refactor(server): migrated all routes to new auth system

2022-09-04 19:36:08 +02:00 · 2022-09-04 19:36:08 +02:00 · 272f14b264
parent 4887af26d3
commit 272f14b264
6 changed files with 13 additions and 78 deletions
--- a/src/server/api_logs.v
+++ b/src/server/api_logs.v
@ -12,12 +12,8 @@ import models { BuildLog, BuildLogFilter }
 // v1_get_logs returns all build logs in the database. A 'target' query param can
 // optionally be added to limit the list of build logs to that repository.
-['/api/v1/logs'; get]
+['/api/v1/logs'; auth; get]
 fn (mut app App) v1_get_logs() web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	filter := models.from_params<BuildLogFilter>(app.query) or {
 		return app.json(http.Status.bad_request, new_response('Invalid query parameters.'))
 	}
@ -27,24 +23,16 @@ fn (mut app App) v1_get_logs() web.Result {
 }
 // v1_get_single_log returns the build log with the given id.
-['/api/v1/logs/:id'; get]
+['/api/v1/logs/:id'; auth; get]
 fn (mut app App) v1_get_single_log(id int) web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	log := app.db.get_build_log(id) or { return app.not_found() }
 	return app.json(http.Status.ok, new_data_response(log))
 }
 // v1_get_log_content returns the actual build log file for the given id.
-['/api/v1/logs/:id/content'; get]
+['/api/v1/logs/:id/content'; auth; get]
 fn (mut app App) v1_get_log_content(id int) web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	log := app.db.get_build_log(id) or { return app.not_found() }
 	file_name := log.start_time.custom_format('YYYY-MM-DD_HH-mm-ss')
 	full_path := os.join_path(app.conf.data_dir, logs_dir_name, log.target_id.str(), log.arch,
@ -63,12 +51,8 @@ fn parse_query_time(query string) ?time.Time {
 }
 // v1_post_log adds a new log to the database.
-['/api/v1/logs'; post]
+['/api/v1/logs'; auth; post]
 fn (mut app App) v1_post_log() web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	// Parse query params
 	start_time_int := app.query['startTime'].int()
--- a/src/server/api_targets.v
+++ b/src/server/api_targets.v
@ -7,12 +7,8 @@ import db
 import models { Target, TargetArch, TargetFilter }
 // v1_get_targets returns the current list of targets.
-['/api/v1/targets'; get]
+['/api/v1/targets'; auth; get]
 fn (mut app App) v1_get_targets() web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	filter := models.from_params<TargetFilter>(app.query) or {
 		return app.json(http.Status.bad_request, new_response('Invalid query parameters.'))
 	}
@ -22,24 +18,16 @@ fn (mut app App) v1_get_targets() web.Result {
 }
 // v1_get_single_target returns the information for a single target.
-['/api/v1/targets/:id'; get]
+['/api/v1/targets/:id'; auth; get]
 fn (mut app App) v1_get_single_target(id int) web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	repo := app.db.get_target(id) or { return app.not_found() }
 	return app.json(http.Status.ok, new_data_response(repo))
 }
 // v1_post_target creates a new target from the provided query string.
-['/api/v1/targets'; post]
+['/api/v1/targets'; auth; post]
 fn (mut app App) v1_post_target() web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	mut params := app.query.clone()
 	// If a repo is created without specifying the arch, we assume it's meant
@ -63,24 +51,16 @@ fn (mut app App) v1_post_target() web.Result {
 }
 // v1_delete_target removes a given target from the server's list.
-['/api/v1/targets/:id'; delete]
+['/api/v1/targets/:id'; auth; delete]
 fn (mut app App) v1_delete_target(id int) web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	app.db.delete_target(id)
 	return app.json(http.Status.ok, new_response('Repo removed successfully.'))
 }
 // v1_patch_target updates a target's data with the given query params.
-['/api/v1/targets/:id'; patch]
+['/api/v1/targets/:id'; auth; patch]
 fn (mut app App) v1_patch_target(id int) web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	app.db.update_target(id, app.query)
 	if 'arch' in app.query {
--- a/src/server/auth.v
+++ b/src/server/auth.v
@ -1,12 +0,0 @@
 module server
 import net.http
 // is_authorized checks whether the provided API key is correct.
 fn (mut app App) is_authorized() bool {
 	x_header := app.req.header.get_custom('X-Api-Key', http.HeaderQueryConfig{ exact: true }) or {
 		return false
 	}
 	return x_header.trim_space() == app.conf.api_key
 }
--- a/src/server/repo.v
+++ b/src/server/repo.v
@ -49,12 +49,8 @@ fn (mut app App) get_repo_file(repo string, arch string, filename string) web.Re
 }
 // put_package handles publishing a package to a repository.
-['/:repo/publish'; post]
+['/:repo/publish'; auth; post]
 fn (mut app App) put_package(repo string) web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	mut pkg_path := ''
 	if length := app.req.header.get(.content_length) {
--- a/src/server/repo_remove.v
+++ b/src/server/repo_remove.v
@ -5,12 +5,8 @@ import net.http
 import web.response { new_response }
 // delete_package tries to remove the given package.
-['/:repo/:arch/:pkg'; delete]
+['/:repo/:arch/:pkg'; auth; delete]
 fn (mut app App) delete_package(repo string, arch string, pkg string) web.Result {
 	if !app.is_authorized() {
 		return app.json(.unauthorized, new_response('Unauthorized.'))
 	}
 	res := app.repo.remove_pkg_from_arch_repo(repo, arch, pkg, true) or {
 		app.lerror('Error while deleting package: $err.msg()')
@ -29,12 +25,8 @@ fn (mut app App) delete_package(repo string, arch string, pkg string) web.Result
 }
 // delete_arch_repo tries to remove the given arch-repo.
-['/:repo/:arch'; delete]
+['/:repo/:arch'; auth; delete]
 fn (mut app App) delete_arch_repo(repo string, arch string) web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	res := app.repo.remove_arch_repo(repo, arch) or {
 		app.lerror('Error while deleting arch-repo: $err.msg()')
@ -53,12 +45,8 @@ fn (mut app App) delete_arch_repo(repo string, arch string) web.Result {
 }
 // delete_repo tries to remove the given repo.
-['/:repo'; delete]
+['/:repo'; auth; delete]
 fn (mut app App) delete_repo(repo string) web.Result {
 	if !app.is_authorized() {
 		return app.json(http.Status.unauthorized, new_response('Unauthorized.'))
 	}
 	res := app.repo.remove_repo(repo) or {
 		app.lerror('Error while deleting repo: $err.msg()')
--- a/src/web/web.v
+++ b/src/web/web.v
@ -394,7 +394,6 @@ fn handle_conn<T>(mut conn net.TcpConn, mut app T, routes map[string]Route) {
 		api_key: app.api_key
 	}
 	// Calling middleware...
 	app.before_request()