navidrome/server/subsonic/middlewares.go

package subsonic

import (
	"context"
	"fmt"
	"net/http"
	"net/url"
	"strings"

	"github.com/deluan/navidrome/engine"
	"github.com/deluan/navidrome/log"
	"github.com/deluan/navidrome/model"
	"github.com/deluan/navidrome/server/subsonic/responses"
)

func postFormToQueryParams(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		err := r.ParseForm()
		if err != nil {
			SendError(w, r, NewError(responses.ErrorGeneric, err.Error()))
		}
		var parts []string
		for key, values := range r.Form {
			for _, v := range values {
				parts = append(parts, url.QueryEscape(key)+"="+url.QueryEscape(v))
			}
		}
		r.URL.RawQuery = strings.Join(parts, "&")

		next.ServeHTTP(w, r)
	})
}

func checkRequiredParameters(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		requiredParameters := []string{"u", "v", "c"}

		for _, p := range requiredParameters {
			if ParamString(r, p) == "" {
				msg := fmt.Sprintf(`Missing required parameter "%s"`, p)
				log.Warn(r, msg)
				SendError(w, r, NewError(responses.ErrorMissingParameter, msg))
				return
			}
		}

		user := ParamString(r, "u")
		client := ParamString(r, "c")
		version := ParamString(r, "v")
		ctx := r.Context()
		ctx = context.WithValue(ctx, "username", user)
		ctx = context.WithValue(ctx, "client", client)
		ctx = context.WithValue(ctx, "version", version)
		log.Info(ctx, "API: New request "+r.URL.Path, "username", user, "client", client, "version", version)

		r = r.WithContext(ctx)
		next.ServeHTTP(w, r)
	})
}

func authenticate(users engine.Users) func(next http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			username := ParamString(r, "u")
			pass := ParamString(r, "p")
			token := ParamString(r, "t")
			salt := ParamString(r, "s")
			jwt := ParamString(r, "jwt")

			usr, err := users.Authenticate(r.Context(), username, pass, token, salt, jwt)
			if err == model.ErrInvalidAuth {
				log.Warn(r, "Invalid login", "username", username, err)
			} else if err != nil {
				log.Error(r, "Error authenticating username", "username", username, err)
			}

			if err != nil {
				log.Warn(r, "Invalid login", "username", username)
				SendError(w, r, NewError(responses.ErrorAuthenticationFail))
				return
			}

			ctx := r.Context()
			ctx = context.WithValue(ctx, "user", usr)
			r = r.WithContext(ctx)

			next.ServeHTTP(w, r)
		})
	}
}

func requiredParams(params ...string) func(next http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			for _, p := range params {
				_, err := RequiredParamString(r, p, fmt.Sprintf("%s parameter is required", p))
				if err != nil {
					SendError(w, r, err)
					return
				}
			}
			next.ServeHTTP(w, r)
		})
	}
}
Moved package `api` to `subsonic` under `server` 2020-01-20 00:21:44 +01:00			`package subsonic`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00
			`import (`
			`"context"`
			`"fmt"`
			`"net/http"`
feat: support clients that send the API params as a x-www-form-urlencoded POST 2020-01-27 21:10:46 +01:00			`"net/url"`
			`"strings"`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00
Rename project to Navidrome 2020-01-24 01:44:08 +01:00			`"github.com/deluan/navidrome/engine"`
			`"github.com/deluan/navidrome/log"`
			`"github.com/deluan/navidrome/model"`
			`"github.com/deluan/navidrome/server/subsonic/responses"`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00			`)`

feat: support clients that send the API params as a x-www-form-urlencoded POST 2020-01-27 21:10:46 +01:00			`func postFormToQueryParams(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`err := r.ParseForm()`
			`if err != nil {`
			`SendError(w, r, NewError(responses.ErrorGeneric, err.Error()))`
			`}`
			`var parts []string`
			`for key, values := range r.Form {`
			`for _, v := range values {`
			`parts = append(parts, url.QueryEscape(key)+"="+url.QueryEscape(v))`
			`}`
			`}`
			`r.URL.RawQuery = strings.Join(parts, "&")`

