use std::collections::HashMap; use std::error::Error; use std::str::FromStr; use actix_web::{HttpRequest, HttpResponse, web}; use actix_web::http::{HeaderName, HeaderValue}; use serde::Serialize; use crate::api_data::http_error::HttpError; use crate::controllers::routes::RequestResult; use crate::data::api_client::APIClient; use crate::data::config::conf; use crate::data::error::{ExecError, ResultBoxError}; use crate::data::user::UserID; use crate::helpers::{account_helper, api_helper, user_helper}; use crate::utils::virtual_directories_utils::check_virtual_directory; /// Http request handler /// /// @author Pierre Hubert /// Single request body value pub struct RequestValue { pub string: Option } impl RequestValue { /// Build a string value pub fn string(s: String) -> RequestValue { RequestValue { string: Some(s) } } } #[derive(Serialize)] struct SuccessMessage { success: String } pub struct HttpRequestHandler { request: web::HttpRequest, body: HashMap, response: Option, headers: HashMap, client: Option, curr_user_id: Option, } impl HttpRequestHandler { /// Construct a new request handler pub fn new(req: HttpRequest, body: HashMap) -> HttpRequestHandler { HttpRequestHandler { request: req, body, response: None, headers: HashMap::new(), client: None, curr_user_id: None, } } /// Check if a response has been set for this request pub fn has_response(&self) -> bool { self.response.is_some() } /// Get the response status code, eg. 200 or 404 pub fn response_status_code(&self) -> u16 { self.response.as_ref().unwrap().status().as_u16() } /// Take the response from this struct pub fn response(self) -> ResultBoxError { let mut response = self.response.unwrap(); // Put additional headers if required for (k, v) in &self.headers { response.headers_mut().insert(HeaderName::from_str(k)?, HeaderValue::from_str(v)?, ); } Ok(response) } /// Set request response pub fn set_response(&mut self, data: T) -> RequestResult { self.response = Some(HttpResponse::Ok().json(data)); Ok(()) } /// Success message pub fn success(&mut self, message: &str) -> RequestResult { self.response = Some(HttpResponse::Ok().json(SuccessMessage { success: message.to_string() })); Ok(()) } /// Internal error response (500) pub fn internal_error(&mut self, error: Box) -> RequestResult { self.response = Some(HttpResponse::InternalServerError().json( HttpError::internal_error("Internal server error."))); Err(error) } /// Bad request (400) pub fn bad_request(&mut self, message: String) -> RequestResult { self.response = Some(HttpResponse::BadRequest().json( HttpError::bad_request(&message))); Err(Box::new(ExecError::new(&message))) } /// Forbidden (401) /// /// I did not the HTTP official specs when I made this choice of using Unauthorized instead /// of Forbidden. Today it would be really complicated to come back... pub fn forbidden(&mut self, message: String) -> RequestResult { self.response = Some(HttpResponse::Unauthorized().json( HttpError::forbidden(&message))); Err(Box::new(ExecError::new(&message))) } /// Not found (404) pub fn not_found(&mut self, message: String) -> RequestResult { self.response = Some(HttpResponse::NotFound().json( HttpError::not_found(&message))); Err(Box::new(ExecError::new(&message))) } /// If result is not OK, return a bad request pub fn ok_or_bad_request(&mut self, res: ResultBoxError, msg: &str) -> ResultBoxError { match res { Ok(e) => Ok(e), Err(err) => { println!("Error leading to bad request: {}", err); self.bad_request(msg.to_string())?; unreachable!() } } } /// If result is not OK, return a 404 not found error pub fn ok_or_not_found(&mut self, res: ResultBoxError, msg: &str) -> ResultBoxError { match res { Ok(e) => Ok(e), Err(err) => { println!("Error leading to 404 not found: {}", err); self.not_found(msg.to_string())?; unreachable!() } } } /// Get the path of the request pub fn request_path(&self) -> String { self.request.path().to_string() } /// Get information about the client which made the request pub fn api_client(&self) -> &APIClient { self.client.as_ref().unwrap() } /// Check if a POST parameter was present in the request or not pub fn has_post_parameter(&self, name: &str) -> bool { self.body.contains_key(name) } /// Get a post parameter pub fn post_parameter(&mut self, name: &str) -> ResultBoxError<&RequestValue> { if !self.has_post_parameter(name) { self.bad_request(format!