Reorganized directories and packages.

2022-11-02 19:23:26 -04:00 · 2022-11-02 19:23:26 -04:00 · dceb232cb2
commit dceb232cb2
parent 965fb540c7
61 changed files with 83 additions and 83 deletions
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -0,0 +1,108 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"github.com/mikestefanello/pagoda/ent"
+	"github.com/mikestefanello/pagoda/pkg/context"
+	"github.com/mikestefanello/pagoda/pkg/msg"
+	"github.com/mikestefanello/pagoda/pkg/services"
+
+	"github.com/labstack/echo/v4"
+)
+
+// LoadAuthenticatedUser loads the authenticated user, if one, and stores in context
+func LoadAuthenticatedUser(authClient *services.AuthClient) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			u, err := authClient.GetAuthenticatedUser(c)
+			switch err.(type) {
+			case *ent.NotFoundError:
+				c.Logger().Warn("auth user not found")
+			case services.NotAuthenticatedError:
+			case nil:
+				c.Set(context.AuthenticatedUserKey, u)
+				c.Logger().Infof("auth user loaded in to context: %d", u.ID)
+			default:
+				return echo.NewHTTPError(
+					http.StatusInternalServerError,
+					fmt.Sprintf("error querying for authenticated user: %v", err),
+				)
+			}
+
+			return next(c)
+		}
+	}
+}
+
+// LoadValidPasswordToken loads a valid password token entity that matches the user and token
+// provided in path parameters
+// If the token is invalid, the user will be redirected to the forgot password route
+// This requires that the user owning the token is loaded in to context
+func LoadValidPasswordToken(authClient *services.AuthClient) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			// Extract the user parameter
+			if c.Get(context.UserKey) == nil {
+				return echo.NewHTTPError(http.StatusInternalServerError)
+			}
+			usr := c.Get(context.UserKey).(*ent.User)
+
+			// Extract the token ID
+			tokenID, err := strconv.Atoi(c.Param("password_token"))
+			if err != nil {
+				return echo.NewHTTPError(http.StatusNotFound)
+			}
+
+			// Attempt to load a valid password token
+			token, err := authClient.GetValidPasswordToken(
+				c,
+				usr.ID,
+				tokenID,
+				c.Param("token"),
+			)
+
+			switch err.(type) {
+			case nil:
+				c.Set(context.PasswordTokenKey, token)
+				return next(c)
+			case services.InvalidPasswordTokenError:
+				msg.Warning(c, "The link is either invalid or has expired. Please request a new one.")
+				return c.Redirect(http.StatusFound, c.Echo().Reverse("forgot_password"))
+			default:
+				return echo.NewHTTPError(
+					http.StatusInternalServerError,
+					fmt.Sprintf("error loading password token: %v", err),
+				)
+			}
+		}
+	}
+}
+
+// RequireAuthentication requires that the user be authenticated in order to proceed
+func RequireAuthentication() echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			if u := c.Get(context.AuthenticatedUserKey); u == nil {
+				return echo.NewHTTPError(http.StatusUnauthorized)
+			}
+
+			return next(c)
+		}
+	}
+}
+
+// RequireNoAuthentication requires that the user not be authenticated in order to proceed
+func RequireNoAuthentication() echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			if u := c.Get(context.AuthenticatedUserKey); u != nil {
+				return echo.NewHTTPError(http.StatusForbidden)
+			}
+
+			return next(c)
+		}
+	}
+}
--- a/pkg/middleware/auth_test.go
+++ b/pkg/middleware/auth_test.go
@ -0,0 +1,111 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/mikestefanello/pagoda/ent"
+	"github.com/mikestefanello/pagoda/pkg/context"
+	"github.com/mikestefanello/pagoda/pkg/tests"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoadAuthenticatedUser(t *testing.T) {
+	ctx, _ := tests.NewContext(c.Web, "/")
+	tests.InitSession(ctx)
+	mw := LoadAuthenticatedUser(c.Auth)
+
+	// Not authenticated
+	_ = tests.ExecuteMiddleware(ctx, mw)
+	assert.Nil(t, ctx.Get(context.AuthenticatedUserKey))
+
+	// Login
+	err := c.Auth.Login(ctx, usr.ID)
+	require.NoError(t, err)
