aykhans/slash-e
1
0
Fork 0
mirror of https://github.com/aykhans/slash-e.git synced 2025-06-14 03:47:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore: move api to route package

Browse Source
This commit is contained in:
Steven
2024-03-01 00:08:05 +08:00
parent 201cf83afe
commit 87d626cd1d
14 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
server/route/api/v1/acl.go Normal file
View File

@ -0,0 +1,174 @@
package v1
import (
"context"
"net/http"
"strings"
"github.com/golang-jwt/jwt/v4"
"github.com/pkg/errors"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
"github.com/yourselfhosted/slash/internal/util"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/server/route/auth"
"github.com/yourselfhosted/slash/store"
)
// ContextKey is the key type of context value.
type ContextKey int
const (
// The key name used to store user id in the context
// user id is extracted from the jwt token subject field.
userIDContextKey ContextKey = iota
)
// GRPCAuthInterceptor is the auth interceptor for gRPC server.
type GRPCAuthInterceptor struct {
Store *store.Store
secret string
}
// NewGRPCAuthInterceptor returns a new API auth interceptor.
func NewGRPCAuthInterceptor(store *store.Store, secret string) *GRPCAuthInterceptor {
return &GRPCAuthInterceptor{
Store: store,
secret: secret,
}
}
// AuthenticationInterceptor is the unary interceptor for gRPC API.
func (in *GRPCAuthInterceptor) AuthenticationInterceptor(ctx context.Context, request any, serverInfo *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return nil, status.Errorf(codes.Unauthenticated, "failed to parse metadata from incoming context")
}
accessToken, err := getTokenFromMetadata(md)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get access token from metadata: %v", err)
}
userID, err := in.authenticate(ctx, accessToken)
if err != nil {
if isUnauthorizeAllowedMethod(serverInfo.FullMethod) {
return handler(ctx, request)
}
return nil, err
}
user, err := in.Store.GetUser(ctx, &store.FindUser{
ID: &userID,
})
if err != nil {
return nil, errors.Wrap(err, "failed to get user")
}
if user == nil {
return nil, status.Errorf(codes.Unauthenticated, "user ID %q not exists in the access token", userID)
}
if isOnlyForAdminAllowedMethod(serverInfo.FullMethod) && user.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "user ID %q is not admin", userID)
}
// Stores userID into context.
childCtx := context.WithValue(ctx, userIDContextKey, userID)
return handler(childCtx, request)
}
func (in *GRPCAuthInterceptor) authenticate(ctx context.Context, accessToken string) (int32, error) {
if accessToken == "" {
return 0, status.Errorf(codes.Unauthenticated, "access token not found")
}
claims := &auth.ClaimsMessage{}
_, err := jwt.ParseWithClaims(accessToken, claims, func(t *jwt.Token) (any, error) {
if t.Method.Alg() != jwt.SigningMethodHS256.Name {
return nil, status.Errorf(codes.Unauthenticated, "unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
}
if kid, ok := t.Header["kid"].(string); ok {
if kid == "v1" {
return []byte(in.secret), nil
}
}
return nil, status.Errorf(codes.Unauthenticated, "unexpected access token kid=%v", t.Header["kid"])
})
if err != nil {
return 0, status.Errorf(codes.Unauthenticated, "Invalid or expired access token")
}
if !audienceContains(claims.Audience, auth.AccessTokenAudienceName) {
return 0, status.Errorf(codes.Unauthenticated,
"invalid access token, audience mismatch, got %q, expected %q. you may send request to the wrong environment",
claims.Audience,
auth.AccessTokenAudienceName,
)
}
userID, err := util.ConvertStringToInt32(claims.Subject)
if err != nil {
return 0, status.Errorf(codes.Unauthenticated, "malformed ID %q in the access token", claims.Subject)
}
user, err := in.Store.GetUser(ctx, &store.FindUser{
ID: &userID,
})
if err != nil {
return 0, status.Errorf(codes.Unauthenticated, "failed to find user ID %q in the access token", userID)
}
if user == nil {
return 0, status.Errorf(codes.Unauthenticated, "user ID %q not exists in the access token", userID)
}
if user.RowStatus == store.Archived {
return 0, status.Errorf(codes.Unauthenticated, "user ID %q has been deactivated by administrators", userID)
}
accessTokens, err := in.Store.GetUserAccessTokens(ctx, user.ID)
if err != nil {
return 0, errors.Wrapf(err, "failed to get user access tokens")
}
if !validateAccessToken(accessToken, accessTokens) {
return 0, status.Errorf(codes.Unauthenticated, "invalid access token")
}
return userID, nil
}
func getTokenFromMetadata(md metadata.MD) (string, error) {
// Try to get the token from the authorization header first.
authorizationHeaders := md.Get("Authorization")
if len(authorizationHeaders) > 0 {
authHeaderParts := strings.Fields(authorizationHeaders[0])
if len(authHeaderParts) != 2 || strings.ToLower(authHeaderParts[0]) != "bearer" {
return "", errors.Errorf("authorization header format must be Bearer {token}")
}
return authHeaderParts[1], nil
}
// Try to get the token from the cookie header.
var accessToken string
for _, t := range append(md.Get("grpcgateway-cookie"), md.Get("cookie")...) {
header := http.Header{}
header.Add("Cookie", t)
request := http.Request{Header: header}
if v, _ := request.Cookie(auth.AccessTokenCookieName); v != nil {
accessToken = v.Value
}
}
return accessToken, nil
}
func audienceContains(audience jwt.ClaimStrings, token string) bool {
for _, v := range audience {
if v == token {
return true
}
}
return false
}
func validateAccessToken(accessTokenString string, userAccessTokens []*storepb.AccessTokensUserSetting_AccessToken) bool {
for _, userAccessToken := range userAccessTokens {
if accessTokenString == userAccessToken.AccessToken {
return true
}
}
return false
}

35
server/route/api/v1/acl_config.go Normal file
View File

@ -0,0 +1,35 @@
package v1
import "strings"
var allowedMethodsWhenUnauthorized = map[string]bool{
"/slash.api.v1.WorkspaceService/GetWorkspaceProfile": true,
"/slash.api.v1.WorkspaceService/GetWorkspaceSetting": true,
"/slash.api.v1.AuthService/SignIn": true,
"/slash.api.v1.AuthService/SignUp": true,
"/slash.api.v1.AuthService/SignOut": true,
"/memos.api.v1.AuthService/GetAuthStatus": true,
"/slash.api.v1.ShortcutService/GetShortcutByName": true,
"/slash.api.v1.ShortcutService/GetShortcut": true,
"/slash.api.v1.CollectionService/GetCollectionByName": true,
}
// isUnauthorizeAllowedMethod returns true if the method is allowed to be called when the user is not authorized.
func isUnauthorizeAllowedMethod(methodName string) bool {
if strings.HasPrefix(methodName, "/grpc.reflection") {
return true
}
return allowedMethodsWhenUnauthorized[methodName]
}
var allowedMethodsOnlyForAdmin = map[string]bool{
"/slash.api.v1.UserService/CreateUser": true,
"/slash.api.v1.UserService/DeleteUser": true,
"/slash.api.v1.WorkspaceService/UpdateWorkspaceSetting": true,
"/slash.api.v1.SubscriptionService/UpdateSubscription": true,
}
// isOnlyForAdminAllowedMethod returns true if the method is allowed to be called only by admin.
func isOnlyForAdminAllowedMethod(methodName string) bool {
return allowedMethodsOnlyForAdmin[methodName]
}

