT /v1/music/{id}", requireAccount(UpdateRelease(app)))
    mux.Handle("DELETE /v1/music/{id}", requireAccount(DeleteRelease(app)))

    mux.Handle("PUT /v1/music/{id}/tracks", requireAccount(UpdateReleaseTracks(app)))
    mux.Handle("PUT /v1/music/{id}/credits", requireAccount(UpdateReleaseCredits(app)))
    mux.Handle("PUT /v1/music/{id}/links", requireAccount(UpdateReleaseLinks(app)))

    mux.Handle("GET /v1/music/", ServeCatalog(app))
    mux.Handle("GET /v1/music", ServeCatalog(app))
    mux.Handle("POST /v1/music/", requireAccount(CreateRelease(app)))
    mux.Handle("POST /v1/music", requireAccount(CreateRelease(app)))

    // TRACK ENDPOINTS

    mux.Handle("GET /v1/track/{id}", requireAccount(ServeTrack(app)))
    mux.Handle("PUT /v1/track/{id}", requireAccount(UpdateTrack(app)))
    mux.Handle("DELETE /v1/track/{id}", requireAccount(DeleteTrack(app)))

    mux.Handle("GET /v1/track/", requireAccount(ServeAllTracks(app)))
    mux.Handle("GET /v1/track", requireAccount(ServeAllTracks(app)))
    mux.Handle("POST /v1/track/", requireAccount(CreateTrack(app)))
    mux.Handle("POST /v1/track", requireAccount(CreateTrack(app)))

    // BLOG ENDPOINTS

    mux.Handle("GET /v1/blog/{id}", ServeBlog(app))
    mux.Handle("PUT /v1/blog/{id}", requireAccount(UpdateBlog(app)))
    mux.Handle("DELETE /v1/blog/{id}", requireAccount(DeleteBlog(app)))

    mux.Handle("GET /v1/blog/", ServeAllBlogs(app))
    mux.Handle("GET /v1/blog", ServeAllBlogs(app))
    mux.Handle("POST /v1/blog/", requireAccount(CreateBlog(app)))
    mux.Handle("POST /v1/blog", requireAccount(CreateBlog(app)))

    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        session, err := getSession(app, r)
        if err != nil {
            fmt.Fprintf(os.Stderr, "WARN: Failed to get session: %v\n", err)
            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            return
        }
        ctx := context.WithValue(r.Context(), "session", session)
        mux.ServeHTTP(w, r.WithContext(ctx))
    })
}

func requireAccount(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        session := r.Context().Value("session").(*model.Session)
        if session == nil || session.Account == nil {
            http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
            return
        }
        ctx := context.WithValue(r.Context(), "session", session)
        next.ServeHTTP(w, r.WithContext(ctx))
    })
}

func getSession(app *model.AppState, r *http.Request) (*model.Session, error) {
    var token string

    // check cookies first
    sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)
    if err != nil && err != http.ErrNoCookie {
        return nil, fmt.Errorf("Failed to retrieve session cookie: %v\n", err)
    }
    if sessionCookie != nil {
        token = sessionCookie.Value
    } else {
        // check Authorization header
        token = strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
    }

    if token == "" { return nil, nil }

    // fetch existing session
    session, err := controller.GetSession(app.DB, token)

    if err != nil && !strings.Contains(err.Error(), "no rows") {
        return nil, fmt.Errorf("Failed to retrieve session: %v\n", err)
    }

    if session != nil {
        // TODO: consider running security checks here (i.e. user agent mismatches)
    }

    return session, nil
}
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`package api`

			`import (`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`"context"`
			`"fmt"`
			`"net/http"`
			`"os"`
			`"strings"`

			`"arimelody-web/controller"`
			`"arimelody-web/model"`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`)`

refactored out `global`. long live `AppState` 2025-01-21 14:53:18 +00:00			`func Handler(app *model.AppState) http.Handler {`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00			`mux := http.NewServeMux()`

disable api account endpoints (for now) 2025-01-20 19:02:26 +00:00			`// TODO: generate API keys on the frontend`

i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// ARTIST ENDPOINTS`

use servemux properly this time; better error handling for DB gets 2025-11-08 15:04:07 +00:00			`mux.Handle("GET /v1/artist/{id}", ServeArtist(app))`
			`mux.Handle("PUT /v1/artist/{id}", requireAccount(UpdateArtist(app)))`
			`mux.Handle("DELETE /v1/artist/{id}", requireAccount(DeleteArtist(app)))`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00
use servemux properly this time; better error handling for DB gets 2025-11-08 15:04:07 +00:00			`mux.Handle("GET /v1/artist/", ServeAllArtists(app))`
			`mux.Handle("GET /v1/artist", ServeAllArtists(app))`
			`mux.Handle("POST /v1/artist/", requireAccount(CreateArtist(app)))`
			`mux.Handle("POST /v1/artist", requireAccount(CreateArtist(app)))`
create support for releases, artists, tracks, and credits Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 00:27:30 +01:00
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// RELEASE ENDPOINTS`

use servemux properly this time; better error handling for DB gets 2025-11-08 15:04:07 +00:00			`mux.Handle("GET /v1/music/{id}", ServeRelease(app))`
			`mux.Handle("PUT /v1/music/{id}", requireAccount(UpdateRelease(app)))`
			`mux.Handle("DELETE /v1/music/{id}", requireAccount(DeleteRelease(app)))`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00
use servemux properly this time; better error handling for DB gets 2025-11-08 15:04:07 +00:00			`mux.Handle("PUT /v1/music/{id}/tracks", requireAccount(UpdateReleaseTracks(app)))`
			`mux.Handle("PUT /v1/music/{id}/credits", requireAccount(UpdateReleaseCredits(app)))`
			`mux.Handle("PUT /v1/music/{id}/links", requireAccount(UpdateReleaseLinks(app)))`

