Merge pull request #46 from titouanfreville/issue-30-secureAPI

Updated Router packages

api/api.go

@@ -249,18 +249,28 @@ func initDevGetter(router chi.Router) {
 	})
 }
 
+// loginRequestObject
+type loginRequest struct {
+	Login    string `json:"login"`
+	Password string `json:"password"`
+}
+
+func (lR *loginRequest) Bind(r *http.Request) error {
+	return nil
+}
+
 // loginMiddleware login funcion providing user && jwt auth token
 func loginMiddleware(w http.ResponseWriter, r *http.Request) {
-	var data struct {
-		Login    string      `json:"login"`
-		Password string      `json:"password"`
-		OmitID   interface{} `json:"id,omitempty"`
-	}
+	// var data struct {
+	// 	Login    string      `json:"login"`
+	// 	Password string      `json:"password"`
+	// 	OmitID   interface{} `json:"id,omitempty"`
+	// }
 	store := datastores.Store()
 	response := loginOk{}
 	db := dbStore.db
-	request := r.Body
-	err := chiRender.Bind(request, &data)
+	data := &loginRequest{}
+	err := chiRender.Bind(r, data)
 	if err != nil {
 		log.Print("422 Here - loginMiddleware")
 		render.JSON(w, error422.StatusCode, error422)
@@ -348,33 +358,29 @@ func initOrganisation(w http.ResponseWriter, r *http.Request) {
 }
 
 func newPublicUser(w http.ResponseWriter, r *http.Request) {
-	var data struct {
-		User   *models.User
-		OmitID interface{} `json:"id,omitempty"`
-	}
+	var User models.User
 	store := datastores.Store()
 	db := dbStore.db
-	request := r.Body
-	err := chiRender.Bind(request, &data)
+	err := chiRender.Bind(r, &User)
 	organisation := store.Organisation().Get(db)
 	allowedWebMails := store.AllowedWebMails().GetAll(db)
 	isAuthorizedMail := false
 	for _, authorizedMail := range allowedWebMails {
 		filter := "*" + authorizedMail.Domain
-		ok, _ := regexp.MatchString(filter, data.User.Email)
+		ok, _ := regexp.MatchString(filter, User.Email)
 		isAuthorizedMail = isAuthorizedMail || ok
 	}
 	if !isAuthorizedMail && !organisation.Public {
 		render.JSON(w, 401, "You can't sign up if organisation is not public or your email domain was unauthorized.")
 	}
-	if err != nil || data.User == nil {
+	if err != nil || User == (models.EmptyUser) {
 		log.Print("422 here. New Public User")
 		render.JSON(w, error422.StatusCode, error422)
 	} else {
 		if err := db.DB().Ping(); err == nil {
-			err := store.User().Save(data.User, db)
+			err := store.User().Save(&User, db)
 			if err == nil {
-				render.JSON(w, 201, data.User)
+				render.JSON(w, 201, User)
 			} else {
 				render.JSON(w, err.StatusCode, err)
 			}

api/avatar_route.go

@@ -135,7 +135,7 @@ func avatarContext(next http.Handler) http.Handler {
 		avatarID, err := strconv.ParseUint(chi.URLParam(r, "avatarID"), 10, 64)
 		name := chi.URLParam(r, "avatarName")
 		link := chi.URLParam(r, "avatarLink")
-		oldAvatar := models.Avatar{}
+		oldAvatar := models.EmptyAvatar
 		ctx := context.WithValue(r.Context(), avatarNameKey, name)
 		ctx = context.WithValue(ctx, avatarLinkKey, link)
 		if err == nil {
@@ -182,7 +182,7 @@ func getAvatarFromLink(w http.ResponseWriter, r *http.Request) {
 }
 
