refactoring everything teehee (i'm so glad this isn't a team project)

Signed-off-by: ari melody <ari@arimelody.me>
2024-08-01 01:39:18 +01:00 · 2024-08-01 01:39:18 +01:00 · 10f5f51e76
commit 10f5f51e76
parent c684f0c7ae
17 changed files with 970 additions and 547 deletions
--- a/api/v1/admin/admin.go
+++ b/api/v1/admin/admin.go
@ -24,14 +24,12 @@ type (
 const TOKEN_LENGTH = 64
 const TOKEN_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"

-// TODO: consider relying *entirely* on env vars instead of hard-coded fallbacks
 var ADMIN_ID_DISCORD = func() string {
    envvar := os.Getenv("DISCORD_ADMIN_ID")
-    if envvar != "" {
-        return envvar
-    } else {
-        return "356210742200107009"
+    if envvar == "" {
+        fmt.Printf("DISCORD_ADMIN_ID was not provided. Admin login will be unavailable.\n")
    }
+    return envvar
 }()

 var sessions []*Session
@ -48,30 +46,30 @@ func Handler() http.Handler {
    mux := http.NewServeMux()

    mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        w.WriteHeader(200)
+        w.WriteHeader(http.StatusOK)
        w.Write([]byte("hello /admin!"))
    }))
    mux.Handle("/callback", global.HTTPLog(OAuthCallbackHandler()))
    mux.Handle("/login", global.HTTPLog(LoginHandler()))
-    mux.Handle("/verify", global.HTTPLog(AuthorisedHandler(VerifyHandler())))
-    mux.Handle("/logout", global.HTTPLog(AuthorisedHandler(LogoutHandler())))
+    mux.Handle("/verify", global.HTTPLog(MustAuthorise(VerifyHandler())))
+    mux.Handle("/logout", global.HTTPLog(MustAuthorise(LogoutHandler())))

    return mux
 }

-func AuthorisedHandler(next http.Handler) http.Handler {
+func MustAuthorise(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        auth := r.Header.Get("Authorization")
-        if auth == "" || !strings.HasPrefix(auth, "Bearer ") {
+        if strings.HasPrefix(auth, "Bearer ") {
+            auth = auth[7:]
+        } else {
            cookie, err := r.Cookie("token")
            if err != nil {
-                w.WriteHeader(401)
-                w.Write([]byte("Unauthorized"))
+                http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
                return
            }
            auth = cookie.Value
        }
-        auth = auth[7:]

        var session *Session
        for _, s := range sessions {
@ -86,6 +84,7 @@ func AuthorisedHandler(next http.Handler) http.Handler {
                }
                continue
            }
+
            if s.Token == auth {
                session = s
                break
@ -93,46 +92,47 @@ func AuthorisedHandler(next http.Handler) http.Handler {
        } 

        if session == nil {
-            w.WriteHeader(401)
-            w.Write([]byte("Unauthorized"))
+            http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
            return
        }

        ctx := context.WithValue(r.Context(), "token", session.Token)
+        ctx = context.WithValue(ctx, "role", "admin")
        next.ServeHTTP(w, r.WithContext(ctx))
    })
 }

 func LoginHandler() http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+        if ADMIN_ID_DISCORD == "" {
+            http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
+            return
+        }
+
        code := r.URL.Query().Get("code")

        if code == "" {
-            w.Header().Add("Location", discord.REDIRECT_URI)
-            w.WriteHeader(307)
+            http.Redirect(w, r, discord.REDIRECT_URI, http.StatusTemporaryRedirect)
            return
        }

        auth_token, err := discord.GetOAuthTokenFromCode(code)
        if err != nil {
            fmt.Printf("Failed to retrieve discord access token: %s\n", err)
-            w.WriteHeader(500)
-            w.Write([]byte("Internal server error"))
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            return
        }

        discord_user, err := discord.GetDiscordUserFromAuth(auth_token)
        if err != nil {
            fmt.Printf("Failed to retrieve discord user information: %s\n", err)
-            w.WriteHeader(500)
-            w.Write([]byte("Internal server error"))
+            http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
            return
        }

        if discord_user.Id != ADMIN_ID_DISCORD {
-            // TODO: unauthorized user. revoke the token
-            w.WriteHeader(401)
-            w.Write([]byte("Unauthorized"))
+            // TODO: unauthorized user; revoke the token
+            http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
            return
        }

@ -149,7 +149,7 @@ func LoginHandler() http.Handler {
        cookie.Path = "/"
        http.SetCookie(w, &cookie)

-        w.WriteHeader(200)
+        w.WriteHeader(http.StatusOK)
        w.Write([]byte(session.Token))
    })
 }
@ -159,7 +159,7 @@ func LogoutHandler() http.Handler {
        token := r.Context().Value("token").(string)

        if token == "" {
-            w.WriteHeader(401)
+            http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
            return
        }

@ -172,7 +172,8 @@ func LogoutHandler() http.Handler {
            return new_sessions
        }(token)

-        w.WriteHeader(200)
+        w.WriteHeader(http.StatusOK)
+        w.Write([]byte("OK"))
    })
 }

@ -185,7 +186,8 @@ func VerifyHandler() http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        // this is an authorised endpoint, so you *must* supply a valid token
        // before accessing this route.
-        w.WriteHeader(200)
+        w.WriteHeader(http.StatusOK)
+        w.Write([]byte("OK"))
    })
 }