pcmt/app/routes.go

// Copyright 2023 wanderer <a_mirre at utb dot cz>
// SPDX-License-Identifier: AGPL-3.0-only

package app

import (
	"net/http"

	"git.dotya.ml/mirre-mt/pcmt/handlers"
	modtmpl "git.dotya.ml/mirre-mt/pcmt/modules/template"
	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
)

func (a *App) SetupRoutes() error {
	e := a.E()
	setting := a.setting
	assets := http.FileServer(a.getAssets())
	tmpls := a.getTemplates()

	modtmpl.Init(setting, tmpls)
	handlers.SetDBClient(a.db)
	// run this before declaring any handler funcs.
	handlers.InitHandlers(setting)

	e.Renderer = modtmpl.Renderer

	compress, err := handlers.WrapMiddlewareCompress()
	if err != nil {
		return err
	}

	xsrf := a.csrfConfig()

	// keep /static/* as a compatibility fallback for /assets.
	e.GET(
		"/static/*",
		func(c echo.Context) error {
			return c.Redirect(http.StatusMovedPermanently, c.Request().URL.Path)
		},
		middleware.Rewrite(
			map[string]string{"/static/*": "/assets/$1"},
		),
	)
	// alternative:
	// e.GET("/static/*", echo.WrapHandler(http.StripPrefix("/static/", assets)))
	e.GET("/assets/*", echo.WrapHandler(http.StripPrefix("/assets/", assets)), handlers.MiddlewareCache, compress)
	e.HEAD("/assets/*", echo.WrapHandler(http.StripPrefix("/assets/", assets)), handlers.MiddlewareCache, compress)

	e.GET("/healthz", handlers.Healthz())
	e.GET("/health", handlers.Healthz())

	base := e.Group("", xsrf)

	base.GET("/", handlers.Index(), compress)
	base.HEAD("/", handlers.Index())
	base.GET("/signin", handlers.Signin(), compress)
	base.POST("/signin", handlers.SigninPost(a.db))

	if a.setting.RegistrationAllowed {
		base.GET("/signup", handlers.Signup(), compress)
		base.POST("/signup", handlers.SignupPost(a.db))
	}

	base.GET("/home", handlers.Home(a.db))

	// handle weird attempts here.
	base.POST("/signin/*", func(c echo.Context) error {
		return c.NoContent(http.StatusNotFound)
	})
	base.POST("/signup/*", func(c echo.Context) error {
		return c.NoContent(http.StatusNotFound)
	})

	user := e.Group("/user", handlers.MiddlewareSession, xsrf)

	user.GET("/initial-password-change", handlers.InitialPasswordChange())
	user.POST("/initial-password-change", handlers.InitialPasswordChange())
	user.GET("/hibp-search", handlers.GetSearchHIBP())
	user.POST("/hibp-search", handlers.SearchHIBP())
	user.GET("/hibp-breach-details/:name", handlers.ViewHIBP())

	manage := e.Group("/manage", handlers.MiddlewareSession, xsrf)

	manage.GET("/api-keys", handlers.ManageAPIKeys(), compress)
	manage.GET("/users", handlers.ManageUsers(), compress)
	manage.GET("/users/new", handlers.ManageUsers(), compress)
	manage.POST("/users/create", handlers.CreateUser())
	manage.GET("/users/:id", handlers.ViewUser(), compress)
	manage.GET("/users/:id/edit", handlers.EditUser(), handlers.MiddlewareCache, compress)
	manage.GET("/users/:id/delete", handlers.DeleteUserConfirmation(), compress)
	manage.POST("/users/:id/update", handlers.UpdateUser())
	manage.POST("/users/:id/delete", handlers.DeleteUser())

	e.GET("/logout", handlers.Logout())
	e.POST("/logout", handlers.Logout(), handlers.MiddlewareSession, xsrf)

	// administrative endpoints.
	e.GET("/admin/*", handlers.Admin())

	return nil
}
feat: add license headers (+spdx id) 2023-05-20 20:15:57 +02:00			`// Copyright 2023 wanderer <a_mirre at utb dot cz>`
			`// SPDX-License-Identifier: AGPL-3.0-only`

go: add a method to setup routes 2023-03-22 23:03:21 +01:00			`package app`

			`import (`
			`"net/http"`

go: add a handler for admin endpoint(s) 2023-03-22 23:11:14 +01:00			`"git.dotya.ml/mirre-mt/pcmt/handlers"`
go: refactor template rendering * create pkg 'modules/template' * move template rendering code from 'handlers' to 'modules/template' * update call sites * walk the 'templates' dir to discover nested hierarchies * solidify LiveMode handling (vs embedded assets) * break out funcMap to it's own file * general clean-up 2023-05-11 04:32:39 +02:00			`modtmpl "git.dotya.ml/mirre-mt/pcmt/modules/template"`
go: add a method to setup routes 2023-03-22 23:03:21 +01:00			`"github.com/labstack/echo/v4"`
go: /static -> /assets in varnames,routes,dirs 2023-04-26 22:44:18 +02:00			`"github.com/labstack/echo/v4/middleware"`
go: add a method to setup routes 2023-03-22 23:03:21 +01:00			`)`