			`next.ServeHTTP(w, r)`
			`})`
			`}`

Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00			`func checkRequiredParameters(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`requiredParameters := []string{"u", "v", "c"}`

			`for _, p := range requiredParameters {`
			`if ParamString(r, p) == "" {`
			msg := fmt.Sprintf(`Missing required parameter "%s"`, p)
Replaced Beego logging 2020-01-09 02:45:07 +01:00			`log.Warn(r, msg)`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00			`SendError(w, r, NewError(responses.ErrorMissingParameter, msg))`
			`return`
			`}`
			`}`

Don't disable required params check 2020-01-09 16:35:00 +01:00			`user := ParamString(r, "u")`
			`client := ParamString(r, "c")`
			`version := ParamString(r, "v")`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00			`ctx := r.Context()`
Add authenticated user to context 2020-01-21 00:12:17 +01:00			`ctx = context.WithValue(ctx, "username", user)`
Don't disable required params check 2020-01-09 16:35:00 +01:00			`ctx = context.WithValue(ctx, "client", client)`
			`ctx = context.WithValue(ctx, "version", version)`
refactor: better request logging 2020-02-02 02:07:15 +01:00			`log.Info(ctx, "API: New request "+r.URL.Path, "username", user, "client", client, "version", version)`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00
Don't disable required params check 2020-01-09 16:35:00 +01:00			`r = r.WithContext(ctx)`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00			`next.ServeHTTP(w, r)`
			`})`
			`}`

Authenticate Subsonic API calls using the DB 2020-01-20 19:35:59 +01:00			`func authenticate(users engine.Users) func(next http.Handler) http.Handler {`
			`return func(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Add authenticated user to context 2020-01-21 00:12:17 +01:00			`username := ParamString(r, "u")`
Authenticate Subsonic API calls using the DB 2020-01-20 19:35:59 +01:00			`pass := ParamString(r, "p")`
			`token := ParamString(r, "t")`
			`salt := ParamString(r, "s")`
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`jwt := ParamString(r, "jwt")`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00
feat: add authentication via JWT token 2020-02-06 22:48:35 +01:00			`usr, err := users.Authenticate(r.Context(), username, pass, token, salt, jwt)`
Authenticate Subsonic API calls using the DB 2020-01-20 19:35:59 +01:00			`if err == model.ErrInvalidAuth {`
Add authenticated user to context 2020-01-21 00:12:17 +01:00			`log.Warn(r, "Invalid login", "username", username, err)`
Authenticate Subsonic API calls using the DB 2020-01-20 19:35:59 +01:00			`} else if err != nil {`
Add authenticated user to context 2020-01-21 00:12:17 +01:00			`log.Error(r, "Error authenticating username", "username", username, err)`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00			`}`

Authenticate Subsonic API calls using the DB 2020-01-20 19:35:59 +01:00			`if err != nil {`
Add authenticated user to context 2020-01-21 00:12:17 +01:00			`log.Warn(r, "Invalid login", "username", username)`
Authenticate Subsonic API calls using the DB 2020-01-20 19:35:59 +01:00			`SendError(w, r, NewError(responses.ErrorAuthenticationFail))`
			`return`
			`}`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00
Add authenticated user to context 2020-01-21 00:12:17 +01:00			`ctx := r.Context()`
			`ctx = context.WithValue(ctx, "user", usr)`
			`r = r.WithContext(ctx)`

Authenticate Subsonic API calls using the DB 2020-01-20 19:35:59 +01:00			`next.ServeHTTP(w, r)`
			`})`
			`}`
Removed Beego routing/controllers, converted to Chi. Also introduced Wire for dependency injection 2020-01-07 20:56:26 +01:00			`}`

			`func requiredParams(params ...string) func(next http.Handler) http.Handler {`
			`return func(next http.Handler) http.Handler {`
			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`for _, p := range params {`
			`_, err := RequiredParamString(r, p, fmt.Sprintf("%s parameter is required", p))`
			`if err != nil {`
			`SendError(w, r, err)`
			`return`
			`}`
			`}`
			`next.ServeHTTP(w, r)`
			`})`
			`}`
			`}`