149
server/route/api/v1/auth_service.go Normal file
View File

@ -0,0 +1,149 @@
package v1
import (
"context"
"fmt"
"time"
"golang.org/x/crypto/bcrypt"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/server/metric"
"github.com/yourselfhosted/slash/server/route/auth"
"github.com/yourselfhosted/slash/server/service/license"
"github.com/yourselfhosted/slash/store"
)
func (s *APIV2Service) GetAuthStatus(ctx context.Context, _ *apiv1pb.GetAuthStatusRequest) (*apiv1pb.GetAuthStatusResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
if user == nil {
return nil, status.Errorf(codes.Unauthenticated, "user not found")
}
return &apiv1pb.GetAuthStatusResponse{
User: convertUserFromStore(user),
}, nil
}
func (s *APIV2Service) SignIn(ctx context.Context, request *apiv1pb.SignInRequest) (*apiv1pb.SignInResponse, error) {
user, err := s.Store.GetUser(ctx, &store.FindUser{
Email: &request.Email,
})
if err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to find user by email %s", request.Email))
}
if user == nil {
return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("user not found with email %s", request.Email))
} else if user.RowStatus == store.Archived {
return nil, status.Errorf(codes.PermissionDenied, fmt.Sprintf("user has been archived with email %s", request.Email))
}
// Compare the stored hashed password, with the hashed version of the password that was received.
if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(request.Password)); err != nil {
return nil, status.Errorf(codes.InvalidArgument, "unmatched email and password")
}
accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(s.Secret))
if err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to generate tokens, err: %s", err))
}
if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, "user login"); err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to upsert access token to store, err: %s", err))
}
if err := grpc.SetHeader(ctx, metadata.New(map[string]string{
"Set-Cookie": fmt.Sprintf("%s=%s; Path=/; Expires=%s; HttpOnly; SameSite=Strict", auth.AccessTokenCookieName, accessToken, time.Now().Add(auth.AccessTokenDuration).Format(time.RFC1123)),
})); err != nil {
return nil, status.Errorf(codes.Internal, "failed to set grpc header, error: %v", err)
}
metric.Enqueue("user sign in")
return &apiv1pb.SignInResponse{
User: convertUserFromStore(user),
}, nil
}
func (s *APIV2Service) SignUp(ctx context.Context, request *apiv1pb.SignUpRequest) (*apiv1pb.SignUpResponse, error) {
enableSignUpSetting, err := s.Store.GetWorkspaceSetting(ctx, &store.FindWorkspaceSetting{
Key: storepb.WorkspaceSettingKey_WORKSAPCE_SETTING_ENABLE_SIGNUP,
})
if err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to get workspace setting, err: %s", err))
}
if enableSignUpSetting != nil && !enableSignUpSetting.GetEnableSignup() {
return nil, status.Errorf(codes.PermissionDenied, "sign up is not allowed")
}
if !s.LicenseService.IsFeatureEnabled(license.FeatureTypeUnlimitedAccounts) {
userList, err := s.Store.ListUsers(ctx, &store.FindUser{})
if err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to list users, err: %s", err))
}
if len(userList) >= 5 {
return nil, status.Errorf(codes.InvalidArgument, "maximum number of users reached")
}
}
passwordHash, err := bcrypt.GenerateFromPassword([]byte(request.Password), bcrypt.DefaultCost)
if err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to generate password hash, err: %s", err))
}
create := &store.User{
Email: request.Email,
Nickname: request.Nickname,
PasswordHash: string(passwordHash),
}
existingUsers, err := s.Store.ListUsers(ctx, &store.FindUser{})
if err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to list users, err: %s", err))
}
// The first user to sign up is an admin by default.
if len(existingUsers) == 0 {
create.Role = store.RoleAdmin
} else {
create.Role = store.RoleUser
}
user, err := s.Store.CreateUser(ctx, create)
if err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to create user, err: %s", err))
}
accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, time.Now().Add(auth.AccessTokenDuration), []byte(s.Secret))
if err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to generate tokens, err: %s", err))
}
if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, "user login"); err != nil {
return nil, status.Errorf(codes.Internal, fmt.Sprintf("failed to upsert access token to store, err: %s", err))
}
if err := grpc.SetHeader(ctx, metadata.New(map[string]string{
"Set-Cookie": fmt.Sprintf("%s=%s; Path=/; Expires=%s; HttpOnly; SameSite=Strict", auth.AccessTokenCookieName, accessToken, time.Now().Add(auth.AccessTokenDuration).Format(time.RFC1123)),
})); err != nil {
return nil, status.Errorf(codes.Internal, "failed to set grpc header, error: %v", err)
}
metric.Enqueue("user sign up")
return &apiv1pb.SignUpResponse{
User: convertUserFromStore(user),
}, nil
}
func (*APIV2Service) SignOut(ctx context.Context, _ *apiv1pb.SignOutRequest) (*apiv1pb.SignOutResponse, error) {
// Set the cookie header to expire access token.
if err := grpc.SetHeader(ctx, metadata.New(map[string]string{
"Set-Cookie": fmt.Sprintf("%s=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Strict", auth.AccessTokenCookieName),
})); err != nil {
return nil, status.Errorf(codes.Internal, "failed to set grpc header, error: %v", err)
}
return &apiv1pb.SignOutResponse{}, nil
}

239
server/route/api/v1/collection_service.go Normal file
View File

@ -0,0 +1,239 @@
package v1
import (
"context"
"time"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/timestamppb"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/server/metric"
"github.com/yourselfhosted/slash/server/service/license"
"github.com/yourselfhosted/slash/store"
)
func (s *APIV2Service) ListCollections(ctx context.Context, _ *apiv1pb.ListCollectionsRequest) (*apiv1pb.ListCollectionsResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
collections, err := s.Store.ListCollections(ctx, &store.FindCollection{
CreatorID: &user.ID,
VisibilityList: []store.Visibility{
store.VisibilityPrivate,
},
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get collection list, err: %v", err)
}
sharedCollections, err := s.Store.ListCollections(ctx, &store.FindCollection{
VisibilityList: []store.Visibility{
store.VisibilityWorkspace,
store.VisibilityPublic,
},
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get collection list, err: %v", err)
}
collections = append(collections, sharedCollections...)
convertedCollections := []*apiv1pb.Collection{}
for _, collection := range collections {
convertedCollections = append(convertedCollections, convertCollectionFromStore(collection))
}
response := &apiv1pb.ListCollectionsResponse{
Collections: convertedCollections,
}
return response, nil
}
func (s *APIV2Service) GetCollection(ctx context.Context, request *apiv1pb.GetCollectionRequest) (*apiv1pb.GetCollectionResponse, error) {
collection, err := s.Store.GetCollection(ctx, &store.FindCollection{
ID: &request.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get collection by name: %v", err)
}
if collection == nil {
return nil, status.Errorf(codes.NotFound, "collection not found")
}
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
if collection.Visibility == storepb.Visibility_PRIVATE && collection.CreatorId != user.ID {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
response := &apiv1pb.GetCollectionResponse{
Collection: convertCollectionFromStore(collection),
}
return response, nil
}
func (s *APIV2Service) GetCollectionByName(ctx context.Context, request *apiv1pb.GetCollectionByNameRequest) (*apiv1pb.GetCollectionByNameResponse, error) {
collection, err := s.Store.GetCollection(ctx, &store.FindCollection{
Name: &request.Name,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get collection by name: %v", err)
}
if collection == nil {
return nil, status.Errorf(codes.NotFound, "collection not found")
}
userID, ok := ctx.Value(userIDContextKey).(int32)
if ok {
if collection.Visibility == storepb.Visibility_PRIVATE && collection.CreatorId != userID {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
} else {
if collection.Visibility != storepb.Visibility_PUBLIC {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
}
response := &apiv1pb.GetCollectionByNameResponse{
Collection: convertCollectionFromStore(collection),
}
metric.Enqueue("collection view")
return response, nil
}
func (s *APIV2Service) CreateCollection(ctx context.Context, request *apiv1pb.CreateCollectionRequest) (*apiv1pb.CreateCollectionResponse, error) {
if request.Collection.Name == "" || request.Collection.Title == "" {
return nil, status.Errorf(codes.InvalidArgument, "name and title are required")
}
if !s.LicenseService.IsFeatureEnabled(license.FeatureTypeUnlimitedAccounts) {
collections, err := s.Store.ListCollections(ctx, &store.FindCollection{
VisibilityList: []store.Visibility{store.VisibilityWorkspace, store.VisibilityPublic},
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get collection list, err: %v", err)
}
if len(collections) >= 5 {
return nil, status.Errorf(codes.PermissionDenied, "Maximum number of collections reached")
}
}
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
collectionCreate := &storepb.Collection{
CreatorId: user.ID,
Name: request.Collection.Name,
Title: request.Collection.Title,
Description: request.Collection.Description,
ShortcutIds: request.Collection.ShortcutIds,
Visibility: storepb.Visibility(request.Collection.Visibility),
}
collection, err := s.Store.CreateCollection(ctx, collectionCreate)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to create collection, err: %v", err)
}
response := &apiv1pb.CreateCollectionResponse{
Collection: convertCollectionFromStore(collection),
}
metric.Enqueue("collection create")
return response, nil
}
func (s *APIV2Service) UpdateCollection(ctx context.Context, request *apiv1pb.UpdateCollectionRequest) (*apiv1pb.UpdateCollectionResponse, error) {
if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
return nil, status.Errorf(codes.InvalidArgument, "updateMask is required")
}
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
collection, err := s.Store.GetCollection(ctx, &store.FindCollection{
ID: &request.Collection.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get collection by name: %v", err)
}
if collection == nil {
return nil, status.Errorf(codes.NotFound, "collection not found")
}
if collection.CreatorId != user.ID && user.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
update := &store.UpdateCollection{
ID: collection.Id,
}
for _, path := range request.UpdateMask.Paths {
switch path {
case "name":
update.Name = &request.Collection.Name
case "title":
update.Title = &request.Collection.Title
case "description":
update.Description = &request.Collection.Description
case "shortcut_ids":
update.ShortcutIDs = request.Collection.ShortcutIds
case "visibility":
visibility := store.Visibility(request.Collection.Visibility.String())
update.Visibility = &visibility
}
}
collection, err = s.Store.UpdateCollection(ctx, update)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to update collection, err: %v", err)
}
response := &apiv1pb.UpdateCollectionResponse{
Collection: convertCollectionFromStore(collection),
}
return response, nil
}
func (s *APIV2Service) DeleteCollection(ctx context.Context, request *apiv1pb.DeleteCollectionRequest) (*apiv1pb.DeleteCollectionResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
collection, err := s.Store.GetCollection(ctx, &store.FindCollection{
ID: &request.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get collection by name: %v", err)
}
if collection == nil {
return nil, status.Errorf(codes.NotFound, "collection not found")
}
if collection.CreatorId != user.ID && user.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
err = s.Store.DeleteCollection(ctx, &store.DeleteCollection{
ID: collection.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to delete collection, err: %v", err)
}
response := &apiv1pb.DeleteCollectionResponse{}
return response, nil
}
func convertCollectionFromStore(collection *storepb.Collection) *apiv1pb.Collection {
return &apiv1pb.Collection{
Id: collection.Id,
CreatorId: collection.CreatorId,
CreatedTime: timestamppb.New(time.Unix(collection.CreatedTs, 0)),
UpdatedTime: timestamppb.New(time.Unix(collection.UpdatedTs, 0)),
Name: collection.Name,
Title: collection.Title,
Description: collection.Description,
ShortcutIds: collection.ShortcutIds,
Visibility: apiv1pb.Visibility(collection.Visibility),
}
}

