refactor: make each router handler register middleware on its own

2021-02-06 20:09:08 +01:00 · 2021-02-06 20:09:08 +01:00 · d1dc73b5e6
parent 8fed606e9b
commit d1dc73b5e6
10 changed files with 74 additions and 32 deletions
--- a/main.go
+++ b/main.go
@ -126,13 +126,13 @@ func main() {

 	// API Handlers
 	healthApiHandler := api.NewHealthApiHandler(db)
-	heartbeatApiHandler := api.NewHeartbeatApiHandler(heartbeatService, languageMappingService)
-	summaryApiHandler := api.NewSummaryApiHandler(summaryService)
+	heartbeatApiHandler := api.NewHeartbeatApiHandler(userService, heartbeatService, languageMappingService)
+	summaryApiHandler := api.NewSummaryApiHandler(userService, summaryService)

 	// Compat Handlers
-	wakatimeV1AllHandler := wtV1Routes.NewAllTimeHandler(summaryService)
-	wakatimeV1SummariesHandler := wtV1Routes.NewSummariesHandler(summaryService)
-	wakatimeV1StatsHandler := wtV1Routes.NewStatsHandler(summaryService)
+	wakatimeV1AllHandler := wtV1Routes.NewAllTimeHandler(userService, summaryService)
+	wakatimeV1SummariesHandler := wtV1Routes.NewSummariesHandler(userService, summaryService)
+	wakatimeV1StatsHandler := wtV1Routes.NewStatsHandler(userService, summaryService)
 	shieldV1BadgeHandler := shieldsV1Routes.NewBadgeHandler(summaryService, userService)

 	// MVC Handlers
@ -152,11 +152,10 @@ func main() {
 	recoveryMiddleware := handlers.RecoveryHandler()
 	loggingMiddleware := middlewares.NewLoggingMiddleware(log.New(os.Stdout, "", log.LstdFlags))
 	corsMiddleware := handlers.CORS()
-	authenticateMiddleware := middlewares.NewAuthenticateMiddleware(userService, []string{"/api/health", "/api/compat/shields/v1"}).Handler

 	// Router configs
 	router.Use(loggingMiddleware, recoveryMiddleware)
-	apiRouter.Use(corsMiddleware, authenticateMiddleware)
+	apiRouter.Use(corsMiddleware)

 	// Route registrations
 	homeHandler.RegisterRoutes(rootRouter)
--- a/middlewares/authenticate.go
+++ b/middlewares/authenticate.go
@ -12,19 +12,23 @@ import (
 )

 type AuthenticateMiddleware struct {
-	config         *conf.Config
-	userSrvc       services.IUserService
-	whitelistPaths []string
+	config           *conf.Config
+	userSrvc         services.IUserService
+	optionalForPaths []string
 }

-func NewAuthenticateMiddleware(userService services.IUserService, whitelistPaths []string) *AuthenticateMiddleware {
+func NewAuthenticateMiddleware(userService services.IUserService) *AuthenticateMiddleware {
 	return &AuthenticateMiddleware{
-		config:         conf.Get(),
-		userSrvc:       userService,
-		whitelistPaths: whitelistPaths,
+		config:           conf.Get(),
+		userSrvc:         userService,
+		optionalForPaths: []string{},
 	}
 }

+func (m *AuthenticateMiddleware) WithOptionalFor(paths []string) {
+	m.optionalForPaths = paths
+}
+
 func (m *AuthenticateMiddleware) Handler(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		m.ServeHTTP(w, r, h.ServeHTTP)
@ -32,13 +36,6 @@ func (m *AuthenticateMiddleware) Handler(h http.Handler) http.Handler {
 }

 func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
-	for _, p := range m.whitelistPaths {
-		if strings.HasPrefix(r.URL.Path, p) || r.URL.Path == p {
-			next(w, r)
-			return
-		}
-	}
-
 	var user *models.User
 	user, err := m.tryGetUserByCookie(r)

@ -46,7 +43,12 @@ func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Reques
 		user, err = m.tryGetUserByApiKey(r)
 	}

-	if err != nil {
+	if err != nil || user == nil {
+		if m.isOptional(r.URL.Path) {
+			next(w, r)
+			return
+		}
+
 		if strings.HasPrefix(r.URL.Path, "/api") {
 			w.WriteHeader(http.StatusUnauthorized)
 		} else {
@ -60,6 +62,15 @@ func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Reques
 	next(w, r.WithContext(ctx))
 }

