275 lines
8.4 KiB
Go
275 lines
8.4 KiB
Go
package richtext
|
|
|
|
import (
|
|
"encoding/json"
|
|
"io"
|
|
"log/slog"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"github.com/ultisuite/ulti-backend/internal/api/apiresponse"
|
|
"github.com/ultisuite/ulti-backend/internal/api/apivalidate"
|
|
"github.com/ultisuite/ulti-backend/internal/api/drive"
|
|
"github.com/ultisuite/ulti-backend/internal/api/middleware"
|
|
"github.com/ultisuite/ulti-backend/internal/permission"
|
|
)
|
|
|
|
type Handler struct {
|
|
svc *Service
|
|
drive *drive.Service
|
|
logger *slog.Logger
|
|
}
|
|
|
|
func NewHandler(svc *Service, driveSvc *drive.Service) *Handler {
|
|
return &Handler{
|
|
svc: svc,
|
|
drive: driveSvc,
|
|
logger: slog.Default().With("component", "richtext-api"),
|
|
}
|
|
}
|
|
|
|
func (h *Handler) Routes(authMiddleware func(http.Handler) http.Handler) chi.Router {
|
|
r := chi.NewRouter()
|
|
r.Get("/document", h.ServeDocument)
|
|
r.Put("/document", h.PutDocument)
|
|
r.Post("/hooks/store", h.HookStore)
|
|
r.Get("/internal/document", h.InternalLoadDocument)
|
|
|
|
r.Group(func(pr chi.Router) {
|
|
pr.Use(authMiddleware)
|
|
read := middleware.RequirePermission(permission.ResourceDrive, permission.LevelRead)
|
|
write := middleware.RequirePermission(permission.ResourceDrive, permission.LevelWrite)
|
|
pr.With(read).Post("/session", h.CreateSession)
|
|
pr.With(read).Post("/import", h.Import)
|
|
pr.With(read).Post("/export", h.Export)
|
|
pr.With(write).Put("/save", h.Save)
|
|
})
|
|
return r
|
|
}
|
|
|
|
func (h *Handler) RegisterPublicShareRoutes(r chi.Router) {
|
|
r.Post("/shares/{token}/richtext/session", h.PublicShareSession)
|
|
r.Post("/shares/{token}/richtext/import", h.PublicShareImport)
|
|
r.Get("/shares/{token}/richtext/document", h.PublicShareDocument)
|
|
r.Put("/shares/{token}/richtext/document", h.PublicSharePutDocument)
|
|
}
|
|
|
|
type sessionRequest struct {
|
|
Path string `json:"path"`
|
|
Mode string `json:"mode"`
|
|
}
|
|
|
|
func (h *Handler) CreateSession(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
ncUser, err := h.svc.EnsureNextcloudUser(r.Context(), claims)
|
|
if err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
var req sessionRequest
|
|
if err := apivalidate.DecodeJSON(w, r, 32<<10, &req); err != nil {
|
|
return
|
|
}
|
|
if strings.TrimSpace(req.Path) == "" {
|
|
apivalidate.WriteValidationError(w, r, apivalidate.NewValidationError(
|
|
apivalidate.FieldDetail{Field: "path", Message: "required"},
|
|
))
|
|
return
|
|
}
|
|
mode := strings.TrimSpace(req.Mode)
|
|
if mode == "" {
|
|
mode = "edit"
|
|
}
|
|
result, err := h.svc.CreateSession(r.Context(), ncUser, req.Path, mode, claims.Sub, claims.Name)
|
|
if err != nil {
|
|
h.logger.Error("richtext session", "error", err)
|
|
apiresponse.WriteError(w, r, http.StatusBadRequest, apiresponse.CodeInvalidRequest, err.Error(), nil)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, result)
|
|
}
|
|
|
|
func (h *Handler) Import(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
ncUser, err := h.svc.EnsureNextcloudUser(r.Context(), claims)
|
|
if err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
var req ImportRequest
|
|
if err := apivalidate.DecodeJSON(w, r, 32<<20, &req); err != nil {
|
|
return
|
|
}
|
|
canonical, err := h.svc.ImportDocument(r.Context(), ncUser, claims.Sub, req)
|
|
if err != nil {
|
|
apiresponse.WriteError(w, r, http.StatusBadRequest, apiresponse.CodeInvalidRequest, err.Error(), nil)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, map[string]string{"canonical_path": canonical})
|
|
}
|
|
|
|
func (h *Handler) Export(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
ncUser, err := h.svc.EnsureNextcloudUser(r.Context(), claims)
|
|
if err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
var req ExportRequest
|
|
if err := apivalidate.DecodeJSON(w, r, 32<<10, &req); err != nil {
|
|
return
|
|
}
|
|
body, ct, err := h.svc.ExportDocument(r.Context(), ncUser, req.Path, req.Format)
|
|
if err != nil {
|
|
apiresponse.WriteError(w, r, http.StatusBadRequest, apiresponse.CodeInvalidRequest, err.Error(), nil)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", ct)
|
|
w.WriteHeader(http.StatusOK)
|
|
_, _ = w.Write(body)
|
|
}
|
|
|
|
type saveRequest struct {
|
|
Path string `json:"path"`
|
|
Document json.RawMessage `json:"document"`
|
|
YjsState string `json:"yjsState,omitempty"`
|
|
}
|
|
|
|
func (h *Handler) Save(w http.ResponseWriter, r *http.Request) {