33
server/route/api/v1/common.go Normal file
View File

@ -0,0 +1,33 @@
package v1
import (
"context"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
"github.com/yourselfhosted/slash/store"
)
func convertRowStatusFromStore(rowStatus store.RowStatus) apiv1pb.RowStatus {
switch rowStatus {
case store.Normal:
return apiv1pb.RowStatus_NORMAL
case store.Archived:
return apiv1pb.RowStatus_ARCHIVED
default:
return apiv1pb.RowStatus_ROW_STATUS_UNSPECIFIED
}
}
func getCurrentUser(ctx context.Context, s *store.Store) (*store.User, error) {
userID, ok := ctx.Value(userIDContextKey).(int32)
if !ok {
return nil, nil
}
user, err := s.GetUser(ctx, &store.FindUser{
ID: &userID,
})
if err != nil {
return nil, err
}
return user, nil
}

196
server/route/api/v1/memo_service.go Normal file
View File

@ -0,0 +1,196 @@
package v1
import (
"context"
"strings"
"time"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/timestamppb"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/store"
)
func (s *APIV2Service) ListMemos(ctx context.Context, _ *apiv1pb.ListMemosRequest) (*apiv1pb.ListMemosResponse, error) {
find := &store.FindMemo{}
memos, err := s.Store.ListMemos(ctx, find)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to fetch memo list, err: %v", err)
}
composedMemos := []*apiv1pb.Memo{}
for _, memo := range memos {
composedMemo, err := s.convertMemoFromStorepb(ctx, memo)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert memo, err: %v", err)
}
composedMemos = append(composedMemos, composedMemo)
}
response := &apiv1pb.ListMemosResponse{
Memos: composedMemos,
}
return response, nil
}
func (s *APIV2Service) GetMemo(ctx context.Context, request *apiv1pb.GetMemoRequest) (*apiv1pb.GetMemoResponse, error) {
memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
ID: &request.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get memo by ID: %v", err)
}
if memo == nil {
return nil, status.Errorf(codes.NotFound, "memo not found")
}
composedMemo, err := s.convertMemoFromStorepb(ctx, memo)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert memo, err: %v", err)
}
response := &apiv1pb.GetMemoResponse{
Memo: composedMemo,
}
return response, nil
}
func (s *APIV2Service) CreateMemo(ctx context.Context, request *apiv1pb.CreateMemoRequest) (*apiv1pb.CreateMemoResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
memoCreate := &storepb.Memo{
CreatorId: user.ID,
Name: request.Memo.Name,
Title: request.Memo.Title,
Content: request.Memo.Content,
Tags: request.Memo.Tags,
Visibility: storepb.Visibility(request.Memo.Visibility),
}
memo, err := s.Store.CreateMemo(ctx, memoCreate)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to create memo, err: %v", err)
}
composedMemo, err := s.convertMemoFromStorepb(ctx, memo)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert memo, err: %v", err)
}
response := &apiv1pb.CreateMemoResponse{
Memo: composedMemo,
}
return response, nil
}
func (s *APIV2Service) UpdateMemo(ctx context.Context, request *apiv1pb.UpdateMemoRequest) (*apiv1pb.UpdateMemoResponse, error) {
if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
return nil, status.Errorf(codes.InvalidArgument, "updateMask is required")
}
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
ID: &user.ID,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user, err: %v", err)
}
memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
ID: &request.Memo.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get memo by ID: %v", err)
}
if memo == nil {
return nil, status.Errorf(codes.NotFound, "memo not found")
}
if memo.CreatorId != user.ID && currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
update := &store.UpdateMemo{
ID: memo.Id,
}
for _, path := range request.UpdateMask.Paths {
switch path {
case "name":
update.Name = &request.Memo.Name
case "title":
update.Title = &request.Memo.Title
case "content":
update.Content = &request.Memo.Content
case "tags":
tag := strings.Join(request.Memo.Tags, " ")
update.Tag = &tag
case "visibility":
visibility := store.Visibility(request.Memo.Visibility.String())
update.Visibility = &visibility
}
}
memo, err = s.Store.UpdateMemo(ctx, update)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to update memo, err: %v", err)
}
composedMemo, err := s.convertMemoFromStorepb(ctx, memo)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert memo, err: %v", err)
}
response := &apiv1pb.UpdateMemoResponse{
Memo: composedMemo,
}
return response, nil
}
func (s *APIV2Service) DeleteMemo(ctx context.Context, request *apiv1pb.DeleteMemoRequest) (*apiv1pb.DeleteMemoResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
currentUser, err := s.Store.GetUser(ctx, &store.FindUser{
ID: &user.ID,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get current user, err: %v", err)
}
memo, err := s.Store.GetMemo(ctx, &store.FindMemo{
ID: &request.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get memo by ID: %v", err)
}
if memo == nil {
return nil, status.Errorf(codes.NotFound, "memo not found")
}
if memo.CreatorId != user.ID && currentUser.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
err = s.Store.DeleteMemo(ctx, &store.DeleteMemo{
ID: memo.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to delete memo, err: %v", err)
}
response := &apiv1pb.DeleteMemoResponse{}
return response, nil
}
func (*APIV2Service) convertMemoFromStorepb(_ context.Context, memo *storepb.Memo) (*apiv1pb.Memo, error) {
return &apiv1pb.Memo{
Id: memo.Id,
CreatedTime: timestamppb.New(time.Unix(memo.CreatedTs, 0)),
UpdatedTime: timestamppb.New(time.Unix(memo.UpdatedTs, 0)),
CreatorId: memo.CreatorId,
Name: memo.Name,
Title: memo.Title,
Content: memo.Content,
Tags: memo.Tags,
Visibility: apiv1pb.Visibility(memo.Visibility),
}, nil
}

