feat: add key creation

2026-04-28 23:04:15 +02:00
parent 0a98ee455f
commit 88812ec865
14 changed files with 289 additions and 115 deletions
@@ -5,28 +5,82 @@ import (
 	"net/http"
 	"orbits-server/internal/server/api/response"
 	"orbits-server/internal/server/database"
+	"orbits-server/internal/shared/security"

 	"github.com/gin-gonic/gin"
 	"gorm.io/gorm"
 )

-func RegisterApiRoutes(api *gin.RouterGroup /* env runtime.Environment,*/, db *gorm.DB) {
+const (
+	accessKeyLen = 32
+)
+
+func RegisterApiRoutes(api *gin.RouterGroup, db *gorm.DB) {
 	// prefix: api

-	api.GET("/keys", func(c *gin.Context) {
+	// define subroute with key
+	// /api/key
+	key := api.Group("/key")
+
+	/*
+		key.GET("/:key", func(c *gin.Context) {
+
+		})
+	*/
+
+	key.POST("/create", func(c *gin.Context) {
+		var body keyRequestBody
+
+		err := c.ShouldBindBodyWithJSON(&body)
+		if err != nil {
+			slog.Error("failed to bind body to json", "error", err)
+			c.JSON(http.StatusBadRequest, response.BasicResponse{
+				Msg: "invalid JSON",
+			})
+			return
+		}
+
+		keyContent := security.GenerateChars(accessKeyLen)
+		hash, err := security.HashKey(keyContent)
+		if err != nil {
+			slog.Error("failed to generate a hash for the key", "error", err)
+			c.JSON(http.StatusInternalServerError, response.BasicResponse{
+				Msg: response.IntErrMes,
+			})
+			return
+		}
+
+		keyRecord := database.BuildKeyRecord(hash, body.Name, body.ExpiresAt)
+
+		if err := database.CreateKey(db, &keyRecord); err != nil {
+			slog.Error("failed to insert key into the database", "error", err)
+			c.JSON(http.StatusInternalServerError, response.BasicResponse{
+				Msg: response.IntErrMes,
+			})
+			return
+		}
+
+		slog.Info("saved key to database")
+
+		c.JSON(http.StatusCreated, response.BasicResponse{
+			Msg:  "key has succesfully been created and saved",
+			Data: keyContent,
+		})
+	})
+
+	key.GET("/verify", func(c *gin.Context) {

 	})

-	api.POST("/keys", func(c *gin.Context) {
-
-	})
-
-	api.DELETE("/keys", func(c *gin.Context) {
+	key.DELETE("/:key", func(c *gin.Context) {

 	})

+	// define the control route on the api
+	// /api/control
+	ctl := api.Group("/control")
 	// Display the information on what is going on at the moment
-	api.GET("/command", func(c *gin.Context) {
+	ctl.GET("/command", func(c *gin.Context) {
 		state, err := database.LatestState(db)
 		if err != nil {
 			slog.Error("unable to determine state", "error", err)
@@ -42,24 +96,7 @@ func RegisterApiRoutes(api *gin.RouterGroup /* env runtime.Environment,*/, db *g
 		})
 	})

-	api.PATCH("/command", func(c *gin.Context) {
+	ctl.PATCH("/command", func(c *gin.Context) {

 	})
-
-	// define a route to check what is registered
-	api.GET("/available", func(c *gin.Context) {
-		files, err := database.ListFiles(db)
-		if err != nil {
-			slog.Error("failed to retrieve available files", "error", err)
-			c.JSON(http.StatusInternalServerError, response.BasicResponse{
-				Msg: response.IntErrMes,
-			})
-			return
-		}
-
-		c.JSON(http.StatusOK, response.BasicResponse{
-			Msg:  response.OkMes,
-			Data: files,
-		})
-	})
 }
@@ -16,6 +16,8 @@ import (
 func RegisterFileRoutes(file *gin.RouterGroup, env bootstrap.Environment, db *gorm.DB) {
 	// prefix: file
 	// for example: /file/<file-name>
+
+	// file download route / display contents
 	file.GET("/:filename", func(c *gin.Context) {
 		fileParam := c.Param("filename")
 		p := filepath.Join(env.ContentDirectory, fileParam)
@@ -23,8 +25,7 @@ func RegisterFileRoutes(file *gin.RouterGroup, env bootstrap.Environment, db *go
 		c.File(p)
 	})

