golang-saas-starter-kit/cmd/web-api/handlers/routes.go

package handlers

import (
	"context"
	"log"
	"net/http"
	"os"

	"geeks-accelerator/oss/saas-starter-kit/internal/mid"
	saasSwagger "geeks-accelerator/oss/saas-starter-kit/internal/mid/saas-swagger"
	"geeks-accelerator/oss/saas-starter-kit/internal/platform/auth"
	"geeks-accelerator/oss/saas-starter-kit/internal/platform/web"
	"geeks-accelerator/oss/saas-starter-kit/internal/platform/web/webcontext"
	"geeks-accelerator/oss/saas-starter-kit/internal/platform/web/weberror"
	_ "geeks-accelerator/oss/saas-starter-kit/internal/platform/web/weberror"
	"geeks-accelerator/oss/saas-starter-kit/internal/project"
	_ "geeks-accelerator/oss/saas-starter-kit/internal/signup"
	"github.com/jmoiron/sqlx"
	"github.com/pkg/errors"
	"gopkg.in/DataDog/dd-trace-go.v1/contrib/go-redis/redis"
)

// API returns a handler for a set of routes.
func API(shutdown chan os.Signal, log *log.Logger, env webcontext.Env, masterDB *sqlx.DB, redis *redis.Client, authenticator *auth.Authenticator, globalMids ...web.Middleware) http.Handler {

	// Define base middlewares applied to all requests.
	middlewares := []web.Middleware{
		mid.Trace(), mid.Logger(log), mid.Errors(log, nil), mid.Metrics(), mid.Panics(),
	}

	// Append any global middlewares if they were included.
	if len(globalMids) > 0 {
		middlewares = append(middlewares, globalMids...)
	}

	// Construct the web.App which holds all routes as well as common Middleware.
	app := web.NewApp(shutdown, log, env, middlewares...)

	// Register health check endpoint. This route is not authenticated.
	check := Check{
		MasterDB: masterDB,
		Redis:    redis,
	}
	app.Handle("GET", "/v1/health", check.Health)
	app.Handle("GET", "/ping", check.Ping)

	// Register user management and authentication endpoints.
	u := User{
		MasterDB:       masterDB,
		TokenGenerator: authenticator,
	}
	app.Handle("GET", "/v1/users", u.Find, mid.AuthenticateHeader(authenticator))
	app.Handle("POST", "/v1/users", u.Create, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))
	app.Handle("GET", "/v1/users/:id", u.Read, mid.AuthenticateHeader(authenticator))
	app.Handle("PATCH", "/v1/users", u.Update, mid.AuthenticateHeader(authenticator))
	app.Handle("PATCH", "/v1/users/password", u.UpdatePassword, mid.AuthenticateHeader(authenticator))
	app.Handle("PATCH", "/v1/users/archive", u.Archive, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))
	app.Handle("DELETE", "/v1/users/:id", u.Delete, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))
	app.Handle("PATCH", "/v1/users/switch-account/:account_id", u.SwitchAccount, mid.AuthenticateHeader(authenticator))

	// This route is not authenticated
	app.Handle("POST", "/v1/oauth/token", u.Token)

	// Register user account management endpoints.
	ua := UserAccount{
		MasterDB: masterDB,
	}
	app.Handle("GET", "/v1/user_accounts", ua.Find, mid.AuthenticateHeader(authenticator))
	app.Handle("POST", "/v1/user_accounts", ua.Create, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))
	app.Handle("GET", "/v1/user_accounts/:user_id/:account_id", ua.Read, mid.AuthenticateHeader(authenticator))
	app.Handle("PATCH", "/v1/user_accounts", ua.Update, mid.AuthenticateHeader(authenticator))
	app.Handle("PATCH", "/v1/user_accounts/archive", ua.Archive, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))
	app.Handle("DELETE", "/v1/user_accounts", ua.Delete, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))

	// Register account endpoints.
	a := Account{
		MasterDB: masterDB,
	}
	app.Handle("GET", "/v1/accounts/:id", a.Read, mid.AuthenticateHeader(authenticator))
	app.Handle("PATCH", "/v1/accounts", a.Update, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))

	// Register signup endpoints.
	s := Signup{
		MasterDB: masterDB,
	}
	app.Handle("POST", "/v1/signup", s.Signup)

	// Register project.
	p := Project{
		MasterDB: masterDB,
	}
	app.Handle("GET", "/v1/projects", p.Find, mid.AuthenticateHeader(authenticator))
	app.Handle("POST", "/v1/projects", p.Create, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))
	app.Handle("GET", "/v1/projects/:id", p.Read, mid.AuthenticateHeader(authenticator))
	app.Handle("PATCH", "/v1/projects", p.Update, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))
	app.Handle("PATCH", "/v1/projects/archive", p.Archive, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))
	app.Handle("DELETE", "/v1/projects/:id", p.Delete, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))

	app.Handle("GET", "/v1/examples/error-response", ExampleErrorResponse)

