package router import ( "jannex/admin-dashboard-backend/modules/config" "jannex/admin-dashboard-backend/modules/database" "jannex/admin-dashboard-backend/modules/logger" "jannex/admin-dashboard-backend/modules/structs" "jannex/admin-dashboard-backend/modules/utils" adminarea "jannex/admin-dashboard-backend/routers/router/api/v1/adminArea" "jannex/admin-dashboard-backend/routers/router/api/v1/equipment" "jannex/admin-dashboard-backend/routers/router/api/v1/grouptasks" log "jannex/admin-dashboard-backend/routers/router/api/v1/logger" "jannex/admin-dashboard-backend/routers/router/api/v1/machines" "jannex/admin-dashboard-backend/routers/router/api/v1/notification" "jannex/admin-dashboard-backend/routers/router/api/v1/user" "jannex/admin-dashboard-backend/routers/router/api/v1/users" "jannex/admin-dashboard-backend/socketclients" "time" "github.com/gofiber/fiber/v2" "gorm.io/gorm" ) func SetupRoutes(app *fiber.App) { v1 := app.Group("/v1") u := v1.Group("/user") u.Post("/auth/login", user.UserLogin) u.Delete("/auth/logout", requestAccessValidation, user.UserLogout) u.Delete("/session/:idForDeletion", requestAccessValidation, user.SignOutSession) u.Post("/avatar", requestAccessValidation, user.UpdateAvatar) u.Get("/profile", requestAccessValidation, user.GetUserProfile) u.Get("/", requestAccessValidation, user.UserInfo) us := v1.Group("/users") us.Get("/", requestAccessValidation, users.GetUsers) //s := v1.Group("/scanner") //s.Post("/", jxscanner.AddScanner) //s.Post("/scan", scannerSessionValidation, jxscanner.ScanResult) //s.Delete("/", scannerSessionValidation, jxscanner.DeleteScanner) l := v1.Group("/log") l.Get("/", requestAccessValidation, log.GetSystemLog) gs := v1.Group("/grouptasks") gs.Get("/:category", requestAccessValidation, grouptasks.GetGroupTasks) gs.Post("/start", requestAccessValidation, grouptasks.StartGroupTask) gs.Get(":category/steps/:groupTaskId", requestAccessValidation, grouptasks.GetGroupTaskSteps) e := v1.Group("/equipment") e.Get("/documentations/:stockItemId", requestAccessValidation, equipment.GetEquipmentDocumentations) e.Post("/documentation/create", requestAccessValidation, equipment.CreateEquipmentDocumentation) e.Get("/documentation/:stockItemId/:documentationId", requestAccessValidation, equipment.GetEquipmentDocumentation) e.Post("/documentation/edit", requestAccessValidation, equipment.EditEquipmentDocumentation) e.Get("/thumbnail/:stockItemId", equipment.GetEquipmentThumbnail) a := v1.Group("/adminarea") a.Get("/roles", requestAccessValidation, adminarea.GetRoles) ns := v1.Group("/notifications") ns.Get("/", requestAccessValidation, notification.GetNotifications) ns.Post("/", requestAccessValidation, notification.AddNotification) m := v1.Group("/machines") m.Post("/", requestAccessValidation, machines.GetMachines) app.Static("/", config.Cfg.FolderPaths.PublicStatic) } func requestAccessValidation(c *fiber.Ctx) error { // user session xAuthorization := utils.GetXAuhorizationHeader(c) if len(xAuthorization) == utils.LenHeaderXAuthorization { return userSessionValidation(c) } // api key xApiKey := utils.GetXApiKeyHeader(c) if len(xApiKey) == utils.LenHeaderXApiKey { return userApikeyTokenValidation(c) } return c.SendStatus(fiber.StatusUnauthorized) } func userApikeyTokenValidation(c *fiber.Ctx) error { xApikey := utils.GetXApiKeyHeader(c) if len(xApikey) != utils.LenHeaderXApiKey { return fiber.ErrUnauthorized } var apiKey structs.UserApiKey database.DB.Select("id, user_id, token, usage_count").First(&apiKey, "token = ?", xApikey) if apiKey.Token != xApikey { return fiber.ErrUnauthorized } // check if user has permission to use api keys if !socketclients.HasPermission(apiKey.UserId, utils.PermissionUserProfileApiKeys) { // delete api key from database database.DB.Delete(&apiKey) logger.AddSystemLog(structs.LogMessage{ Id: 26, Type: utils.LogTypeInfo, Messages: []structs.LogData{ {Type: "userId", Value: apiKey.UserId}, }, }) return fiber.ErrUnauthorized } lastUsed := time.Now() database.DB.Model(&structs.UserApiKey{}).Where("id = ?", apiKey.Id).Updates(map[string]interface{}{ "usage_count": gorm.Expr("usage_count + ?", 1), "last_used": lastUsed, }) c.Locals("userId", apiKey.UserId) socketclients.SendMessageToUserWithTopic(apiKey.UserId, utils.SubscribedTopicUserProfile, "", structs.SendSocketMessage{ Cmd: utils.SentCmdNewApiKeyUsageCount, Body: struct { Id string UsageCount uint LastUsed time.Time }{ Id: apiKey.Id, UsageCount: (apiKey.UsageCount + 1), LastUsed: lastUsed, }, }) logger.AddSystemLog(structs.LogMessage{ Id: 25, Type: utils.LogTypeInfo, Messages: []structs.LogData{ {Type: "userId", Value: apiKey.UserId}, }, }) return c.Next() } func userSessionValidation(c *fiber.Ctx) error { xAuthorization := utils.GetXAuhorizationHeader(c) if len(xAuthorization) != utils.LenHeaderXAuthorization { return fiber.ErrUnauthorized } var userSession structs.UserSession database.DB.First(&userSession, "id = ?", xAuthorization) if userSession.Id != xAuthorization { return fiber.ErrUnauthorized } c.Locals("userId", userSession.UserId) return c.Next() } /* func scannerSessionValidation(c *fiber.Ctx) error { xAuthorization := utils.GetXAuhorizationHeader(c) if len(xAuthorization) != utils.LenHeaderXAuthorization { return fiber.ErrUnauthorized } var scanner structs.Scanner database.DB.First(&scanner, "session = ?", xAuthorization) if scanner.Session != xAuthorization { return fiber.ErrUnauthorized } c.Locals("scannerId", scanner.Id) c.Locals("usedByUserId", scanner.UsedByUserId) return c.Next() } */