+
+	// Verify the midldeware returns the authenticated user
+	_ = tests.ExecuteMiddleware(ctx, mw)
+	require.NotNil(t, ctx.Get(context.AuthenticatedUserKey))
+	ctxUsr, ok := ctx.Get(context.AuthenticatedUserKey).(*ent.User)
+	require.True(t, ok)
+	assert.Equal(t, usr.ID, ctxUsr.ID)
+}
+
+func TestRequireAuthentication(t *testing.T) {
+	ctx, _ := tests.NewContext(c.Web, "/")
+	tests.InitSession(ctx)
+
+	// Not logged in
+	err := tests.ExecuteMiddleware(ctx, RequireAuthentication())
+	tests.AssertHTTPErrorCode(t, err, http.StatusUnauthorized)
+
+	// Login
+	err = c.Auth.Login(ctx, usr.ID)
+	require.NoError(t, err)
+	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))
+
+	// Logged in
+	err = tests.ExecuteMiddleware(ctx, RequireAuthentication())
+	assert.Nil(t, err)
+}
+
+func TestRequireNoAuthentication(t *testing.T) {
+	ctx, _ := tests.NewContext(c.Web, "/")
+	tests.InitSession(ctx)
+
+	// Not logged in
+	err := tests.ExecuteMiddleware(ctx, RequireNoAuthentication())
+	assert.Nil(t, err)
+
+	// Login
+	err = c.Auth.Login(ctx, usr.ID)
+	require.NoError(t, err)
+	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))
+
+	// Logged in
+	err = tests.ExecuteMiddleware(ctx, RequireNoAuthentication())
+	tests.AssertHTTPErrorCode(t, err, http.StatusForbidden)
+}
+
+func TestLoadValidPasswordToken(t *testing.T) {
+	ctx, _ := tests.NewContext(c.Web, "/")
+	tests.InitSession(ctx)
+
+	// Missing user context
+	err := tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))
+	tests.AssertHTTPErrorCode(t, err, http.StatusInternalServerError)
+
+	// Add user and password token context but no token and expect a redirect
+	ctx.SetParamNames("user", "password_token")
+	ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), "1")
+	_ = tests.ExecuteMiddleware(ctx, LoadUser(c.ORM))
+	err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))
+	assert.NoError(t, err)
+	assert.Equal(t, http.StatusFound, ctx.Response().Status)
+
+	// Add user context and invalid password token and expect a redirect
+	ctx.SetParamNames("user", "password_token", "token")
+	ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), "1", "faketoken")
+	_ = tests.ExecuteMiddleware(ctx, LoadUser(c.ORM))
+	err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))
+	assert.NoError(t, err)
+	assert.Equal(t, http.StatusFound, ctx.Response().Status)
+
+	// Create a valid token
+	token, pt, err := c.Auth.GeneratePasswordResetToken(ctx, usr.ID)
+	require.NoError(t, err)
+
+	// Add user and valid password token
+	ctx.SetParamNames("user", "password_token", "token")
+	ctx.SetParamValues(fmt.Sprintf("%d", usr.ID), fmt.Sprintf("%d", pt.ID), token)
+	_ = tests.ExecuteMiddleware(ctx, LoadUser(c.ORM))
+	err = tests.ExecuteMiddleware(ctx, LoadValidPasswordToken(c.Auth))
+	assert.Nil(t, err)
+	ctxPt, ok := ctx.Get(context.PasswordTokenKey).(*ent.PasswordToken)
+	require.True(t, ok)
+	assert.Equal(t, pt.ID, ctxPt.ID)
+}
--- a/pkg/middleware/cache.go
+++ b/pkg/middleware/cache.go
@ -0,0 +1,102 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/mikestefanello/pagoda/pkg/context"
+	"github.com/mikestefanello/pagoda/pkg/services"
+
+	"github.com/go-redis/redis/v8"
+	"github.com/labstack/echo/v4"
+)
+
+// CachedPageGroup stores the cache group for cached pages
+const CachedPageGroup = "page"
+
+// CachedPage is what is used to store a rendered Page in the cache
+type CachedPage struct {
+	// URL stores the URL of the requested page
+	URL string
+
+	// HTML stores the complete HTML of the rendered Page
+	HTML []byte
+
+	// StatusCode stores the HTTP status code
+	StatusCode int
+
+	// Headers stores the HTTP headers
+	Headers map[string]string
+}
+
+// ServeCachedPage attempts to load a page from the cache by matching on the complete request URL
+// If a page is cached for the requested URL, it will be served here and the request terminated.
+// Any request made by an authenticated user or that is not a GET will be skipped.
