2022-07-06 23:19:05 +02:00
|
|
|
// Package apis implements the default PocketBase api services and middlewares.
|
|
|
|
|
package apis
|
|
|
|
|
|
|
|
|
|
import (
|
2023-07-18 11:33:18 +02:00
|
|
|
"database/sql"
|
2022-10-30 10:28:14 +02:00
|
|
|
"errors"
|
2022-07-06 23:19:05 +02:00
|
|
|
"fmt"
|
|
|
|
|
"io/fs"
|
2023-11-26 13:33:17 +02:00
|
|
|
"log/slog"
|
2022-07-06 23:19:05 +02:00
|
|
|
"net/http"
|
|
|
|
|
"net/url"
|
|
|
|
|
"path/filepath"
|
|
|
|
|
"strings"
|
2023-11-26 13:33:17 +02:00
|
|
|
"time"
|
2022-07-06 23:19:05 +02:00
|
|
|
|
|
|
|
|
"github.com/labstack/echo/v5"
|
|
|
|
|
"github.com/labstack/echo/v5/middleware"
|
|
|
|
|
"github.com/pocketbase/pocketbase/core"
|
2023-04-25 16:58:51 +02:00
|
|
|
"github.com/pocketbase/pocketbase/tools/rest"
|
2022-07-06 23:19:05 +02:00
|
|
|
"github.com/pocketbase/pocketbase/ui"
|
2022-07-10 10:46:21 +02:00
|
|
|
"github.com/spf13/cast"
|
2022-07-06 23:19:05 +02:00
|
|
|
)
|
|
|
|
|
|
2022-08-01 19:37:51 +02:00
|
|
|
const trailedAdminPath = "/_/"
|
|
|
|
|
|
2022-07-06 23:19:05 +02:00
|
|
|
// InitApi creates a configured echo instance with registered
|
|
|
|
|
// system and app specific routes and middlewares.
|
|
|
|
|
func InitApi(app core.App) (*echo.Echo, error) {
|
|
|
|
|
e := echo.New()
|
2023-11-26 13:33:17 +02:00
|
|
|
e.Debug = false
|
2024-01-20 15:03:45 +02:00
|
|
|
e.Binder = &rest.MultiBinder{}
|
2023-04-25 16:58:51 +02:00
|
|
|
e.JSONSerializer = &rest.Serializer{
|
2023-10-23 21:46:47 +02:00
|
|
|
FieldsParam: fieldsQueryParam,
|
2023-04-25 16:58:51 +02:00
|
|
|
}
|
2022-07-06 23:19:05 +02:00
|
|
|
|
2023-01-09 22:32:34 +02:00
|
|
|
// configure a custom router
|
|
|
|
|
e.ResetRouterCreator(func(ec *echo.Echo) echo.Router {
|
|
|
|
|
return echo.NewRouter(echo.RouterConfig{
|
|
|
|
|
UnescapePathParamValues: true,
|
2023-06-08 16:59:08 +02:00
|
|
|
AllowOverwritingRoute: true,
|
2023-01-09 22:32:34 +02:00
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
2022-07-06 23:19:05 +02:00
|
|
|
// default middlewares
|
2022-08-01 19:37:51 +02:00
|
|
|
e.Pre(middleware.RemoveTrailingSlashWithConfig(middleware.RemoveTrailingSlashConfig{
|
|
|
|
|
Skipper: func(c echo.Context) bool {
|
2023-03-15 18:09:16 +02:00
|
|
|
// enable by default only for the API routes
|
|
|
|
|
return !strings.HasPrefix(c.Request().URL.Path, "/api/")
|
2022-08-01 19:37:51 +02:00
|
|
|
},
|
|
|
|
|
}))
|
2023-07-25 11:45:41 +02:00
|
|
|
e.Pre(LoadAuthContext(app))
|
2022-07-06 23:19:05 +02:00
|
|
|
e.Use(middleware.Recover())
|
|
|
|
|
e.Use(middleware.Secure())
|
2023-11-26 13:33:17 +02:00
|
|
|
e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
|
return func(c echo.Context) error {
|
|
|
|
|
c.Set(ContextExecStartKey, time.Now())
|
|
|
|
|
|
|
|
|
|
return next(c)
|
|
|
|
|
}
|
|
|
|
|
})
|
2022-07-06 23:19:05 +02:00
|
|
|
|
|
|
|
|
// custom error handler
|
|
|
|
|
e.HTTPErrorHandler = func(c echo.Context, err error) {
|
2023-07-20 21:01:58 +02:00
|
|
|
if err == nil {
|
|
|
|
|
return // no error
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-30 10:28:14 +02:00
|
|
|
var apiErr *ApiError
|
2022-07-06 23:19:05 +02:00
|
|
|
|
2023-07-20 21:01:58 +02:00
|
|
|
if errors.As(err, &apiErr) {
|
2023-11-26 13:33:17 +02:00
|
|
|
// already an api error...
