From 592e037f21daa66c91903b91574304edc5809fd0 Mon Sep 17 00:00:00 2001 From: boojack Date: Tue, 5 Jul 2022 22:04:17 +0800 Subject: [PATCH] feat: use api with open_id instead of webhooks --- server/basic_auth.go | 19 +++- server/webhook.go | 228 ------------------------------------------- 2 files changed, 18 insertions(+), 229 deletions(-) diff --git a/server/basic_auth.go b/server/basic_auth.go index 2976c6d6..777f80d4 100644 --- a/server/basic_auth.go +++ b/server/basic_auth.go @@ -54,11 +54,28 @@ func removeUserSession(c echo.Context) error { // Use session to store user.id. func BasicAuthMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc { return func(c echo.Context) error { - // Skips auth + // Skip auth for some paths. if common.HasPrefixes(c.Path(), "/api/auth", "/api/ping", "/api/status") { return next(c) } + // If there is openId in query string and related user is found, then skip auth. + openID := c.QueryParam("openId") + if openID != "" { + userFind := &api.UserFind{ + OpenID: &openID, + } + user, err := s.Store.FindUser(userFind) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by open_id").SetInternal(err) + } + if user != nil { + // Stores userID into context. + c.Set(getUserIDContextKey(), user.ID) + return next(c) + } + } + sess, err := session.Get("session", c) if err != nil { return echo.NewHTTPError(http.StatusUnauthorized, "Missing session").SetInternal(err) diff --git a/server/webhook.go b/server/webhook.go index c03ece53..da77ddb5 100644 --- a/server/webhook.go +++ b/server/webhook.go @@ -1,11 +1,8 @@ package server import ( - "encoding/json" "fmt" - "io/ioutil" "net/http" - "regexp" "strconv" "github.com/usememos/memos/api" @@ -18,231 +15,6 @@ func (s *Server) registerWebhookRoutes(g *echo.Group) { return c.HTML(http.StatusOK, "Hello, World!") }) - g.POST("/:openId/memo", func(c echo.Context) error { - openID := c.Param("openId") - userFind := &api.UserFind{ - OpenID: &openID, - } - user, err := s.Store.FindUser(userFind) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by open_id").SetInternal(err) - } - if user == nil { - return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("User openId not found: %s", openID)) - } - - memoCreate := &api.MemoCreate{ - CreatorID: user.ID, - } - if err := json.NewDecoder(c.Request().Body).Decode(memoCreate); err != nil { - return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post memo request by open api").SetInternal(err) - } - - memo, err := s.Store.CreateMemo(memoCreate) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create memo").SetInternal(err) - } - - c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) - if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode memo response").SetInternal(err) - } - return nil - }) - - g.PATCH("/:openId/memo/:memoId", func(c echo.Context) error { - openID := c.Param("openId") - userFind := &api.UserFind{ - OpenID: &openID, - } - user, err := s.Store.FindUser(userFind) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by open_id").SetInternal(err) - } - if user == nil { - return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("User openId not found: %s", openID)) - } - - memoID, err := strconv.Atoi(c.Param("memoId")) - if err != nil { - return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("memoId is not a number: %s", c.Param("memoId"))).SetInternal(err) - } - - memoPatch := &api.MemoPatch{ - ID: memoID, - } - if err := json.NewDecoder(c.Request().Body).Decode(memoPatch); err != nil { - return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch memo request by open api").SetInternal(err) - } - - memo, err := s.Store.PatchMemo(memoPatch) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to patch memo").SetInternal(err) - } - - c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) - if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(memo)); err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode memo response").SetInternal(err) - } - return nil - }) - - g.GET("/:openId/memo", func(c echo.Context) error { - openID := c.Param("openId") - userFind := &api.UserFind{ - OpenID: &openID, - } - user, err := s.Store.FindUser(userFind) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by open_id").SetInternal(err) - } - if user == nil { - return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("Not found user with openid: %s", openID)) - } - - memoFind := &api.MemoFind{ - CreatorID: &user.ID, - } - rowStatus := api.RowStatus(c.QueryParam("rowStatus")) - if rowStatus != "" { - memoFind.RowStatus = &rowStatus - } - pinnedStr := c.QueryParam("pinned") - if pinnedStr != "" { - pinned := pinnedStr == "true" - memoFind.Pinned = &pinned - } - tag := c.QueryParam("tag") - if tag != "" { - contentSearch := tag + " " - memoFind.ContentSearch = &contentSearch - } - if limit, err := strconv.Atoi(c.QueryParam("limit")); err == nil { - memoFind.Limit = limit - } - if offset, err := strconv.Atoi(c.QueryParam("offset")); err == nil { - memoFind.Offset = offset - } - - list, err := s.Store.FindMemoList(memoFind) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch memo list").SetInternal(err) - } - - c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) - if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(list)); err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode memo list response").SetInternal(err) - } - return nil - }) - - g.POST("/:openId/resource", func(c echo.Context) error { - openID := c.Param("openId") - userFind := &api.UserFind{ - OpenID: &openID, - } - user, err := s.Store.FindUser(userFind) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by open_id").SetInternal(err) - } - if user == nil { - return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("User openId not found: %s", openID)) - } - - if err := c.Request().ParseMultipartForm(64 << 20); err != nil { - return echo.NewHTTPError(http.StatusBadRequest, "Upload file overload max size").SetInternal(err) - } - - file, err := c.FormFile("file") - if err != nil { - return echo.NewHTTPError(http.StatusBadRequest, "Upload file not found").SetInternal(err) - } - - filename := file.Filename - filetype := file.Header.Get("Content-Type") - size := file.Size - src, err := file.Open() - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to open file").SetInternal(err) - } - defer src.Close() - - fileBytes, err := ioutil.ReadAll(src) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to read file").SetInternal(err) - } - - resourceCreate := &api.ResourceCreate{ - Filename: filename, - Type: filetype, - Size: size, - Blob: fileBytes, - CreatorID: user.ID, - } - - resource, err := s.Store.CreateResource(resourceCreate) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create resource").SetInternal(err) - } - - c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) - if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(resource)); err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode resource response").SetInternal(err) - } - return nil - }) - - g.GET("/:openId/tag", func(c echo.Context) error { - openID := c.Param("openId") - userFind := &api.UserFind{ - OpenID: &openID, - } - user, err := s.Store.FindUser(userFind) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by open_id").SetInternal(err) - } - if user == nil { - return echo.NewHTTPError(http.StatusNotFound, fmt.Sprintf("User openId not found: %s", openID)) - } - - contentSearch := "#" - normalRowStatus := api.Normal - memoFind := api.MemoFind{ - CreatorID: &user.ID, - ContentSearch: &contentSearch, - RowStatus: &normalRowStatus, - } - - memoList, err := s.Store.FindMemoList(&memoFind) - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find memo list").SetInternal(err) - } - - tagMapSet := make(map[string]bool) - - r, err := regexp.Compile("#(.+?) ") - if err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to compile regexp").SetInternal(err) - } - for _, memo := range memoList { - for _, rawTag := range r.FindAllString(memo.Content, -1) { - tag := r.ReplaceAllString(rawTag, "$1") - tagMapSet[tag] = true - } - } - - tagList := []string{} - for tag := range tagMapSet { - tagList = append(tagList, tag) - } - - c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSONCharsetUTF8) - if err := json.NewEncoder(c.Response().Writer).Encode(composeResponse(tagList)); err != nil { - return echo.NewHTTPError(http.StatusInternalServerError, "Failed to encode tags response").SetInternal(err) - } - return nil - }) - g.GET("/r/:resourceId/:filename", func(c echo.Context) error { resourceID, err := strconv.Atoi(c.Param("resourceId")) if err != nil {