+func (m *AuthenticateMiddleware) isOptional(requestPath string) bool {
+	for _, p := range m.optionalForPaths {
+		if strings.HasPrefix(requestPath, p) || requestPath == p {
+			return true
+		}
+	}
+	return false
+}
+
 func (m *AuthenticateMiddleware) tryGetUserByApiKey(r *http.Request) (*models.User, error) {
 	key, err := utils.ExtractBearerAuth(r)
 	if err != nil {
--- a/routes/api/heartbeat.go
+++ b/routes/api/heartbeat.go
@ -5,6 +5,7 @@ import (
 	"github.com/emvi/logbuch"
 	"github.com/gorilla/mux"
 	conf "github.com/muety/wakapi/config"
+	"github.com/muety/wakapi/middlewares"
 	customMiddleware "github.com/muety/wakapi/middlewares/custom"
 	"github.com/muety/wakapi/services"
 	"github.com/muety/wakapi/utils"
@ -15,13 +16,15 @@ import (

 type HeartbeatApiHandler struct {
 	config              *conf.Config
+	userSrvc            services.IUserService
 	heartbeatSrvc       services.IHeartbeatService
 	languageMappingSrvc services.ILanguageMappingService
 }

-func NewHeartbeatApiHandler(heartbeatService services.IHeartbeatService, languageMappingService services.ILanguageMappingService) *HeartbeatApiHandler {
+func NewHeartbeatApiHandler(userService services.IUserService, heartbeatService services.IHeartbeatService, languageMappingService services.ILanguageMappingService) *HeartbeatApiHandler {
 	return &HeartbeatApiHandler{
 		config:              conf.Get(),
+		userSrvc:            userService,
 		heartbeatSrvc:       heartbeatService,
 		languageMappingSrvc: languageMappingService,
 	}
@ -34,6 +37,7 @@ type heartbeatResponseVm struct {
 func (h *HeartbeatApiHandler) RegisterRoutes(router *mux.Router) {
 	r := router.PathPrefix("/heartbeat").Subrouter()
 	r.Use(
+		middlewares.NewAuthenticateMiddleware(h.userSrvc).Handler,
 		customMiddleware.NewWakatimeRelayMiddleware().Handler,
 	)
 	r.Methods(http.MethodPost).HandlerFunc(h.Post)
--- a/routes/api/summary.go
+++ b/routes/api/summary.go
@ -3,6 +3,7 @@ package api
 import (
 	"github.com/gorilla/mux"
 	conf "github.com/muety/wakapi/config"
+	"github.com/muety/wakapi/middlewares"
 	su "github.com/muety/wakapi/routes/utils"
 	"github.com/muety/wakapi/services"
 	"github.com/muety/wakapi/utils"
@ -11,18 +12,23 @@ import (

 type SummaryApiHandler struct {
 	config      *conf.Config
+	userSrvc    services.IUserService
 	summarySrvc services.ISummaryService
 }

-func NewSummaryApiHandler(summaryService services.ISummaryService) *SummaryApiHandler {
+func NewSummaryApiHandler(userService services.IUserService, summaryService services.ISummaryService) *SummaryApiHandler {
 	return &SummaryApiHandler{
 		summarySrvc: summaryService,
+		userSrvc:    userService,
 		config:      conf.Get(),
 	}
 }

 func (h *SummaryApiHandler) RegisterRoutes(router *mux.Router) {
 	r := router.PathPrefix("/summary").Subrouter()
+	r.Use(
+		middlewares.NewAuthenticateMiddleware(h.userSrvc).Handler,
+	)
 	r.Methods(http.MethodGet).HandlerFunc(h.Get)
 }

--- a/routes/compat/shields/v1/badge.go
+++ b/routes/compat/shields/v1/badge.go
@ -32,6 +32,7 @@ func NewBadgeHandler(summaryService services.ISummaryService, userService servic
 }

 func (h *BadgeHandler) RegisterRoutes(router *mux.Router) {
+	// no auth middleware here, handler itself resolves the user
 	r := router.PathPrefix("/shields/v1/{user}").Subrouter()
 	r.Methods(http.MethodGet).HandlerFunc(h.Get)
 }
--- a/routes/compat/wakatime/v1/all_time.go
+++ b/routes/compat/wakatime/v1/all_time.go
@ -3,6 +3,7 @@ package v1
 import (
 	"github.com/gorilla/mux"
 	conf "github.com/muety/wakapi/config"
+	"github.com/muety/wakapi/middlewares"
 	"github.com/muety/wakapi/models"
 	v1 "github.com/muety/wakapi/models/compat/wakatime/v1"
 	"github.com/muety/wakapi/services"
@ -14,18 +15,24 @@ import (

 type AllTimeHandler struct {
 	config      *conf.Config
+	userSrvc    services.IUserService
 	summarySrvc services.ISummaryService
 }

