From dcf9e96a0b16530549168a7891ed8242663b5f28 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 22 Sep 2017 12:54:27 -0500 Subject: remove global refs from api/api4 (#7496) --- api/admin.go | 54 ++++++++++++------------- api/api.go | 118 ++++++++++++++++++++++++------------------------------ api/apitestlib.go | 4 +- api/channel.go | 68 +++++++++++++++---------------- api/command.go | 24 +++++------ api/context.go | 91 +++++++++++++++++++++++++---------------- api/deprecated.go | 2 +- api/emoji.go | 10 ++--- api/file.go | 18 ++++----- api/general.go | 8 ++-- api/license.go | 10 ++--- api/oauth.go | 22 +++++----- api/post.go | 52 ++++++++++++------------ api/preference.go | 12 +++--- api/reaction.go | 8 ++-- api/status.go | 6 +-- api/team.go | 44 ++++++++++---------- api/user.go | 110 +++++++++++++++++++++++++------------------------- api/webhook.go | 20 ++++----- api/webrtc.go | 4 +- api/websocket.go | 4 +- 21 files changed, 349 insertions(+), 340 deletions(-) (limited to 'api') diff --git a/api/admin.go b/api/admin.go index 65cea5eb7..5b532c81a 100644 --- a/api/admin.go +++ b/api/admin.go @@ -15,34 +15,34 @@ import ( "github.com/mssola/user_agent" ) -func InitAdmin() { +func (api *API) InitAdmin() { l4g.Debug(utils.T("api.admin.init.debug")) - BaseRoutes.Admin.Handle("/logs", ApiAdminSystemRequired(getLogs)).Methods("GET") - BaseRoutes.Admin.Handle("/audits", ApiAdminSystemRequired(getAllAudits)).Methods("GET") - BaseRoutes.Admin.Handle("/config", ApiAdminSystemRequired(getConfig)).Methods("GET") - BaseRoutes.Admin.Handle("/save_config", ApiAdminSystemRequired(saveConfig)).Methods("POST") - BaseRoutes.Admin.Handle("/reload_config", ApiAdminSystemRequired(reloadConfig)).Methods("GET") - BaseRoutes.Admin.Handle("/invalidate_all_caches", ApiAdminSystemRequired(invalidateAllCaches)).Methods("GET") - BaseRoutes.Admin.Handle("/test_email", ApiAdminSystemRequired(testEmail)).Methods("POST") - BaseRoutes.Admin.Handle("/recycle_db_conn", ApiAdminSystemRequired(recycleDatabaseConnection)).Methods("GET") - BaseRoutes.Admin.Handle("/analytics/{id:[A-Za-z0-9]+}/{name:[A-Za-z0-9_]+}", ApiAdminSystemRequired(getAnalytics)).Methods("GET") - BaseRoutes.Admin.Handle("/analytics/{name:[A-Za-z0-9_]+}", ApiAdminSystemRequired(getAnalytics)).Methods("GET") - BaseRoutes.Admin.Handle("/save_compliance_report", ApiAdminSystemRequired(saveComplianceReport)).Methods("POST") - BaseRoutes.Admin.Handle("/compliance_reports", ApiAdminSystemRequired(getComplianceReports)).Methods("GET") - BaseRoutes.Admin.Handle("/download_compliance_report/{id:[A-Za-z0-9]+}", ApiAdminSystemRequiredTrustRequester(downloadComplianceReport)).Methods("GET") - BaseRoutes.Admin.Handle("/upload_brand_image", ApiAdminSystemRequired(uploadBrandImage)).Methods("POST") - BaseRoutes.Admin.Handle("/get_brand_image", ApiAppHandlerTrustRequester(getBrandImage)).Methods("GET") - BaseRoutes.Admin.Handle("/reset_mfa", ApiAdminSystemRequired(adminResetMfa)).Methods("POST") - BaseRoutes.Admin.Handle("/reset_password", ApiAdminSystemRequired(adminResetPassword)).Methods("POST") - BaseRoutes.Admin.Handle("/ldap_sync_now", ApiAdminSystemRequired(ldapSyncNow)).Methods("POST") - BaseRoutes.Admin.Handle("/ldap_test", ApiAdminSystemRequired(ldapTest)).Methods("POST") - BaseRoutes.Admin.Handle("/saml_metadata", ApiAppHandler(samlMetadata)).Methods("GET") - BaseRoutes.Admin.Handle("/add_certificate", ApiAdminSystemRequired(addCertificate)).Methods("POST") - BaseRoutes.Admin.Handle("/remove_certificate", ApiAdminSystemRequired(removeCertificate)).Methods("POST") - BaseRoutes.Admin.Handle("/saml_cert_status", ApiAdminSystemRequired(samlCertificateStatus)).Methods("GET") - BaseRoutes.Admin.Handle("/cluster_status", ApiAdminSystemRequired(getClusterStatus)).Methods("GET") - BaseRoutes.Admin.Handle("/recently_active_users/{team_id:[A-Za-z0-9]+}", ApiUserRequired(getRecentlyActiveUsers)).Methods("GET") + api.BaseRoutes.Admin.Handle("/logs", api.ApiAdminSystemRequired(getLogs)).Methods("GET") + api.BaseRoutes.Admin.Handle("/audits", api.ApiAdminSystemRequired(getAllAudits)).Methods("GET") + api.BaseRoutes.Admin.Handle("/config", api.ApiAdminSystemRequired(getConfig)).Methods("GET") + api.BaseRoutes.Admin.Handle("/save_config", api.ApiAdminSystemRequired(saveConfig)).Methods("POST") + api.BaseRoutes.Admin.Handle("/reload_config", api.ApiAdminSystemRequired(reloadConfig)).Methods("GET") + api.BaseRoutes.Admin.Handle("/invalidate_all_caches", api.ApiAdminSystemRequired(invalidateAllCaches)).Methods("GET") + api.BaseRoutes.Admin.Handle("/test_email", api.ApiAdminSystemRequired(testEmail)).Methods("POST") + api.BaseRoutes.Admin.Handle("/recycle_db_conn", api.ApiAdminSystemRequired(recycleDatabaseConnection)).Methods("GET") + api.BaseRoutes.Admin.Handle("/analytics/{id:[A-Za-z0-9]+}/{name:[A-Za-z0-9_]+}", api.ApiAdminSystemRequired(getAnalytics)).Methods("GET") + api.BaseRoutes.Admin.Handle("/analytics/{name:[A-Za-z0-9_]+}", api.ApiAdminSystemRequired(getAnalytics)).Methods("GET") + api.BaseRoutes.Admin.Handle("/save_compliance_report", api.ApiAdminSystemRequired(saveComplianceReport)).Methods("POST") + api.BaseRoutes.Admin.Handle("/compliance_reports", api.ApiAdminSystemRequired(getComplianceReports)).Methods("GET") + api.BaseRoutes.Admin.Handle("/download_compliance_report/{id:[A-Za-z0-9]+}", api.ApiAdminSystemRequiredTrustRequester(downloadComplianceReport)).Methods("GET") + api.BaseRoutes.Admin.Handle("/upload_brand_image", api.ApiAdminSystemRequired(uploadBrandImage)).Methods("POST") + api.BaseRoutes.Admin.Handle("/get_brand_image", api.ApiAppHandlerTrustRequester(getBrandImage)).Methods("GET") + api.BaseRoutes.Admin.Handle("/reset_mfa", api.ApiAdminSystemRequired(adminResetMfa)).Methods("POST") + api.BaseRoutes.Admin.Handle("/reset_password", api.ApiAdminSystemRequired(adminResetPassword)).Methods("POST") + api.BaseRoutes.Admin.Handle("/ldap_sync_now", api.ApiAdminSystemRequired(ldapSyncNow)).Methods("POST") + api.BaseRoutes.Admin.Handle("/ldap_test", api.ApiAdminSystemRequired(ldapTest)).Methods("POST") + api.BaseRoutes.Admin.Handle("/saml_metadata", api.ApiAppHandler(samlMetadata)).Methods("GET") + api.BaseRoutes.Admin.Handle("/add_certificate", api.ApiAdminSystemRequired(addCertificate)).Methods("POST") + api.BaseRoutes.Admin.Handle("/remove_certificate", api.ApiAdminSystemRequired(removeCertificate)).Methods("POST") + api.BaseRoutes.Admin.Handle("/saml_cert_status", api.ApiAdminSystemRequired(samlCertificateStatus)).Methods("GET") + api.BaseRoutes.Admin.Handle("/cluster_status", api.ApiAdminSystemRequired(getClusterStatus)).Methods("GET") + api.BaseRoutes.Admin.Handle("/recently_active_users/{team_id:[A-Za-z0-9]+}", api.ApiUserRequired(getRecentlyActiveUsers)).Methods("GET") } func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { @@ -69,7 +69,7 @@ func getAllAudits(c *Context, w http.ResponseWriter, r *http.Request) { if audits, err := c.App.GetAudits("", 200); err != nil { c.Err = err return - } else if HandleEtag(audits.Etag(), "Get All Audits", w, r) { + } else if c.HandleEtag(audits.Etag(), "Get All Audits", w, r) { return } else { etag := audits.Etag() diff --git a/api/api.go b/api/api.go index 2dca63a07..283120b55 100644 --- a/api/api.go +++ b/api/api.go @@ -56,7 +56,10 @@ type Routes struct { Webrtc *mux.Router // 'api/v3/webrtc' } -var BaseRoutes *Routes +type API struct { + App *app.App + BaseRoutes *Routes +} func NewRouter() *mux.Router { ret := mux.NewRouter() @@ -64,51 +67,54 @@ func NewRouter() *mux.Router { return ret } -func InitApi(root *mux.Router) { - BaseRoutes = &Routes{} - BaseRoutes.Root = root - BaseRoutes.ApiRoot = root.PathPrefix(model.API_URL_SUFFIX_V3).Subrouter() - BaseRoutes.Users = BaseRoutes.ApiRoot.PathPrefix("/users").Subrouter() - BaseRoutes.NeedUser = BaseRoutes.Users.PathPrefix("/{user_id:[A-Za-z0-9]+}").Subrouter() - BaseRoutes.Teams = BaseRoutes.ApiRoot.PathPrefix("/teams").Subrouter() - BaseRoutes.NeedTeam = BaseRoutes.Teams.PathPrefix("/{team_id:[A-Za-z0-9]+}").Subrouter() - BaseRoutes.Channels = BaseRoutes.NeedTeam.PathPrefix("/channels").Subrouter() - BaseRoutes.NeedChannel = BaseRoutes.Channels.PathPrefix("/{channel_id:[A-Za-z0-9]+}").Subrouter() - BaseRoutes.NeedChannelName = BaseRoutes.Channels.PathPrefix("/name/{channel_name:[A-Za-z0-9_-]+}").Subrouter() - BaseRoutes.Posts = BaseRoutes.NeedChannel.PathPrefix("/posts").Subrouter() - BaseRoutes.NeedPost = BaseRoutes.Posts.PathPrefix("/{post_id:[A-Za-z0-9]+}").Subrouter() - BaseRoutes.Commands = BaseRoutes.NeedTeam.PathPrefix("/commands").Subrouter() - BaseRoutes.TeamFiles = BaseRoutes.NeedTeam.PathPrefix("/files").Subrouter() - BaseRoutes.Files = BaseRoutes.ApiRoot.PathPrefix("/files").Subrouter() - BaseRoutes.NeedFile = BaseRoutes.Files.PathPrefix("/{file_id:[A-Za-z0-9]+}").Subrouter() - BaseRoutes.Hooks = BaseRoutes.NeedTeam.PathPrefix("/hooks").Subrouter() - BaseRoutes.OAuth = BaseRoutes.ApiRoot.PathPrefix("/oauth").Subrouter() - BaseRoutes.Admin = BaseRoutes.ApiRoot.PathPrefix("/admin").Subrouter() - BaseRoutes.General = BaseRoutes.ApiRoot.PathPrefix("/general").Subrouter() - BaseRoutes.Preferences = BaseRoutes.ApiRoot.PathPrefix("/preferences").Subrouter() - BaseRoutes.License = BaseRoutes.ApiRoot.PathPrefix("/license").Subrouter() - BaseRoutes.Public = BaseRoutes.ApiRoot.PathPrefix("/public").Subrouter() - BaseRoutes.Emoji = BaseRoutes.ApiRoot.PathPrefix("/emoji").Subrouter() - BaseRoutes.Webrtc = BaseRoutes.ApiRoot.PathPrefix("/webrtc").Subrouter() - - InitUser() - InitTeam() - InitChannel() - InitPost() - InitWebSocket() - InitFile() - InitCommand() - InitAdmin() - InitGeneral() - InitOAuth() - InitWebhook() - InitPreference() - InitLicense() - InitEmoji() - InitStatus() - InitWebrtc() - InitReaction() - InitDeprecated() +func Init(a *app.App, root *mux.Router) *API { + api := &API{ + App: a, + BaseRoutes: &Routes{}, + } + api.BaseRoutes.Root = root + api.BaseRoutes.ApiRoot = root.PathPrefix(model.API_URL_SUFFIX_V3).Subrouter() + api.BaseRoutes.Users = api.BaseRoutes.ApiRoot.PathPrefix("/users").Subrouter() + api.BaseRoutes.NeedUser = api.BaseRoutes.Users.PathPrefix("/{user_id:[A-Za-z0-9]+}").Subrouter() + api.BaseRoutes.Teams = api.BaseRoutes.ApiRoot.PathPrefix("/teams").Subrouter() + api.BaseRoutes.NeedTeam = api.BaseRoutes.Teams.PathPrefix("/{team_id:[A-Za-z0-9]+}").Subrouter() + api.BaseRoutes.Channels = api.BaseRoutes.NeedTeam.PathPrefix("/channels").Subrouter() + api.BaseRoutes.NeedChannel = api.BaseRoutes.Channels.PathPrefix("/{channel_id:[A-Za-z0-9]+}").Subrouter() + api.BaseRoutes.NeedChannelName = api.BaseRoutes.Channels.PathPrefix("/name/{channel_name:[A-Za-z0-9_-]+}").Subrouter() + api.BaseRoutes.Posts = api.BaseRoutes.NeedChannel.PathPrefix("/posts").Subrouter() + api.BaseRoutes.NeedPost = api.BaseRoutes.Posts.PathPrefix("/{post_id:[A-Za-z0-9]+}").Subrouter() + api.BaseRoutes.Commands = api.BaseRoutes.NeedTeam.PathPrefix("/commands").Subrouter() + api.BaseRoutes.TeamFiles = api.BaseRoutes.NeedTeam.PathPrefix("/files").Subrouter() + api.BaseRoutes.Files = api.BaseRoutes.ApiRoot.PathPrefix("/files").Subrouter() + api.BaseRoutes.NeedFile = api.BaseRoutes.Files.PathPrefix("/{file_id:[A-Za-z0-9]+}").Subrouter() + api.BaseRoutes.Hooks = api.BaseRoutes.NeedTeam.PathPrefix("/hooks").Subrouter() + api.BaseRoutes.OAuth = api.BaseRoutes.ApiRoot.PathPrefix("/oauth").Subrouter() + api.BaseRoutes.Admin = api.BaseRoutes.ApiRoot.PathPrefix("/admin").Subrouter() + api.BaseRoutes.General = api.BaseRoutes.ApiRoot.PathPrefix("/general").Subrouter() + api.BaseRoutes.Preferences = api.BaseRoutes.ApiRoot.PathPrefix("/preferences").Subrouter() + api.BaseRoutes.License = api.BaseRoutes.ApiRoot.PathPrefix("/license").Subrouter() + api.BaseRoutes.Public = api.BaseRoutes.ApiRoot.PathPrefix("/public").Subrouter() + api.BaseRoutes.Emoji = api.BaseRoutes.ApiRoot.PathPrefix("/emoji").Subrouter() + api.BaseRoutes.Webrtc = api.BaseRoutes.ApiRoot.PathPrefix("/webrtc").Subrouter() + + api.InitUser() + api.InitTeam() + api.InitChannel() + api.InitPost() + api.InitWebSocket() + api.InitFile() + api.InitCommand() + api.InitAdmin() + api.InitGeneral() + api.InitOAuth() + api.InitWebhook() + api.InitPreference() + api.InitLicense() + api.InitEmoji() + api.InitStatus() + api.InitWebrtc() + api.InitReaction() + api.InitDeprecated() // 404 on any api route before web.go has a chance to serve it root.Handle("/api/{anything:.*}", http.HandlerFunc(Handle404)) @@ -120,26 +126,8 @@ func InitApi(root *mux.Router) { if *utils.Cfg.ServiceSettings.EnableAPIv3 { l4g.Info("API version 3 is scheduled for deprecation. Please see https://api.mattermost.com for details.") } -} - -func HandleEtag(etag string, routeName string, w http.ResponseWriter, r *http.Request) bool { - metrics := app.Global().Metrics - if et := r.Header.Get(model.HEADER_ETAG_CLIENT); len(etag) > 0 { - if et == etag { - w.Header().Set(model.HEADER_ETAG_SERVER, etag) - w.WriteHeader(http.StatusNotModified) - if metrics != nil { - metrics.IncrementEtagHitCounter(routeName) - } - return true - } - } - - if metrics != nil { - metrics.IncrementEtagMissCounter(routeName) - } - return false + return api } func ReturnStatusOK(w http.ResponseWriter) { diff --git a/api/apitestlib.go b/api/apitestlib.go index 276ff81e1..8504748e1 100644 --- a/api/apitestlib.go +++ b/api/apitestlib.go @@ -51,8 +51,8 @@ func setupTestHelper(enterprise bool) *TestHelper { th.App.Srv.Router = NewRouter() wsapi.InitRouter() th.App.StartServer() - api4.InitApi(th.App.Srv.Router, false) - InitApi(th.App.Srv.Router) + api4.Init(th.App, th.App.Srv.Router, false) + Init(th.App, th.App.Srv.Router) wsapi.InitApi() utils.EnableDebugLogForTest() th.App.Srv.Store.MarkSystemRanUnitTests() diff --git a/api/channel.go b/api/channel.go index 6867e0017..3b033fcb8 100644 --- a/api/channel.go +++ b/api/channel.go @@ -14,38 +14,38 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitChannel() { +func (api *API) InitChannel() { l4g.Debug(utils.T("api.channel.init.debug")) - BaseRoutes.Channels.Handle("/", ApiUserRequired(getChannels)).Methods("GET") - BaseRoutes.Channels.Handle("/more/{offset:[0-9]+}/{limit:[0-9]+}", ApiUserRequired(getMoreChannelsPage)).Methods("GET") - BaseRoutes.Channels.Handle("/more/search", ApiUserRequired(searchMoreChannels)).Methods("POST") - BaseRoutes.Channels.Handle("/counts", ApiUserRequired(getChannelCounts)).Methods("GET") - BaseRoutes.Channels.Handle("/members", ApiUserRequired(getMyChannelMembers)).Methods("GET") - BaseRoutes.Channels.Handle("/create", ApiUserRequired(createChannel)).Methods("POST") - BaseRoutes.Channels.Handle("/view", ApiUserRequired(viewChannel)).Methods("POST") - BaseRoutes.Channels.Handle("/create_direct", ApiUserRequired(createDirectChannel)).Methods("POST") - BaseRoutes.Channels.Handle("/create_group", ApiUserRequired(createGroupChannel)).Methods("POST") - BaseRoutes.Channels.Handle("/update", ApiUserRequired(updateChannel)).Methods("POST") - BaseRoutes.Channels.Handle("/update_header", ApiUserRequired(updateChannelHeader)).Methods("POST") - BaseRoutes.Channels.Handle("/update_purpose", ApiUserRequired(updateChannelPurpose)).Methods("POST") - BaseRoutes.Channels.Handle("/update_notify_props", ApiUserRequired(updateNotifyProps)).Methods("POST") - BaseRoutes.Channels.Handle("/autocomplete", ApiUserRequired(autocompleteChannels)).Methods("GET") - BaseRoutes.Channels.Handle("/name/{channel_name:[A-Za-z0-9_-]+}", ApiUserRequired(getChannelByName)).Methods("GET") - - BaseRoutes.NeedChannelName.Handle("/join", ApiUserRequired(join)).Methods("POST") - - BaseRoutes.NeedChannel.Handle("/", ApiUserRequired(getChannel)).Methods("GET") - BaseRoutes.NeedChannel.Handle("/stats", ApiUserRequired(getChannelStats)).Methods("GET") - BaseRoutes.NeedChannel.Handle("/members/{user_id:[A-Za-z0-9]+}", ApiUserRequired(getChannelMember)).Methods("GET") - BaseRoutes.NeedChannel.Handle("/members/ids", ApiUserRequired(getChannelMembersByIds)).Methods("POST") - BaseRoutes.NeedChannel.Handle("/pinned", ApiUserRequired(getPinnedPosts)).Methods("GET") - BaseRoutes.NeedChannel.Handle("/join", ApiUserRequired(join)).Methods("POST") - BaseRoutes.NeedChannel.Handle("/leave", ApiUserRequired(leave)).Methods("POST") - BaseRoutes.NeedChannel.Handle("/delete", ApiUserRequired(deleteChannel)).Methods("POST") - BaseRoutes.NeedChannel.Handle("/add", ApiUserRequired(addMember)).Methods("POST") - BaseRoutes.NeedChannel.Handle("/remove", ApiUserRequired(removeMember)).Methods("POST") - BaseRoutes.NeedChannel.Handle("/update_member_roles", ApiUserRequired(updateChannelMemberRoles)).Methods("POST") + api.BaseRoutes.Channels.Handle("/", api.ApiUserRequired(getChannels)).Methods("GET") + api.BaseRoutes.Channels.Handle("/more/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