|
2023-07-20 21:01:58 +02:00
|
|
|
} else if v := new(echo.HTTPError); errors.As(err, &v) {
|
2022-07-06 23:19:05 +02:00
|
|
|
msg := fmt.Sprintf("%v", v.Message)
|
2022-10-30 10:28:14 +02:00
|
|
|
apiErr = NewApiError(v.Code, msg, v)
|
2023-07-20 21:01:58 +02:00
|
|
|
} else {
|
|
|
|
|
if errors.Is(err, sql.ErrNoRows) {
|
2023-07-18 11:33:18 +02:00
|
|
|
apiErr = NewNotFoundError("", err)
|
|
|
|
|
} else {
|
|
|
|
|
apiErr = NewBadRequestError("", err)
|
|
|
|
|
}
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
|
|
|
|
|
2023-11-26 13:33:17 +02:00
|
|
|
logRequest(app, c, apiErr)
|
|
|
|
|
|
|
|
|
|
if c.Response().Committed {
|
|
|
|
|
return // already commited
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-27 22:19:08 +02:00
|
|
|
event := new(core.ApiErrorEvent)
|
|
|
|
|
event.HttpContext = c
|
|
|
|
|
event.Error = apiErr
|
2022-07-06 23:19:05 +02:00
|
|
|
|
2022-12-03 14:50:02 +02:00
|
|
|
// send error response
|
2022-12-02 16:36:15 +02:00
|
|
|
hookErr := app.OnBeforeApiError().Trigger(event, func(e *core.ApiErrorEvent) error {
|
2023-11-26 13:33:17 +02:00
|
|
|
if e.HttpContext.Response().Committed {
|
2023-06-19 20:45:45 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-03 14:50:02 +02:00
|
|
|
// @see https://github.com/labstack/echo/issues/608
|
2022-12-02 16:36:15 +02:00
|
|
|
if e.HttpContext.Request().Method == http.MethodHead {
|
|
|
|
|
return e.HttpContext.NoContent(apiErr.Code)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return e.HttpContext.JSON(apiErr.Code, apiErr)
|
|
|
|
|
})
|
|
|
|
|
|
2023-06-19 20:45:45 +02:00
|
|
|
if hookErr == nil {
|
2023-11-26 13:33:17 +02:00
|
|
|
if err := app.OnAfterApiError().Trigger(event); err != nil {
|
|
|
|
|
app.Logger().Debug("OnAfterApiError failure", slog.String("error", hookErr.Error()))
|
2023-06-19 20:45:45 +02:00
|
|
|
}
|
2023-11-26 13:33:17 +02:00
|
|
|
} else {
|
|
|
|
|
app.Logger().Debug("OnBeforeApiError error (truly rare case, eg. client already disconnected)", slog.String("error", hookErr.Error()))
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-10 10:46:21 +02:00
|
|
|
// admin ui routes
|
|
|
|
|
bindStaticAdminUI(app, e)
|
2022-07-06 23:19:05 +02:00
|
|
|
|
|
|
|
|
// default routes
|
2023-07-17 22:13:39 +02:00
|
|
|
api := e.Group("/api", eagerRequestInfoCache(app))
|
2022-10-30 10:28:14 +02:00
|
|
|
bindSettingsApi(app, api)
|
|
|
|
|
bindAdminApi(app, api)
|
|
|
|
|
bindCollectionApi(app, api)
|
|
|
|
|
bindRecordCrudApi(app, api)
|
|
|
|
|
bindRecordAuthApi(app, api)
|
|
|
|
|
bindFileApi(app, api)
|
|
|
|
|
bindRealtimeApi(app, api)
|
|
|
|
|
bindLogsApi(app, api)
|
2022-12-11 17:32:43 +02:00
|
|
|
bindHealthApi(app, api)
|
2023-05-13 21:10:14 +02:00
|
|
|
bindBackupApi(app, api)
|
2022-07-06 23:19:05 +02:00
|
|
|
|
|
|
|
|
// catch all any route
|
|
|
|
|
api.Any("/*", func(c echo.Context) error {
|
|
|
|
|
return echo.ErrNotFound
|
|
|
|
|
}, ActivityLogger(app))
|
|
|
|
|
|
|
|
|
|
return e, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// StaticDirectoryHandler is similar to `echo.StaticDirectoryHandler`
|
|
|
|
|
// but without the directory redirect which conflicts with RemoveTrailingSlash middleware.