419
server/route/api/v1/shortcut_service.go Normal file
View File

@ -0,0 +1,419 @@
package v1
import (
"context"
"fmt"
"strings"
"time"
"github.com/mssola/useragent"
"github.com/pkg/errors"
"golang.org/x/exp/slices"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/peer"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/types/known/timestamppb"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/server/metric"
"github.com/yourselfhosted/slash/store"
)
func (s *APIV2Service) ListShortcuts(ctx context.Context, _ *apiv1pb.ListShortcutsRequest) (*apiv1pb.ListShortcutsResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
find := &store.FindShortcut{}
find.VisibilityList = []store.Visibility{store.VisibilityWorkspace, store.VisibilityPublic}
visibleShortcutList, err := s.Store.ListShortcuts(ctx, find)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to fetch visible shortcut list, err: %v", err)
}
find.VisibilityList = []store.Visibility{store.VisibilityPrivate}
find.CreatorID = &user.ID
shortcutList, err := s.Store.ListShortcuts(ctx, find)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to fetch private shortcut list, err: %v", err)
}
shortcutList = append(shortcutList, visibleShortcutList...)
shortcuts := []*apiv1pb.Shortcut{}
for _, shortcut := range shortcutList {
composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
}
shortcuts = append(shortcuts, composedShortcut)
}
response := &apiv1pb.ListShortcutsResponse{
Shortcuts: shortcuts,
}
return response, nil
}
func (s *APIV2Service) GetShortcut(ctx context.Context, request *apiv1pb.GetShortcutRequest) (*apiv1pb.GetShortcutResponse, error) {
shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
ID: &request.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get shortcut by id: %v", err)
}
if shortcut == nil {
return nil, status.Errorf(codes.NotFound, "shortcut not found")
}
userID, ok := ctx.Value(userIDContextKey).(int32)
if ok {
if shortcut.Visibility == storepb.Visibility_PRIVATE && shortcut.CreatorId != userID {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
} else {
if shortcut.Visibility != storepb.Visibility_PUBLIC {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
}
composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
}
response := &apiv1pb.GetShortcutResponse{
Shortcut: composedShortcut,
}
return response, nil
}
func (s *APIV2Service) GetShortcutByName(ctx context.Context, request *apiv1pb.GetShortcutByNameRequest) (*apiv1pb.GetShortcutByNameResponse, error) {
shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
Name: &request.Name,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get shortcut by name: %v", err)
}
if shortcut == nil {
return nil, status.Errorf(codes.NotFound, "shortcut not found")
}
userID, ok := ctx.Value(userIDContextKey).(int32)
if ok {
if shortcut.Visibility == storepb.Visibility_PRIVATE && shortcut.CreatorId != userID {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
} else {
if shortcut.Visibility != storepb.Visibility_PUBLIC {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
}
// Create shortcut view activity.
if err := s.createShortcutViewActivity(ctx, shortcut); err != nil {
fmt.Printf("failed to create activity, err: %v", err)
}
composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
}
response := &apiv1pb.GetShortcutByNameResponse{
Shortcut: composedShortcut,
}
return response, nil
}
func (s *APIV2Service) CreateShortcut(ctx context.Context, request *apiv1pb.CreateShortcutRequest) (*apiv1pb.CreateShortcutResponse, error) {
if request.Shortcut.Name == "" || request.Shortcut.Link == "" {
return nil, status.Errorf(codes.InvalidArgument, "name and link are required")
}
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
shortcutCreate := &storepb.Shortcut{
CreatorId: user.ID,
Name: request.Shortcut.Name,
Link: request.Shortcut.Link,
Title: request.Shortcut.Title,
Tags: request.Shortcut.Tags,
Description: request.Shortcut.Description,
Visibility: storepb.Visibility(request.Shortcut.Visibility),
OgMetadata: &storepb.OpenGraphMetadata{},
}
if request.Shortcut.OgMetadata != nil {
shortcutCreate.OgMetadata = &storepb.OpenGraphMetadata{
Title: request.Shortcut.OgMetadata.Title,
Description: request.Shortcut.OgMetadata.Description,
Image: request.Shortcut.OgMetadata.Image,
}
}
shortcut, err := s.Store.CreateShortcut(ctx, shortcutCreate)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to create shortcut, err: %v", err)
}
if err := s.createShortcutCreateActivity(ctx, shortcut); err != nil {
return nil, status.Errorf(codes.Internal, "failed to create activity, err: %v", err)
}
composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
}
response := &apiv1pb.CreateShortcutResponse{
Shortcut: composedShortcut,
}
return response, nil
}
func (s *APIV2Service) UpdateShortcut(ctx context.Context, request *apiv1pb.UpdateShortcutRequest) (*apiv1pb.UpdateShortcutResponse, error) {
if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
return nil, status.Errorf(codes.InvalidArgument, "updateMask is required")
}
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
ID: &request.Shortcut.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get shortcut by id: %v", err)
}
if shortcut == nil {
return nil, status.Errorf(codes.NotFound, "shortcut not found")
}
if shortcut.CreatorId != user.ID && user.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
update := &store.UpdateShortcut{
ID: shortcut.Id,
}
for _, path := range request.UpdateMask.Paths {
switch path {
case "name":
update.Name = &request.Shortcut.Name
case "link":
update.Link = &request.Shortcut.Link
case "title":
update.Title = &request.Shortcut.Title
case "description":
update.Description = &request.Shortcut.Description
case "tags":
tag := strings.Join(request.Shortcut.Tags, " ")
update.Tag = &tag
case "visibility":
visibility := store.Visibility(request.Shortcut.Visibility.String())
update.Visibility = &visibility
case "og_metadata":
if request.Shortcut.OgMetadata != nil {
