storj/certificate/authorization/endpoint.go

111 lines
2.8 KiB
Go
Raw Normal View History

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package authorization
import (
"context"
"fmt"
"net"
"net/http"
"path"
"github.com/zeebo/errs"
"go.uber.org/zap"
"golang.org/x/sync/errgroup"
)
// ErrEndpoint is the default error class for the authorization endpoint.
var ErrEndpoint = errs.Class("authorization endpoint error")
// Endpoint provides a http endpoint for interacting with an authorization service.
type Endpoint struct {
log *zap.Logger
service *Service
server http.Server
listener net.Listener
}
// NewEndpoint creates a authorization endpoint.
func NewEndpoint(log *zap.Logger, service *Service, listener net.Listener) *Endpoint {
mux := http.NewServeMux()
endpoint := &Endpoint{
log: log,
listener: listener,
service: service,
server: http.Server{
Addr: listener.Addr().String(),
Handler: mux,
},
}
mux.HandleFunc("/v1/authorizations/", endpoint.handleAuthorization)
return endpoint
}
// Run starts the endpoint HTTP server and waits for the context to be
// cancelled or for `Close` to be called.
func (endpoint *Endpoint) Run(ctx context.Context) (err error) {
defer mon.Task()(&ctx)(&err)
ctx, cancel := context.WithCancel(ctx)
var group errgroup.Group
group.Go(func() error {
<-ctx.Done()
return endpoint.server.Shutdown(context.Background())
})
group.Go(func() error {
defer cancel()
return endpoint.server.Serve(endpoint.listener)
})
return group.Wait()
}
// Close closes the endpoint HTTP server.
func (endpoint *Endpoint) Close() error {
return endpoint.server.Close()
}
func (endpoint *Endpoint) handleAuthorization(writer http.ResponseWriter, httpReq *http.Request) {
var err error
ctx := httpReq.Context()
mon.Task()(&ctx)(&err)
if httpReq.Method != http.MethodPut {
msg := fmt.Sprintf("unsupported HTTP method: %s", httpReq.Method)
// NB: err set for `mon.Task` call.
err = ErrEndpoint.New("%s", msg)
http.Error(writer, msg, http.StatusMethodNotAllowed)
return
}
userID := path.Base(httpReq.URL.Path)
if userID == "authorizations" || userID == "" {
msg := "missing user ID body"
err = ErrEndpoint.New("%s", msg)
http.Error(writer, msg, http.StatusUnprocessableEntity)
return
}
token, err := endpoint.service.GetOrCreate(ctx, userID)
if err != nil {
msg := "error creating authorization"
err = ErrEndpoint.Wrap(err)
endpoint.log.Error(msg, zap.Error(err))
http.Error(writer, msg, http.StatusInternalServerError)
return
}
writer.WriteHeader(http.StatusCreated)
if _, err = writer.Write([]byte(token.String())); err != nil {
msg := "error writing response"
err = ErrEndpoint.Wrap(err)
endpoint.log.Error(msg, zap.Error(err))
// NB: status cannot be changed and the resource *was* created.
http.Error(writer, msg, http.StatusCreated)
return
}
}