+func ServeCachedPage(ch *services.CacheClient) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			// Skip non GET requests
+			if c.Request().Method != http.MethodGet {
+				return next(c)
+			}
+
+			// Skip if the user is authenticated
+			if c.Get(context.AuthenticatedUserKey) != nil {
+				return next(c)
+			}
+
+			// Attempt to load from cache
+			res, err := ch.
+				Get().
+				Group(CachedPageGroup).
+				Key(c.Request().URL.String()).
+				Type(new(CachedPage)).
+				Fetch(c.Request().Context())
+
+			if err != nil {
+				switch {
+				case err == redis.Nil:
+					c.Logger().Info("no cached page found")
+				case context.IsCanceledError(err):
+					return nil
+				default:
+					c.Logger().Errorf("failed getting cached page: %v", err)
+				}
+
+				return next(c)
+			}
+
+			page, ok := res.(*CachedPage)
+			if !ok {
+				c.Logger().Errorf("failed casting cached page")
+				return next(c)
+			}
+
+			// Set any headers
+			if page.Headers != nil {
+				for k, v := range page.Headers {
+					c.Response().Header().Set(k, v)
+				}
+			}
+
+			c.Logger().Info("serving cached page")
+
+			return c.HTMLBlob(page.StatusCode, page.HTML)
+		}
+	}
+}
+
+// CacheControl sets a Cache-Control header with a given max age
+func CacheControl(maxAge time.Duration) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			v := "no-cache, no-store"
+			if maxAge > 0 {
+				v = fmt.Sprintf("public, max-age=%.0f", maxAge.Seconds())
+			}
+			c.Response().Header().Set("Cache-Control", v)
+			return next(c)
+		}
+	}
+}
--- a/pkg/middleware/cache_test.go
+++ b/pkg/middleware/cache_test.go
@ -0,0 +1,59 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/mikestefanello/pagoda/pkg/tests"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestServeCachedPage(t *testing.T) {
+	// Cache a page
+	cp := CachedPage{
+		URL:        "/cache",
+		HTML:       []byte("html"),
+		Headers:    make(map[string]string),
+		StatusCode: http.StatusCreated,
+	}
+	cp.Headers["a"] = "b"
+	cp.Headers["c"] = "d"
+
+	err := c.Cache.
+		Set().
+		Group(CachedPageGroup).
+		Key(cp.URL).
+		Data(cp).
+		Save(context.Background())
+	require.NoError(t, err)
+
+	// Request the URL of the cached page
+	ctx, rec := tests.NewContext(c.Web, cp.URL)
+	err = tests.ExecuteMiddleware(ctx, ServeCachedPage(c.Cache))
+	assert.NoError(t, err)
+	assert.Equal(t, cp.StatusCode, ctx.Response().Status)
+	assert.Equal(t, cp.Headers["a"], ctx.Response().Header().Get("a"))
+	assert.Equal(t, cp.Headers["c"], ctx.Response().Header().Get("c"))
+	assert.Equal(t, cp.HTML, rec.Body.Bytes())
+
+	// Login and try again
+	tests.InitSession(ctx)
+	err = c.Auth.Login(ctx, usr.ID)
+	require.NoError(t, err)
+	_ = tests.ExecuteMiddleware(ctx, LoadAuthenticatedUser(c.Auth))
+	err = tests.ExecuteMiddleware(ctx, ServeCachedPage(c.Cache))
+	assert.Nil(t, err)
+}
+
+func TestCacheControl(t *testing.T) {
+	ctx, _ := tests.NewContext(c.Web, "/")
+	_ = tests.ExecuteMiddleware(ctx, CacheControl(time.Second*5))
+	assert.Equal(t, "public, max-age=5", ctx.Response().Header().Get("Cache-Control"))
+	_ = tests.ExecuteMiddleware(ctx, CacheControl(0))
+	assert.Equal(t, "no-cache, no-store", ctx.Response().Header().Get("Cache-Control"))
+}
--- a/pkg/middleware/entity.go
+++ b/pkg/middleware/entity.go
@ -0,0 +1,43 @@
+package middleware
+
+import (
+	"fmt"
+	"net/http"
+	"strconv"
+
+	"github.com/mikestefanello/pagoda/ent"
+	"github.com/mikestefanello/pagoda/ent/user"
+	"github.com/mikestefanello/pagoda/pkg/context"
+
+	"github.com/labstack/echo/v4"
+)
+
+// LoadUser loads the user based on the ID provided as a path parameter
+func LoadUser(orm *ent.Client) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			userID, err := strconv.Atoi(c.Param("user"))
+			if err != nil {
+				return echo.NewHTTPError(http.StatusNotFound)
+			}
+
+			u, err := orm.User.