|
|
|
|
|
//
|
2022-10-30 10:28:14 +02:00
|
|
|
// If a file resource is missing and indexFallback is set, the request
|
|
|
|
|
// will be forwarded to the base index.html (useful also for SPA).
|
|
|
|
|
//
|
2022-07-06 23:19:05 +02:00
|
|
|
// @see https://github.com/labstack/echo/issues/2211
|
2022-10-30 10:28:14 +02:00
|
|
|
func StaticDirectoryHandler(fileSystem fs.FS, indexFallback bool) echo.HandlerFunc {
|
2022-07-06 23:19:05 +02:00
|
|
|
return func(c echo.Context) error {
|
|
|
|
|
p := c.PathParam("*")
|
2022-10-30 10:28:14 +02:00
|
|
|
|
|
|
|
|
// escape url path
|
|
|
|
|
tmpPath, err := url.PathUnescape(p)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("failed to unescape path variable: %w", err)
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
2022-10-30 10:28:14 +02:00
|
|
|
p = tmpPath
|
2022-07-06 23:19:05 +02:00
|
|
|
|
|
|
|
|
// fs.FS.Open() already assumes that file names are relative to FS root path and considers name with prefix `/` as invalid
|
|
|
|
|
name := filepath.ToSlash(filepath.Clean(strings.TrimPrefix(p, "/")))
|
|
|
|
|
|
2022-10-30 10:28:14 +02:00
|
|
|
fileErr := c.FileFS(name, fileSystem)
|
|
|
|
|
|
|
|
|
|
if fileErr != nil && indexFallback && errors.Is(fileErr, echo.ErrNotFound) {
|
|
|
|
|
return c.FileFS("index.html", fileSystem)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return fileErr
|
2022-07-06 23:19:05 +02:00
|
|
|
}
|
|
|
|
|
}
|
2022-07-10 10:46:21 +02:00
|
|
|
|
|
|
|
|
// bindStaticAdminUI registers the endpoints that serves the static admin UI.
|
|
|
|
|
func bindStaticAdminUI(app core.App, e *echo.Echo) error {
|
2022-08-01 19:37:51 +02:00
|
|
|
// redirect to trailing slash to ensure that relative urls will still work properly
|
|
|
|
|
e.GET(
|
|
|
|
|
strings.TrimRight(trailedAdminPath, "/"),
|
|
|
|
|
func(c echo.Context) error {
|
2023-02-24 18:49:46 +02:00
|
|
|
return c.Redirect(http.StatusTemporaryRedirect, strings.TrimLeft(trailedAdminPath, "/"))
|
2022-08-01 19:37:51 +02:00
|
|
|
},
|
2022-07-10 10:46:21 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// serves static files from the /ui/dist directory
|
|
|
|
|
// (similar to echo.StaticFS but with gzip middleware enabled)
|
|
|
|
|
e.GET(
|
2022-08-01 19:37:51 +02:00
|
|
|
trailedAdminPath+"*",
|
|
|
|
|
echo.StaticDirectoryHandler(ui.DistDirFS, false),
|
|
|
|
|
installerRedirect(app),
|
2023-04-21 00:19:57 +02:00
|
|
|
uiCacheControl(),
|
2022-07-10 10:46:21 +02:00
|
|
|
middleware.Gzip(),
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-21 00:19:57 +02:00
|
|
|
func uiCacheControl() echo.MiddlewareFunc {
|
|
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
|
return func(c echo.Context) error {
|
2023-04-21 09:28:28 +02:00
|
|
|
// add default Cache-Control header for all Admin UI resources
|
|
|
|
|
// (ignoring the root admin path)
|
|
|
|
|
if c.Request().URL.Path != trailedAdminPath {
|
|
|
|
|
c.Response().Header().Set("Cache-Control", "max-age=1209600, stale-while-revalidate=86400")
