405 lines
11 KiB
Go
405 lines
11 KiB
Go
package main
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
|
"github.com/gorilla/mux"
|
|
)
|
|
|
|
// Define contextKey globally within the package
|
|
type contextKey string
|
|
|
|
// Define your key as a constant of the custom type
|
|
const userKey contextKey = "user"
|
|
|
|
// LoginRequest represents the request body for the /login endpoint.
|
|
type LoginRequest struct {
|
|
Username string `json:"username"`
|
|
Password string `json:"password"`
|
|
}
|
|
|
|
// LoginResponse represents the response body for the /login endpoint.
|
|
type LoginResponse struct {
|
|
Token string `json:"token"`
|
|
}
|
|
|
|
// loginHandler handles the /login endpoint.
|
|
func LoginHandler(w http.ResponseWriter, r *http.Request) {
|
|
var req LoginRequest
|
|
fmt.Println(db, config)
|
|
fmt.Println("LoginHandler called")
|
|
err := json.NewDecoder(r.Body).Decode(&req)
|
|
if err != nil {
|
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
// Check if the user exists and the password matches
|
|
var user User
|
|
db.Where("username = ?", req.Username).First(&user)
|
|
if user.ID == 0 || user.Password != req.Password {
|
|
http.Error(w, "Invalid username or password", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// Generate JWT token
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
"username": user.Username,
|
|
"exp": time.Now().Add(time.Hour * 24).Unix(), // Token expires in 24 hours
|
|
})
|
|
|
|
tokenString, err := token.SignedString([]byte(config.JWTSecret))
|
|
if err != nil {
|
|
http.Error(w, "Failed to generate token", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Return the token in the response
|
|
json.NewEncoder(w).Encode(LoginResponse{Token: tokenString})
|
|
}
|
|
|
|
// getBoxesHandler handles the GET /boxes endpoint.
|
|
func GetBoxesHandler(w http.ResponseWriter, r *http.Request) {
|
|
fmt.Printf("Received %s request to %s\n", r.Method, r.URL)
|
|
var boxes []Box
|
|
db.Find(&boxes)
|
|
json.NewEncoder(w).Encode(boxes)
|
|
}
|
|
|
|
func GetBoxHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
var box Box
|
|
if err := db.First(&box, id).Error; err != nil {
|
|
http.Error(w, "Box not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(box)
|
|
}
|
|
|
|
// createBoxHandler handles the POST /boxes endpoint.
|
|
func CreateBoxHandler(w http.ResponseWriter, r *http.Request) {
|
|
var box Box
|
|
err := json.NewDecoder(r.Body).Decode(&box)
|
|
if err != nil {
|
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
db.Create(&box)
|
|
|
|
// Create a response struct to include the ID
|
|
type createBoxResponse struct {
|
|
ID uint `json:"id"`
|
|
Name string `json:"name"`
|
|
}
|
|
|
|
response := createBoxResponse{
|
|
ID: box.ID,
|
|
Name: box.Name,
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(response)
|
|
}
|
|
|
|
// deleteBoxHandler handles the DELETE /boxes/{id} endpoint.
|
|
func DeleteBoxHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
// Retrieve the box from the database
|
|
var box Box
|
|
if err := db.First(&box, id).Error; err != nil {
|
|
http.Error(w, "Box not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
// Optionally, delete associated items (if you want cascading delete)
|
|
// db.Where("box_id = ?", id).Delete(&Item{})
|
|
|
|
// Delete the box
|
|
db.Delete(&box)
|
|
|
|
w.WriteHeader(http.StatusNoContent) // 204 No Content
|
|
}
|
|
|
|
// getItemsHandler handles the GET /items endpoint.
|
|
func GetItemsHandler(w http.ResponseWriter, r *http.Request) {
|
|
var items []Item
|
|
db.Find(&items)
|
|
json.NewEncoder(w).Encode(items)
|
|
}
|
|
|
|
// createItemHandler handles the POST /items endpoint.