|
|
claims := middleware.ClaimsFromContext(r.Context())
|
|
ncUser, err := h.svc.EnsureNextcloudUser(r.Context(), claims)
|
|
if err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
var req saveRequest
|
|
if err := apivalidate.DecodeJSON(w, r, 32<<20, &req); err != nil {
|
|
return
|
|
}
|
|
doc := NewUltiDoc(req.Document, nil)
|
|
doc.YjsState = req.YjsState
|
|
payload, err := doc.Marshal()
|
|
if err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
if err := h.svc.SaveDocument(r.Context(), ncUser, req.Path, payload, claims.Sub); err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
apiresponse.WriteJSON(w, http.StatusOK, map[string]string{"path": normalizePath(req.Path)})
|
|
}
|
|
|
|
func (h *Handler) ServeDocument(w http.ResponseWriter, r *http.Request) {
|
|
sig := strings.TrimSpace(r.URL.Query().Get("sig"))
|
|
path := strings.TrimSpace(r.URL.Query().Get("path"))
|
|
user := strings.TrimSpace(r.URL.Query().Get("user"))
|
|
if h.svc.Cfg.HocuspocusSecret != "" {
|
|
if _, err := verifyDocAccessSig(sig, user, path, h.svc.Cfg.HocuspocusSecret); err != nil {
|
|
http.Error(w, "forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
body, err := h.svc.LoadDocumentForUser(r.Context(), user, path)
|
|
if err != nil {
|
|
http.Error(w, "not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
_, _ = w.Write(body)
|
|
}
|
|
|
|
func (h *Handler) PutDocument(w http.ResponseWriter, r *http.Request) {
|
|
sig := strings.TrimSpace(r.URL.Query().Get("sig"))
|
|
path := strings.TrimSpace(r.URL.Query().Get("path"))
|
|
user := strings.TrimSpace(r.URL.Query().Get("user"))
|
|
platformUser := strings.TrimSpace(r.URL.Query().Get("sub"))
|
|
if h.svc.Cfg.HocuspocusSecret != "" {
|
|
if _, err := verifyDocAccessSig(sig, user, path, h.svc.Cfg.HocuspocusSecret); err != nil {
|
|
http.Error(w, "forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
}
|
|
raw, err := io.ReadAll(r.Body)
|
|
if err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
if err := h.svc.SaveDocument(r.Context(), user, path, raw, platformUser); err != nil {
|
|
http.Error(w, "save failed", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|
|
|
|
func (h *Handler) InternalLoadDocument(w http.ResponseWriter, r *http.Request) {
|
|
secret := r.Header.Get("X-Hocuspocus-Secret")
|
|
if h.svc.Cfg.HocuspocusSecret != "" && secret != h.svc.Cfg.HocuspocusSecret {
|
|
http.Error(w, "forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
user := strings.TrimSpace(r.URL.Query().Get("user"))
|
|
path := strings.TrimSpace(r.URL.Query().Get("path"))
|
|
body, err := h.svc.LoadDocumentForUser(r.Context(), user, path)
|
|
if err != nil {
|
|
http.Error(w, "not found", http.StatusNotFound)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
_, _ = w.Write(body)
|
|
}
|
|
|
|
type hookStorePayload struct {
|
|
Room string `json:"room"`
|
|
Path string `json:"path"`
|
|
User string `json:"user"`
|
|
Sub string `json:"sub"`
|
|
YjsState string `json:"yjsState"`
|
|
Document json.RawMessage `json:"document,omitempty"`
|
|
}
|
|
|
|
func (h *Handler) HookStore(w http.ResponseWriter, r *http.Request) {
|
|
secret := r.Header.Get("X-Hocuspocus-Secret")
|
|
if h.svc.Cfg.HocuspocusSecret != "" && secret != h.svc.Cfg.HocuspocusSecret {
|
|
http.Error(w, "forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
var payload hookStorePayload
|
|
if err := apivalidate.DecodeJSON(w, r, 32<<20, &payload); err != nil {
|
|
return
|
|
}
|
|
path := normalizePath(payload.Path)
|
|
var raw []byte
|
|
if len(payload.Document) > 0 {
|
|
doc := NewUltiDoc(payload.Document, nil)
|
|
doc.YjsState = payload.YjsState
|
|
var err error
|
|
raw, err = doc.Marshal()
|
|
if err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
} else if payload.YjsState != "" {
|
|
doc := UltiDoc{SchemaVersion: schemaVersion, Editor: "tiptap", YjsState: payload.YjsState, Content: emptyDocContent()}
|
|
var err error
|
|
raw, err = doc.Marshal()
|
|
if err != nil {
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
} else {
|
|
apivalidate.WriteValidationError(w, r, apivalidate.NewValidationError(
|
|
apivalidate.FieldDetail{Field: "document", Message: "required"},
|
|
))
|
|
return
|
|
}
|
|
if err := h.svc.SaveDocument(r.Context(), payload.User, path, raw, payload.Sub); err != nil {
|
|
h.logger.Error("hook store", "error", err, "path", path)
|
|
apivalidate.WriteInternal(w, r)
|
|
return
|
|
}
|
|
w.WriteHeader(http.StatusNoContent)
|
|
}
|