-	// define the upload route
-	// /file/upload
+	// upload route
 	file.POST("/upload", func(c *gin.Context) {
 		f, err := c.FormFile("file")
 		if err != nil {
@@ -38,10 +39,14 @@ func RegisterFileRoutes(file *gin.RouterGroup, env bootstrap.Environment, db *go
 		readerStream, err := f.Open()
 		if err != nil {
 			slog.Error("failed to a reader stream")
+			c.JSON(http.StatusInternalServerError, response.BasicResponse{
+				Msg: response.IntErrMes,
+			})
+			return
 		}
 		defer readerStream.Close()

-		fileData, err := database.BuildFileRecord(readerStream, f.Filename, env.ContentDirectory)
+		fileRecord, err := database.BuildFileRecord(readerStream, f.Filename, env.ContentDirectory)
 		if err != nil {
 			slog.Error("failed to enroll file to the database", "error", err)
 			c.JSON(http.StatusInternalServerError, response.BasicResponse{
@@ -50,13 +55,14 @@ func RegisterFileRoutes(file *gin.RouterGroup, env bootstrap.Environment, db *go
 			return
 		}

-		if err := database.CreateFile(db, fileData); err != nil {
+		if err := database.CreateFile(db, &fileRecord); err != nil {
 			if errors.Is(err, gorm.ErrDuplicatedKey) {
-				slog.Debug("discarding file since its checksum is a duplicate", "error", err)
+				slog.Debug("discarding file, its a checksum duplicate", "error", err)
 				c.JSON(http.StatusConflict, response.BasicResponse{
-					Msg: "file checksum already exists",
+					Msg: "file already exists",
 				})
 			} else {
+				// log the failure to the std
 				slog.Error("failed to insert filedata to the database", "error", err)
 				c.JSON(http.StatusInternalServerError, response.BasicResponse{
 					Msg: response.IntErrMes,
@@ -66,32 +72,58 @@ func RegisterFileRoutes(file *gin.RouterGroup, env bootstrap.Environment, db *go
 		}

 		// save to filesystem after everything has given a green light
-		if err := c.SaveUploadedFile(f, fileData.FilePath); err != nil {
-			slog.Error("failed to receive the file over http:", "error", err)
+		if err := c.SaveUploadedFile(f, fileRecord.FilePath); err != nil {
+			slog.Error("failed to save to disk, rolling back database", "error", err)
+
+			// rollback db if the write has failed
+			err = database.DeleteFileByID(db, fileRecord.ID)
+			if err != nil {
+				slog.Error("failed to remove the database record", "error", err)
+			}
+
+			// give the response to the client
+			c.JSON(http.StatusInternalServerError, response.BasicResponse{
+				Msg: response.IntErrMes,
+			})
+			return
+		}
+		slog.Info("saved file to local filesystem and database")
+
+		c.JSON(http.StatusCreated, response.BasicResponse{
+			Msg:  "file has succesfully been uploaded",
+			Data: fileRecord,
+		})
+	})
+
+	// delete route
+	file.DELETE("/:filename", func(c *gin.Context) {
+		fileParam := c.Param("filename")
+		fileRecord, err := database.FindFileByName(db, fileParam)
+		if err != nil {
+			slog.Error("file not found", "error", err)
+			c.JSON(http.StatusNotFound, response.BasicResponse{
+				Msg: "file was not found",
+			})
+			return
+		}
+
+		slog.Info("received a delete request for a file", "file", fileRecord, "filename", fileParam)
+	})
+
+	// define a route to check what is registered
+	file.GET("/available", func(c *gin.Context) {
+		files, err := database.ListFiles(db)
+		if err != nil {
+			slog.Error("failed to retrieve available files", "error", err)
 			c.JSON(http.StatusInternalServerError, response.BasicResponse{
 				Msg: response.IntErrMes,
 			})
 			return
 		}

-		slog.Info("saved file to local filesystem and database")
-		c.JSON(http.StatusCreated, response.BasicResponse{
-			Msg:  "file has succesfully been uploaded",
-			Data: fileData,
+		c.JSON(http.StatusOK, response.BasicResponse{
+			Msg:  response.OkMes,
+			Data: files,
 		})
 	})
-
-	file.DELETE("/:filename", func(c *gin.Context) {
-		fileParam := c.Param("filename")
-		f, err := database.FindFileByName(db, fileParam)
-
-		slog.Info("received a detelte request for a file", "file", f, "filename", fileParam)
-
-		if err != nil {
-			slog.Error("failed to filter the file database for the name")
-			c.JSON(http.StatusNotFound, response.BasicResponse{
-				Msg: response.IntErrMes,
-			})
-		}
-	})
 }
@@ -0,0 +1,9 @@
+package routes
+
+import "time"
+
+type keyRequestBody struct {
+	Name string `json:"name"`
+	// post request must contain valid: RFC3339 timestamp
+	ExpiresAt time.Time `json:"expiresAt"`
+}