|
|
|
|
|
}
|
2023-04-21 00:19:57 +02:00
|
|
|
|
|
|
|
|
return next(c)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-10 07:50:48 +02:00
|
|
|
const hasAdminsCacheKey = "@hasAdmins"
|
2023-07-24 20:11:55 +02:00
|
|
|
|
2023-08-10 07:50:48 +02:00
|
|
|
func updateHasAdminsCache(app core.App) error {
|
2023-07-24 20:11:55 +02:00
|
|
|
total, err := app.Dao().TotalAdmins()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-26 13:33:17 +02:00
|
|
|
app.Store().Set(hasAdminsCacheKey, total > 0)
|
2023-07-24 20:11:55 +02:00
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-10 10:46:21 +02:00
|
|
|
// installerRedirect redirects the user to the installer admin UI page
|
|
|
|
|
// when the application needs some preliminary configurations to be done.
|
|
|
|
|
func installerRedirect(app core.App) echo.MiddlewareFunc {
|
2023-08-10 07:50:48 +02:00
|
|
|
// keep hasAdminsCacheKey value up-to-date
|
2022-07-10 10:46:21 +02:00
|
|
|
app.OnAdminAfterCreateRequest().Add(func(data *core.AdminCreateEvent) error {
|
2023-08-10 07:50:48 +02:00
|
|
|
return updateHasAdminsCache(app)
|
2022-07-10 10:46:21 +02:00
|
|
|
})
|
2023-08-10 07:50:48 +02:00
|
|
|
|
2022-07-10 10:46:21 +02:00
|
|
|
app.OnAdminAfterDeleteRequest().Add(func(data *core.AdminDeleteEvent) error {
|
2023-08-10 07:50:48 +02:00
|
|
|
return updateHasAdminsCache(app)
|
2022-07-10 10:46:21 +02:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
|
return func(c echo.Context) error {
|
2022-08-01 19:37:51 +02:00
|
|
|
// skip redirect checks for non-root level index.html requests
|
|
|
|
|
path := c.Request().URL.Path
|
|
|
|
|
if path != trailedAdminPath && path != trailedAdminPath+"index.html" {
|
|
|
|
|
return next(c)
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-26 13:33:17 +02:00
|
|
|
hasAdmins := cast.ToBool(app.Store().Get(hasAdminsCacheKey))
|
2023-08-10 07:50:48 +02:00
|
|
|
|
|
|
|
|
if !hasAdmins {
|
|
|
|
|
// update the cache to make sure that the admin wasn't created by another process
|
|
|
|
|
if err := updateHasAdminsCache(app); err != nil {
|
2022-07-10 10:46:21 +02:00
|
|
|
return err
|
|
|
|
|
}
|
2023-11-26 13:33:17 +02:00
|
|
|
hasAdmins = cast.ToBool(app.Store().Get(hasAdminsCacheKey))
|
2022-07-10 10:46:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, hasInstallerParam := c.Request().URL.Query()["installer"]
|
|
|
|
|
|
2023-08-10 07:50:48 +02:00
|
|
|
if !hasAdmins && !hasInstallerParam {
|
2022-07-10 10:46:21 +02:00
|
|
|
// redirect to the installer page
|
2023-02-24 18:49:46 +02:00
|
|
|
return c.Redirect(http.StatusTemporaryRedirect, "?installer#")
|
2022-07-10 10:46:21 +02:00
|
|
|
}
|
|
|
|
|
|
2023-08-10 07:50:48 +02:00
|
|
|
if hasAdmins && hasInstallerParam {
|
2023-02-24 18:49:46 +02:00
|
|
|
// clear the installer param
|
|
|
|
|
return c.Redirect(http.StatusTemporaryRedirect, "?")
|
2022-07-10 10:46:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return next(c)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
