Daniel Legt
d99f8ee82a
- Add backend services to create, list, and delete API tokens. - Implement Bearer token authentication to resolve tokens to users. - Register HTTP routes for managing user tokens under `/account/tokens`. - Add tests to verify that uploads with valid Bearer tokens associate the upload with the correct user, while invalid tokens fall back to anonymous uploads.
103 lines
4.6 KiB
Go
103 lines
4.6 KiB
Go
package handlers
|
|
|
|
import (
|
|
"log/slog"
|
|
"net/http"
|
|
|
|
"warpbox.dev/backend/libs/config"
|
|
"warpbox.dev/backend/libs/services"
|
|
"warpbox.dev/backend/libs/web"
|
|
)
|
|
|
|
type App struct {
|
|
cfg config.Config
|
|
logger *slog.Logger
|
|
renderer *web.Renderer
|
|
uploadService *services.UploadService
|
|
authService *services.AuthService
|
|
settingsService *services.SettingsService
|
|
rateLimiter *rateLimiter
|
|
}
|
|
|
|
func NewApp(cfg config.Config, logger *slog.Logger, renderer *web.Renderer, uploadService *services.UploadService, authService *services.AuthService, settingsService *services.SettingsService) *App {
|
|
return &App{
|
|
cfg: cfg,
|
|
logger: logger,
|
|
renderer: renderer,
|
|
uploadService: uploadService,
|
|
authService: authService,
|
|
settingsService: settingsService,
|
|
rateLimiter: newRateLimiter(),
|
|
}
|
|
}
|
|
|
|
func (a *App) renderPage(w http.ResponseWriter, r *http.Request, status int, page string, data web.PageData) {
|
|
if data.CurrentUser == nil {
|
|
data.CurrentUser = a.currentPublicUser(r)
|
|
}
|
|
data.CSRFToken = a.csrfToken(w, r)
|
|
a.renderer.Render(w, status, page, data)
|
|
}
|
|
|
|
func (a *App) RegisterRoutes(mux *http.ServeMux) {
|
|
mux.HandleFunc("GET /", a.Home)
|
|
mux.HandleFunc("GET /api", a.APIDocs)
|
|
mux.HandleFunc("GET /register", a.Register)
|
|
mux.HandleFunc("POST /register", a.RegisterPost)
|
|
mux.HandleFunc("GET /login", a.Login)
|
|
mux.HandleFunc("POST /login", a.LoginPost)
|
|
mux.HandleFunc("POST /logout", a.Logout)
|
|
mux.HandleFunc("GET /invite/{token}", a.Invite)
|
|
mux.HandleFunc("POST /invite/{token}", a.InvitePost)
|
|
mux.HandleFunc("GET /app", a.Dashboard)
|
|
mux.HandleFunc("POST /app/collections", a.CreateCollection)
|
|
mux.HandleFunc("POST /app/boxes/{boxID}/rename", a.RenameUserBox)
|
|
mux.HandleFunc("POST /app/boxes/{boxID}/move", a.MoveUserBox)
|
|
mux.HandleFunc("POST /app/boxes/{boxID}/delete", a.DeleteUserBox)
|
|
mux.HandleFunc("GET /account/settings", a.AccountSettings)
|
|
mux.HandleFunc("POST /account/password", a.ChangePassword)
|
|
mux.HandleFunc("POST /account/tokens", a.CreateUserToken)
|
|
mux.HandleFunc("POST /account/tokens/{tokenID}/delete", a.DeleteUserToken)
|
|
mux.HandleFunc("GET /admin/login", a.AdminLogin)
|
|
mux.HandleFunc("POST /admin/login", a.AdminLoginPost)
|
|
mux.HandleFunc("POST /admin/logout", a.AdminLogout)
|
|
mux.HandleFunc("GET /admin", a.AdminDashboard)
|
|
mux.HandleFunc("GET /admin/files", a.AdminFiles)
|
|
mux.HandleFunc("GET /admin/users", a.AdminUsers)
|
|
mux.HandleFunc("GET /admin/users/{userID}/edit", a.AdminEditUser)
|
|
mux.HandleFunc("GET /admin/settings", a.AdminSettings)
|
|
mux.HandleFunc("POST /admin/settings", a.AdminSettingsPost)
|
|
mux.HandleFunc("GET /admin/storage", a.AdminStorage)
|
|
mux.HandleFunc("POST /admin/storage/s3", a.AdminCreateS3Storage)
|
|
mux.HandleFunc("POST /admin/storage/{backendID}/edit", a.AdminEditStorage)
|
|
mux.HandleFunc("POST /admin/storage/{backendID}/test", a.AdminTestStorage)
|
|
mux.HandleFunc("POST /admin/storage/{backendID}/disable", a.AdminDisableStorage)
|
|
mux.HandleFunc("POST /admin/storage/{backendID}/delete", a.AdminDeleteStorage)
|
|
mux.HandleFunc("POST /admin/invites", a.AdminCreateInvite)
|
|
mux.HandleFunc("POST /admin/users/{userID}/disable", a.AdminDisableUser)
|
|
mux.HandleFunc("POST /admin/users/{userID}/reset", a.AdminResetUser)
|
|
mux.HandleFunc("POST /admin/users/{userID}/quota", a.AdminUpdateUserQuota)
|
|
mux.HandleFunc("POST /admin/users/{userID}/edit", a.AdminUpdateUser)
|
|
mux.HandleFunc("POST /admin/users/{userID}/policy", a.AdminUpdateUserPolicy)
|
|
mux.HandleFunc("POST /admin/users/{userID}/storage", a.AdminUpdateUserStorage)
|
|
mux.HandleFunc("GET /admin/boxes/{boxID}/view", a.AdminViewBox)
|
|
mux.HandleFunc("POST /admin/boxes/{boxID}/delete", a.AdminDeleteBox)
|
|
mux.HandleFunc("GET /d/{boxID}", a.DownloadPage)
|
|
mux.HandleFunc("GET /d/{boxID}/deleted", a.ManageDeleted)
|
|
mux.HandleFunc("GET /d/{boxID}/manage/{token}", a.ManageBox)
|
|
mux.HandleFunc("POST /d/{boxID}/manage/{token}/delete", a.ManageDeleteBox)
|
|
mux.HandleFunc("POST /d/{boxID}/unlock", a.UnlockBox)
|
|
mux.HandleFunc("GET /d/{boxID}/zip", a.DownloadZip)
|
|
mux.HandleFunc("GET /d/{boxID}/f/{fileID}", a.DownloadFile)
|
|
mux.HandleFunc("GET /d/{boxID}/f/{fileID}/download", a.DownloadFileContent)
|
|
mux.HandleFunc("GET /d/{boxID}/thumb/{fileID}", a.Thumbnail)
|
|
mux.HandleFunc("GET /health", a.Health)
|
|
mux.HandleFunc("GET /healthz", a.Health)
|
|
mux.HandleFunc("GET /api/v1/health", a.Health)
|
|
mux.HandleFunc("GET /api/v1/sharex/warpbox-anonymous.sxcu", a.ShareXAnonymousConfig)
|
|
mux.HandleFunc("GET /api/v1/schemas/upload-request.json", a.UploadRequestSchema)
|
|
mux.HandleFunc("GET /api/v1/schemas/upload-response.json", a.UploadResponseSchema)
|
|
mux.HandleFunc("POST /api/v1/upload", a.Upload)
|
|
mux.Handle("GET /static/", a.Static())
|
|
}
|