-func NewAllTimeHandler(summaryService services.ISummaryService) *AllTimeHandler {
+func NewAllTimeHandler(userService services.IUserService, summaryService services.ISummaryService) *AllTimeHandler {
 	return &AllTimeHandler{
+		userSrvc:    userService,
 		summarySrvc: summaryService,
 		config:      conf.Get(),
 	}
 }

 func (h *AllTimeHandler) RegisterRoutes(router *mux.Router) {
-	router.Path("/wakatime/v1/users/{user}/all_time_since_today").Methods(http.MethodGet).HandlerFunc(h.Get)
+	r := router.PathPrefix("/wakatime/v1/users/{user}/all_time_since_today").Subrouter()
+	r.Use(
+		middlewares.NewAuthenticateMiddleware(h.userSrvc).Handler,
+	)
+	r.Methods(http.MethodGet).HandlerFunc(h.Get)
 }

 func (h *AllTimeHandler) Get(w http.ResponseWriter, r *http.Request) {
--- a/routes/compat/wakatime/v1/stats.go
+++ b/routes/compat/wakatime/v1/stats.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"github.com/gorilla/mux"
 	conf "github.com/muety/wakapi/config"
+	"github.com/muety/wakapi/middlewares"
 	"github.com/muety/wakapi/models"
 	v1 "github.com/muety/wakapi/models/compat/wakatime/v1"
 	"github.com/muety/wakapi/services"
@ -14,18 +15,24 @@ import (

 type StatsHandler struct {
 	config      *conf.Config
+	userSrvc    services.IUserService
 	summarySrvc services.ISummaryService
 }

-func NewStatsHandler(summaryService services.ISummaryService) *StatsHandler {
+func NewStatsHandler(userService services.IUserService, summaryService services.ISummaryService) *StatsHandler {
 	return &StatsHandler{
+		userSrvc:    userService,
 		summarySrvc: summaryService,
 		config:      conf.Get(),
 	}
 }

 func (h *StatsHandler) RegisterRoutes(router *mux.Router) {
-	router.Path("/wakatime/v1/users/{user}/stats/{range}").Methods(http.MethodGet).HandlerFunc(h.Get)
+	r := router.PathPrefix("/wakatime/v1/users/{user}/stats/{range}").Subrouter()
+	r.Use(
+		middlewares.NewAuthenticateMiddleware(h.userSrvc).Handler,
+	)
+	r.Methods(http.MethodGet).HandlerFunc(h.Get)
 }

 // TODO: support filtering (requires https://github.com/muety/wakapi/issues/108)
--- a/routes/compat/wakatime/v1/summaries.go
+++ b/routes/compat/wakatime/v1/summaries.go
@ -4,6 +4,7 @@ import (
 	"errors"
 	"github.com/gorilla/mux"
 	conf "github.com/muety/wakapi/config"
+	"github.com/muety/wakapi/middlewares"
 	"github.com/muety/wakapi/models"
 	v1 "github.com/muety/wakapi/models/compat/wakatime/v1"
 	"github.com/muety/wakapi/services"
@ -15,18 +16,24 @@ import (

 type SummariesHandler struct {
 	config      *conf.Config
+	userSrvc    services.IUserService
 	summarySrvc services.ISummaryService
 }

-func NewSummariesHandler(summaryService services.ISummaryService) *SummariesHandler {
+func NewSummariesHandler(userService services.IUserService, summaryService services.ISummaryService) *SummariesHandler {
 	return &SummariesHandler{
+		userSrvc:    userService,
 		summarySrvc: summaryService,
 		config:      conf.Get(),
 	}
 }

 func (h *SummariesHandler) RegisterRoutes(router *mux.Router) {
-	router.Path("/wakatime/v1/users/{user}/summaries").Methods(http.MethodGet).HandlerFunc(h.Get)
+	r := router.PathPrefix("/wakatime/v1/users/{user}/summaries").Subrouter()
+	r.Use(
+		middlewares.NewAuthenticateMiddleware(h.userSrvc).Handler,
+	)
+	r.Methods(http.MethodGet).HandlerFunc(h.Get)
 }

 // TODO: Support parameters: project, branches, timeout, writes_only, timezone
--- a/routes/settings.go
+++ b/routes/settings.go
@ -57,7 +57,7 @@ func NewSettingsHandler(
 func (h *SettingsHandler) RegisterRoutes(router *mux.Router) {
 	r := router.PathPrefix("/settings").Subrouter()
 	r.Use(
-		middlewares.NewAuthenticateMiddleware(h.userSrvc, []string{}).Handler,
+		middlewares.NewAuthenticateMiddleware(h.userSrvc).Handler,
 	)
 	r.Methods(http.MethodGet).HandlerFunc(h.GetIndex)
 	r.Methods(http.MethodPost).HandlerFunc(h.PostIndex)
--- a/routes/summary.go
+++ b/routes/summary.go
@ -29,7 +29,7 @@ func NewSummaryHandler(summaryService services.ISummaryService, userService serv
 func (h *SummaryHandler) RegisterRoutes(router *mux.Router) {
 	r := router.PathPrefix("/summary").Subrouter()
 	r.Use(
-		middlewares.NewAuthenticateMiddleware(h.userSrvc, []string{}).Handler,
+		middlewares.NewAuthenticateMiddleware(h.userSrvc).Handler,
 	)
 	r.Methods(http.MethodGet).HandlerFunc(h.GetIndex)
 }