go: add+enable compression middleware 2023-05-31 22:42:50 +02:00			`func (a *App) SetupRoutes() error {`
go: add a method to setup routes 2023-03-22 23:03:21 +01:00			`e := a.E()`
go: add settings struct * let the settings struct be the single source of truth * rm app fields that are covered by settings * pass around a pointer to settings instead of config * consolidate config+flags into settings on start-up * update tests * rm empty settings.go file fixes #4 2023-05-03 02:18:29 +02:00			`setting := a.setting`
go(app): use embedded variable value 2023-04-26 23:11:58 +02:00			`assets := http.FileServer(a.getAssets())`
			`tmpls := a.getTemplates()`
go: add a method to setup routes 2023-03-22 23:03:21 +01:00
go: refactor template rendering * create pkg 'modules/template' * move template rendering code from 'handlers' to 'modules/template' * update call sites * walk the 'templates' dir to discover nested hierarchies * solidify LiveMode handling (vs embedded assets) * break out funcMap to it's own file * general clean-up 2023-05-11 04:32:39 +02:00			`modtmpl.Init(setting, tmpls)`
go: implement session auth middleware * simplify protection of endpoints * role discernment still occures in respective handlers * db client needs to be passed into handlers as a global var now 2023-05-30 23:50:37 +02:00			`handlers.SetDBClient(a.db)`
add bulk changes * add handlers for signin,singup,logout... * introduce ent ORM and add user schema * add live mode, devel mode to selectively turn on features via config/flags * add templates, handle embedding moar smarter: * live mode uses live folder structure, else embedded templates are used * start using tailwindcss to style stuff * add development goodies for hot-reloading (browser-sync - bs.js) * pimp-up config.dhall with actual custom config Type (enables remote schema and local values only as needed) * add justfile (alternative to makefile for process automation) 2023-04-13 00:07:08 +02:00			`// run this before declaring any handler funcs.`
go: refactor template rendering * create pkg 'modules/template' * move template rendering code from 'handlers' to 'modules/template' * update call sites * walk the 'templates' dir to discover nested hierarchies * solidify LiveMode handling (vs embedded assets) * break out funcMap to it's own file * general clean-up 2023-05-11 04:32:39 +02:00			`handlers.InitHandlers(setting)`

			`e.Renderer = modtmpl.Renderer`
add bulk changes * add handlers for signin,singup,logout... * introduce ent ORM and add user schema * add live mode, devel mode to selectively turn on features via config/flags * add templates, handle embedding moar smarter: * live mode uses live folder structure, else embedded templates are used * start using tailwindcss to style stuff * add development goodies for hot-reloading (browser-sync - bs.js) * pimp-up config.dhall with actual custom config Type (enables remote schema and local values only as needed) * add justfile (alternative to makefile for process automation) 2023-04-13 00:07:08 +02:00
go: add+enable compression middleware 2023-05-31 22:42:50 +02:00			`compress, err := handlers.WrapMiddlewareCompress()`
			`if err != nil {`
			`return err`
			`}`

routes: regroup, reorganise, break out csrf config 2023-08-13 16:44:40 +02:00			`xsrf := a.csrfConfig()`

