2023-03-19 08:14:09 -07:00
|
|
|
package mod
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
|
2023-06-03 07:18:47 -07:00
|
|
|
"codeberg.org/pronounscc/pronouns.cc/backend/server"
|
2023-03-19 08:14:09 -07:00
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"github.com/go-chi/render"
|
2023-04-17 14:44:21 -07:00
|
|
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
2023-03-19 08:14:09 -07:00
|
|
|
)
|
|
|
|
|
|
|
|
type Server struct {
|
|
|
|
*server.Server
|
|
|
|
}
|
|
|
|
|
|
|
|
func Mount(srv *server.Server, r chi.Router) {
|
|
|
|
s := &Server{Server: srv}
|
|
|
|
|
|
|
|
r.With(MustAdmin).Route("/admin", func(r chi.Router) {
|
|
|
|
r.Get("/reports", server.WrapHandler(s.getReports))
|
2023-03-21 06:27:39 -07:00
|
|
|
r.Get("/reports/by-user/{id}", server.WrapHandler(s.getReportsByUser))
|
|
|
|
r.Get("/reports/by-reporter/{id}", server.WrapHandler(s.getReportsByReporter))
|
2023-03-19 08:14:09 -07:00
|
|
|
|
2023-03-23 06:54:43 -07:00
|
|
|
r.Patch("/reports/{id}", server.WrapHandler(s.resolveReport))
|
2023-03-19 08:14:09 -07:00
|
|
|
})
|
2023-03-21 09:16:16 -07:00
|
|
|
|
2023-04-17 14:44:21 -07:00
|
|
|
r.With(MustAdmin).Handle("/metrics", promhttp.Handler())
|
|
|
|
|
2023-03-21 09:16:16 -07:00
|
|
|
r.With(server.MustAuth).Post("/users/{id}/reports", server.WrapHandler(s.createUserReport))
|
2023-03-22 07:53:20 -07:00
|
|
|
r.With(server.MustAuth).Post("/members/{id}/reports", server.WrapHandler(s.createMemberReport))
|
2023-03-23 06:54:43 -07:00
|
|
|
|
|
|
|
r.With(server.MustAuth).Get("/auth/warnings", server.WrapHandler(s.getWarnings))
|
|
|
|
r.With(server.MustAuth).Post("/auth/warnings/{id}/ack", server.WrapHandler(s.ackWarning))
|
2023-03-19 08:14:09 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
func MustAdmin(next http.Handler) http.Handler {
|
|
|
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
claims, ok := server.ClaimsFromContext(r.Context())
|
|
|
|
if !ok {
|
|
|
|
render.Status(r, http.StatusForbidden)
|
|
|
|
render.JSON(w, r, server.APIError{
|
|
|
|
Code: server.ErrForbidden,
|
|
|
|
Message: "Forbidden",
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if !claims.UserIsAdmin {
|
|
|
|
render.Status(r, http.StatusForbidden)
|
|
|
|
render.JSON(w, r, server.APIError{
|
|
|
|
Code: server.ErrForbidden,
|
|
|
|
Message: "Forbidden",
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
}
|
|
|
|
|
|
|
|
return http.HandlerFunc(fn)
|
|
|
|
}
|