getMoreChannelsPage)).Methods("GET") + api.BaseRoutes.Channels.Handle("/more/search", api.ApiUserRequired(searchMoreChannels)).Methods("POST") + api.BaseRoutes.Channels.Handle("/counts", api.ApiUserRequired(getChannelCounts)).Methods("GET") + api.BaseRoutes.Channels.Handle("/members", api.ApiUserRequired(getMyChannelMembers)).Methods("GET") + api.BaseRoutes.Channels.Handle("/create", api.ApiUserRequired(createChannel)).Methods("POST") + api.BaseRoutes.Channels.Handle("/view", api.ApiUserRequired(viewChannel)).Methods("POST") + api.BaseRoutes.Channels.Handle("/create_direct", api.ApiUserRequired(createDirectChannel)).Methods("POST") + api.BaseRoutes.Channels.Handle("/create_group", api.ApiUserRequired(createGroupChannel)).Methods("POST") + api.BaseRoutes.Channels.Handle("/update", api.ApiUserRequired(updateChannel)).Methods("POST") + api.BaseRoutes.Channels.Handle("/update_header", api.ApiUserRequired(updateChannelHeader)).Methods("POST") + api.BaseRoutes.Channels.Handle("/update_purpose", api.ApiUserRequired(updateChannelPurpose)).Methods("POST") + api.BaseRoutes.Channels.Handle("/update_notify_props", api.ApiUserRequired(updateNotifyProps)).Methods("POST") + api.BaseRoutes.Channels.Handle("/autocomplete", api.ApiUserRequired(autocompleteChannels)).Methods("GET") + api.BaseRoutes.Channels.Handle("/name/{channel_name:[A-Za-z0-9_-]+}", api.ApiUserRequired(getChannelByName)).Methods("GET") + + api.BaseRoutes.NeedChannelName.Handle("/join", api.ApiUserRequired(join)).Methods("POST") + + api.BaseRoutes.NeedChannel.Handle("/", api.ApiUserRequired(getChannel)).Methods("GET") + api.BaseRoutes.NeedChannel.Handle("/stats", api.ApiUserRequired(getChannelStats)).Methods("GET") + api.BaseRoutes.NeedChannel.Handle("/members/{user_id:[A-Za-z0-9]+}", api.ApiUserRequired(getChannelMember)).Methods("GET") + api.BaseRoutes.NeedChannel.Handle("/members/ids", api.ApiUserRequired(getChannelMembersByIds)).Methods("POST") + api.BaseRoutes.NeedChannel.Handle("/pinned", api.ApiUserRequired(getPinnedPosts)).Methods("GET") + api.BaseRoutes.NeedChannel.Handle("/join", api.ApiUserRequired(join)).Methods("POST") + api.BaseRoutes.NeedChannel.Handle("/leave", api.ApiUserRequired(leave)).Methods("POST") + api.BaseRoutes.NeedChannel.Handle("/delete", api.ApiUserRequired(deleteChannel)).Methods("POST") + api.BaseRoutes.NeedChannel.Handle("/add", api.ApiUserRequired(addMember)).Methods("POST") + api.BaseRoutes.NeedChannel.Handle("/remove", api.ApiUserRequired(removeMember)).Methods("POST") + api.BaseRoutes.NeedChannel.Handle("/update_member_roles", api.ApiUserRequired(updateChannelMemberRoles)).Methods("POST") } func createChannel(c *Context, w http.ResponseWriter, r *http.Request) { @@ -327,7 +327,7 @@ func getChannels(c *Context, w http.ResponseWriter, r *http.Request) { } c.Err = err return - } else if HandleEtag(channels.Etag(), "Get Channels", w, r) { + } else if c.HandleEtag(channels.Etag(), "Get Channels", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, channels.Etag()) @@ -372,7 +372,7 @@ func getChannelCounts(c *Context, w http.ResponseWriter, r *http.Request) { if counts, err := c.App.GetChannelCounts(c.TeamId, c.Session.UserId); err != nil { c.Err = model.NewAppError("getChannelCounts", "api.channel.get_channel_counts.app_error", nil, err.Message, http.StatusInternalServerError) return - } else if HandleEtag(counts.Etag(), "Get Channel Counts", w, r) { + } else if c.HandleEtag(counts.Etag(), "Get Channel Counts", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, counts.Etag()) @@ -494,7 +494,7 @@ func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { data.Channel = channel data.Member = member - if HandleEtag(data.Etag(), "Get Channel", w, r) { + if c.HandleEtag(data.Etag(), "Get Channel", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, data.Etag()) @@ -520,7 +520,7 @@ func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { return } - if HandleEtag(channel.Etag(), "Get Channel By Name", w, r) { + if c.HandleEtag(channel.Etag(), "Get Channel By Name", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, channel.Etag()) diff --git a/api/command.go b/api/command.go index cad294823..673683d6a 100644 --- a/api/command.go +++ b/api/command.go @@ -15,22 +15,22 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitCommand() { +func (api *API) InitCommand() { l4g.Debug(utils.T("api.command.init.debug")) - BaseRoutes.Commands.Handle("/execute", ApiUserRequired(executeCommand)).Methods("POST") - BaseRoutes.Commands.Handle("/list", ApiUserRequired(listCommands)).Methods("GET") + api.BaseRoutes.Commands.Handle("/execute", api.ApiUserRequired(executeCommand)).Methods("POST") + api.BaseRoutes.Commands.Handle("/list", api.ApiUserRequired(listCommands)).Methods("GET") - BaseRoutes.Commands.Handle("/create", ApiUserRequired(createCommand)).Methods("POST") - BaseRoutes.Commands.Handle("/update", ApiUserRequired(updateCommand)).Methods("POST") - BaseRoutes.Commands.Handle("/list_team_commands", ApiUserRequired(listTeamCommands)).Methods("GET") - BaseRoutes.Commands.Handle("/regen_token", ApiUserRequired(regenCommandToken)).Methods("POST") - BaseRoutes.Commands.Handle("/delete", ApiUserRequired(deleteCommand)).Methods("POST") + api.BaseRoutes.Commands.Handle("/create", api.ApiUserRequired(createCommand)).Methods("POST") + api.BaseRoutes.Commands.Handle("/update", api.ApiUserRequired(updateCommand)).Methods("POST") + api.BaseRoutes.Commands.Handle("/list_team_commands", api.ApiUserRequired(listTeamCommands)).Methods("GET") + api.BaseRoutes.Commands.Handle("/regen_token", api.ApiUserRequired(regenCommandToken)).Methods("POST") + api.BaseRoutes.Commands.Handle("/delete", api.ApiUserRequired(deleteCommand)).Methods("POST") - BaseRoutes.Teams.Handle("/command_test", ApiAppHandler(testCommand)).Methods("POST") - BaseRoutes.Teams.Handle("/command_test", ApiAppHandler(testCommand)).Methods("GET") - BaseRoutes.Teams.Handle("/command_test_e", ApiAppHandler(testEphemeralCommand)).Methods("POST") - BaseRoutes.Teams.Handle("/command_test_e", ApiAppHandler(testEphemeralCommand)).Methods("GET") + api.BaseRoutes.Teams.Handle("/command_test", api.ApiAppHandler(testCommand)).Methods("POST") + api.BaseRoutes.Teams.Handle("/command_test", api.ApiAppHandler(testCommand)).Methods("GET") + api.BaseRoutes.Teams.Handle("/command_test_e", api.ApiAppHandler(testEphemeralCommand)).Methods("POST") + api.BaseRoutes.Teams.Handle("/command_test_e", api.ApiAppHandler(testEphemeralCommand)).Methods("GET") } func listCommands(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/context.go b/api/context.go index ebc439d31..0322b6c43 100644 --- a/api/context.go +++ b/api/context.go @@ -35,59 +35,60 @@ type Context struct { isSystemAdmin bool } -func ApiAppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, false, false, true, false, false, false, false} +func (api *API) ApiAppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, false, false, true, false, false, false, false} } -func AppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, false, false, false, false, false, false, false} +func (api *API) AppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, false, false, false, false, false, false, false} } -func AppHandlerIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, false, false, false, false, true, false, false} +func (api *API) AppHandlerIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, false, false, false, false, true, false, false} } -func ApiUserRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, true, false, true, false, false, false, true} +func (api *API) ApiUserRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, true, false, true, false, false, false, true} } -func ApiUserRequiredActivity(h func(*Context, http.ResponseWriter, *http.Request), isUserActivity bool) http.Handler { - return &handler{h, true, false, true, isUserActivity, false, false, true} +func (api *API) ApiUserRequiredActivity(h func(*Context, http.ResponseWriter, *http.Request), isUserActivity bool) http.Handler { + return &handler{api.App, h, true, false, true, isUserActivity, false, false, true} } -func ApiUserRequiredMfa(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, true, false, true, false, false, false, false} +func (api *API) ApiUserRequiredMfa(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, true, false, true, false, false, false, false} } -func UserRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, true, false, false, false, false, false, true} +func (api *API) UserRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, true, false, false, false, false, false, true} } -func AppHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, false, false, false, false, false, true, false} +func (api *API) AppHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, false, false, false, false, false, true, false} } -func ApiAdminSystemRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, true, true, true, false, false, false, true} +func (api *API) ApiAdminSystemRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, true, true, true, false, false, false, true} } -func ApiAdminSystemRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, true, true, true, false, false, true, true} +func (api *API) ApiAdminSystemRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, true, true, true, false, false, true, true} } -func ApiAppHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, false, false, true, false, false, true, false} +func (api *API) ApiAppHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, false, false, true, false, false, true, false} } -func ApiUserRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, true, false, true, false, false, true, true} +func (api *API) ApiUserRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, true, false, true, false, false, true, true} } -func ApiAppHandlerTrustRequesterIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { - return &handler{h, false, false, true, false, true, true, false} +func (api *API) ApiAppHandlerTrustRequesterIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { + return &handler{api.App, h, false, false, true, false, true, true, false} } type handler struct { + app *app.App handleFunc func(*Context, http.ResponseWriter, *http.Request) requireUser bool requireSystemAdmin bool @@ -103,7 +104,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { l4g.Debug("%v", r.URL.Path) c := &Context{} - c.App = app.Global() + c.App = h.app c.T, c.Locale = utils.GetTranslationsAndLocale(w, r) c.RequestId = model.NewId() c.IpAddress = utils.GetIpAddress(r) @@ -166,7 +167,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } if len(token) != 0 { - session, err := app.Global().GetSession(token) + session, err := c.App.GetSession(token) if err != nil { l4g.Error(utils.T("api.context.invalid_session.error"), err.Error()) @@ -207,8 +208,8 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } if c.Err == nil && h.isUserActivity && token != "" && len(c.Session.UserId) > 0 { - app.Global().SetStatusOnline(c.Session.UserId, c.Session.Id, false) - app.Global().UpdateLastActivityAtIfNeeded(c.Session) + c.App.SetStatusOnline(c.Session.UserId, c.Session.Id, false) + c.App.UpdateLastActivityAtIfNeeded(c.Session) } if c.Err == nil && (h.requireUser || h.requireSystemAdmin) { @@ -259,7 +260,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (c *Context) LogAudit(extraInfo string) { audit := &model.Audit{UserId: c.Session.UserId, IpAddress: c.IpAddress, Action: c.Path, ExtraInfo: extraInfo, SessionId: c.Session.Id} - if r := <-app.Global().Srv.Store.Audit().Save(audit); r.Err != nil { + if r := <-c.App.Srv.Store.Audit().Save(audit); r.Err != nil { c.LogError(r.Err) } } @@ -271,7 +272,7 @@ func (c *Context) LogAuditWithUserId(userId, extraInfo string) { } audit := &model.Audit{UserId: userId, IpAddress: c.IpAddress, Action: c.Path, ExtraInfo: extraInfo, SessionId: c.Session.Id} - if r := <-app.Global().Srv.Store.Audit().Save(audit); r.Err != nil { + if r := <-c.App.Srv.Store.Audit().Save(audit); r.Err != nil { c.LogError(r.Err) } } @@ -315,7 +316,7 @@ func (c *Context) MfaRequired() { return } - if result := <-app.Global().Srv.Store.User().Get(c.Session.UserId); result.Err != nil { + if result := <-c.App.Srv.Store.User().Get(c.Session.UserId); result.Err != nil { c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "MfaRequired", http.StatusUnauthorized) return } else { @@ -392,7 +393,7 @@ func (c *Context) setTeamURL(url string, valid bool) { } func (c *Context) SetTeamURLFromSession() { - if result := <-app.Global().Srv.Store.Team().Get(c.TeamId); result.Err == nil { + if result := <-c.App.Srv.Store.Team().Get(c.TeamId); result.Err == nil { c.setTeamURL(c.GetSiteURLHeader()+"/"+result.Data.(*model.Team).Name, true) } } @@ -424,6 +425,26 @@ func (c *Context) GetCurrentTeamMember() *model.TeamMember { return c.Session.GetTeamByTeamId(c.TeamId) } +func (c *Context) HandleEtag(etag string, routeName string, w http.ResponseWriter, r *http.Request) bool { + metrics := c.App.Metrics + if et := r.Header.Get(model.HEADER_ETAG_CLIENT); len(etag) > 0 { + if et == etag { + w.Header().Set(model.HEADER_ETAG_SERVER, etag) + w.WriteHeader(http.StatusNotModified) + if metrics != nil { + metrics.IncrementEtagHitCounter(routeName) + } + return true + } + } + + if metrics != nil { + metrics.IncrementEtagMissCounter(routeName) + } + + return false +} + func IsApiCall(r *http.Request) bool { return strings.Index(r.URL.Path, "/api/") == 0 } @@ -446,7 +467,7 @@ func Handle404(w http.ResponseWriter, r *http.Request) { func (c *Context) CheckTeamId() { if c.TeamId != "" && c.Session.GetTeamByTeamId(c.TeamId) == nil { if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { - if result := <-app.Global().Srv.Store.Team().Get(c.TeamId); result.Err != nil { + if result := <-c.App.Srv.Store.Team().Get(c.TeamId); result.Err != nil { c.Err = result.Err c.Err.StatusCode = http.StatusBadRequest return diff --git a/api/deprecated.go b/api/deprecated.go index 739b6658c..f62af84de 100644 --- a/api/deprecated.go +++ b/api/deprecated.go @@ -10,6 +10,6 @@ import ( // ONLY FOR APIs SCHEDULED TO BE DEPRECATED -func InitDeprecated() { +func (api *API) InitDeprecated() { l4g.Debug(utils.T("api.deprecated.init.debug")) } diff --git a/api/emoji.go b/api/emoji.go index 2b29974e3..1961ad146 100644 --- a/api/emoji.go +++ b/api/emoji.go @@ -21,13 +21,13 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitEmoji() { +func (api *API) InitEmoji() { l4g.Debug(utils.T("api.emoji.init.debug")) - BaseRoutes.Emoji.Handle("/list", ApiUserRequired(getEmoji)).Methods("GET") - BaseRoutes.Emoji.Handle("/create", ApiUserRequired(createEmoji)).Methods("POST") - BaseRoutes.Emoji.Handle("/delete", ApiUserRequired(deleteEmoji)).Methods("POST") - BaseRoutes.Emoji.Handle("/{id:[A-Za-z0-9_]+}", ApiUserRequiredTrustRequester(getEmojiImage)).Methods("GET") + api.BaseRoutes.Emoji.Handle("/list", api.ApiUserRequired(getEmoji)).Methods("GET") + api.BaseRoutes.Emoji.Handle("/create", api.ApiUserRequired(createEmoji)).Methods("POST") + api.BaseRoutes.Emoji.Handle("/delete", api.ApiUserRequired(deleteEmoji)).Methods("POST") + api.BaseRoutes.Emoji.Handle("/{id:[A-Za-z0-9_]+}", api.ApiUserRequiredTrustRequester(getEmojiImage)).Methods("GET") } func getEmoji(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/file.go b/api/file.go index 28ad5db08..28007f222 100644 --- a/api/file.go +++ b/api/file.go @@ -30,19 +30,19 @@ var UNSAFE_CONTENT_TYPES = [...]string{ "text/html", } -func InitFile() { +func (api *API) InitFile() { l4g.Debug(utils.T("api.file.init.debug")) - BaseRoutes.TeamFiles.Handle("/upload", ApiUserRequired(uploadFile)).Methods("POST") + api.BaseRoutes.TeamFiles.Handle("/upload", api.ApiUserRequired(uploadFile)).Methods("POST") - BaseRoutes.NeedFile.Handle("/get", ApiUserRequiredTrustRequester(getFile)).Methods("GET") - BaseRoutes.NeedFile.Handle("/get_thumbnail", ApiUserRequiredTrustRequester(getFileThumbnail)).Methods("GET") - BaseRoutes.NeedFile.Handle("/get_preview", ApiUserRequiredTrustRequester(getFilePreview)).Methods("GET") - BaseRoutes.NeedFile.Handle("/get_info", ApiUserRequired(getFileInfo)).Methods("GET") - BaseRoutes.NeedFile.Handle("/get_public_link", ApiUserRequired(getPublicLink)).Methods("GET") + api.BaseRoutes.NeedFile.Handle("/get", api.ApiUserRequiredTrustRequester(getFile)).Methods("GET") + api.BaseRoutes.NeedFile.Handle("/get_thumbnail", api.ApiUserRequiredTrustRequester(getFileThumbnail)).Methods("GET") + api.BaseRoutes.NeedFile.Handle("/get_preview", api.ApiUserRequiredTrustRequester(getFilePreview)).Methods("GET") + api.BaseRoutes.NeedFile.Handle("/get_info", api.ApiUserRequired(getFileInfo)).Methods("GET") + api.BaseRoutes.NeedFile.Handle("/get_public_link", api.ApiUserRequired(getPublicLink)).Methods("GET") - BaseRoutes.Public.Handle("/files/{file_id:[A-Za-z0-9]+}/get", ApiAppHandlerTrustRequesterIndependent(getPublicFile)).Methods("GET") - BaseRoutes.Public.Handle("/files/get/{team_id:[A-Za-z0-9]+}/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:(?:[A-Za-z0-9]+/)?.