package api import ( "encoding/json" "log" "net/http" "strconv" authdiscord "example.com/auth/discord" configserver "example.com/config/server" character "example.com/database/character" customization "example.com/database/customization" function "example.com/database/function" functionset "example.com/database/functionset" functiontag "example.com/database/functiontag" group "example.com/database/group" inventoryslot "example.com/database/inventoryslot" item "example.com/database/item" itemtag "example.com/database/itemtag" person "example.com/database/person" role "example.com/database/role" schematic "example.com/database/schematic" tier "example.com/database/tier" user "example.com/database/user" "github.com/gin-gonic/gin" "github.com/xyproto/randomstring" "golang.org/x/oauth2" "gorm.io/gorm" ) var GlobalDatabase *gorm.DB var GlobalConfig configserver.AppConfig var GlobalOAuth *oauth2.Config // Private Functions func updateUser(context *gin.Context, discordUser authdiscord.DiscordUser, oauthTokenJSON string) { err := user.Update( GlobalDatabase, discordUser.Id, discordUser.Global_Name, discordUser.Username, discordUser.Avatar, discordUser.Avatar_Decoration_Data.Asset, oauthTokenJSON, true, ) if err != nil { log.Println(err) context.AbortWithStatus(http.StatusInternalServerError) } } func createUser(context *gin.Context, discordUser authdiscord.DiscordUser, oauthTokenJSON string) { err := user.Create( GlobalDatabase, discordUser.Id, discordUser.Global_Name, discordUser.Username, discordUser.Avatar, discordUser.Avatar_Decoration_Data.Asset, oauthTokenJSON, true, ) if err != nil { log.Println(err) context.AbortWithStatus(http.StatusInternalServerError) } } func checkAuthentication(context *gin.Context) *oauth2.Token { oauthTokenJSON, err := context.Cookie("discord-oauthtoken") if err == nil { var oauthToken *oauth2.Token err := json.Unmarshal([]byte(oauthTokenJSON), &oauthToken) if err == nil { if oauthToken.Valid() { if (*user.Get(GlobalDatabase, []string{oauthTokenJSON}))[0].LoggedIn { return oauthToken } } } } return nil } func objectIDStringsToInts(context *gin.Context, objectIDs []string) *[]int { var objectIDInts []int for _, objectID := range objectIDs { objectIDInt, err := strconv.Atoi(objectID) if err != nil { objectIDInts = append(objectIDInts, objectIDInt) } else { context.AbortWithStatus(http.StatusBadRequest) } } return &objectIDInts } // Authentication Workflow func AuthCallback(context *gin.Context) { // Discord OAuth library requires this. oauthState := randomstring.CookieFriendlyString(32) context.Set("state", oauthState) // Get the OAuth token. oauthToken, err := GlobalOAuth.Exchange(context.Request.Context(), context.Query("code")) if err != nil { context.Redirect(http.StatusInternalServerError, GlobalConfig.GetFrontendRootDomain()) return } // Get the current discord user info. var currentDiscordUser authdiscord.DiscordUser result := currentDiscordUser.Get(context, oauthToken, GlobalOAuth) if result != "" { context.Redirect(http.StatusInternalServerError, GlobalConfig.GetFrontendRootDomain()) return } else { var currentUser user.User // Parse object to string so we can save as a cookie. oauthTokenJSON, _ := json.Marshal(oauthToken) // Either create or update the user in the database if currentUser.Get(GlobalDatabase, currentDiscordUser.Id) == nil { if currentUser.LoggedIn { oauthTokenJSON = []byte(currentUser.LoginToken) } updateUser(context, currentDiscordUser, string(oauthTokenJSON)) } else { createUser(context, currentDiscordUser, string(oauthTokenJSON)) } // Save the resulting oauthTokenJSON as a cookie. context.SetCookie("discord-oauthtoken", string(oauthTokenJSON), 0, "", GlobalConfig.API.Domain, false, false) } // Redirect to the dashboard once logged