ripple-api/app/method.go

package app

import (
	"crypto/md5"
	"encoding/json"
	"fmt"
	"io/ioutil"
	"regexp"

	"git.zxq.co/ripple/rippleapi/common"
	"github.com/gin-gonic/gin"
)

// Method wraps an API method to a HandlerFunc.
func Method(f func(md common.MethodData) common.CodeMessager, privilegesNeeded ...int) gin.HandlerFunc {
	return func(c *gin.Context) {
		initialCaretaker(c, f, privilegesNeeded...)
	}
}

func initialCaretaker(c *gin.Context, f func(md common.MethodData) common.CodeMessager, privilegesNeeded ...int) {
	rateLimiter()

	data, err := ioutil.ReadAll(c.Request.Body)
	if err != nil {
		c.Error(err)
	}

	token := ""
	switch {
	case c.Request.Header.Get("X-Ripple-Token") != "":
		token = c.Request.Header.Get("X-Ripple-Token")
	case c.Query("token") != "":
		token = c.Query("token")
	case c.Query("k") != "":
		token = c.Query("k")
	default:
		token, _ = c.Cookie("X-Ripple-Token")
	}
	c.Set("token", fmt.Sprintf("%x", md5.Sum([]byte(token))))

	md := common.MethodData{
		DB:          db,
		RequestData: data,
		C:           c,
	}
	if token != "" {
		tokenReal, exists := GetTokenFull(token, db)
		if exists {
			md.User = tokenReal
		}
	}

	perUserRequestLimiter(md.ID(), c.ClientIP())

	missingPrivileges := 0
	for _, privilege := range privilegesNeeded {
		if int(md.User.Privileges)&privilege == 0 {
			missingPrivileges |= privilege
		}
	}
	if missingPrivileges != 0 {
		c.IndentedJSON(401, common.SimpleResponse(401, "You don't have the privilege(s): "+common.Privileges(missingPrivileges).String()+"."))
		return
	}

	resp := f(md)
	if resp.GetCode() == 0 {
		// Dirty hack to set the code
		type setCoder interface {
			SetCode(int)
		}
		if newver, can := resp.(setCoder); can {
			newver.SetCode(500)
		}
	}

	if _, exists := c.GetQuery("pls200"); exists {
		c.Writer.WriteHeader(200)
	} else {
		c.Writer.WriteHeader(resp.GetCode())
	}

	if _, exists := c.GetQuery("callback"); exists {
		c.Header("Content-Type", "application/javascript; charset=utf-8")
	} else {
		c.Header("Content-Type", "application/json; charset=utf-8")
	}

	mkjson(c, resp)
}

// Very restrictive, but this way it shouldn't completely fuck up.
var callbackJSONP = regexp.MustCompile(`^[a-zA-Z_\$][a-zA-Z0-9_\$]*$`)

// mkjson auto indents json, and wraps json into a jsonp callback if specified by the request.
// then writes to the gin.Context the data.
func mkjson(c *gin.Context, data interface{}) {
	exported, err := json.MarshalIndent(data, "", "\t")
	if err != nil {
		c.Error(err)
		exported = []byte(`{ "code": 500, "message": "something has gone really really really really really really wrong." }`)
	}
	cb := c.Query("callback")
	willcb := cb != "" &&
		len(cb) < 100 &&
		callbackJSONP.MatchString(cb)
	if willcb {
		c.Writer.Write([]byte("/**/ typeof " + cb + " === 'function' && " + cb + "("))
	}
	c.Writer.Write(exported)
	if willcb {
		c.Writer.Write([]byte(");"))
	}
}
Initial commit 2016-04-03 17:59:27 +00:00			`package app`

			`import (`
Better recovery 2016-06-16 11:49:35 +00:00			`"crypto/md5"`
Implement JSONP, also save a few bytes by using tabs in indent 2016-04-08 16:06:26 +00:00			`"encoding/json"`
Better recovery 2016-06-16 11:49:35 +00:00			`"fmt"`
Initial commit 2016-04-03 17:59:27 +00:00			`"io/ioutil"`
Don't allow "weird" characters in jsonp callback 2016-06-13 19:17:43 +00:00			`"regexp"`
Initial commit 2016-04-03 17:59:27 +00:00
We git.zxq.co now 2016-04-19 14:07:27 +00:00			`"git.zxq.co/ripple/rippleapi/common"`
Initial commit 2016-04-03 17:59:27 +00:00			`"github.com/gin-gonic/gin"`
			`)`

			`// Method wraps an API method to a HandlerFunc.`
Start implementing peppyapi; implement /api/get_user 2016-05-15 11:57:04 +00:00			`func Method(f func(md common.MethodData) common.CodeMessager, privilegesNeeded ...int) gin.HandlerFunc {`
Initial commit 2016-04-03 17:59:27 +00:00			`return func(c *gin.Context) {`
Start implementing peppyapi; implement /api/get_user 2016-05-15 11:57:04 +00:00			`initialCaretaker(c, f, privilegesNeeded...)`
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`}`
			`}`
Initial commit 2016-04-03 17:59:27 +00:00
Start implementing peppyapi; implement /api/get_user 2016-05-15 11:57:04 +00:00			`func initialCaretaker(c *gin.Context, f func(md common.MethodData) common.CodeMessager, privilegesNeeded ...int) {`
Implement rate limiting - 60 requests per minute for requests without a valid API token - 2000 requests per minute per user for requests with a valid API token 2016-07-06 14:33:58 +00:00			`rateLimiter()`

perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`data, err := ioutil.ReadAll(c.Request.Body)`
			`if err != nil {`
			`c.Error(err)`
			`}`
Initial commit 2016-04-03 17:59:27 +00:00
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`token := ""`
			`switch {`
			`case c.Request.Header.Get("X-Ripple-Token") != "":`
			`token = c.Request.Header.Get("X-Ripple-Token")`
			`case c.Query("token") != "":`
			`token = c.Query("token")`
			`case c.Query("k") != "":`
			`token = c.Query("k")`
Allow auth through cookie X-Ripple-Token 2016-06-08 16:55:48 +00:00			`default:`
			`token, _ = c.Cookie("X-Ripple-Token")`
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`}`
Better recovery 2016-06-16 11:49:35 +00:00			`c.Set("token", fmt.Sprintf("%x", md5.Sum([]byte(token))))`
Initial commit 2016-04-03 17:59:27 +00:00
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`md := common.MethodData{`
			`DB: db,`
			`RequestData: data,`
			`C: c,`
			`}`
			`if token != "" {`
			`tokenReal, exists := GetTokenFull(token, db)`
			`if exists {`
			`md.User = tokenReal`
Initial commit 2016-04-03 17:59:27 +00:00			`}`
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`}`
Initial commit 2016-04-03 17:59:27 +00:00
use c.ClientIP() rather than manually accessing c.Request.RemoteAddr 2016-07-06 17:35:49 +00:00			`perUserRequestLimiter(md.ID(), c.ClientIP())`
Implement rate limiting - 60 requests per minute for requests without a valid API token - 2000 requests per minute per user for requests with a valid API token 2016-07-06 14:33:58 +00:00
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`missingPrivileges := 0`
			`for _, privilege := range privilegesNeeded {`
			`if int(md.User.Privileges)&privilege == 0 {`
			`missingPrivileges \|= privilege`
Initial commit 2016-04-03 17:59:27 +00:00			`}`
			`}`
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`if missingPrivileges != 0 {`
Completely change response structure 2016-04-16 16:05:24 +00:00			`c.IndentedJSON(401, common.SimpleResponse(401, "You don't have the privilege(s): "+common.Privileges(missingPrivileges).String()+"."))`
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`return`
			`}`

			`resp := f(md)`
Completely change response structure 2016-04-16 16:05:24 +00:00			`if resp.GetCode() == 0 {`
			`// Dirty hack to set the code`
			`type setCoder interface {`
			`SetCode(int)`
			`}`
			`if newver, can := resp.(setCoder); can {`
			`newver.SetCode(500)`
			`}`
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`}`
Implement JSONP, also save a few bytes by using tabs in indent 2016-04-08 16:06:26 +00:00
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`if _, exists := c.GetQuery("pls200"); exists {`
Implement JSONP, also save a few bytes by using tabs in indent 2016-04-08 16:06:26 +00:00			`c.Writer.WriteHeader(200)`
			`} else {`
Completely change response structure 2016-04-16 16:05:24 +00:00			`c.Writer.WriteHeader(resp.GetCode())`
Implement JSONP, also save a few bytes by using tabs in indent 2016-04-08 16:06:26 +00:00			`}`

			`if _, exists := c.GetQuery("callback"); exists {`
			`c.Header("Content-Type", "application/javascript; charset=utf-8")`
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`} else {`
Implement JSONP, also save a few bytes by using tabs in indent 2016-04-08 16:06:26 +00:00			`c.Header("Content-Type", "application/json; charset=utf-8")`
			`}`

			`mkjson(c, resp)`
			`}`

Don't allow "weird" characters in jsonp callback 2016-06-13 19:17:43 +00:00			`// Very restrictive, but this way it shouldn't completely fuck up.`
			var callbackJSONP = regexp.MustCompile(`^[a-zA-Z_\$][a-zA-Z0-9_\$]*$`)

Implement JSONP, also save a few bytes by using tabs in indent 2016-04-08 16:06:26 +00:00			`// mkjson auto indents json, and wraps json into a jsonp callback if specified by the request.`
			`// then writes to the gin.Context the data.`
			`func mkjson(c *gin.Context, data interface{}) {`
			`exported, err := json.MarshalIndent(data, "", "\t")`
			`if err != nil {`
			`c.Error(err)`
Implement rate limiting - 60 requests per minute for requests without a valid API token - 2000 requests per minute per user for requests with a valid API token 2016-07-06 14:33:58 +00:00			exported = []byte(`{ "code": 500, "message": "something has gone really really really really really really wrong." }`)
Implement JSONP, also save a few bytes by using tabs in indent 2016-04-08 16:06:26 +00:00			`}`
			`cb := c.Query("callback")`
Don't allow "weird" characters in jsonp callback 2016-06-13 19:17:43 +00:00			`willcb := cb != "" &&`
			`len(cb) < 100 &&`
			`callbackJSONP.MatchString(cb)`
Implement JSONP, also save a few bytes by using tabs in indent 2016-04-08 16:06:26 +00:00			`if willcb {`
			`c.Writer.Write([]byte("/**/ typeof " + cb + " === 'function' && " + cb + "("))`
			`}`
			`c.Writer.Write(exported)`
			`if willcb {`
			`c.Writer.Write([]byte(");"))`
perhaps a memory/performance improvement? by not recreating the same function over and over? maybe. 2016-04-08 15:27:55 +00:00			`}`
Initial commit 2016-04-03 17:59:27 +00:00			`}`