+(?:\\.[A-Za-z0-9]{3,})?}", ApiAppHandlerTrustRequesterIndependent(getPublicFileOld)).Methods("GET") + api.BaseRoutes.Public.Handle("/files/{file_id:[A-Za-z0-9]+}/get", api.ApiAppHandlerTrustRequesterIndependent(getPublicFile)).Methods("GET") + api.BaseRoutes.Public.Handle("/files/get/{team_id:[A-Za-z0-9]+}/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:(?:[A-Za-z0-9]+/)?.+(?:\\.[A-Za-z0-9]{3,})?}", api.ApiAppHandlerTrustRequesterIndependent(getPublicFileOld)).Methods("GET") } func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/general.go b/api/general.go index 09bbc75c5..015baec4e 100644 --- a/api/general.go +++ b/api/general.go @@ -15,12 +15,12 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitGeneral() { +func (api *API) InitGeneral() { l4g.Debug(utils.T("api.general.init.debug")) - BaseRoutes.General.Handle("/client_props", ApiAppHandler(getClientConfig)).Methods("GET") - BaseRoutes.General.Handle("/log_client", ApiAppHandler(logClient)).Methods("POST") - BaseRoutes.General.Handle("/ping", ApiAppHandler(ping)).Methods("GET") + api.BaseRoutes.General.Handle("/client_props", api.ApiAppHandler(getClientConfig)).Methods("GET") + api.BaseRoutes.General.Handle("/log_client", api.ApiAppHandler(logClient)).Methods("POST") + api.BaseRoutes.General.Handle("/ping", api.ApiAppHandler(ping)).Methods("GET") } func getClientConfig(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/license.go b/api/license.go index e9ba85e59..18d6a20a3 100644 --- a/api/license.go +++ b/api/license.go @@ -14,12 +14,12 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitLicense() { +func (api *API) InitLicense() { l4g.Debug(utils.T("api.license.init.debug")) - BaseRoutes.License.Handle("/add", ApiAdminSystemRequired(addLicense)).Methods("POST") - BaseRoutes.License.Handle("/remove", ApiAdminSystemRequired(removeLicense)).Methods("POST") - BaseRoutes.License.Handle("/client_config", ApiAppHandler(getClientLicenceConfig)).Methods("GET") + api.BaseRoutes.License.Handle("/add", api.ApiAdminSystemRequired(addLicense)).Methods("POST") + api.BaseRoutes.License.Handle("/remove", api.ApiAdminSystemRequired(removeLicense)).Methods("POST") + api.BaseRoutes.License.Handle("/client_config", api.ApiAppHandler(getClientLicenceConfig)).Methods("GET") } func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { @@ -88,7 +88,7 @@ func getClientLicenceConfig(c *Context, w http.ResponseWriter, r *http.Request) useSanitizedLicense := !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) etag := utils.GetClientLicenseEtag(useSanitizedLicense) - if HandleEtag(etag, "Get Client License Config", w, r) { + if c.HandleEtag(etag, "Get Client License Config", w, r) { return } diff --git a/api/oauth.go b/api/oauth.go index 6297b998c..0a26a6f98 100644 --- a/api/oauth.go +++ b/api/oauth.go @@ -13,19 +13,19 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitOAuth() { +func (api *API) InitOAuth() { l4g.Debug(utils.T("api.oauth.init.debug")) - BaseRoutes.OAuth.Handle("/register", ApiUserRequired(registerOAuthApp)).Methods("POST") - BaseRoutes.OAuth.Handle("/list", ApiUserRequired(getOAuthApps)).Methods("GET") - BaseRoutes.OAuth.Handle("/app/{client_id}", ApiUserRequired(getOAuthAppInfo)).Methods("GET") - BaseRoutes.OAuth.Handle("/allow", ApiUserRequired(allowOAuth)).Methods("GET") - BaseRoutes.OAuth.Handle("/authorized", ApiUserRequired(getAuthorizedApps)).Methods("GET") - BaseRoutes.OAuth.Handle("/delete", ApiUserRequired(deleteOAuthApp)).Methods("POST") - BaseRoutes.OAuth.Handle("/{id:[A-Za-z0-9]+}/deauthorize", ApiUserRequired(deauthorizeOAuthApp)).Methods("POST") - BaseRoutes.OAuth.Handle("/{id:[A-Za-z0-9]+}/regen_secret", ApiUserRequired(regenerateOAuthSecret)).Methods("POST") - BaseRoutes.OAuth.Handle("/{service:[A-Za-z0-9]+}/login", AppHandlerIndependent(loginWithOAuth)).Methods("GET") - BaseRoutes.OAuth.Handle("/{service:[A-Za-z0-9]+}/signup", AppHandlerIndependent(signupWithOAuth)).Methods("GET") + api.BaseRoutes.OAuth.Handle("/register", api.ApiUserRequired(registerOAuthApp)).Methods("POST") + api.BaseRoutes.OAuth.Handle("/list", api.ApiUserRequired(getOAuthApps)).Methods("GET") + api.BaseRoutes.OAuth.Handle("/app/{client_id}", api.ApiUserRequired(getOAuthAppInfo)).Methods("GET") + api.BaseRoutes.OAuth.Handle("/allow", api.ApiUserRequired(allowOAuth)).Methods("GET") + api.BaseRoutes.OAuth.Handle("/authorized", api.ApiUserRequired(getAuthorizedApps)).Methods("GET") + api.BaseRoutes.OAuth.Handle("/delete", api.ApiUserRequired(deleteOAuthApp)).Methods("POST") + api.BaseRoutes.OAuth.Handle("/{id:[A-Za-z0-9]+}/deauthorize", api.ApiUserRequired(deauthorizeOAuthApp)).Methods("POST") + api.BaseRoutes.OAuth.Handle("/{id:[A-Za-z0-9]+}/regen_secret", api.ApiUserRequired(regenerateOAuthSecret)).Methods("POST") + api.BaseRoutes.OAuth.Handle("/{service:[A-Za-z0-9]+}/login", api.AppHandlerIndependent(loginWithOAuth)).Methods("GET") + api.BaseRoutes.OAuth.Handle("/{service:[A-Za-z0-9]+}/signup", api.AppHandlerIndependent(signupWithOAuth)).Methods("GET") } func registerOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/post.go b/api/post.go index 60c9b59bd..703c070c5 100644 --- a/api/post.go +++ b/api/post.go @@ -18,28 +18,28 @@ const OPEN_GRAPH_METADATA_CACHE_SIZE = 10000 var openGraphDataCache = utils.NewLru(OPEN_GRAPH_METADATA_CACHE_SIZE) -func InitPost() { +func (api *API) InitPost() { l4g.Debug(utils.T("api.post.init.debug")) - BaseRoutes.ApiRoot.Handle("/get_opengraph_metadata", ApiUserRequired(getOpenGraphMetadata)).Methods("POST") - - BaseRoutes.NeedTeam.Handle("/posts/search", ApiUserRequiredActivity(searchPosts, true)).Methods("POST") - BaseRoutes.NeedTeam.Handle("/posts/flagged/{offset:[0-9]+}/{limit:[0-9]+}", ApiUserRequired(getFlaggedPosts)).Methods("GET") - BaseRoutes.NeedTeam.Handle("/posts/{post_id}", ApiUserRequired(getPostById)).Methods("GET") - BaseRoutes.NeedTeam.Handle("/pltmp/{post_id}", ApiUserRequired(getPermalinkTmp)).Methods("GET") - - BaseRoutes.Posts.Handle("/create", ApiUserRequiredActivity(createPost, true)).Methods("POST") - BaseRoutes.Posts.Handle("/update", ApiUserRequiredActivity(updatePost, true)).Methods("POST") - BaseRoutes.Posts.Handle("/page/{offset:[0-9]+}/{limit:[0-9]+}", ApiUserRequired(getPosts)).Methods("GET") - BaseRoutes.Posts.Handle("/since/{time:[0-9]+}", ApiUserRequired(getPostsSince)).Methods("GET") - - BaseRoutes.NeedPost.Handle("/get", ApiUserRequired(getPost)).Methods("GET") - BaseRoutes.NeedPost.Handle("/delete", ApiUserRequiredActivity(deletePost, true)).Methods("POST") - BaseRoutes.NeedPost.Handle("/before/{offset:[0-9]+}/{num_posts:[0-9]+}", ApiUserRequired(getPostsBefore)).Methods("GET") - BaseRoutes.NeedPost.Handle("/after/{offset:[0-9]+}/{num_posts:[0-9]+}", ApiUserRequired(getPostsAfter)).Methods("GET") - BaseRoutes.NeedPost.Handle("/get_file_infos", ApiUserRequired(getFileInfosForPost)).Methods("GET") - BaseRoutes.NeedPost.Handle("/pin", ApiUserRequired(pinPost)).Methods("POST") - BaseRoutes.NeedPost.Handle("/unpin", ApiUserRequired(unpinPost)).Methods("POST") + api.BaseRoutes.ApiRoot.Handle("/get_opengraph_metadata", api.ApiUserRequired(getOpenGraphMetadata)).Methods("POST") + + api.BaseRoutes.NeedTeam.Handle("/posts/search", api.ApiUserRequiredActivity(searchPosts, true)).Methods("POST") + api.BaseRoutes.NeedTeam.Handle("/posts/flagged/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getFlaggedPosts)).Methods("GET") + api.BaseRoutes.NeedTeam.Handle("/posts/{post_id}", api.ApiUserRequired(getPostById)).Methods("GET") + api.BaseRoutes.NeedTeam.Handle("/pltmp/{post_id}", api.ApiUserRequired(getPermalinkTmp)).Methods("GET") + + api.BaseRoutes.Posts.Handle("/create", api.ApiUserRequiredActivity(createPost, true)).Methods("POST") + api.BaseRoutes.Posts.Handle("/update", api.ApiUserRequiredActivity(updatePost, true)).Methods("POST") + api.BaseRoutes.Posts.Handle("/page/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getPosts)).Methods("GET") + api.BaseRoutes.Posts.Handle("/since/{time:[0-9]+}", api.ApiUserRequired(getPostsSince)).Methods("GET") + + api.BaseRoutes.NeedPost.Handle("/get", api.ApiUserRequired(getPost)).Methods("GET") + api.BaseRoutes.NeedPost.Handle("/delete", api.ApiUserRequiredActivity(deletePost, true)).Methods("POST") + api.BaseRoutes.NeedPost.Handle("/before/{offset:[0-9]+}/{num_posts:[0-9]+}", api.ApiUserRequired(getPostsBefore)).Methods("GET") + api.BaseRoutes.NeedPost.Handle("/after/{offset:[0-9]+}/{num_posts:[0-9]+}", api.ApiUserRequired(getPostsAfter)).Methods("GET") + api.BaseRoutes.NeedPost.Handle("/get_file_infos", api.ApiUserRequired(getFileInfosForPost)).Methods("GET") + api.BaseRoutes.NeedPost.Handle("/pin", api.ApiUserRequired(pinPost)).Methods("POST") + api.BaseRoutes.NeedPost.Handle("/unpin", api.ApiUserRequired(unpinPost)).Methods("POST") } func