|
|
func CreateItemHandler(w http.ResponseWriter, r *http.Request) {
|
|
var item Item
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&item)
|
|
if err != nil {
|
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
fmt.Println(item)
|
|
|
|
db.Create(&item)
|
|
|
|
// Create a response struct to include the ID
|
|
type createItemResponse struct {
|
|
ID uint `json:"id"`
|
|
Name string `json:"name"`
|
|
}
|
|
|
|
response := createItemResponse{
|
|
ID: item.ID,
|
|
Name: item.Name,
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(response)
|
|
}
|
|
|
|
// UploadItemImageHandler handles the image upload for an item
|
|
func UploadItemImageHandler(w http.ResponseWriter, r *http.Request) {
|
|
// Extract the authenticated user from context (assuming this is how AuthMiddleware works)
|
|
user, ok := r.Context().Value(userKey).(string)
|
|
if !ok || user == "" {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// Parse the form data, 10MB limit for file uploads
|
|
err := r.ParseMultipartForm(10 << 20)
|
|
if err != nil {
|
|
http.Error(w, "Unable to parse form", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
// Get the file from the form data
|
|
file, handler, err := r.FormFile("image")
|
|
if err != nil {
|
|
http.Error(w, "Error retrieving the file", http.StatusBadRequest)
|
|
return
|
|
}
|
|
defer file.Close()
|
|
|
|
// Get item ID from the URL
|
|
vars := mux.Vars(r)
|
|
itemID := vars["id"]
|
|
|
|
// Validate that the item exists (fetch from DB using itemID)
|
|
var item Item
|
|
if err := db.First(&item, itemID).Error; err != nil {
|
|
http.Error(w, "Item not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
// Save the uploaded file locally or to a storage service
|
|
// Ensure the directory exists
|
|
if err := os.MkdirAll(config.ImageStorageDir, 0755); err != nil {
|
|
http.Error(w, "Unable to create image storage directory", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
filePath := fmt.Sprintf("%s/%s", config.ImageStorageDir, handler.Filename)
|
|
outFile, err := os.Create(filePath)
|
|
if err != nil {
|
|
http.Error(w, "Unable to save the file", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
defer outFile.Close()
|
|
|
|
// Copy the uploaded file to the destination
|
|
_, err = io.Copy(outFile, file)
|
|
if err != nil {
|
|
http.Error(w, "Unable to save the file", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
// Update the item record in the database with the image path
|
|
item.ImagePath = filePath
|
|
if err := db.Save(&item).Error; err != nil {
|
|
http.Error(w, "Unable to save image path in database", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
fmt.Println("Image upload called")
|
|
// Return the image path in the response
|
|
w.WriteHeader(http.StatusOK)
|
|
json.NewEncoder(w).Encode(map[string]string{"imagePath": filePath})
|
|
}
|
|
|
|
// GetItemImageHandler retrieves an item's image by item ID.
|
|
func GetItemImageHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
itemID := vars["id"]
|
|
fmt.Println("Getting image")
|
|
// Retrieve the item from the database
|
|
var item Item
|
|
if err := db.First(&item, itemID).Error; err != nil {
|
|
item.ImagePath = "images/default.jpg"
|
|
} else if item.ImagePath == "" {
|
|
item.ImagePath = "images/default.jpg"
|
|
}
|
|
|
|
// Open the image file
|
|
imageFile, err := os.Open(item.ImagePath)
|
|
if err != nil {
|
|
// Log the error for debugging, but don't return an HTTP error
|
|
fmt.Println("Error opening image.", err)
|
|
item.ImagePath = "images/default.jpg"
|
|
return
|
|
}
|
|
defer imageFile.Close()
|
|
|
|
// Determine the content type of the image
|
|
imageData, err := io.ReadAll(imageFile)
|
|
if err != nil {
|
|
fmt.Println("Error reading image")
|
|
item.ImagePath = "images/default.jpg"
|
|
return
|
|
}
|
|
contentType := http.DetectContentType(imageData)
|
|
|
|
// Set the content type header and write the image data to the response
|
|
w.Header().Set("Content-Type", contentType)
|
|
w.Write(imageData)
|
|
}
|
|
|
|
// searchItemsHandler handles the GET /items/search endpoint.