			`mux.Handle("GET /v1/music/", ServeCatalog(app))`
			`mux.Handle("GET /v1/music", ServeCatalog(app))`
			`mux.Handle("POST /v1/music/", requireAccount(CreateRelease(app)))`
			`mux.Handle("POST /v1/music", requireAccount(CreateRelease(app)))`
HOLY REFACTOR GOOD GRIEF (also finally started some CRUD work) Signed-off-by: ari melody <ari@arimelody.me> 2024-08-02 22:48:26 +01:00
i think that's all the api endpoints! Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 23:24:15 +01:00			`// TRACK ENDPOINTS`

use servemux properly this time; better error handling for DB gets 2025-11-08 15:04:07 +00:00			`mux.Handle("GET /v1/track/{id}", requireAccount(ServeTrack(app)))`
			`mux.Handle("PUT /v1/track/{id}", requireAccount(UpdateTrack(app)))`
			`mux.Handle("DELETE /v1/track/{id}", requireAccount(DeleteTrack(app)))`
turns out rewriting all of your database code takes a while 2024-09-01 04:43:32 +01:00
use servemux properly this time; better error handling for DB gets 2025-11-08 15:04:07 +00:00			`mux.Handle("GET /v1/track/", requireAccount(ServeAllTracks(app)))`
			`mux.Handle("GET /v1/track", requireAccount(ServeAllTracks(app)))`
			`mux.Handle("POST /v1/track/", requireAccount(CreateTrack(app)))`
			`mux.Handle("POST /v1/track", requireAccount(CreateTrack(app)))`
v1 blog API routes 2025-11-07 19:31:34 +00:00
			`// BLOG ENDPOINTS`

			`mux.Handle("GET /v1/blog/{id}", ServeBlog(app))`
			`mux.Handle("PUT /v1/blog/{id}", requireAccount(UpdateBlog(app)))`
			`mux.Handle("DELETE /v1/blog/{id}", requireAccount(DeleteBlog(app)))`
use servemux properly this time; better error handling for DB gets 2025-11-08 15:04:07 +00:00
			`mux.Handle("GET /v1/blog/", ServeAllBlogs(app))`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`mux.Handle("GET /v1/blog", ServeAllBlogs(app))`
use servemux properly this time; better error handling for DB gets 2025-11-08 15:04:07 +00:00			`mux.Handle("POST /v1/blog/", requireAccount(CreateBlog(app)))`
v1 blog API routes 2025-11-07 19:31:34 +00:00			`mux.Handle("POST /v1/blog", requireAccount(CreateBlog(app)))`
create support for releases, artists, tracks, and credits Signed-off-by: ari melody <ari@arimelody.me> 2024-08-03 00:27:30 +01:00
fix API endpoints which require account authorisation 2025-01-24 18:49:04 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`session, err := getSession(app, r)`
			`if err != nil {`
			`fmt.Fprintf(os.Stderr, "WARN: Failed to get session: %v\n", err)`
			`http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)`
			`return`
			`}`
fix session handling on public API 2025-02-07 12:06:52 +00:00			`ctx := context.WithValue(r.Context(), "session", session)`
			`mux.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`

			`func requireAccount(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`session := r.Context().Value("session").(*model.Session)`
			`if session == nil \|\| session.Account == nil {`
fix API endpoints which require account authorisation 2025-01-24 18:49:04 +00:00			`http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)`
			`return`
			`}`
			`ctx := context.WithValue(r.Context(), "session", session)`
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`})`
			`}`

			`func getSession(app model.AppState, r http.Request) (*model.Session, error) {`
			`var token string`

			`// check cookies first`
			`sessionCookie, err := r.Cookie(model.COOKIE_TOKEN)`
			`if err != nil && err != http.ErrNoCookie {`
refactor errors.New to fmt.Errorf 2025-09-30 22:30:52 +01:00			`return nil, fmt.Errorf("Failed to retrieve session cookie: %v\n", err)`
fix API endpoints which require account authorisation 2025-01-24 18:49:04 +00:00			`}`
			`if sessionCookie != nil {`
			`token = sessionCookie.Value`
			`} else {`
			`// check Authorization header`
			`token = strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")`
			`}`

			`if token == "" { return nil, nil }`

			`// fetch existing session`
			`session, err := controller.GetSession(app.DB, token)`

			`if err != nil && !strings.Contains(err.Error(), "no rows") {`
refactor errors.New to fmt.Errorf 2025-09-30 22:30:52 +01:00			`return nil, fmt.Errorf("Failed to retrieve session: %v\n", err)`
fix API endpoints which require account authorisation 2025-01-24 18:49:04 +00:00			`}`

			`if session != nil {`
			`// TODO: consider running security checks here (i.e. user agent mismatches)`
			`}`

			`return session, nil`
			`}`