update.OpenGraphMetadata = &storepb.OpenGraphMetadata{
Title: request.Shortcut.OgMetadata.Title,
Description: request.Shortcut.OgMetadata.Description,
Image: request.Shortcut.OgMetadata.Image,
}
}
}
}
shortcut, err = s.Store.UpdateShortcut(ctx, update)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to update shortcut, err: %v", err)
}
composedShortcut, err := s.convertShortcutFromStorepb(ctx, shortcut)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to convert shortcut, err: %v", err)
}
response := &apiv1pb.UpdateShortcutResponse{
Shortcut: composedShortcut,
}
return response, nil
}
func (s *APIV2Service) DeleteShortcut(ctx context.Context, request *apiv1pb.DeleteShortcutRequest) (*apiv1pb.DeleteShortcutResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
ID: &request.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get shortcut by id: %v", err)
}
if shortcut == nil {
return nil, status.Errorf(codes.NotFound, "shortcut not found")
}
if shortcut.CreatorId != user.ID && user.Role != store.RoleAdmin {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
err = s.Store.DeleteShortcut(ctx, &store.DeleteShortcut{
ID: shortcut.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to delete shortcut, err: %v", err)
}
response := &apiv1pb.DeleteShortcutResponse{}
return response, nil
}
func (s *APIV2Service) GetShortcutAnalytics(ctx context.Context, request *apiv1pb.GetShortcutAnalyticsRequest) (*apiv1pb.GetShortcutAnalyticsResponse, error) {
shortcut, err := s.Store.GetShortcut(ctx, &store.FindShortcut{
ID: &request.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get shortcut by id: %v", err)
}
if shortcut == nil {
return nil, status.Errorf(codes.NotFound, "shortcut not found")
}
activities, err := s.Store.ListActivities(ctx, &store.FindActivity{
Type: store.ActivityShortcutView,
PayloadShortcutID: &shortcut.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get activities, err: %v", err)
}
referenceMap := make(map[string]int32)
deviceMap := make(map[string]int32)
browserMap := make(map[string]int32)
for _, activity := range activities {
payload := &storepb.ActivityShorcutViewPayload{}
if err := protojson.Unmarshal([]byte(activity.Payload), payload); err != nil {
return nil, status.Error(codes.Internal, fmt.Sprintf("failed to unmarshal payload, err: %v", err))
}
if _, ok := referenceMap[payload.Referer]; !ok {
referenceMap[payload.Referer] = 0
}
referenceMap[payload.Referer]++
ua := useragent.New(payload.UserAgent)
deviceName := ua.OSInfo().Name
browserName, _ := ua.Browser()
if _, ok := deviceMap[deviceName]; !ok {
deviceMap[deviceName] = 0
}
deviceMap[deviceName]++
if _, ok := browserMap[browserName]; !ok {
browserMap[browserName] = 0
}
browserMap[browserName]++
}
metric.Enqueue("shortcut analytics")
response := &apiv1pb.GetShortcutAnalyticsResponse{
References: mapToAnalyticsSlice(referenceMap),
Devices: mapToAnalyticsSlice(deviceMap),
Browsers: mapToAnalyticsSlice(browserMap),
}
return response, nil
}
func mapToAnalyticsSlice(m map[string]int32) []*apiv1pb.GetShortcutAnalyticsResponse_AnalyticsItem {
analyticsSlice := make([]*apiv1pb.GetShortcutAnalyticsResponse_AnalyticsItem, 0)
for key, value := range m {
analyticsSlice = append(analyticsSlice, &apiv1pb.GetShortcutAnalyticsResponse_AnalyticsItem{
Name: key,
Count: value,
})
}
slices.SortFunc(analyticsSlice, func(i, j *apiv1pb.GetShortcutAnalyticsResponse_AnalyticsItem) int {
return int(i.Count - j.Count)
})
return analyticsSlice
}
func (s *APIV2Service) createShortcutViewActivity(ctx context.Context, shortcut *storepb.Shortcut) error {
p, _ := peer.FromContext(ctx)
headers, ok := metadata.FromIncomingContext(ctx)
if !ok {
return errors.New("Failed to get metadata from context")
}
payload := &storepb.ActivityShorcutViewPayload{
ShortcutId: shortcut.Id,
Ip: p.Addr.String(),
Referer: headers.Get("referer")[0],
UserAgent: headers.Get("user-agent")[0],
}
payloadStr, err := protojson.Marshal(payload)
if err != nil {
return errors.Wrap(err, "Failed to marshal activity payload")
}
activity := &store.Activity{
CreatorID: BotID,
Type: store.ActivityShortcutView,
Level: store.ActivityInfo,
Payload: string(payloadStr),
}
_, err = s.Store.CreateActivity(ctx, activity)
if err != nil {
return errors.Wrap(err, "Failed to create activity")
}
return nil
}
func (s *APIV2Service) createShortcutCreateActivity(ctx context.Context, shortcut *storepb.Shortcut) error {
payload := &storepb.ActivityShorcutCreatePayload{
ShortcutId: shortcut.Id,
}
payloadStr, err := protojson.Marshal(payload)
if err != nil {
return errors.Wrap(err, "Failed to marshal activity payload")
}
activity := &store.Activity{
CreatorID: shortcut.CreatorId,
Type: store.ActivityShortcutCreate,
Level: store.ActivityInfo,
Payload: string(payloadStr),
}
_, err = s.Store.CreateActivity(ctx, activity)
if err != nil {
return errors.Wrap(err, "Failed to create activity")
}
return nil
}
func (s *APIV2Service) convertShortcutFromStorepb(ctx context.Context, shortcut *storepb.Shortcut) (*apiv1pb.Shortcut, error) {
composedShortcut := &apiv1pb.Shortcut{
Id: shortcut.Id,
CreatorId: shortcut.CreatorId,
CreatedTime: timestamppb.New(time.Unix(shortcut.CreatedTs, 0)),
UpdatedTime: timestamppb.New(time.Unix(shortcut.UpdatedTs, 0)),
RowStatus: apiv1pb.RowStatus(shortcut.RowStatus),
Name: shortcut.Name,
Link: shortcut.Link,
Title: shortcut.Title,
Tags: shortcut.Tags,
Description: shortcut.Description,
Visibility: apiv1pb.Visibility(shortcut.Visibility),
OgMetadata: &apiv1pb.OpenGraphMetadata{
Title: shortcut.OgMetadata.Title,
Description: shortcut.OgMetadata.Description,
Image: shortcut.OgMetadata.Image,
},
}
activityList, err := s.Store.ListActivities(ctx, &store.FindActivity{
Type: store.ActivityShortcutView,
Level: store.ActivityInfo,
PayloadShortcutID: &composedShortcut.Id,
})
if err != nil {
return nil, errors.Wrap(err, "Failed to list activities")
}
composedShortcut.ViewCount = int32(len(activityList))
return composedShortcut, nil
}