|
|
func SearchItemsHandler(w http.ResponseWriter, r *http.Request) {
|
|
query := r.URL.Query().Get("q")
|
|
if query == "" {
|
|
http.Error(w, "Search query is required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
fmt.Println(query)
|
|
var items []Item
|
|
db.Where("name GLOB ? OR description GLOB ?", "*"+query+"*", "*"+query+"*").Find(&items)
|
|
json.NewEncoder(w).Encode(items)
|
|
|
|
}
|
|
|
|
// getItemHandler handles the GET /items/{id} endpoint.
|
|
func GetItemHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
var item Item
|
|
if err := db.First(&item, id).Error; err != nil {
|
|
http.Error(w, "Item not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(item)
|
|
}
|
|
|
|
// getItemsInBoxHandler handles the GET /boxes/{id}/items endpoint.
|
|
func GetItemsInBoxHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
var items []Item
|
|
if err := db.Where("box_id = ?", id).Find(&items).Error; err != nil {
|
|
http.Error(w, "Items not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
json.NewEncoder(w).Encode(items)
|
|
}
|
|
|
|
// updateItemHandler handles the PUT /items/{id} endpoint.
|
|
func UpdateItemHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
var item Item
|
|
if err := db.First(&item, id).Error; err != nil {
|
|
http.Error(w, "Item not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
err := json.NewDecoder(r.Body).Decode(&item)
|
|
if err != nil {
|
|
http.Error(w, "Invalid request body", http.StatusBadRequest)
|
|
return
|
|
}
|
|
fmt.Println(item)
|
|
db.Save(&item)
|
|
json.NewEncoder(w).Encode(item)
|
|
}
|
|
|
|
// deleteItemHandler handles the DELETE /items/{id} endpoint.
|
|
func DeleteItemHandler(w http.ResponseWriter, r *http.Request) {
|
|
vars := mux.Vars(r)
|
|
id := vars["id"]
|
|
|
|
var item Item
|
|
if err := db.First(&item, id).Error; err != nil {
|
|
http.Error(w, "Item not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
db.Delete(&item)
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
// authMiddleware is a middleware function that checks for a valid JWT token in the request header and enables CORS.
|
|
func AuthMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// Set CORS headers
|
|
w.Header().Set("Access-Control-Allow-Origin", "*") // Replace "*" with your allowed frontend origin if needed
|
|
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
|
|
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
|
|
|
|
// Handle preflight request for CORS
|
|
if r.Method == http.MethodOptions {
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
}
|
|
|
|
// Get the token from the request header
|
|
tokenString := r.Header.Get("Authorization")
|
|
if tokenString == "" {
|
|
http.Error(w, "Authorization header missing", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// Remove "Bearer " prefix from token string
|
|
tokenString = strings.Replace(tokenString, "Bearer ", "", 1)
|
|
|
|
// Parse and validate the JWT token
|
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
|
// Make sure that the signing method is HMAC
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
|
}
|
|
return []byte(config.JWTSecret), nil
|
|
})
|
|
if err != nil || !token.Valid {
|
|
http.Error(w, "Invalid token", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// Extract the user claims from the token
|
|
if claims, ok := token.Claims.(jwt.MapClaims); ok {
|
|
// Add the "user" claim to the request context
|
|
newCtx := context.WithValue(r.Context(), userKey, claims["username"])
|
|
r = r.WithContext(newCtx)
|
|
} else {
|
|
http.Error(w, "Invalid token claims", http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// Call the next handler in the chain
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|