	// Register swagger documentation.
	// TODO: Add authentication. Current authenticator requires an Authorization header
	// 		 which breaks the browser experience.
	app.Handle("GET", "/docs/", saasSwagger.WrapHandler)
	app.Handle("GET", "/docs/*", saasSwagger.WrapHandler)

	return app
}

// ExampleErrorResponse returns example error messages.
func ExampleErrorResponse(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {
	v, err := webcontext.ContextValues(ctx)
	if err != nil {
		return err
	}

	if qv := r.URL.Query().Get("test-validation-error"); qv != "" {
		_, err := project.Create(ctx, auth.Claims{}, nil, project.ProjectCreateRequest{}, v.Now)
		return web.RespondJsonError(ctx, w, err)

	}

	if qv := r.URL.Query().Get("test-web-error"); qv != "" {
		terr := errors.New("Some random error")
		terr = errors.WithMessage(terr, "Actual error message")
		rerr := weberror.NewError(ctx, terr, http.StatusBadRequest).(*weberror.Error)
		rerr.Message = "Test Web Error Message"
		return web.RespondJsonError(ctx, w, rerr)
	}

	if qv := r.URL.Query().Get("test-error"); qv != "" {
		terr := errors.New("Test error")
		terr = errors.WithMessage(terr, "Error message")
		return web.RespondJsonError(ctx, w, terr)
	}

	return nil
}

// Types godoc
// @Summary List of types.
// @Param data body weberror.FieldError false "Field Error"
// @Param data body web.TimeResponse false "Time Response"
// @Param data body web.EnumResponse false "Enum Response"
// @Param data body web.EnumMultiResponse false "Enum Multi Response"
// @Param data body web.EnumOption false "Enum Option"
// @Param data body signup.SignupAccount false "SignupAccount"
// @Param data body signup.SignupUser false "SignupUser"
// To support nested types not parsed by swag.
func Types() {}
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00			`package handlers`

			`import (`
Added api example error responses and some minor bug fixes 2019-08-07 16:17:17 -08:00			`"context"`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00			`"log"`
			`"net/http"`
			`"os"`

Completed removing example-project directory and moving all files back a a directory 2019-07-13 12:16:28 -08:00			`"geeks-accelerator/oss/saas-starter-kit/internal/mid"`
			`saasSwagger "geeks-accelerator/oss/saas-starter-kit/internal/mid/saas-swagger"`
			`"geeks-accelerator/oss/saas-starter-kit/internal/platform/auth"`
			`"geeks-accelerator/oss/saas-starter-kit/internal/platform/web"`
moved auth from user package and added timezone to context values 2019-08-04 14:48:43 -08:00			`"geeks-accelerator/oss/saas-starter-kit/internal/platform/web/webcontext"`
Added api example error responses and some minor bug fixes 2019-08-07 16:17:17 -08:00			`"geeks-accelerator/oss/saas-starter-kit/internal/platform/web/weberror"`
fix api route for app page for docs 2019-08-05 19:49:30 -08:00			`_ "geeks-accelerator/oss/saas-starter-kit/internal/platform/web/weberror"`
Added api example error responses and some minor bug fixes 2019-08-07 16:17:17 -08:00			`"geeks-accelerator/oss/saas-starter-kit/internal/project"`
Completed removing example-project directory and moving all files back a a directory 2019-07-13 12:16:28 -08:00			`_ "geeks-accelerator/oss/saas-starter-kit/internal/signup"`
go fmt 2019-05-23 14:32:24 -05:00			`"github.com/jmoiron/sqlx"`
Added api example error responses and some minor bug fixes 2019-08-07 16:17:17 -08:00			`"github.com/pkg/errors"`
authenticator storage engines Created a storage interface used by authenticator to support multiple types of storage types for private keys. Added a new file storage engine which is now the default for web-api. Migrated aws secrets manager to be optional. 2019-06-24 17:36:42 -08:00			`"gopkg.in/DataDog/dd-trace-go.v1/contrib/go-redis/redis"`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00			`)`

			`// API returns a handler for a set of routes.`
Completed user login with session authentication 2019-07-31 18:34:27 -08:00			`func API(shutdown chan os.Signal, log log.Logger, env webcontext.Env, masterDB sqlx.DB, redis redis.Client, authenticator auth.Authenticator, globalMids ...web.Middleware) http.Handler {`
finish redirect middlewares 2019-07-12 11:41:41 -08:00
			`// Define base middlewares applied to all requests.`
			`middlewares := []web.Middleware{`
moved auth from user package and added timezone to context values 2019-08-04 14:48:43 -08:00			`mid.Trace(), mid.Logger(log), mid.Errors(log, nil), mid.Metrics(), mid.Panics(),`
finish redirect middlewares 2019-07-12 11:41:41 -08:00			`}`