30
server/route/api/v1/subscription_service.go Normal file
View File

@ -0,0 +1,30 @@
package v1
import (
"context"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
)
func (s *APIV2Service) GetSubscription(ctx context.Context, _ *apiv1pb.GetSubscriptionRequest) (*apiv1pb.GetSubscriptionResponse, error) {
subscription, err := s.LicenseService.LoadSubscription(ctx)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to load subscription: %v", err)
}
return &apiv1pb.GetSubscriptionResponse{
Subscription: subscription,
}, nil
}
func (s *APIV2Service) UpdateSubscription(ctx context.Context, request *apiv1pb.UpdateSubscriptionRequest) (*apiv1pb.UpdateSubscriptionResponse, error) {
subscription, err := s.LicenseService.UpdateSubscription(ctx, request.LicenseKey)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to load subscription: %v", err)
}
return &apiv1pb.UpdateSubscriptionResponse{
Subscription: subscription,
}, nil
}

322
server/route/api/v1/user_service.go Normal file
View File

@ -0,0 +1,322 @@
package v1
import (
"context"
"time"
"github.com/golang-jwt/jwt/v4"
"github.com/pkg/errors"
"golang.org/x/crypto/bcrypt"
"golang.org/x/exp/slices"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/timestamppb"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/server/route/auth"
"github.com/yourselfhosted/slash/server/service/license"
"github.com/yourselfhosted/slash/store"
)
const (
// BotID is the id of bot.
BotID = 0
)
func (s *APIV2Service) ListUsers(ctx context.Context, _ *apiv1pb.ListUsersRequest) (*apiv1pb.ListUsersResponse, error) {
users, err := s.Store.ListUsers(ctx, &store.FindUser{})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list users: %v", err)
}
userMessages := []*apiv1pb.User{}
for _, user := range users {
userMessages = append(userMessages, convertUserFromStore(user))
}
response := &apiv1pb.ListUsersResponse{
Users: userMessages,
}
return response, nil
}
func (s *APIV2Service) GetUser(ctx context.Context, request *apiv1pb.GetUserRequest) (*apiv1pb.GetUserResponse, error) {
user, err := s.Store.GetUser(ctx, &store.FindUser{
ID: &request.Id,
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to find user: %v", err)
}
if user == nil {
return nil, status.Errorf(codes.NotFound, "user not found")
}
userMessage := convertUserFromStore(user)
response := &apiv1pb.GetUserResponse{
User: userMessage,
}
return response, nil
}
func (s *APIV2Service) CreateUser(ctx context.Context, request *apiv1pb.CreateUserRequest) (*apiv1pb.CreateUserResponse, error) {
passwordHash, err := bcrypt.GenerateFromPassword([]byte(request.User.Password), bcrypt.DefaultCost)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to hash password: %v", err)
}
if !s.LicenseService.IsFeatureEnabled(license.FeatureTypeUnlimitedAccounts) {
userList, err := s.Store.ListUsers(ctx, &store.FindUser{})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list users: %v", err)
}
if len(userList) >= 5 {
return nil, status.Errorf(codes.ResourceExhausted, "maximum number of users reached")
}
}
user, err := s.Store.CreateUser(ctx, &store.User{
Email: request.User.Email,
Nickname: request.User.Nickname,
Role: store.RoleUser,
PasswordHash: string(passwordHash),
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to create user: %v", err)
}
response := &apiv1pb.CreateUserResponse{
User: convertUserFromStore(user),
}
return response, nil
}
func (s *APIV2Service) UpdateUser(ctx context.Context, request *apiv1pb.UpdateUserRequest) (*apiv1pb.UpdateUserResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
if user.ID != request.User.Id {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
return nil, status.Errorf(codes.InvalidArgument, "UpdateMask is empty")
}
userUpdate := &store.UpdateUser{
ID: request.User.Id,
}
for _, path := range request.UpdateMask.Paths {
if path == "email" {
userUpdate.Email = &request.User.Email
} else if path == "nickname" {
userUpdate.Nickname = &request.User.Nickname
}
}
user, err = s.Store.UpdateUser(ctx, userUpdate)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to update user: %v", err)
}
return &apiv1pb.UpdateUserResponse{
User: convertUserFromStore(user),
}, nil
}
func (s *APIV2Service) DeleteUser(ctx context.Context, request *apiv1pb.DeleteUserRequest) (*apiv1pb.DeleteUserResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
if user.ID == request.Id {
return nil, status.Errorf(codes.InvalidArgument, "cannot delete yourself")
}
if err := s.Store.DeleteUser(ctx, &store.DeleteUser{ID: request.Id}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to delete user: %v", err)
}
response := &apiv1pb.DeleteUserResponse{}
return response, nil
}
func (s *APIV2Service) ListUserAccessTokens(ctx context.Context, request *apiv1pb.ListUserAccessTokensRequest) (*apiv1pb.ListUserAccessTokensResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
if user.ID != request.Id {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
}
accessTokens := []*apiv1pb.UserAccessToken{}
for _, userAccessToken := range userAccessTokens {
claims := &auth.ClaimsMessage{}
_, err := jwt.ParseWithClaims(userAccessToken.AccessToken, claims, func(t *jwt.Token) (any, error) {
if t.Method.Alg() != jwt.SigningMethodHS256.Name {
return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
}
if kid, ok := t.Header["kid"].(string); ok {
if kid == "v1" {
return []byte(s.Secret), nil
}
}
return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
})
if err != nil {
// If the access token is invalid or expired, just ignore it.
continue
}
userAccessToken := &apiv1pb.UserAccessToken{
AccessToken: userAccessToken.AccessToken,
Description: userAccessToken.Description,
IssuedAt: timestamppb.New(claims.IssuedAt.Time),
}
if claims.ExpiresAt != nil {
userAccessToken.ExpiresAt = timestamppb.New(claims.ExpiresAt.Time)
}
accessTokens = append(accessTokens, userAccessToken)
}
// Sort by issued time in descending order.
slices.SortFunc(accessTokens, func(i, j *apiv1pb.UserAccessToken) int {
return int(i.IssuedAt.Seconds - j.IssuedAt.Seconds)
})
response := &apiv1pb.ListUserAccessTokensResponse{
AccessTokens: accessTokens,
}
return response, nil
}
func (s *APIV2Service) CreateUserAccessToken(ctx context.Context, request *apiv1pb.CreateUserAccessTokenRequest) (*apiv1pb.CreateUserAccessTokenResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
if user.ID != request.Id {
return nil, status.Errorf(codes.PermissionDenied, "Permission denied")
}
expiresAt := time.Time{}
if request.ExpiresAt != nil {
expiresAt = request.ExpiresAt.AsTime()
}
accessToken, err := auth.GenerateAccessToken(user.Email, user.ID, expiresAt, []byte(s.Secret))
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to generate access token: %v", err)
}
claims := &auth.ClaimsMessage{}
_, err = jwt.ParseWithClaims(accessToken, claims, func(t *jwt.Token) (any, error) {
if t.Method.Alg() != jwt.SigningMethodHS256.Name {
return nil, errors.Errorf("unexpected access token signing method=%v, expect %v", t.Header["alg"], jwt.SigningMethodHS256)
}
if kid, ok := t.Header["kid"].(string); ok {
if kid == "v1" {
return []byte(s.Secret), nil
}
}
return nil, errors.Errorf("unexpected access token kid=%v", t.Header["kid"])
})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to parse access token: %v", err)
}
// Upsert the access token to user setting store.
if err := s.UpsertAccessTokenToStore(ctx, user, accessToken, request.Description); err != nil {
return nil, status.Errorf(codes.Internal, "failed to upsert access token to store: %v", err)
}
userAccessToken := &apiv1pb.UserAccessToken{
AccessToken: accessToken,
Description: request.Description,
IssuedAt: timestamppb.New(claims.IssuedAt.Time),
}
if claims.ExpiresAt != nil {
userAccessToken.ExpiresAt = timestamppb.New(claims.ExpiresAt.Time)
}
response := &apiv1pb.CreateUserAccessTokenResponse{
AccessToken: userAccessToken,
}
return response, nil
}
func (s *APIV2Service) DeleteUserAccessToken(ctx context.Context, request *apiv1pb.DeleteUserAccessTokenRequest) (*apiv1pb.DeleteUserAccessTokenResponse, error) {
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list access tokens: %v", err)
}
updatedUserAccessTokens := []*storepb.AccessTokensUserSetting_AccessToken{}
for _, userAccessToken := range userAccessTokens {
if userAccessToken.AccessToken == request.AccessToken {
continue
}
updatedUserAccessTokens = append(updatedUserAccessTokens, userAccessToken)
}
if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
UserId: user.ID,
Key: storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
Value: &storepb.UserSetting_AccessTokens{
AccessTokens: &storepb.AccessTokensUserSetting{
AccessTokens: updatedUserAccessTokens,
},
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to upsert user setting: %v", err)
}
return &apiv1pb.DeleteUserAccessTokenResponse{}, nil
}
func (s *APIV2Service) UpsertAccessTokenToStore(ctx context.Context, user *store.User, accessToken, description string) error {
userAccessTokens, err := s.Store.GetUserAccessTokens(ctx, user.ID)
if err != nil {
return errors.Wrap(err, "failed to get user access tokens")
}
userAccessToken := storepb.AccessTokensUserSetting_AccessToken{
AccessToken: accessToken,
Description: description,
}
userAccessTokens = append(userAccessTokens, &userAccessToken)
if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
UserId: user.ID,
Key: storepb.UserSettingKey_USER_SETTING_ACCESS_TOKENS,
Value: &storepb.UserSetting_AccessTokens{
AccessTokens: &storepb.AccessTokensUserSetting{
AccessTokens: userAccessTokens,
},
},
}); err != nil {
return errors.Wrap(err, "failed to upsert user setting")
}
return nil
}
func convertUserFromStore(user *store.User) *apiv1pb.User {
return &apiv1pb.User{
Id: int32(user.ID),
RowStatus: convertRowStatusFromStore(user.RowStatus),
CreatedTime: timestamppb.New(time.Unix(user.CreatedTs, 0)),
UpdatedTime: timestamppb.New(time.Unix(user.UpdatedTs, 0)),
Role: convertUserRoleFromStore(user.Role),
Email: user.Email,
Nickname: user.Nickname,
}
}
func convertUserRoleFromStore(role store.Role) apiv1pb.Role {
switch role {
case store.RoleAdmin:
return apiv1pb.Role_ADMIN
case store.RoleUser:
return apiv1pb.Role_USER
default:
return apiv1pb.Role_ROLE_UNSPECIFIED
}
}