createPost(c *Context, w http.ResponseWriter, r *http.Request) { @@ -212,7 +212,7 @@ func getPosts(c *Context, w http.ResponseWriter, r *http.Request) { etag := c.App.GetPostsEtag(id) - if HandleEtag(etag, "Get Posts", w, r) { + if c.HandleEtag(etag, "Get Posts", w, r) { return } @@ -278,7 +278,7 @@ func getPost(c *Context, w http.ResponseWriter, r *http.Request) { if list, err := c.App.GetPostThread(postId); err != nil { c.Err = err return - } else if HandleEtag(list.Etag(), "Get Post", w, r) { + } else if c.HandleEtag(list.Etag(), "Get Post", w, r) { return } else { if !list.IsChannelId(channelId) { @@ -315,7 +315,7 @@ func getPostById(c *Context, w http.ResponseWriter, r *http.Request) { return } - if HandleEtag(list.Etag(), "Get Post By Id", w, r) { + if c.HandleEtag(list.Etag(), "Get Post By Id", w, r) { return } @@ -356,7 +356,7 @@ func getPermalinkTmp(c *Context, w http.ResponseWriter, r *http.Request) { if list, err := c.App.GetPermalinkPost(postId, c.Session.UserId); err != nil { c.Err = err return - } else if HandleEtag(list.Etag(), "Get Permalink TMP", w, r) { + } else if c.HandleEtag(list.Etag(), "Get Permalink TMP", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag()) @@ -447,7 +447,7 @@ func getPostsBeforeOrAfter(c *Context, w http.ResponseWriter, r *http.Request, b // We can do better than this etag in this situation etag := c.App.GetPostsEtag(id) - if HandleEtag(etag, "Get Posts Before or After", w, r) { + if c.HandleEtag(etag, "Get Posts Before or After", w, r) { return } @@ -507,7 +507,7 @@ func getFileInfosForPost(c *Context, w http.ResponseWriter, r *http.Request) { if infos, err := c.App.GetFileInfosForPost(postId, false); err != nil { c.Err = err return - } else if HandleEtag(model.GetEtagForFileInfos(infos), "Get File Infos For Post", w, r) { + } else if c.HandleEtag(model.GetEtagForFileInfos(infos), "Get File Infos For Post", w, r) { return } else { if len(infos) > 0 { diff --git a/api/preference.go b/api/preference.go index 097908c72..f4d7d2842 100644 --- a/api/preference.go +++ b/api/preference.go @@ -12,14 +12,14 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitPreference() { +func (api *API) InitPreference() { l4g.Debug(utils.T("api.preference.init.debug")) - BaseRoutes.Preferences.Handle("/", ApiUserRequired(getAllPreferences)).Methods("GET") - BaseRoutes.Preferences.Handle("/save", ApiUserRequired(savePreferences)).Methods("POST") - BaseRoutes.Preferences.Handle("/delete", ApiUserRequired(deletePreferences)).Methods("POST") - BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}", ApiUserRequired(getPreferenceCategory)).Methods("GET") - BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}/{name:[A-Za-z0-9_]+}", ApiUserRequired(getPreference)).Methods("GET") + api.BaseRoutes.Preferences.Handle("/", api.ApiUserRequired(getAllPreferences)).Methods("GET") + api.BaseRoutes.Preferences.Handle("/save", api.ApiUserRequired(savePreferences)).Methods("POST") + api.BaseRoutes.Preferences.Handle("/delete", api.ApiUserRequired(deletePreferences)).Methods("POST") + api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}", api.ApiUserRequired(getPreferenceCategory)).Methods("GET") + api.BaseRoutes.Preferences.Handle("/{category:[A-Za-z0-9_]+}/{name:[A-Za-z0-9_]+}", api.ApiUserRequired(getPreference)).Methods("GET") } func getAllPreferences(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/reaction.go b/api/reaction.go index 9e12d99f7..28cc9ade2 100644 --- a/api/reaction.go +++ b/api/reaction.go @@ -13,12 +13,12 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitReaction() { +func (api *API) InitReaction() { l4g.Debug(utils.T("api.reaction.init.debug")) - BaseRoutes.NeedPost.Handle("/reactions/save", ApiUserRequired(saveReaction)).Methods("POST") - BaseRoutes.NeedPost.Handle("/reactions/delete", ApiUserRequired(deleteReaction)).Methods("POST") - BaseRoutes.NeedPost.Handle("/reactions", ApiUserRequired(listReactions)).Methods("GET") + api.BaseRoutes.NeedPost.Handle("/reactions/save", api.ApiUserRequired(saveReaction)).Methods("POST") + api.BaseRoutes.NeedPost.Handle("/reactions/delete", api.ApiUserRequired(deleteReaction)).Methods("POST") + api.BaseRoutes.NeedPost.Handle("/reactions", api.ApiUserRequired(listReactions)).Methods("GET") } func saveReaction(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/status.go b/api/status.go index fbd986ea3..70106ad8c 100644 --- a/api/status.go +++ b/api/status.go @@ -13,11 +13,11 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitStatus() { +func (api *API) InitStatus() { l4g.Debug(utils.T("api.status.init.debug")) - BaseRoutes.Users.Handle("/status", ApiUserRequired(getStatusesHttp)).Methods("GET") - BaseRoutes.Users.Handle("/status/ids", ApiUserRequired(getStatusesByIdsHttp)).Methods("POST") + api.BaseRoutes.Users.Handle("/status", api.ApiUserRequired(getStatusesHttp)).Methods("GET") + api.BaseRoutes.Users.Handle("/status/ids", api.ApiUserRequired(getStatusesByIdsHttp)).Methods("POST") } func getStatusesHttp(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/team.go b/api/team.go index 962d53965..8a8d3c935 100644 --- a/api/team.go +++ b/api/team.go @@ -18,34 +18,34 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitTeam() { +func (api *API) InitTeam() { l4g.Debug(utils.T("api.team.init.debug")) - BaseRoutes.Teams.Handle("/create", ApiUserRequired(createTeam)).Methods("POST") - BaseRoutes.Teams.Handle("/all", ApiUserRequired(getAll)).Methods("GET") - BaseRoutes.Teams.Handle("/all_team_listings", ApiUserRequired(GetAllTeamListings)).Methods("GET") - BaseRoutes.Teams.Handle("/get_invite_info", ApiAppHandler(getInviteInfo)).Methods("POST") - BaseRoutes.Teams.Handle("/find_team_by_name", ApiUserRequired(findTeamByName)).Methods("POST") - BaseRoutes.Teams.Handle("/name/{team_name:[A-Za-z0-9\\-]+}", ApiUserRequired(getTeamByName)).Methods("GET") - BaseRoutes.Teams.Handle("/members", ApiUserRequired(getMyTeamMembers)).Methods("GET") - BaseRoutes.Teams.Handle("/unread", ApiUserRequired(getMyTeamsUnread)).Methods("GET") + api.BaseRoutes.Teams.Handle("/create", api.ApiUserRequired(createTeam)).Methods("POST") + api.BaseRoutes.Teams.Handle("/all", api.ApiUserRequired(getAll)).Methods("GET") + api.BaseRoutes.Teams.Handle("/all_team_listings", api.ApiUserRequired(GetAllTeamListings)).Methods("GET") + api.BaseRoutes.Teams.Handle("/get_invite_info", api.ApiAppHandler(getInviteInfo)).Methods("POST") + api.BaseRoutes.Teams.Handle("/find_team_by_name", api.ApiUserRequired(findTeamByName)).Methods("POST") + api.BaseRoutes.Teams.Handle("/name/{team_name:[A-Za-z0-9\\-]+}", api.ApiUserRequired(getTeamByName)).Methods("GET") + api.BaseRoutes.Teams.Handle("/members", api.ApiUserRequired(getMyTeamMembers)).Methods("GET") + api.BaseRoutes.Teams.Handle("/unread", api.ApiUserRequired(getMyTeamsUnread)).Methods("GET") - BaseRoutes.NeedTeam.Handle("/me", ApiUserRequired(getMyTeam)).Methods("GET") - BaseRoutes.NeedTeam.Handle("/stats", ApiUserRequired(getTeamStats)).Methods("GET") - BaseRoutes.NeedTeam.Handle("/members/{offset:[0-9]+}/{limit:[0-9]+}", ApiUserRequired(getTeamMembers)).Methods("GET") - BaseRoutes.NeedTeam.Handle("/members/ids", ApiUserRequired(getTeamMembersByIds)).Methods("POST") - BaseRoutes.NeedTeam.Handle("/members/{user_id:[A-Za-z0-9]+}", ApiUserRequired(getTeamMember)).Methods("GET") - BaseRoutes.NeedTeam.Handle("/update", ApiUserRequired(updateTeam)).Methods("POST") - BaseRoutes.NeedTeam.Handle("/update_member_roles", ApiUserRequired(updateMemberRoles)).Methods("POST") + api.BaseRoutes.NeedTeam.Handle("/me", api.ApiUserRequired(getMyTeam)).Methods("GET") + api.BaseRoutes.NeedTeam.Handle("/stats", api.ApiUserRequired(getTeamStats)).Methods("GET") + api.BaseRoutes.NeedTeam.Handle("/members/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getTeamMembers)).Methods("GET") + api.BaseRoutes.NeedTeam.Handle("/members/ids", api.ApiUserRequired(getTeamMembersByIds)).Methods("POST") + api.BaseRoutes.NeedTeam.Handle("/members/{user_id:[A-Za-z0-9]+}", api.ApiUserRequired(getTeamMember)).Methods("GET") + api.BaseRoutes.NeedTeam.Handle("/update", api.ApiUserRequired(updateTeam)).Methods("POST") + api.BaseRoutes.NeedTeam.Handle("/update_member_roles", api.ApiUserRequired(updateMemberRoles)).Methods("POST") - BaseRoutes.NeedTeam.Handle("/invite_members", ApiUserRequired(inviteMembers)).Methods("POST") + api.BaseRoutes.NeedTeam.Handle("/invite_members", api.ApiUserRequired(inviteMembers)).Methods("POST") - BaseRoutes.NeedTeam.Handle("/add_user_to_team", ApiUserRequired(addUserToTeam)).Methods("POST") - BaseRoutes.NeedTeam.Handle("/remove_user_from_team", ApiUserRequired(removeUserFromTeam)).Methods("POST") + api.BaseRoutes.NeedTeam.Handle("/add_user_to_team", api.ApiUserRequired(addUserToTeam)).Methods("POST") + api.BaseRoutes.NeedTeam.Handle("/remove_user_from_team", api.ApiUserRequired(removeUserFromTeam)).Methods("POST") // These should be moved to the global admin console - BaseRoutes.NeedTeam.Handle("/import_team", ApiUserRequired(importTeam)).Methods("POST") - BaseRoutes.Teams.Handle("/add_user_to_team_from_invite", ApiUserRequiredMfa(addUserToTeamFromInvite)).Methods("POST") + api.BaseRoutes.NeedTeam.Handle("/import_team", api.ApiUserRequired(importTeam)).Methods("POST") + api.BaseRoutes.Teams.Handle("/add_user_to_team_from_invite", api.ApiUserRequiredMfa(addUserToTeamFromInvite)).Methods("POST") } func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { @@ -338,7 +338,7 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) { if team, err := c.App.GetTeam(c.TeamId); err != nil { c.Err = err return - } else if HandleEtag(team.Etag(), "Get My Team", w, r) { + } else if c.HandleEtag(team.Etag(), "Get My Team", w, r) { return } else { w.Header().Set(model.HEADER_ETAG_SERVER, team.Etag()) diff --git a/api/user.go b/api/user.go index af012ac2c..5aeb2762b 100644 --- a/api/user.go +++ b/api/user.go @@ -19,55 +19,55 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitUser() { +func (api *API) InitUser() { l4g.Debug(utils.T("api.user.init.debug")) - BaseRoutes.Users.Handle("/create", ApiAppHandler(createUser)).Methods("POST") - BaseRoutes.Users.Handle("/update", ApiUserRequired(updateUser)).Methods("POST") - BaseRoutes.Users.Handle("/update_active", ApiUserRequired(updateActive)).Methods("POST") - BaseRoutes.Users.Handle("/update_notify", ApiUserRequired(updateUserNotify)).Methods("POST") - BaseRoutes.Users.Handle("/newpassword", ApiUserRequired(updatePassword)).Methods("POST") - BaseRoutes.Users.Handle("/send_password_reset", ApiAppHandler(sendPasswordReset)).Methods("POST") - BaseRoutes.Users.Handle("/reset_password", ApiAppHandler(resetPassword)).Methods("POST") - BaseRoutes.Users.Handle("/login", ApiAppHandler(login)).Methods("POST") - BaseRoutes.Users.Handle("/logout", ApiAppHandler(logout)).Methods("POST") - BaseRoutes.Users.Handle("/revoke_session", ApiUserRequired(revokeSession)).Methods("POST") - BaseRoutes.Users.Handle("/attach_device", ApiUserRequired(attachDeviceId)).Methods("POST") - //DEPRICATED FOR SECURITY USE APIV4 BaseRoutes.Users.Handle("/verify_email", ApiAppHandler(verifyEmail)).Methods("POST") - //DEPRICATED FOR SECURITY USE APIV4 BaseRoutes.Users.Handle("/resend_verification", ApiAppHandler(resendVerification)).Methods("POST") - BaseRoutes.Users.Handle("/newimage", ApiUserRequired(uploadProfileImage)).Methods("POST") - BaseRoutes.Users.Handle("/me", ApiUserRequired(getMe)).Methods("GET") - BaseRoutes.Users.Handle("/initial_load", ApiAppHandler(getInitialLoad)).Methods("GET") - BaseRoutes.Users.Handle("/{offset:[0-9]+}/{limit:[0-9]+}", ApiUserRequired(getProfiles)).Methods("GET") - BaseRoutes.NeedTeam.Handle("/users/{offset:[0-9]+}/{limit:[0-9]+}", ApiUserRequired(getProfilesInTeam)).Methods("GET") - BaseRoutes.NeedChannel.Handle("/users/{offset:[0-9]+}/{limit:[0-9]+}", ApiUserRequired(getProfilesInChannel)).Methods("GET") - BaseRoutes.NeedChannel.Handle("/users/not_in_channel/{offset:[0-9]+}/{limit:[0-9]+}", ApiUserRequired(getProfilesNotInChannel)).Methods("GET") - BaseRoutes.Users.Handle("/search", ApiUserRequired(searchUsers)).Methods("POST") - BaseRoutes.Users.Handle("/ids", ApiUserRequired(getProfilesByIds)).Methods("POST") - BaseRoutes.Users.Handle("/autocomplete", ApiUserRequired(autocompleteUsers)).Methods("GET") - - BaseRoutes.NeedTeam.Handle("/users/autocomplete", ApiUserRequired(autocompleteUsersInTeam)).Methods("GET") - BaseRoutes.NeedChannel.Handle("/users/autocomplete", ApiUserRequired(autocompleteUsersInChannel)).Methods("GET") - - BaseRoutes.Users.Handle("/mfa", ApiAppHandler(checkMfa)).Methods("POST") - BaseRoutes.Users.Handle("/generate_mfa_secret", ApiUserRequiredMfa(generateMfaSecret)).Methods("GET") - BaseRoutes.Users.Handle("/update_mfa", ApiUserRequiredMfa(updateMfa)).Methods("POST") - - BaseRoutes.Users.Handle("/claim/email_to_oauth", ApiAppHandler(emailToOAuth)).Methods("POST") - BaseRoutes.Users.Handle("/claim/oauth_to_email", ApiUserRequired(oauthToEmail)).Methods("POST") - BaseRoutes.Users.Handle("/claim/email_to_ldap", ApiAppHandler(emailToLdap)).Methods("POST") - BaseRoutes.Users.Handle("/claim/ldap_to_email", ApiAppHandler(ldapToEmail)).Methods("POST") - - BaseRoutes.NeedUser.Handle("/get", ApiUserRequired(getUser)).Methods("GET") - BaseRoutes.Users.Handle("/name/{username:[A-Za-z0-9_\\-.]+}", ApiUserRequired(getByUsername)).Methods("GET") - BaseRoutes.Users.Handle("/email/{email}", ApiUserRequired(getByEmail)).Methods("GET") - BaseRoutes.NeedUser.Handle("/sessions", ApiUserRequired(getSessions)).Methods("GET") - BaseRoutes.NeedUser.Handle("/audits", ApiUserRequired(getAudits)).Methods("GET") - BaseRoutes.NeedUser.Handle("/image", ApiUserRequiredTrustRequester(getProfileImage)).Methods("GET") - BaseRoutes.NeedUser.Handle("/update_roles", ApiUserRequired(updateRoles)).Methods("POST") - - BaseRoutes.Root.Handle("/login/sso/saml", AppHandlerIndependent(loginWithSaml)).Methods("GET") - BaseRoutes.Root.Handle("/login/sso/saml", AppHandlerIndependent(completeSaml)).Methods("POST") + api.BaseRoutes.Users.Handle("/create", api.ApiAppHandler(createUser)).Methods("POST") + api.BaseRoutes.Users.Handle("/update", api.ApiUserRequired(updateUser)).Methods("POST") + api.BaseRoutes.Users.Handle("/update_active", api.ApiUserRequired(updateActive)).Methods("POST") + api.BaseRoutes.Users.Handle("/update_notify", api.ApiUserRequired(updateUserNotify)).Methods("POST") + api.BaseRoutes.Users.Handle("/newpassword", api.ApiUserRequired(updatePassword)).Methods("POST") + api.BaseRoutes.Users.Handle("/send_password_reset", api.ApiAppHandler(sendPasswordReset)).Methods("POST") + api.BaseRoutes.Users.Handle("/reset_password", api.ApiAppHandler(resetPassword)).Methods("POST") + api.BaseRoutes.Users.Handle("/login", api.ApiAppHandler(login)).Methods("POST") + api.BaseRoutes.Users.Handle("/logout", api.ApiAppHandler(logout)).Methods("POST") + api.BaseRoutes.Users.Handle("/revoke_session", api.ApiUserRequired(revokeSession)).Methods("POST") + api.BaseRoutes.Users.Handle("/attach_device", api.ApiUserRequired(attachDeviceId)).Methods("POST") + //DEPRICATED FOR SECURITY USE APIV4 api.BaseRoutes.Users.Handle("/verify_email", ApiAppHandler(verifyEmail)).Methods("POST") + //DEPRICATED FOR SECURITY USE APIV4 