			`// Append any global middlewares if they were included.`
			`if len(globalMids) > 0 {`
			`middlewares = append(middlewares, globalMids...)`
			`}`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00
			`// Construct the web.App which holds all routes as well as common Middleware.`
issue#16 web-app account signup Account signup works with validation and translations. 2019-07-31 13:47:30 -08:00			`app := web.NewApp(shutdown, log, env, middlewares...)`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00
			`// Register health check endpoint. This route is not authenticated.`
			`check := Check{`
			`MasterDB: masterDB,`
go fmt 2019-07-11 14:46:05 -08:00			`Redis: redis,`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00			`}`
			`app.Handle("GET", "/v1/health", check.Health)`
checkpoint 2019-07-10 16:24:10 -08:00			`app.Handle("GET", "/ping", check.Ping)`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00
			`// Register user management and authentication endpoints.`
			`u := User{`
			`MasterDB: masterDB,`
			`TokenGenerator: authenticator,`
			`}`
Completed user login with session authentication 2019-07-31 18:34:27 -08:00			`app.Handle("GET", "/v1/users", u.Find, mid.AuthenticateHeader(authenticator))`
			`app.Handle("POST", "/v1/users", u.Create, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
			`app.Handle("GET", "/v1/users/:id", u.Read, mid.AuthenticateHeader(authenticator))`
			`app.Handle("PATCH", "/v1/users", u.Update, mid.AuthenticateHeader(authenticator))`
			`app.Handle("PATCH", "/v1/users/password", u.UpdatePassword, mid.AuthenticateHeader(authenticator))`
			`app.Handle("PATCH", "/v1/users/archive", u.Archive, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
			`app.Handle("DELETE", "/v1/users/:id", u.Delete, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
			`app.Handle("PATCH", "/v1/users/switch-account/:account_id", u.SwitchAccount, mid.AuthenticateHeader(authenticator))`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00
			`// This route is not authenticated`
fixed internal package unittests 2019-06-24 22:41:21 -08:00			`app.Handle("POST", "/v1/oauth/token", u.Token)`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00
checkpoint 2019-06-26 20:21:00 -08:00			`// Register user account management endpoints.`
			`ua := UserAccount{`
Complated web-api crud endpoints and unittests. unittest for find endpoints still need to be implemented. 2019-06-27 04:48:18 -08:00			`MasterDB: masterDB,`
checkpoint 2019-06-26 20:21:00 -08:00			`}`
Completed user login with session authentication 2019-07-31 18:34:27 -08:00			`app.Handle("GET", "/v1/user_accounts", ua.Find, mid.AuthenticateHeader(authenticator))`
			`app.Handle("POST", "/v1/user_accounts", ua.Create, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
moved auth from user package and added timezone to context values 2019-08-04 14:48:43 -08:00			`app.Handle("GET", "/v1/user_accounts/:user_id/:account_id", ua.Read, mid.AuthenticateHeader(authenticator))`
Completed user login with session authentication 2019-07-31 18:34:27 -08:00			`app.Handle("PATCH", "/v1/user_accounts", ua.Update, mid.AuthenticateHeader(authenticator))`
			`app.Handle("PATCH", "/v1/user_accounts/archive", ua.Archive, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
			`app.Handle("DELETE", "/v1/user_accounts", ua.Delete, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
checkpoint 2019-06-26 20:21:00 -08:00
authenticator storage engines Created a storage interface used by authenticator to support multiple types of storage types for private keys. Added a new file storage engine which is now the default for web-api. Migrated aws secrets manager to be optional. 2019-06-24 17:36:42 -08:00			`// Register account endpoints.`
			`a := Account{`
			`MasterDB: masterDB,`
			`}`
Completed user login with session authentication 2019-07-31 18:34:27 -08:00			`app.Handle("GET", "/v1/accounts/:id", a.Read, mid.AuthenticateHeader(authenticator))`
			`app.Handle("PATCH", "/v1/accounts", a.Update, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
authenticator storage engines Created a storage interface used by authenticator to support multiple types of storage types for private keys. Added a new file storage engine which is now the default for web-api. Migrated aws secrets manager to be optional. 2019-06-24 17:36:42 -08:00
Completed signup package and hooked up to web-api. Can use the swagger ui to signup a new account. 2019-06-25 02:40:29 -08:00			`// Register signup endpoints.`
			`s := Signup{`
			`MasterDB: masterDB,`
			`}`
			`app.Handle("POST", "/v1/signup", s.Signup)`

