diff --git a/Api/PostsAdmin.go b/Api/PostsAdmin.go index 68c3734..ca9b154 100644 --- a/Api/PostsAdmin.go +++ b/Api/PostsAdmin.go @@ -9,7 +9,6 @@ import ( "strconv" "time" - "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Api/Auth" "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Api/JsonSerialization" "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Database" "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Models" @@ -26,12 +25,6 @@ func getPosts(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - values = r.URL.Query() page, err = strconv.Atoi(values.Get("page")) @@ -80,12 +73,6 @@ func getPost(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - postData, err = Util.GetPostById(w, r) if err != nil { return @@ -110,12 +97,6 @@ func createPost(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - requestBody, err = ioutil.ReadAll(r.Body) if err != nil { log.Printf("Error encountered reading POST body: %s\n", err.Error()) @@ -162,12 +143,6 @@ func updatePost(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - id, err = Util.GetPostId(r) if err != nil { log.Printf("Error encountered getting id\n") @@ -216,12 +191,6 @@ func publishPost(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - postData, err = Util.GetPostById(w, r) if err != nil { log.Printf("Error encountered getting id\n") @@ -260,12 +229,6 @@ func deletePost(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - postData, err = Util.GetPostById(w, r) if err != nil { return diff --git a/Api/Routes.go b/Api/Routes.go index 761ad2e..b1024f9 100644 --- a/Api/Routes.go +++ b/Api/Routes.go @@ -2,49 +2,93 @@ package Api import ( "log" + "net/http" "git.tovijaeschke.xyz/tovi/SuddenImpactRecords/Api/Auth" "github.com/gorilla/mux" ) +func loggingMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + log.Printf( + "%s %s %s, Content Length: %d", + r.RemoteAddr, + r.Method, + r.RequestURI, + r.ContentLength, + ) + + next.ServeHTTP(w, r) + }) +} + +func authenticationMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + var ( + userSession Auth.Session + err error + ) + + userSession, err = Auth.CheckCookie(r) + + if err != nil { + http.Error(w, "Forbidden", http.StatusUnauthorized) + return + } + + log.Printf( + "Authenticated user: %s (%s)", + userSession.Email, + userSession.UserID, + ) + + next.ServeHTTP(w, r) + }) +} + func InitApiEndpoints(router *mux.Router) { var ( - api *mux.Router + api *mux.Router + adminApi *mux.Router ) log.Println("Initializing API routes...") api = router.PathPrefix("/api/v1/").Subrouter() + api.Use(loggingMiddleware) + api.HandleFunc("/posts/front-page", getFrontPagePosts).Methods("GET") api.HandleFunc("/post", getPostsPublic).Methods("GET") api.HandleFunc("/post/{postID}", getPostPublic).Methods("GET") - // Define routes for posts api - api.HandleFunc("/admin/post", getPosts).Methods("GET") - api.HandleFunc("/admin/post/{postID}", getPost).Methods("GET") - - api.HandleFunc("/admin/post", createPost).Methods("POST") - api.HandleFunc("/admin/post/{postID}", updatePost).Methods("PUT") - api.HandleFunc("/admin/post/{postID}", deletePost).Methods("DELETE") - api.HandleFunc("/admin/post/{postID}/publish", publishPost).Methods("GET") - - api.HandleFunc("/admin/post/{postID}/image", createPostImage).Methods("POST") - api.HandleFunc("/admin/post/{postID}/image/{imageID}", deletePostImage).Methods("DELETE") - - // Define routes for users api - api.HandleFunc("/admin/user", getUsers).Methods("GET") - api.HandleFunc("/admin/user", createUser).Methods("POST") - api.HandleFunc("/admin/user/{userID}", getUser).Methods("GET") - api.HandleFunc("/admin/user/{userID}", updateUser).Methods("PUT") - api.HandleFunc("/admin/user/{userID}", deletePost).Methods("DELETE") - api.HandleFunc("/admin/user/{userID}/update-password", Auth.UpdatePassword).Methods("PUT") - // Define routes for authentication api.HandleFunc("/admin/login", Auth.Login).Methods("POST") api.HandleFunc("/admin/logout", Auth.Logout).Methods("GET") api.HandleFunc("/admin/me", Auth.Me).Methods("GET") - // router.PathPrefix("/").Handler(http.StripPrefix("/images/", http.FileServer(http.Dir("./uploads")))) + adminApi = api.PathPrefix("/admin/").Subrouter() + + adminApi.Use(authenticationMiddleware) + + // Define routes for posts api + adminApi.HandleFunc("/post", getPosts).Methods("GET") + adminApi.HandleFunc("/post/{postID}", getPost).Methods("GET") + + adminApi.HandleFunc("/post", createPost).Methods("POST") + adminApi.HandleFunc("/post/{postID}", updatePost).Methods("PUT") + adminApi.HandleFunc("/post/{postID}", deletePost).Methods("DELETE") + adminApi.HandleFunc("/post/{postID}/publish", publishPost).Methods("GET") + + adminApi.HandleFunc("/post/{postID}/image", createPostImage).Methods("POST") + adminApi.HandleFunc("/post/{postID}/image/{imageID}", deletePostImage).Methods("DELETE") + + // Define routes for users api + adminApi.HandleFunc("/user", getUsers).Methods("GET") + adminApi.HandleFunc("/user", createUser).Methods("POST") + adminApi.HandleFunc("/user/{userID}", getUser).Methods("GET") + adminApi.HandleFunc("/user/{userID}", updateUser).Methods("PUT") + adminApi.HandleFunc("/user/{userID}", deletePost).Methods("DELETE") + adminApi.HandleFunc("/user/{userID}/update-password", Auth.UpdatePassword).Methods("PUT") } diff --git a/Api/Users.go b/Api/Users.go index d12eda1..71514fd 100644 --- a/Api/Users.go +++ b/Api/Users.go @@ -25,12 +25,6 @@ func getUsers(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - values = r.URL.Query() page, err = strconv.Atoi(values.Get("page")) @@ -79,12 +73,6 @@ func getUser(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - userData, err = Util.GetUserById(w, r) if err != nil { return @@ -109,12 +97,6 @@ func createUser(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - requestBody, err = ioutil.ReadAll(r.Body) if err != nil { log.Printf("Error encountered reading POST body: %s\n", err.Error()) @@ -184,12 +166,6 @@ func updateUser(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - id, err = Util.GetUserId(r) if err != nil { log.Printf("Error encountered reading POST body: %s\n", err.Error()) @@ -236,12 +212,6 @@ func deleteUser(w http.ResponseWriter, r *http.Request) { err error ) - _, err = Auth.CheckCookie(r) - if err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - userData, err = Util.GetUserById(w, r) if err != nil { w.WriteHeader(http.StatusNotFound) diff --git a/Frontend/vue/src/components/admin/components/navbar/AdminNavbar.vue b/Frontend/vue/src/components/admin/components/navbar/AdminNavbar.vue index 1302d19..a06f902 100644 --- a/Frontend/vue/src/components/admin/components/navbar/AdminNavbar.vue +++ b/Frontend/vue/src/components/admin/components/navbar/AdminNavbar.vue @@ -39,7 +39,49 @@ -