138
server/route/api/v1/user_setting_service.go Normal file
View File

@ -0,0 +1,138 @@
package v1
import (
"context"
"github.com/pkg/errors"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/store"
)
func (s *APIV2Service) GetUserSetting(ctx context.Context, request *apiv1pb.GetUserSettingRequest) (*apiv1pb.GetUserSettingResponse, error) {
userSetting, err := getUserSetting(ctx, s.Store, request.Id)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get user setting: %v", err)
}
return &apiv1pb.GetUserSettingResponse{
UserSetting: userSetting,
}, nil
}
func (s *APIV2Service) UpdateUserSetting(ctx context.Context, request *apiv1pb.UpdateUserSettingRequest) (*apiv1pb.UpdateUserSettingResponse, error) {
if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
return nil, status.Errorf(codes.InvalidArgument, "update mask is empty")
}
user, err := getCurrentUser(ctx, s.Store)
if err != nil {
return nil, status.Errorf(codes.Unauthenticated, "failed to get current user: %v", err)
}
for _, path := range request.UpdateMask.Paths {
if path == "locale" {
if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
UserId: user.ID,
Key: storepb.UserSettingKey_USER_SETTING_LOCALE,
Value: &storepb.UserSetting_Locale{
Locale: convertUserSettingLocaleToStore(request.UserSetting.Locale),
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to update user setting: %v", err)
}
} else if path == "color_theme" {
if _, err := s.Store.UpsertUserSetting(ctx, &storepb.UserSetting{
UserId: user.ID,
Key: storepb.UserSettingKey_USER_SETTING_COLOR_THEME,
Value: &storepb.UserSetting_ColorTheme{
ColorTheme: convertUserSettingColorThemeToStore(request.UserSetting.ColorTheme),
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to update user setting: %v", err)
}
} else {
return nil, status.Errorf(codes.InvalidArgument, "invalid path: %s", path)
}
}
userSetting, err := getUserSetting(ctx, s.Store, request.Id)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get user setting: %v", err)
}
return &apiv1pb.UpdateUserSettingResponse{
UserSetting: userSetting,
}, nil
}
func getUserSetting(ctx context.Context, s *store.Store, userID int32) (*apiv1pb.UserSetting, error) {
userSettings, err := s.ListUserSettings(ctx, &store.FindUserSetting{
UserID: &userID,
})
if err != nil {
return nil, errors.Wrap(err, "failed to find user setting")
}
userSetting := &apiv1pb.UserSetting{
Id: userID,
Locale: apiv1pb.UserSetting_LOCALE_EN,
ColorTheme: apiv1pb.UserSetting_COLOR_THEME_SYSTEM,
}
for _, setting := range userSettings {
if setting.Key == storepb.UserSettingKey_USER_SETTING_LOCALE {
userSetting.Locale = convertUserSettingLocaleFromStore(setting.GetLocale())
} else if setting.Key == storepb.UserSettingKey_USER_SETTING_COLOR_THEME {
userSetting.ColorTheme = convertUserSettingColorThemeFromStore(setting.GetColorTheme())
}
}
return userSetting, nil
}
func convertUserSettingLocaleToStore(locale apiv1pb.UserSetting_Locale) storepb.LocaleUserSetting {
switch locale {
case apiv1pb.UserSetting_LOCALE_EN:
return storepb.LocaleUserSetting_LOCALE_USER_SETTING_EN
case apiv1pb.UserSetting_LOCALE_ZH:
return storepb.LocaleUserSetting_LOCALE_USER_SETTING_ZH
default:
return storepb.LocaleUserSetting_LOCALE_USER_SETTING_UNSPECIFIED
}
}
func convertUserSettingLocaleFromStore(locale storepb.LocaleUserSetting) apiv1pb.UserSetting_Locale {
switch locale {
case storepb.LocaleUserSetting_LOCALE_USER_SETTING_EN:
return apiv1pb.UserSetting_LOCALE_EN
case storepb.LocaleUserSetting_LOCALE_USER_SETTING_ZH:
return apiv1pb.UserSetting_LOCALE_ZH
default:
return apiv1pb.UserSetting_LOCALE_UNSPECIFIED
}
}
func convertUserSettingColorThemeToStore(colorTheme apiv1pb.UserSetting_ColorTheme) storepb.ColorThemeUserSetting {
switch colorTheme {
case apiv1pb.UserSetting_COLOR_THEME_SYSTEM:
return storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_SYSTEM
case apiv1pb.UserSetting_COLOR_THEME_LIGHT:
return storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_LIGHT
case apiv1pb.UserSetting_COLOR_THEME_DARK:
return storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_DARK
default:
return storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_UNSPECIFIED
}
}
func convertUserSettingColorThemeFromStore(colorTheme storepb.ColorThemeUserSetting) apiv1pb.UserSetting_ColorTheme {
switch colorTheme {
case storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_SYSTEM:
return apiv1pb.UserSetting_COLOR_THEME_SYSTEM
case storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_LIGHT:
return apiv1pb.UserSetting_COLOR_THEME_LIGHT
case storepb.ColorThemeUserSetting_COLOR_THEME_USER_SETTING_DARK:
return apiv1pb.UserSetting_COLOR_THEME_DARK
default:
return apiv1pb.UserSetting_COLOR_THEME_UNSPECIFIED
}
}

123
server/route/api/v1/v1.go Normal file
View File

@ -0,0 +1,123 @@
package v1
import (
"context"
"fmt"
"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
"github.com/improbable-eng/grpc-web/go/grpcweb"
"github.com/labstack/echo/v4"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
"google.golang.org/grpc/reflection"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
"github.com/yourselfhosted/slash/server/profile"
"github.com/yourselfhosted/slash/server/service/license"
"github.com/yourselfhosted/slash/store"
)
type APIV2Service struct {
apiv1pb.UnimplementedWorkspaceServiceServer
apiv1pb.UnimplementedSubscriptionServiceServer
apiv1pb.UnimplementedAuthServiceServer
apiv1pb.UnimplementedUserServiceServer
apiv1pb.UnimplementedUserSettingServiceServer
apiv1pb.UnimplementedShortcutServiceServer
apiv1pb.UnimplementedCollectionServiceServer
apiv1pb.UnimplementedMemoServiceServer
Secret string
Profile *profile.Profile
Store *store.Store
LicenseService *license.LicenseService
grpcServer *grpc.Server
grpcServerPort int
}
func NewAPIV2Service(secret string, profile *profile.Profile, store *store.Store, licenseService *license.LicenseService, grpcServerPort int) *APIV2Service {
authProvider := NewGRPCAuthInterceptor(store, secret)
grpcServer := grpc.NewServer(
grpc.ChainUnaryInterceptor(
authProvider.AuthenticationInterceptor,
),
)
apiV2Service := &APIV2Service{
Secret: secret,
Profile: profile,
Store: store,
LicenseService: licenseService,
grpcServer: grpcServer,
grpcServerPort: grpcServerPort,
}
apiv1pb.RegisterSubscriptionServiceServer(grpcServer, apiV2Service)
apiv1pb.RegisterWorkspaceServiceServer(grpcServer, apiV2Service)
apiv1pb.RegisterAuthServiceServer(grpcServer, apiV2Service)
apiv1pb.RegisterUserServiceServer(grpcServer, apiV2Service)
apiv1pb.RegisterUserSettingServiceServer(grpcServer, apiV2Service)
apiv1pb.RegisterShortcutServiceServer(grpcServer, apiV2Service)
apiv1pb.RegisterCollectionServiceServer(grpcServer, apiV2Service)
apiv1pb.RegisterMemoServiceServer(grpcServer, apiV2Service)
reflection.Register(grpcServer)
return apiV2Service
}
func (s *APIV2Service) GetGRPCServer() *grpc.Server {
return s.grpcServer
}
// RegisterGateway registers the gRPC-Gateway with the given Echo instance.
func (s *APIV2Service) RegisterGateway(ctx context.Context, e *echo.Echo) error {
// Create a client connection to the gRPC Server we just started.
// This is where the gRPC-Gateway proxies the requests.
conn, err := grpc.DialContext(
ctx,
fmt.Sprintf(":%d", s.grpcServerPort),
grpc.WithTransportCredentials(insecure.NewCredentials()),
)
if err != nil {
return err
}
gwMux := runtime.NewServeMux()
if err := apiv1pb.RegisterSubscriptionServiceHandler(context.Background(), gwMux, conn); err != nil {
return err
}
if err := apiv1pb.RegisterWorkspaceServiceHandler(context.Background(), gwMux, conn); err != nil {
return err
}
if err := apiv1pb.RegisterAuthServiceHandler(context.Background(), gwMux, conn); err != nil {
return err
}
if err := apiv1pb.RegisterUserServiceHandler(context.Background(), gwMux, conn); err != nil {
return err
}
if err := apiv1pb.RegisterUserSettingServiceHandler(context.Background(), gwMux, conn); err != nil {
return err
}
if err := apiv1pb.RegisterShortcutServiceHandler(context.Background(), gwMux, conn); err != nil {
return err
}
if err := apiv1pb.RegisterCollectionServiceHandler(context.Background(), gwMux, conn); err != nil {
return err
}
if err := apiv1pb.RegisterMemoServiceHandler(context.Background(), gwMux, conn); err != nil {
return err
}
e.Any("/api/v1/*", echo.WrapHandler(gwMux))
// GRPC web proxy.
options := []grpcweb.Option{
grpcweb.WithCorsForRegisteredEndpointsOnly(false),
grpcweb.WithOriginFunc(func(_ string) bool {
return true
}),
}
wrappedGrpc := grpcweb.WrapServer(s.grpcServer, options...)
e.Any("/slash.api.v1.*", echo.WrapHandler(wrappedGrpc))
return nil
}