in. context.Redirect(http.StatusTemporaryRedirect, GlobalConfig.GetFrontendRootDomain()+"/dashboard") } func AuthLoginRedirect(context *gin.Context) { context.Redirect(http.StatusTemporaryRedirect, GlobalOAuth.AuthCodeURL(context.GetString("state"))) } func AuthLogoutRedirect(context *gin.Context) { oauthTokenJSON, err := context.Cookie("discord-oauthtoken") if err == nil { user.Logout(GlobalDatabase, oauthTokenJSON) context.SetCookie("discord-oauthtoken", "", -1, "", GlobalConfig.API.Domain, false, true) } else { log.Println(err) } log.Println(GlobalConfig.GetFrontendRootDomain()) context.Redirect(http.StatusTemporaryRedirect, GlobalConfig.GetFrontendRootDomain()) } // Create Endpoints (POST) func CreateObject(context *gin.Context) { if checkAuthentication(context) != nil { _, idOk := context.GetQuery("id") if idOk { var result error switch objectType := context.Param("object"); objectType { case "user": // case "person": // case "group": result = group.Create(GlobalDatabase, context) case "character": // case "role": // case "tier": // case "function-set": // case "function": result = function.Create(GlobalDatabase, context) case "function-tag": result = functiontag.Create(GlobalDatabase, context) case "inventory-slot": // case "item": // case "item-tag": // case "customization": // case "schematic": // } if result != nil { context.JSON(http.StatusBadRequest, gin.H{ "message": result.Error(), }) } else { context.Status(http.StatusOK) } } else { context.AbortWithStatus(http.StatusBadRequest) } } else { context.AbortWithStatus(http.StatusUnauthorized) } } // Update Endpoints (PUT) func UpdateObject(context *gin.Context) { if checkAuthentication(context) != nil { _, idOk := context.GetQuery("id") if idOk { var result error switch objectType := context.Param("object"); objectType { case "user": // case "person": // case "group": // result = group.Create(GlobalDatabase, context) case "character": // case "role": // case "tier": // case "function-set": // case "function": result = function.Update(GlobalDatabase, context) case "function-tag": // result = functiontag.Create(GlobalDatabase, objectID) case "inventory-slot": // case "item": // case "item-tag": // case "customization": // case "schematic": // } if result != nil { context.JSON(http.StatusBadRequest, gin.H{ "message": result.Error(), }) } else { context.Status(http.StatusOK) } } else { context.AbortWithStatus(http.StatusBadRequest) } } else { context.AbortWithStatus(http.StatusUnauthorized) } } // Read Endpoints (GET) func GetDiscordUser(context *gin.Context) { oauthToken := checkAuthentication(context) if oauthToken != nil { var discordUser authdiscord.DiscordUser result := discordUser.Get(context, oauthToken, GlobalOAuth) if result != "" { log.Println(result) log.Println("Assuming the Discord OAuth Key has expired.") context.Redirect(http.StatusUnauthorized, GlobalConfig.GetFrontendRootDomain()+"/logout") } else { if (*user.Get(GlobalDatabase, []string{discordUser.Id}))[0].LoggedIn { context.JSON(http.StatusOK, discordUser) } else { context.Redirect(http.StatusTemporaryRedirect, GlobalConfig.GetFrontendRootDomain()+"/logout") } } } } func GetUserLoggedIn(context *gin.Context) { context.JSON(http.StatusOK, gin.H{ "message": (checkAuthentication(context) != nil), }) } func GetObjects(context *gin.Context) { objectIDs, idOk := context.GetQueryArray("id") if idOk { switch objectType := context.Param("object"); objectType { case "user": context.JSON(http.StatusOK, gin.H{ "user": user.Get(GlobalDatabase, objectIDs)}) case "persons": context.JSON(http.StatusOK, gin.H{ "persons": person.Get(GlobalDatabase, objectIDs), }) case "groups": context.JSON(http.StatusOK, gin.H{ "groups": group.Get(GlobalDatabase, objectIDs), }) case "characters": context.JSON(http.StatusOK, gin.H{ "characters": character.Get(GlobalDatabase, objectIDs), }) case "roles": context.JSON(http.StatusOK, gin.H{ "roles": role.Get(GlobalDatabase, objectIDs), }) case "tiers": objectIDInts := objectIDStringsToInts(context, objectIDs) context.JSON(http.StatusOK, gin.H{ "tiers": tier.Get(GlobalDatabase, *objectIDInts), }) case "function-sets": objectIDInts := objectIDStringsToInts(context, objectIDs) context.JSON(http.StatusOK, gin.H{ "function_sets": functionset.Get(GlobalDatabase, *objectIDInts), }) case "functions": context.JSON(http.StatusOK, gin.H{ "functions": function.Get(GlobalDatabase, objectIDs), }) case "function-tags": context.JSON(http.StatusOK, gin.H{ "function_tags": functiontag.Get(GlobalDatabase, objectIDs), }) case "inventory-slot": objectIDInts := objectIDStringsToInts(context, objectIDs) context.JSON(http.StatusOK, gin.H{ "inventory_slot": inventoryslot.Get(GlobalDatabase, *objectIDInts), }) case "items": context.JSON(http.StatusOK, gin.H{ "items": item.Get(GlobalDatabase, objectIDs), }) case "item-tags": context.JSON(http.StatusOK, gin.H{ "item_tags": itemtag.Get(GlobalDatabase, objectIDs), }) case "customizations": context.JSON(http.StatusOK, gin.H{ "customizations": customization.Get(GlobalDatabase, objectIDs), }) case "schematics": objectIDInts := objectIDStringsToInts(context, objectIDs) context.JSON(http.StatusOK, gin.H{ "schematics": schematic.Get(GlobalDatabase, *objectIDInts), }) } } else { context.Status(http.StatusBadRequest) } } func GetAllObjects(context *gin.Context) { switch objectType := context.Param("object"); objectType { case "persons": context.JSON(http.StatusOK, gin.H{ "persons": person.GetAll(GlobalDatabase), }) case "groups": context.JSON(http.StatusOK, gin.H{ "groups": group.GetAll(GlobalDatabase), }) case "characters": context.JSON(http.StatusOK, gin.H{ "characters": character.GetAll(GlobalDatabase), }) case "roles": context.JSON(http.StatusOK, gin.H{ "roles": role.GetAll(GlobalDatabase), }) case "tiers": context.JSON(http.StatusOK, gin.H{ "tiers": tier.GetAll(GlobalDatabase), }) case "function-sets": context.JSON(http.StatusOK, gin.H{ "function_sets": functionset.GetAll(GlobalDatabase), }) case "functions": context.JSON(http.StatusOK, gin.H{ "functions": function.GetAll(GlobalDatabase), }) case "function-tags": context.JSON(http.StatusOK, gin.H{ "function_tags": functiontag.GetAll(GlobalDatabase), }) case "inventory-slot": context.JSON(http.StatusOK, gin.H{ "inventory_slot": inventoryslot.GetAll(GlobalDatabase), }) case "items": context.JSON(http.StatusOK, gin.H{ "items": item.GetAll(GlobalDatabase), }) case "item-tags": context.JSON(http.StatusOK, gin.H{ "item_tags": itemtag.GetAll(GlobalDatabase), }) case "customizations": context.JSON(http.StatusOK, gin.H{ "customizations": customization.GetAll(GlobalDatabase), }) case "schematics": context.JSON(http.StatusOK, gin.H{ "schematics": schematic.GetAll(GlobalDatabase), }) } } // Delete Endpoints (DELETE) func DeleteObject(context *gin.Context) { if checkAuthentication(context) != nil { objectIDs, idOk := context.GetQueryArray("id") if idOk { var result error switch objectType := context.Param("object"); objectType { case "user": // case "person": // case "group": // result = group.Create(GlobalDatabase, context) case "character": // case "role": // case "tier": // case "function-set": // case "function": result = function.Delete(GlobalDatabase, objectIDs) case "function-tag": // result = functiontag.Create(GlobalDatabase, objectID) case "inventory-slot": // case "item": // case "item-tag": // case "customization": // case "schematic": // } if result != nil { context.JSON(http.StatusBadRequest, gin.H{ "message": result.Error(), }) } else { context.Status(http.StatusOK) } } else { context.AbortWithStatus(http.StatusBadRequest) } } else { context.AbortWithStatus(http.StatusUnauthorized) } }