api.BaseRoutes.Users.Handle("/resend_verification", ApiAppHandler(resendVerification)).Methods("POST") + api.BaseRoutes.Users.Handle("/newimage", api.ApiUserRequired(uploadProfileImage)).Methods("POST") + api.BaseRoutes.Users.Handle("/me", api.ApiUserRequired(getMe)).Methods("GET") + api.BaseRoutes.Users.Handle("/initial_load", api.ApiAppHandler(getInitialLoad)).Methods("GET") + api.BaseRoutes.Users.Handle("/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getProfiles)).Methods("GET") + api.BaseRoutes.NeedTeam.Handle("/users/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getProfilesInTeam)).Methods("GET") + api.BaseRoutes.NeedChannel.Handle("/users/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getProfilesInChannel)).Methods("GET") + api.BaseRoutes.NeedChannel.Handle("/users/not_in_channel/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getProfilesNotInChannel)).Methods("GET") + api.BaseRoutes.Users.Handle("/search", api.ApiUserRequired(searchUsers)).Methods("POST") + api.BaseRoutes.Users.Handle("/ids", api.ApiUserRequired(getProfilesByIds)).Methods("POST") + api.BaseRoutes.Users.Handle("/autocomplete", api.ApiUserRequired(autocompleteUsers)).Methods("GET") + + api.BaseRoutes.NeedTeam.Handle("/users/autocomplete", api.ApiUserRequired(autocompleteUsersInTeam)).Methods("GET") + api.BaseRoutes.NeedChannel.Handle("/users/autocomplete", api.ApiUserRequired(autocompleteUsersInChannel)).Methods("GET") + + api.BaseRoutes.Users.Handle("/mfa", api.ApiAppHandler(checkMfa)).Methods("POST") + api.BaseRoutes.Users.Handle("/generate_mfa_secret", api.ApiUserRequiredMfa(generateMfaSecret)).Methods("GET") + api.BaseRoutes.Users.Handle("/update_mfa", api.ApiUserRequiredMfa(updateMfa)).Methods("POST") + + api.BaseRoutes.Users.Handle("/claim/email_to_oauth", api.ApiAppHandler(emailToOAuth)).Methods("POST") + api.BaseRoutes.Users.Handle("/claim/oauth_to_email", api.ApiUserRequired(oauthToEmail)).Methods("POST") + api.BaseRoutes.Users.Handle("/claim/email_to_ldap", api.ApiAppHandler(emailToLdap)).Methods("POST") + api.BaseRoutes.Users.Handle("/claim/ldap_to_email", api.ApiAppHandler(ldapToEmail)).Methods("POST") + + api.BaseRoutes.NeedUser.Handle("/get", api.ApiUserRequired(getUser)).Methods("GET") + api.BaseRoutes.Users.Handle("/name/{username:[A-Za-z0-9_\\-.]+}", api.ApiUserRequired(getByUsername)).Methods("GET") + api.BaseRoutes.Users.Handle("/email/{email}", api.ApiUserRequired(getByEmail)).Methods("GET") + api.BaseRoutes.NeedUser.Handle("/sessions", api.ApiUserRequired(getSessions)).Methods("GET") + api.BaseRoutes.NeedUser.Handle("/audits", api.ApiUserRequired(getAudits)).Methods("GET") + api.BaseRoutes.NeedUser.Handle("/image", api.ApiUserRequiredTrustRequester(getProfileImage)).Methods("GET") + api.BaseRoutes.NeedUser.Handle("/update_roles", api.ApiUserRequired(updateRoles)).Methods("POST") + + api.BaseRoutes.Root.Handle("/login/sso/saml", api.AppHandlerIndependent(loginWithSaml)).Methods("GET") + api.BaseRoutes.Root.Handle("/login/sso/saml", api.AppHandlerIndependent(completeSaml)).Methods("POST") } func createUser(c *Context, w http.ResponseWriter, r *http.Request) { @@ -249,7 +249,7 @@ func getMe(c *Context, w http.ResponseWriter, r *http.Request) { c.RemoveSessionCookie(w, r) l4g.Error(utils.T("api.user.get_me.getting.error"), c.Session.UserId) return - } else if HandleEtag(user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), "Get Me", w, r) { + } else if c.HandleEtag(user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), "Get Me", w, r) { return } else { user.Sanitize(map[string]bool{}) @@ -323,7 +323,7 @@ func getUser(c *Context, w http.ResponseWriter, r *http.Request) { etag := user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress) - if HandleEtag(etag, "Get User", w, r) { + if c.HandleEtag(etag, "Get User", w, r) { return } else { app.SanitizeProfile(user, c.IsSystemAdmin()) @@ -343,7 +343,7 @@ func getByUsername(c *Context, w http.ResponseWriter, r *http.Request) { if user, err = c.App.GetUserByUsername(username); err != nil { c.Err = err return - } else if HandleEtag(user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), "Get By Username", w, r) { + } else if c.HandleEtag(user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), "Get By Username", w, r) { return } else { sanitizeProfile(c, user) @@ -361,7 +361,7 @@ func getByEmail(c *Context, w http.ResponseWriter, r *http.Request) { if user, err := c.App.GetUserByEmail(email); err != nil { c.Err = err return - } else if HandleEtag(user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), "Get By Email", w, r) { + } else if c.HandleEtag(user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), "Get By Email", w, r) { return } else { sanitizeProfile(c, user) @@ -388,7 +388,7 @@ func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) { } etag := c.App.GetUsersEtag() + params["offset"] + "." + params["limit"] - if HandleEtag(etag, "Get Profiles", w, r) { + if c.HandleEtag(etag, "Get Profiles", w, r) { return } @@ -424,7 +424,7 @@ func getProfilesInTeam(c *Context, w http.ResponseWriter, r *http.Request) { } etag := c.App.GetUsersInTeamEtag(teamId) - if HandleEtag(etag, "Get Profiles In Team", w, r) { + if c.HandleEtag(etag, "Get Profiles In Team", w, r) { return } @@ -524,7 +524,7 @@ func getAudits(c *Context, w http.ResponseWriter, r *http.Request) { } else { etag := audits.Etag() - if HandleEtag(etag, "Get Audits", w, r) { + if c.HandleEtag(etag, "Get Audits", w, r) { return } @@ -555,7 +555,7 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { user := users[0] etag = strconv.FormatInt(user.LastPictureUpdate, 10) - if HandleEtag(etag, "Profile Image", w, r) { + if c.HandleEtag(etag, "Profile Image", w, r) { return } diff --git a/api/webhook.go b/api/webhook.go index f0c6701eb..b9ac9336d 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -12,19 +12,19 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitWebhook() { +func (api *API) InitWebhook() { l4g.Debug(utils.T("api.webhook.init.debug")) - BaseRoutes.Hooks.Handle("/incoming/create", ApiUserRequired(createIncomingHook)).Methods("POST") - BaseRoutes.Hooks.Handle("/incoming/update", ApiUserRequired(updateIncomingHook)).Methods("POST") - BaseRoutes.Hooks.Handle("/incoming/delete", ApiUserRequired(deleteIncomingHook)).Methods("POST") - BaseRoutes.Hooks.Handle("/incoming/list", ApiUserRequired(getIncomingHooks)).Methods("GET") + api.BaseRoutes.Hooks.Handle("/incoming/create", api.ApiUserRequired(createIncomingHook)).Methods("POST") + api.BaseRoutes.Hooks.Handle("/incoming/update", api.ApiUserRequired(updateIncomingHook)).Methods("POST") + api.BaseRoutes.Hooks.Handle("/incoming/delete", api.ApiUserRequired(deleteIncomingHook)).Methods("POST") + api.BaseRoutes.Hooks.Handle("/incoming/list", api.ApiUserRequired(getIncomingHooks)).Methods("GET") - BaseRoutes.Hooks.Handle("/outgoing/create", ApiUserRequired(createOutgoingHook)).Methods("POST") - BaseRoutes.Hooks.Handle("/outgoing/update", ApiUserRequired(updateOutgoingHook)).Methods("POST") - BaseRoutes.Hooks.Handle("/outgoing/regen_token", ApiUserRequired(regenOutgoingHookToken)).Methods("POST") - BaseRoutes.Hooks.Handle("/outgoing/delete", ApiUserRequired(deleteOutgoingHook)).Methods("POST") - BaseRoutes.Hooks.Handle("/outgoing/list", ApiUserRequired(getOutgoingHooks)).Methods("GET") + api.BaseRoutes.Hooks.Handle("/outgoing/create", api.ApiUserRequired(createOutgoingHook)).Methods("POST") + api.BaseRoutes.Hooks.Handle("/outgoing/update", api.ApiUserRequired(updateOutgoingHook)).Methods("POST") + api.BaseRoutes.Hooks.Handle("/outgoing/regen_token", api.ApiUserRequired(regenOutgoingHookToken)).Methods("POST") + api.BaseRoutes.Hooks.Handle("/outgoing/delete", api.ApiUserRequired(deleteOutgoingHook)).Methods("POST") + api.BaseRoutes.Hooks.Handle("/outgoing/list", api.ApiUserRequired(getOutgoingHooks)).Methods("GET") } func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/webrtc.go b/api/webrtc.go index 31cfb1def..96ff67e56 100644 --- a/api/webrtc.go +++ b/api/webrtc.go @@ -11,10 +11,10 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitWebrtc() { +func (api *API) InitWebrtc() { l4g.Debug(utils.T("api.webrtc.init.debug")) - BaseRoutes.Webrtc.Handle("/token", ApiUserRequired(webrtcToken)).Methods("POST") + api.BaseRoutes.Webrtc.Handle("/token", api.ApiUserRequired(webrtcToken)).Methods("POST") } func webrtcToken(c *Context, w http.ResponseWriter, r *http.Request) { diff --git a/api/websocket.go b/api/websocket.go index 4b3a9d53b..6de5741f3 100644 --- a/api/websocket.go +++ b/api/websocket.go @@ -13,9 +13,9 @@ import ( "github.com/mattermost/mattermost-server/utils" ) -func InitWebSocket() { +func (api *API) InitWebSocket() { l4g.Debug(utils.T("api.web_socket.init.debug")) - BaseRoutes.Users.Handle("/websocket", ApiAppHandlerTrustRequester(connect)).Methods("GET") + api.BaseRoutes.Users.Handle("/websocket", api.ApiAppHandlerTrustRequester(connect)).Methods("GET") } func connect(c *Context, w http.ResponseWriter, r *http.Request) { -- cgit v1.2.3-1-g7c22