157
server/route/api/v1/workspace_service.go Normal file
View File

@ -0,0 +1,157 @@
package v1
import (
"context"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
apiv1pb "github.com/yourselfhosted/slash/proto/gen/api/v1"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/store"
)
func (s *APIV2Service) GetWorkspaceProfile(ctx context.Context, _ *apiv1pb.GetWorkspaceProfileRequest) (*apiv1pb.GetWorkspaceProfileResponse, error) {
profile := &apiv1pb.WorkspaceProfile{
Mode: s.Profile.Mode,
Version: s.Profile.Version,
Plan: apiv1pb.PlanType_FREE,
}
// Load subscription plan from license service.
subscription, err := s.LicenseService.GetSubscription(ctx)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get subscription: %v", err)
}
profile.Plan = subscription.Plan
workspaceSetting, err := s.GetWorkspaceSetting(ctx, &apiv1pb.GetWorkspaceSettingRequest{})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get workspace setting: %v", err)
}
if workspaceSetting != nil {
setting := workspaceSetting.GetSetting()
profile.EnableSignup = setting.GetEnableSignup()
profile.CustomStyle = setting.GetCustomStyle()
profile.CustomScript = setting.GetCustomScript()
}
return &apiv1pb.GetWorkspaceProfileResponse{
Profile: profile,
}, nil
}
func (s *APIV2Service) GetWorkspaceSetting(ctx context.Context, _ *apiv1pb.GetWorkspaceSettingRequest) (*apiv1pb.GetWorkspaceSettingResponse, error) {
isAdmin := false
userID, ok := ctx.Value(userIDContextKey).(int32)
if ok {
user, err := s.Store.GetUser(ctx, &store.FindUser{ID: &userID})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get user: %v", err)
}
if user.Role == store.RoleAdmin {
isAdmin = true
}
}
workspaceSettings, err := s.Store.ListWorkspaceSettings(ctx, &store.FindWorkspaceSetting{})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to list workspace settings: %v", err)
}
workspaceSetting := &apiv1pb.WorkspaceSetting{
EnableSignup: true,
}
for _, v := range workspaceSettings {
if v.Key == storepb.WorkspaceSettingKey_WORKSAPCE_SETTING_ENABLE_SIGNUP {
workspaceSetting.EnableSignup = v.GetEnableSignup()
} else if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_INSTANCE_URL {
workspaceSetting.InstanceUrl = v.GetInstanceUrl()
} else if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_CUSTOM_STYLE {
workspaceSetting.CustomStyle = v.GetCustomStyle()
} else if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_CUSTOM_SCRIPT {
workspaceSetting.CustomScript = v.GetCustomScript()
} else if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_DEFAULT_VISIBILITY {
workspaceSetting.DefaultVisibility = apiv1pb.Visibility(v.GetDefaultVisibility())
} else if isAdmin {
// For some settings, only admin can get the value.
if v.Key == storepb.WorkspaceSettingKey_WORKSPACE_SETTING_LICENSE_KEY {
workspaceSetting.LicenseKey = v.GetLicenseKey()
}
}
}
return &apiv1pb.GetWorkspaceSettingResponse{
Setting: workspaceSetting,
}, nil
}
func (s *APIV2Service) UpdateWorkspaceSetting(ctx context.Context, request *apiv1pb.UpdateWorkspaceSettingRequest) (*apiv1pb.UpdateWorkspaceSettingResponse, error) {
if request.UpdateMask == nil || len(request.UpdateMask.Paths) == 0 {
return nil, status.Errorf(codes.InvalidArgument, "update mask is empty")
}
for _, path := range request.UpdateMask.Paths {
if path == "license_key" {
if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_LICENSE_KEY,
Value: &storepb.WorkspaceSetting_LicenseKey{
LicenseKey: request.Setting.LicenseKey,
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
}
} else if path == "enable_signup" {
if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
Key: storepb.WorkspaceSettingKey_WORKSAPCE_SETTING_ENABLE_SIGNUP,
Value: &storepb.WorkspaceSetting_EnableSignup{
EnableSignup: request.Setting.EnableSignup,
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
}
} else if path == "instance_url" {
if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_INSTANCE_URL,
Value: &storepb.WorkspaceSetting_InstanceUrl{
InstanceUrl: request.Setting.InstanceUrl,
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
}
} else if path == "custom_style" {
if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_CUSTOM_STYLE,
Value: &storepb.WorkspaceSetting_CustomStyle{
CustomStyle: request.Setting.CustomStyle,
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
}
} else if path == "custom_script" {
if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_CUSTOM_SCRIPT,
Value: &storepb.WorkspaceSetting_CustomScript{
CustomScript: request.Setting.CustomScript,
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
}
} else if path == "default_visibility" {
if _, err := s.Store.UpsertWorkspaceSetting(ctx, &storepb.WorkspaceSetting{
Key: storepb.WorkspaceSettingKey_WORKSPACE_SETTING_DEFAULT_VISIBILITY,
Value: &storepb.WorkspaceSetting_DefaultVisibility{
DefaultVisibility: storepb.Visibility(request.Setting.DefaultVisibility),
},
}); err != nil {
return nil, status.Errorf(codes.Internal, "failed to update workspace setting: %v", err)
}
} else {
return nil, status.Errorf(codes.InvalidArgument, "invalid path: %s", path)
}
}
getWorkspaceSettingResponse, err := s.GetWorkspaceSetting(ctx, &apiv1pb.GetWorkspaceSettingRequest{})
if err != nil {
return nil, status.Errorf(codes.Internal, "failed to get workspace setting: %v", err)
}
return &apiv1pb.UpdateWorkspaceSettingResponse{
Setting: getWorkspaceSettingResponse.Setting,
}, nil
}

64
server/route/auth/auth.go Normal file
View File

@ -0,0 +1,64 @@
package auth
import (
"fmt"
"time"
"github.com/golang-jwt/jwt/v4"
)
const (
// issuer is the issuer of the jwt token.
Issuer = "slash"
// Signing key section. For now, this is only used for signing, not for verifying since we only
// have 1 version. But it will be used to maintain backward compatibility if we change the signing mechanism.
KeyID = "v1"
// AccessTokenAudienceName is the audience name of the access token.
AccessTokenAudienceName = "user.access-token"
AccessTokenDuration = 7 * 24 * time.Hour
// CookieExpDuration expires slightly earlier than the jwt expiration. Client would be logged out if the user
// cookie expires, thus the client would always logout first before attempting to make a request with the expired jwt.
CookieExpDuration = AccessTokenDuration - 1*time.Minute
// AccessTokenCookieName is the cookie name of access token.
AccessTokenCookieName = "slash.access-token"
)
type ClaimsMessage struct {
Name string `json:"name"`
jwt.RegisteredClaims
}
// GenerateAccessToken generates an access token.
// username is the email of the user.
func GenerateAccessToken(username string, userID int32, expirationTime time.Time, secret []byte) (string, error) {
return generateToken(username, userID, AccessTokenAudienceName, expirationTime, secret)
}
// generateToken generates a jwt token.
func generateToken(username string, userID int32, audience string, expirationTime time.Time, secret []byte) (string, error) {
registeredClaims := jwt.RegisteredClaims{
Issuer: Issuer,
Audience: jwt.ClaimStrings{audience},
IssuedAt: jwt.NewNumericDate(time.Now()),
Subject: fmt.Sprint(userID),
}
if !expirationTime.IsZero() {
registeredClaims.ExpiresAt = jwt.NewNumericDate(expirationTime)
}
// Declare the token with the HS256 algorithm used for signing, and the claims.
token := jwt.NewWithClaims(jwt.SigningMethodHS256, &ClaimsMessage{
Name: username,
RegisteredClaims: registeredClaims,
})
token.Header["kid"] = KeyID
// Create the JWT string.
tokenString, err := token.SignedString(secret)
if err != nil {
return "", err
}
return tokenString, nil
}

2
server/server.go
View File

@ -14,11 +14,11 @@ import (
"github.com/pkg/errors"
"go.uber.org/zap"
apiv1 "github.com/yourselfhosted/slash/api/v1"
"github.com/yourselfhosted/slash/internal/log"
storepb "github.com/yourselfhosted/slash/proto/gen/store"
"github.com/yourselfhosted/slash/server/metric"
"github.com/yourselfhosted/slash/server/profile"
apiv1 "github.com/yourselfhosted/slash/server/route/api/v1"
"github.com/yourselfhosted/slash/server/service/license"
"github.com/yourselfhosted/slash/server/service/resource"
"github.com/yourselfhosted/slash/store"