authenticator storage engines Created a storage interface used by authenticator to support multiple types of storage types for private keys. Added a new file storage engine which is now the default for web-api. Migrated aws secrets manager to be optional. 2019-06-24 17:36:42 -08:00			`// Register project.`
Basic example cleanup Rename sales-api to web-api and remove sales-admin 2019-05-16 18:05:39 -04:00			`p := Project{`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00			`MasterDB: masterDB,`
			`}`
Completed user login with session authentication 2019-07-31 18:34:27 -08:00			`app.Handle("GET", "/v1/projects", p.Find, mid.AuthenticateHeader(authenticator))`
			`app.Handle("POST", "/v1/projects", p.Create, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
			`app.Handle("GET", "/v1/projects/:id", p.Read, mid.AuthenticateHeader(authenticator))`
			`app.Handle("PATCH", "/v1/projects", p.Update, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
			`app.Handle("PATCH", "/v1/projects/archive", p.Archive, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
			`app.Handle("DELETE", "/v1/projects/:id", p.Delete, mid.AuthenticateHeader(authenticator), mid.HasRole(auth.RoleAdmin))`
authenticator storage engines Created a storage interface used by authenticator to support multiple types of storage types for private keys. Added a new file storage engine which is now the default for web-api. Migrated aws secrets manager to be optional. 2019-06-24 17:36:42 -08:00
Added api example error responses and some minor bug fixes 2019-08-07 16:17:17 -08:00			`app.Handle("GET", "/v1/examples/error-response", ExampleErrorResponse)`

authenticator storage engines Created a storage interface used by authenticator to support multiple types of storage types for private keys. Added a new file storage engine which is now the default for web-api. Migrated aws secrets manager to be optional. 2019-06-24 17:36:42 -08:00			`// Register swagger documentation.`
fixed internal package unittests 2019-06-24 22:41:21 -08:00			`// TODO: Add authentication. Current authenticator requires an Authorization header`
			`// which breaks the browser experience.`
updated readme 2019-07-14 17:59:06 -08:00			`app.Handle("GET", "/docs/", saasSwagger.WrapHandler)`
			`app.Handle("GET", "/docs/*", saasSwagger.WrapHandler)`
Imported github.com/ardanlabs/service as base example project 2019-05-16 10:39:25 -04:00
			`return app`
			`}`
Completed API documentation for swagger 2019-06-25 22:31:54 -08:00
Added api example error responses and some minor bug fixes 2019-08-07 16:17:17 -08:00			`// ExampleErrorResponse returns example error messages.`
			`func ExampleErrorResponse(ctx context.Context, w http.ResponseWriter, r *http.Request, params map[string]string) error {`
			`v, err := webcontext.ContextValues(ctx)`
			`if err != nil {`
			`return err`
			`}`

			`if qv := r.URL.Query().Get("test-validation-error"); qv != "" {`
			`_, err := project.Create(ctx, auth.Claims{}, nil, project.ProjectCreateRequest{}, v.Now)`
			`return web.RespondJsonError(ctx, w, err)`

			`}`

			`if qv := r.URL.Query().Get("test-web-error"); qv != "" {`
			`terr := errors.New("Some random error")`
			`terr = errors.WithMessage(terr, "Actual error message")`
			`rerr := weberror.NewError(ctx, terr, http.StatusBadRequest).(*weberror.Error)`
			`rerr.Message = "Test Web Error Message"`
			`return web.RespondJsonError(ctx, w, rerr)`
			`}`

			`if qv := r.URL.Query().Get("test-error"); qv != "" {`
			`terr := errors.New("Test error")`
			`terr = errors.WithMessage(terr, "Error message")`
			`return web.RespondJsonError(ctx, w, terr)`
			`}`

			`return nil`
			`}`

Completed API documentation for swagger 2019-06-25 22:31:54 -08:00			`// Types godoc`
			`// @Summary List of types.`
fix api route for app page for docs 2019-08-05 19:49:30 -08:00			`// @Param data body weberror.FieldError false "Field Error"`
Completed API documentation for swagger 2019-06-25 22:31:54 -08:00			`// @Param data body web.TimeResponse false "Time Response"`
			`// @Param data body web.EnumResponse false "Enum Response"`
fix api route for app page for docs 2019-08-05 19:49:30 -08:00			`// @Param data body web.EnumMultiResponse false "Enum Multi Response"`
Completed API documentation for swagger 2019-06-25 22:31:54 -08:00			`// @Param data body web.EnumOption false "Enum Option"`
checkpoint for api handler tests 2019-06-26 01:16:57 -08:00			`// @Param data body signup.SignupAccount false "SignupAccount"`
			`// @Param data body signup.SignupUser false "SignupUser"`
Completed API documentation for swagger 2019-06-25 22:31:54 -08:00			`// To support nested types not parsed by swag.`
			`func Types() {}`