("POST parameter '{}' not found in request!", name))?; } Ok(self.body.get(name).unwrap()) } /// Get a post string pub fn post_string(&mut self, name: &str) -> ResultBoxError { self.post_string_opt(name, 1, true) } /// Get a post string, specifying minimum length pub fn post_string_opt(&mut self, name: &str, min_length: usize, required: bool) -> ResultBoxError { let param = self.post_parameter(name)?; match (¶m.string, required) { (None, true) => Err(self.bad_request(format!("'{}' is not a string!", name)).unwrap_err()), (None, false) => Ok(String::new()), (Some(s), _) => { if s.len() >= min_length { Ok(s.to_string()) } else { Err(self.bad_request(format!("'{}' is too short!", name)).unwrap_err()) } } } } /// Check API client tokens pub fn check_client_token(&mut self) -> RequestResult { let api_name = self.post_string("serviceName")?; let api_token = self.post_string("serviceToken")?; let client = self.ok_or_bad_request( api_helper::get_client(&api_name, &api_token), "Client not recognized!", )?; if let Some(domain) = &client.domain { let allowed_origin = match conf().force_https { true => format!("https://{}", domain), false => format!("http://{}", domain) }; match self.request.headers().get("Referer") { None => self.bad_request("Unknown origin!".to_string())?, Some(s) => { if !s.to_str()?.starts_with(&allowed_origin) { self.bad_request("Use of this client is prohibited from this domain!".to_string())?; } } } self.headers.insert("Access-Control-Allow-Origin".to_string(), allowed_origin); } self.client = Some(client); Ok(()) } /// Check login token pub fn check_user_token(&mut self) -> RequestResult { let token = self.post_string("userToken1")?; // Find user match account_helper::get_user_by_login_token(&token, self.api_client()) { Ok(id) => { self.curr_user_id = Some(id); Ok(()) } Err(e) => { println!("Error marking login tokens as invalid: {}", e); self.response = Some( actix_web::HttpResponse:: build(actix_web::http::StatusCode::from_u16(412)?) .json(HttpError::new(412, "Please check your login tokens!"))); Err(e) } } } /// Get an integer included in the POST request pub fn post_i64(&mut self, name: &str) -> ResultBoxError { Ok(self.post_string(name)?.parse::()?) } /// Get a boolean included in a POST request pub fn post_bool(&mut self, name: &str) -> ResultBoxError { Ok(self.post_string(name)?.eq("true")) } /// Get an optional boolean included in post request pub fn post_bool_opt(&mut self, name: &str, default: bool) -> bool { self.post_bool(name).unwrap_or(default) } /// Get user ID. This function assess that a user ID is available to continue pub fn user_id(&self) -> ResultBoxError { match self.curr_user_id { Some(s) => Ok(s), None => Err(ExecError::boxed_new("Could not get required user ID!")) } } /// Get a user ID, if available pub fn user_id_opt(&self) -> Option { self.curr_user_id } /// Get an email included in the request pub fn post_email(&mut self, name: &str) -> ResultBoxError { let mail = self.post_string(name)?; if !mailchecker::is_valid(&mail) { self.bad_request("Invalid email address!".to_string())?; } Ok(mail) } /// Get a list of integers included in the request pub fn post_numbers_list(&mut self, name: &str, min_len: usize) -> ResultBoxError> { let param = self.post_string_opt(name, min_len, min_len != 0)?; let mut list = vec![]; for split in param.split::<&str>(",") { if split.is_empty() { continue; } list.push(split.parse::()?); } if list.len() < min_len { self.bad_request(format!("Not enough entries in '{}'!", name))?; } Ok(list) } /// Get the ID of a user included in a POST request pub fn post_user_id(&mut self, name: &str) -> ResultBoxError { let user_id = self.post_i64(name)?; if user_id < 1 { self.bad_request(format!("Invalid user specified in '{}'!", name))?; } if !user_helper::exists(user_id)? { self.not_found(format!("User with ID {} not found!", user_id))?; } Ok(user_id) } /// Get a virtual directory included in a POST request pub fn post_virtual_directory(&mut self, name: &str) -> ResultBoxError { let dir = self.post_string(name)?; if !check_virtual_directory(&dir) { self.bad_request(format!("Invalid virtual directory specified in '{}' !", name))?; } Ok(dir) } }