go: /static -> /assets in varnames,routes,dirs 2023-04-26 22:44:18 +02:00			`// keep /static/* as a compatibility fallback for /assets.`
			`e.GET(`
			`"/static/*",`
fix: properly redirect /static/* to /assets/* 2023-04-27 17:43:34 +02:00			`func(c echo.Context) error {`
routes: change 303 -> 301 for /static -> /assets * should enable users' browsers to make use of the status code and cache the redirect (in case anybody accesses the older version of the app and hits /static) 2023-04-28 19:07:43 +02:00			`return c.Redirect(http.StatusMovedPermanently, c.Request().URL.Path)`
fix: properly redirect /static/* to /assets/* 2023-04-27 17:43:34 +02:00			`},`
go: /static -> /assets in varnames,routes,dirs 2023-04-26 22:44:18 +02:00			`middleware.Rewrite(`
			`map[string]string{"/static/*": "/assets/$1"},`
			`),`
			`)`
fix: properly redirect /static/* to /assets/* 2023-04-27 17:43:34 +02:00			`// alternative:`
			`// e.GET("/static/*", echo.WrapHandler(http.StripPrefix("/static/", assets)))`
go: add+enable compression middleware 2023-05-31 22:42:50 +02:00			`e.GET("/assets/*", echo.WrapHandler(http.StripPrefix("/assets/", assets)), handlers.MiddlewareCache, compress)`
			`e.HEAD("/assets/*", echo.WrapHandler(http.StripPrefix("/assets/", assets)), handlers.MiddlewareCache, compress)`
handlers: add health-check endpoints 2023-05-13 22:33:38 +02:00
routes: regroup, reorganise, break out csrf config 2023-08-13 16:44:40 +02:00			`e.GET("/healthz", handlers.Healthz())`
			`e.GET("/health", handlers.Healthz())`
handlers: add health-check endpoints 2023-05-13 22:33:38 +02:00
fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00			`base := e.Group("", xsrf)`
routes: group certain endpoints 2023-08-13 15:52:31 +02:00
fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00			`base.GET("/", handlers.Index(), compress)`
routes: regroup, reorganise, break out csrf config 2023-08-13 16:44:40 +02:00			`base.HEAD("/", handlers.Index())`
fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00			`base.GET("/signin", handlers.Signin(), compress)`
routes: group certain endpoints 2023-08-13 15:52:31 +02:00			`base.POST("/signin", handlers.SigninPost(a.db))`
go,tmpl: allow conditionally disabling the sign-up 2023-08-16 15:07:10 +02:00
			`if a.setting.RegistrationAllowed {`
			`base.GET("/signup", handlers.Signup(), compress)`
			`base.POST("/signup", handlers.SignupPost(a.db))`
			`}`
fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00
routes: regroup, reorganise, break out csrf config 2023-08-13 16:44:40 +02:00			`base.GET("/home", handlers.Home(a.db))`
add user listing 2023-05-22 03:22:58 +02:00
routes: add extra handling for signin/signup 2023-08-12 14:50:49 +02:00			`// handle weird attempts here.`
fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00			`base.POST("/signin/*", func(c echo.Context) error {`
routes: add extra handling for signin/signup 2023-08-12 14:50:49 +02:00			`return c.NoContent(http.StatusNotFound)`
			`})`
fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00			`base.POST("/signup/*", func(c echo.Context) error {`
routes: add extra handling for signin/signup 2023-08-12 14:50:49 +02:00			`return c.NoContent(http.StatusNotFound)`
			`})`

go: add user onboarding, HIBP search functionality * add user onboarding workflow * fix user editing (no edits of passwords of regular users after onboarding) * refresh HIBP breach cache in DB on app start-up * display HIBP breach details * fix request scheduling to prevent panics (this still needs some love..) * fix middleware auth * add TODOs * update head.tmpl * reword some error messages 2023-08-24 18:43:24 +02:00			`user := e.Group("/user", handlers.MiddlewareSession, xsrf)`

			`user.GET("/initial-password-change", handlers.InitialPasswordChange())`
			`user.POST("/initial-password-change", handlers.InitialPasswordChange())`
			`user.GET("/hibp-search", handlers.GetSearchHIBP())`
			`user.POST("/hibp-search", handlers.SearchHIBP())`
			`user.GET("/hibp-breach-details/:name", handlers.ViewHIBP())`

fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00			`manage := e.Group("/manage", handlers.MiddlewareSession, xsrf)`
routes: group certain endpoints 2023-08-13 15:52:31 +02:00
fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00			`manage.GET("/api-keys", handlers.ManageAPIKeys(), compress)`
			`manage.GET("/users", handlers.ManageUsers(), compress)`
			`manage.GET("/users/new", handlers.ManageUsers(), compress)`
			`manage.POST("/users/create", handlers.CreateUser())`
			`manage.GET("/users/:id", handlers.ViewUser(), compress)`
			`manage.GET("/users/:id/edit", handlers.EditUser(), handlers.MiddlewareCache, compress)`
			`manage.GET("/users/:id/delete", handlers.DeleteUserConfirmation(), compress)`
			`manage.POST("/users/:id/update", handlers.UpdateUser())`
			`manage.POST("/users/:id/delete", handlers.DeleteUser())`
add user listing 2023-05-22 03:22:58 +02:00
fix: repair broken routes a follow up of: https://git.dotya.ml/mirre-mt/pcmt/commit/7f87d0f2c2e45189569005e903e7c73d67250592 https://git.dotya.ml/mirre-mt/pcmt/commit/1b645714292d8a7a817f3cb61c49c0416cc608c6 2023-08-15 17:56:25 +02:00			`e.GET("/logout", handlers.Logout())`
routes: regroup, reorganise, break out csrf config 2023-08-13 16:44:40 +02:00			`e.POST("/logout", handlers.Logout(), handlers.MiddlewareSession, xsrf)`
go: add a handler for admin endpoint(s) 2023-03-22 23:11:14 +01:00
			`// administrative endpoints.`
add bulk changes * add handlers for signin,singup,logout... * introduce ent ORM and add user schema * add live mode, devel mode to selectively turn on features via config/flags * add templates, handle embedding moar smarter: * live mode uses live folder structure, else embedded templates are used * start using tailwindcss to style stuff * add development goodies for hot-reloading (browser-sync - bs.js) * pimp-up config.dhall with actual custom config Type (enables remote schema and local values only as needed) * add justfile (alternative to makefile for process automation) 2023-04-13 00:07:08 +02:00			`e.GET("/admin/*", handlers.Admin())`
go: add+enable compression middleware 2023-05-31 22:42:50 +02:00
			`return nil`
go: add a method to setup routes 2023-03-22 23:03:21 +01:00			`}`