 func newAvatar(w http.ResponseWriter, r *http.Request) {
-	var Avatar *models.Avatar
+	var Avatar models.Avatar
 	token := r.Context().Value(jwtTokenKey).(*jwt.Token)
 	if !canManageOrganisation(token) {
 		res := error401
@@ -192,17 +192,16 @@ func newAvatar(w http.ResponseWriter, r *http.Request) {
 	}
 	store := datastores.Store()
 	db := dbStore.db
-	request := r.Body
-	err := chiRender.Bind(request, &Avatar)
-	if err != nil || Avatar == nil {
+	err := chiRender.Bind(r, &Avatar)
+	if err != nil || Avatar == (models.EmptyAvatar) {
 		render.JSON(w, error422.StatusCode, error422)
 		return
 	}
 	if err := db.DB().Ping(); err != nil {
 		render.JSON(w, error503.StatusCode, error503)
 		return
 	}
-	rerr := store.Avatar().Save(Avatar, db)
+	rerr := store.Avatar().Save(&Avatar, db)
 	if rerr != nil {
 		render.JSON(w, rerr.StatusCode, rerr)
 		return
@@ -211,7 +210,7 @@ func newAvatar(w http.ResponseWriter, r *http.Request) {
 }
 
 func updateAvatar(w http.ResponseWriter, r *http.Request) {
-	var Avatar *models.Avatar
+	var Avatar models.Avatar
 	token := r.Context().Value(jwtTokenKey).(*jwt.Token)
 	if !canManageOrganisation(token) {
 		res := error401
@@ -221,18 +220,17 @@ func updateAvatar(w http.ResponseWriter, r *http.Request) {
 	}
 	store := datastores.Store()
 	db := dbStore.db
-	request := r.Body
-	err := chiRender.Bind(request, &Avatar)
+	err := chiRender.Bind(r, &Avatar)
 	avatar := r.Context().Value(oldAvatarKey).(models.Avatar)
-	if err != nil || &Avatar == nil {
+	if err != nil || Avatar == (models.EmptyAvatar) {
 		render.JSON(w, error422.StatusCode, error422)
 		return
 	}
 	if err := db.DB().Ping(); err != nil {
 		render.JSON(w, error503.StatusCode, error503)
 		return
 	}
-	rerr := store.Avatar().Update(&avatar, Avatar, db)
+	rerr := store.Avatar().Update(&avatar, &Avatar, db)
 	if err != nil {
 		render.JSON(w, rerr.StatusCode, rerr)
 		return

api/channel_route.go

@@ -135,7 +135,7 @@ func canModerate(currentChannelID uint64, token *jwt.Token) bool {
 	chanel := store.Channel().GetByID(currentChannelID, db)
 	member := store.Member().GetChannelMember(&user, &chanel, db)
 	memberRights := store.Role().GetByID(member.IDRole, db)
-	return (memberRights != models.Role{} && memberRights.CanManageUser || memberRights == models.Role{} && userRights.CanManageUser)
+	return (memberRights != models.EmptyRole && memberRights.CanManageUser || memberRights == models.EmptyRole && userRights.CanManageUser)
 }
 
 func canArchive(currentChannelID uint64, token *jwt.Token) bool {
@@ -147,15 +147,15 @@ func canArchive(currentChannelID uint64, token *jwt.Token) bool {
 	chanel := store.Channel().GetByID(currentChannelID, db)
 	member := store.Member().GetChannelMember(&user, &chanel, db)
 	memberRights := store.Role().GetByID(member.IDRole, db)
-	return (memberRights != models.Role{} && memberRights.CanArchive || memberRights == models.Role{} && userRights.CanArchive)
+	return (memberRights != models.EmptyRole && memberRights.CanArchive || memberRights == models.EmptyRole && userRights.CanArchive)
 }
 
 func channelContext(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		channelID, err := strconv.ParseUint(chi.URLParam(r, "channelID"), 10, 64)
 		name := chi.URLParam(r, "channelID")
 		channelType := chi.URLParam(r, "channelType")
-		oldChannel := models.Channel{}
+		oldChannel := models.EmptyChannel
 		ctx := context.WithValue(r.Context(), channelNameKey, name)
 		ctx = context.WithValue(ctx, channelTypeKey, channelType)
 		if err == nil {
@@ -237,9 +237,8 @@ func newChannel(w http.ResponseWriter, r *http.Request) {
 	}
 	store := datastores.Store()
 	db := dbStore.db
-	request := r.Body
-	err := chiRender.Bind(request, &Channel)
-	if err != nil || Channel == (models.Channel{}) {
+	err := chiRender.Bind(r, &Channel)
+	if err != nil || Channel == (models.EmptyChannel) {
 		log.Print("422 here - new channel")
 		render.JSON(w, error422.StatusCode, error422)
 		return
@@ -268,9 +267,8 @@ func updateChannel(w http.ResponseWriter, r *http.Request) {
 	}
 	store := datastores.Store()
 	db := dbStore.db
-	request := r.Body
-	err := chiRender.Bind(request, &Channel)
-	if err != nil || Channel == (models.Channel{}) {
+	err := chiRender.Bind(r, &Channel)
+	if err != nil || Channel == (models.EmptyChannel) {
 		log.Print("422 here - Update channel")
 		render.JSON(w, error422.StatusCode, error422)
 		return