+				Query().
+				Where(user.ID(userID)).
+				Only(c.Request().Context())
+
+			switch err.(type) {
+			case nil:
+				c.Set(context.UserKey, u)
+				return next(c)
+			case *ent.NotFoundError:
+				return echo.NewHTTPError(http.StatusNotFound)
+			default:
+				return echo.NewHTTPError(
+					http.StatusInternalServerError,
+					fmt.Sprintf("error querying user: %v", err),
+				)
+			}
+		}
+	}
+}
--- a/pkg/middleware/entity_test.go
+++ b/pkg/middleware/entity_test.go
@ -0,0 +1,23 @@
+package middleware
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/mikestefanello/pagoda/ent"
+	"github.com/mikestefanello/pagoda/pkg/context"
+	"github.com/mikestefanello/pagoda/pkg/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestLoadUser(t *testing.T) {
+	ctx, _ := tests.NewContext(c.Web, "/")
+	ctx.SetParamNames("user")
+	ctx.SetParamValues(fmt.Sprintf("%d", usr.ID))
+	_ = tests.ExecuteMiddleware(ctx, LoadUser(c.ORM))
+	ctxUsr, ok := ctx.Get(context.UserKey).(*ent.User)
+	require.True(t, ok)
+	assert.Equal(t, usr.ID, ctxUsr.ID)
+}
--- a/pkg/middleware/log.go
+++ b/pkg/middleware/log.go
@ -0,0 +1,20 @@
+package middleware
+
+import (
+	"fmt"
+
+	"github.com/labstack/echo/v4"
+)
+
+// LogRequestID includes the request ID in all logs for the given request
+// This requires that middleware that includes the request ID first execute
+func LogRequestID() echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			rID := c.Response().Header().Get(echo.HeaderXRequestID)
+			format := `{"time":"${time_rfc3339_nano}","id":"%s","level":"${level}","prefix":"${prefix}","file":"${short_file}","line":"${line}"}`
+			c.Logger().SetHeader(fmt.Sprintf(format, rID))
+			return next(c)
+		}
+	}
+}
--- a/pkg/middleware/log_test.go
+++ b/pkg/middleware/log_test.go
@ -0,0 +1,27 @@
+package middleware
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+
+	"github.com/mikestefanello/pagoda/pkg/tests"
+
+	"github.com/labstack/echo/v4"
+
+	"github.com/stretchr/testify/assert"
+
+	echomw "github.com/labstack/echo/v4/middleware"
+)
+
+func TestLogRequestID(t *testing.T) {
+	ctx, _ := tests.NewContext(c.Web, "/")
+	_ = tests.ExecuteMiddleware(ctx, echomw.RequestID())
+	_ = tests.ExecuteMiddleware(ctx, LogRequestID())
+
+	var buf bytes.Buffer
+	ctx.Logger().SetOutput(&buf)
+	ctx.Logger().Info("test")
+	rID := ctx.Response().Header().Get(echo.HeaderXRequestID)
+	assert.Contains(t, buf.String(), fmt.Sprintf(`id":"%s"`, rID))
+}
--- a/pkg/middleware/middleware_test.go
+++ b/pkg/middleware/middleware_test.go
@ -0,0 +1,40 @@
+package middleware
+
+import (
+	"os"
+	"testing"
+
+	"github.com/mikestefanello/pagoda/config"
+	"github.com/mikestefanello/pagoda/ent"
+	"github.com/mikestefanello/pagoda/pkg/services"
+	"github.com/mikestefanello/pagoda/pkg/tests"
+)
+
+var (
+	c   *services.Container
+	usr *ent.User
+)
+
+func TestMain(m *testing.M) {
+	// Set the environment to test
+	config.SwitchEnvironment(config.EnvTest)
+
+	// Create a new container
+	c = services.NewContainer()
+
+	// Create a user
+	var err error
+	if usr, err = tests.CreateUser(c.ORM); err != nil {
+		panic(err)
+	}
+
+	// Run tests
+	exitVal := m.Run()
+
+	// Shutdown the container
+	if err = c.Shutdown(); err != nil {
+		panic(err)
+	}
+
+	os.Exit(exitVal)
+}