api/emojis_route.go

@@ -152,7 +152,7 @@ func emojiContext(next http.Handler) http.Handler {
 		name := chi.URLParam(r, "emojiName")
 		link := chi.URLParam(r, "emojiLink")
 		shortcut := chi.URLParam(r, "emojiShortcut")
-		oldEmoji := models.Emoji{}
+		oldEmoji := models.EmptyEmoji
 		ctx := context.WithValue(r.Context(), emojiNameKey, name)
 		ctx = context.WithValue(ctx, emojiLinkKey, link)
 		ctx = context.WithValue(ctx, emojiShortcutKey, shortcut)
@@ -212,10 +212,7 @@ func getEmojiFromLink(w http.ResponseWriter, r *http.Request) {
 }
 
 func newEmoji(w http.ResponseWriter, r *http.Request) {
-	var data struct {
-		Emoji  *models.Emoji
-		OmitID interface{} `json:"id,omitempty"`
-	}
+	var Emoji models.Emoji
 	token := r.Context().Value(jwtTokenKey).(*jwt.Token)
 	if !canManageOrganisation(token) {
 		res := error401
@@ -225,9 +222,8 @@ func newEmoji(w http.ResponseWriter, r *http.Request) {
 	}
 	store := datastores.Store()
 	db := dbStore.db
-	request := r.Body
-	err := chiRender.Bind(request, &data)
-	if err != nil || data.Emoji == nil {
+	err := chiRender.Bind(r, &Emoji)
+	if err != nil || Emoji == (models.EmptyEmoji) {
 		render.JSON(w, error422.StatusCode, error422)
 		return
 	}
@@ -236,19 +232,16 @@ func newEmoji(w http.ResponseWriter, r *http.Request) {
 		render.JSON(w, error503.StatusCode, error503)
 		return
 	}
-	apperr := store.Emoji().Save(data.Emoji, db)
+	apperr := store.Emoji().Save(&Emoji, db)
 	if apperr != nil {
 		render.JSON(w, apperr.StatusCode, apperr)
 		return
 	}
-	render.JSON(w, 201, data.Emoji)
+	render.JSON(w, 201, Emoji)
 }
 
 func updateEmoji(w http.ResponseWriter, r *http.Request) {
-	var data struct {
-		Emoji  *models.Emoji
-		OmitID interface{} `json:"id,omitempty"`
-	}
+	var Emoji models.Emoji
 	token := r.Context().Value(jwtTokenKey).(*jwt.Token)
 	if !canManageOrganisation(token) {
 		res := error401
@@ -258,17 +251,17 @@ func updateEmoji(w http.ResponseWriter, r *http.Request) {
 	}
 	store := datastores.Store()
 	db := dbStore.db
-	request := r.Body
-	err := chiRender.Bind(request, &data)
+
+	err := chiRender.Bind(r, &Emoji)
 	emoji := r.Context().Value(oldEmojiKey).(models.Emoji)
-	if err != nil || data.Emoji == nil {
+	if err != nil || Emoji == (models.EmptyEmoji) {
 		render.JSON(w, error422.StatusCode, error422)
 	}
 	if err := db.DB().Ping(); err != nil {
 		render.JSON(w, error503.StatusCode, error503)
 		return
 	}
-	apperr := store.Emoji().Update(&emoji, data.Emoji, db)
+	apperr := store.Emoji().Update(&emoji, &Emoji, db)
 	if apperr != nil {
 		render.JSON(w, apperr.StatusCode, apperr)
 		return