From e76f37fe508428f6f06b7b4dcd2e526a3aa44a20 Mon Sep 17 00:00:00 2001 From: ras0q Date: Thu, 26 Oct 2023 20:52:34 +0900 Subject: [PATCH 1/3] :art: format api --- router/router.go | 96 +++++++++++++++++++----------------------------- 1 file changed, 37 insertions(+), 59 deletions(-) diff --git a/router/router.go b/router/router.go index 5bf1c22b..e8243ee1 100644 --- a/router/router.go +++ b/router/router.go @@ -57,95 +57,73 @@ func (h *Handlers) SetupRoute() *echo.Echo { })) // API定義 (/api) - api := e.Group("/api", h.TraQUserMiddleware) + + // 認証なし + apiNoAuth := e.Group("/api") { - previlegeMiddle := h.PrevilegeUserMiddleware + apiNoAuth.POST("/authParams", h.HandlePostAuthParams) + apiNoAuth.GET("/callback", h.HandleCallback) + apiNoAuth.GET("/ical/v1/:userIDsecret", h.HandleGetiCalByPrivateID) + apiNoAuth.GET("/version", h.HandleGetVersion) + } - apiGroups := api.Group("/groups") + // 認証あり (JWT認証、traQ認証) + apiWithAuth := apiNoAuth.Group("", h.TraQUserMiddleware) + { + apiGroups := apiWithAuth.Group("/groups") { apiGroups.GET("", h.HandleGetGroups) apiGroups.POST("", h.HandlePostGroup) - apiGroup := apiGroups.Group("/:groupid") - { - apiGroup.GET("", h.HandleGetGroup) - - apiGroup.PUT("", h.HandleUpdateGroup, h.GroupAdminsMiddleware) - apiGroup.DELETE("", h.HandleDeleteGroup, h.GroupAdminsMiddleware) - - apiGroup.PUT("/members/me", h.HandleAddMeGroup) - apiGroup.DELETE("/members/me", h.HandleDeleteMeGroup) - - apiGroup.GET("/events", h.HandleGetEventsByGroupID) - } + apiGroups.GET("/:groupid", h.HandleGetGroup) + apiGroups.PUT("/:groupid", h.HandleUpdateGroup, h.GroupAdminsMiddleware) + apiGroups.DELETE("/:groupid", h.HandleDeleteGroup, h.GroupAdminsMiddleware) + apiGroups.PUT("/:groupid/members/me", h.HandleAddMeGroup) + apiGroups.DELETE("/:groupid/members/me", h.HandleDeleteMeGroup) + apiGroups.GET("/:groupid/events", h.HandleGetEventsByGroupID) } - apiEvents := api.Group("/events") + apiEvents := apiWithAuth.Group("/events") { apiEvents.GET("", h.HandleGetEvents) apiEvents.POST("", h.HandlePostEvent, middleware.BodyDump(h.WebhookEventHandler)) - - apiEvent := apiEvents.Group("/:eventid") - { - apiEvent.GET("", h.HandleGetEvent) - apiEvent.PUT("", h.HandleUpdateEvent, h.EventAdminsMiddleware, middleware.BodyDump(h.WebhookEventHandler)) - apiEvent.DELETE("", h.HandleDeleteEvent, h.EventAdminsMiddleware) - apiEvent.PUT("/attendees/me", h.HandleUpsertMeEventSchedule) - - apiEvent.POST("/tags", h.HandleAddEventTag) - apiEvent.DELETE("/tags/:tagName", h.HandleDeleteEventTag) - } - + apiEvents.GET("/:eventid", h.HandleGetEvent) + apiEvents.PUT("/:eventid", h.HandleUpdateEvent, h.EventAdminsMiddleware, middleware.BodyDump(h.WebhookEventHandler)) + apiEvents.DELETE("/:eventid", h.HandleDeleteEvent, h.EventAdminsMiddleware) + apiEvents.PUT("/:eventid/attendees/me", h.HandleUpsertMeEventSchedule) + apiEvents.POST("/:eventid/tags", h.HandleAddEventTag) + apiEvents.DELETE("/:eventid/tags/:tagName", h.HandleDeleteEventTag) } - apiRooms := api.Group("/rooms") + + apiRooms := apiWithAuth.Group("/rooms") { apiRooms.GET("", h.HandleGetRooms) apiRooms.POST("", h.HandlePostRoom) - apiRooms.POST("/all", h.HandleCreateVerifedRooms, previlegeMiddle) - - apiRoom := apiRooms.Group("/:roomid") - { - apiRoom.GET("", h.HandleGetRoom) - apiRoom.DELETE("", h.HandleDeleteRoom) - - apiRoom.POST("/verified", h.HandleVerifyRoom, previlegeMiddle) - apiRoom.DELETE("/verified", h.HandleUnVerifyRoom, previlegeMiddle) - } + apiRooms.POST("/all", h.HandleCreateVerifedRooms, h.PrevilegeUserMiddleware) + apiRooms.GET("/:roomid", h.HandleGetRoom) + apiRooms.DELETE("/:roomid", h.HandleDeleteRoom) + apiRooms.POST("/:roomid/verified", h.HandleVerifyRoom, h.PrevilegeUserMiddleware) + apiRooms.DELETE("/:roomid/verified", h.HandleUnVerifyRoom, h.PrevilegeUserMiddleware) } - apiUsers := api.Group("/users") + apiUsers := apiWithAuth.Group("/users") { apiUsers.GET("", h.HandleGetUsers) - apiUsers.POST("/sync", h.HandleSyncUser, previlegeMiddle) - + apiUsers.POST("/sync", h.HandleSyncUser, h.PrevilegeUserMiddleware) apiUsers.GET("/me", h.HandleGetUserMe) apiUsers.GET("/me/ical", h.HandleGetiCal) apiUsers.PUT("/me/ical", h.HandleUpdateiCal) apiUsers.GET("/me/groups", h.HandleGetMeGroupIDs) apiUsers.GET("/me/events", h.HandleGetMeEvents) - - apiUser := apiUsers.Group("/:userid") - { - apiUser.GET("/events", h.HandleGetEventsByUserID) - apiUser.GET("/groups", h.HandleGetGroupIDsByUserID) - } + apiUsers.GET("/:userid/events", h.HandleGetEventsByUserID) + apiUsers.GET("/:userid/groups", h.HandleGetGroupIDsByUserID) } - apiTags := api.Group("/tags") + apiTags := apiWithAuth.Group("/tags") { apiTags.POST("", h.HandlePostTag) apiTags.GET("", h.HandleGetTags) } - - // apiActivity := api.Group("/activity") - // { - // apiActivity.GET("/events", h.HandleGetEventActivities) - // } - } - e.POST("/api/authParams", h.HandlePostAuthParams) - e.GET("/api/callback", h.HandleCallback) - e.GET("/api/ical/v1/:userIDsecret", h.HandleGetiCalByPrivateID) - e.GET("/api/version", h.HandleGetVersion) e.Use(middleware.StaticWithConfig(middleware.StaticConfig{ Skipper: func(c echo.Context) bool { From 70cfa6874d7dd1dd3542dca15b36085bc804b7c7 Mon Sep 17 00:00:00 2001 From: ras0q Date: Thu, 26 Oct 2023 20:53:41 +0900 Subject: [PATCH 2/3] :recycle: rename apis --- router/router.go | 78 ++++++++++++++++++++++++------------------------ 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/router/router.go b/router/router.go index e8243ee1..5980a568 100644 --- a/router/router.go +++ b/router/router.go @@ -70,58 +70,58 @@ func (h *Handlers) SetupRoute() *echo.Echo { // 認証あり (JWT認証、traQ認証) apiWithAuth := apiNoAuth.Group("", h.TraQUserMiddleware) { - apiGroups := apiWithAuth.Group("/groups") + groupsAPI := apiWithAuth.Group("/groups") { - apiGroups.GET("", h.HandleGetGroups) - apiGroups.POST("", h.HandlePostGroup) - apiGroups.GET("/:groupid", h.HandleGetGroup) - apiGroups.PUT("/:groupid", h.HandleUpdateGroup, h.GroupAdminsMiddleware) - apiGroups.DELETE("/:groupid", h.HandleDeleteGroup, h.GroupAdminsMiddleware) - apiGroups.PUT("/:groupid/members/me", h.HandleAddMeGroup) - apiGroups.DELETE("/:groupid/members/me", h.HandleDeleteMeGroup) - apiGroups.GET("/:groupid/events", h.HandleGetEventsByGroupID) + groupsAPI.GET("", h.HandleGetGroups) + groupsAPI.POST("", h.HandlePostGroup) + groupsAPI.GET("/:groupid", h.HandleGetGroup) + groupsAPI.PUT("/:groupid", h.HandleUpdateGroup, h.GroupAdminsMiddleware) + groupsAPI.DELETE("/:groupid", h.HandleDeleteGroup, h.GroupAdminsMiddleware) + groupsAPI.PUT("/:groupid/members/me", h.HandleAddMeGroup) + groupsAPI.DELETE("/:groupid/members/me", h.HandleDeleteMeGroup) + groupsAPI.GET("/:groupid/events", h.HandleGetEventsByGroupID) } - apiEvents := apiWithAuth.Group("/events") + eventsAPI := apiWithAuth.Group("/events") { - apiEvents.GET("", h.HandleGetEvents) - apiEvents.POST("", h.HandlePostEvent, middleware.BodyDump(h.WebhookEventHandler)) - apiEvents.GET("/:eventid", h.HandleGetEvent) - apiEvents.PUT("/:eventid", h.HandleUpdateEvent, h.EventAdminsMiddleware, middleware.BodyDump(h.WebhookEventHandler)) - apiEvents.DELETE("/:eventid", h.HandleDeleteEvent, h.EventAdminsMiddleware) - apiEvents.PUT("/:eventid/attendees/me", h.HandleUpsertMeEventSchedule) - apiEvents.POST("/:eventid/tags", h.HandleAddEventTag) - apiEvents.DELETE("/:eventid/tags/:tagName", h.HandleDeleteEventTag) + eventsAPI.GET("", h.HandleGetEvents) + eventsAPI.POST("", h.HandlePostEvent, middleware.BodyDump(h.WebhookEventHandler)) + eventsAPI.GET("/:eventid", h.HandleGetEvent) + eventsAPI.PUT("/:eventid", h.HandleUpdateEvent, h.EventAdminsMiddleware, middleware.BodyDump(h.WebhookEventHandler)) + eventsAPI.DELETE("/:eventid", h.HandleDeleteEvent, h.EventAdminsMiddleware) + eventsAPI.PUT("/:eventid/attendees/me", h.HandleUpsertMeEventSchedule) + eventsAPI.POST("/:eventid/tags", h.HandleAddEventTag) + eventsAPI.DELETE("/:eventid/tags/:tagName", h.HandleDeleteEventTag) } - apiRooms := apiWithAuth.Group("/rooms") + roomsAPI := apiWithAuth.Group("/rooms") { - apiRooms.GET("", h.HandleGetRooms) - apiRooms.POST("", h.HandlePostRoom) - apiRooms.POST("/all", h.HandleCreateVerifedRooms, h.PrevilegeUserMiddleware) - apiRooms.GET("/:roomid", h.HandleGetRoom) - apiRooms.DELETE("/:roomid", h.HandleDeleteRoom) - apiRooms.POST("/:roomid/verified", h.HandleVerifyRoom, h.PrevilegeUserMiddleware) - apiRooms.DELETE("/:roomid/verified", h.HandleUnVerifyRoom, h.PrevilegeUserMiddleware) + roomsAPI.GET("", h.HandleGetRooms) + roomsAPI.POST("", h.HandlePostRoom) + roomsAPI.POST("/all", h.HandleCreateVerifedRooms, h.PrevilegeUserMiddleware) + roomsAPI.GET("/:roomid", h.HandleGetRoom) + roomsAPI.DELETE("/:roomid", h.HandleDeleteRoom) + roomsAPI.POST("/:roomid/verified", h.HandleVerifyRoom, h.PrevilegeUserMiddleware) + roomsAPI.DELETE("/:roomid/verified", h.HandleUnVerifyRoom, h.PrevilegeUserMiddleware) } - apiUsers := apiWithAuth.Group("/users") + usersAPI := apiWithAuth.Group("/users") { - apiUsers.GET("", h.HandleGetUsers) - apiUsers.POST("/sync", h.HandleSyncUser, h.PrevilegeUserMiddleware) - apiUsers.GET("/me", h.HandleGetUserMe) - apiUsers.GET("/me/ical", h.HandleGetiCal) - apiUsers.PUT("/me/ical", h.HandleUpdateiCal) - apiUsers.GET("/me/groups", h.HandleGetMeGroupIDs) - apiUsers.GET("/me/events", h.HandleGetMeEvents) - apiUsers.GET("/:userid/events", h.HandleGetEventsByUserID) - apiUsers.GET("/:userid/groups", h.HandleGetGroupIDsByUserID) + usersAPI.GET("", h.HandleGetUsers) + usersAPI.POST("/sync", h.HandleSyncUser, h.PrevilegeUserMiddleware) + usersAPI.GET("/me", h.HandleGetUserMe) + usersAPI.GET("/me/ical", h.HandleGetiCal) + usersAPI.PUT("/me/ical", h.HandleUpdateiCal) + usersAPI.GET("/me/groups", h.HandleGetMeGroupIDs) + usersAPI.GET("/me/events", h.HandleGetMeEvents) + usersAPI.GET("/:userid/events", h.HandleGetEventsByUserID) + usersAPI.GET("/:userid/groups", h.HandleGetGroupIDsByUserID) } - apiTags := apiWithAuth.Group("/tags") + tagsAPI := apiWithAuth.Group("/tags") { - apiTags.POST("", h.HandlePostTag) - apiTags.GET("", h.HandleGetTags) + tagsAPI.POST("", h.HandlePostTag) + tagsAPI.GET("", h.HandleGetTags) } } From 7a5d831b52fd704d5dddfbcbc4ea5de0bb1aa14f Mon Sep 17 00:00:00 2001 From: ras0q Date: Thu, 26 Oct 2023 20:59:40 +0900 Subject: [PATCH 3/3] :recycle: split admin api --- router/router.go | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/router/router.go b/router/router.go index 5980a568..67f44212 100644 --- a/router/router.go +++ b/router/router.go @@ -75,11 +75,16 @@ func (h *Handlers) SetupRoute() *echo.Echo { groupsAPI.GET("", h.HandleGetGroups) groupsAPI.POST("", h.HandlePostGroup) groupsAPI.GET("/:groupid", h.HandleGetGroup) - groupsAPI.PUT("/:groupid", h.HandleUpdateGroup, h.GroupAdminsMiddleware) - groupsAPI.DELETE("/:groupid", h.HandleDeleteGroup, h.GroupAdminsMiddleware) groupsAPI.PUT("/:groupid/members/me", h.HandleAddMeGroup) groupsAPI.DELETE("/:groupid/members/me", h.HandleDeleteMeGroup) groupsAPI.GET("/:groupid/events", h.HandleGetEventsByGroupID) + + // グループ管理者権限が必要 + groupsAPIWithAdminAuth := groupsAPI.Group("", h.GroupAdminsMiddleware) + { + groupsAPIWithAdminAuth.PUT("/:groupid/members/:userid", h.HandleUpdateGroup) + groupsAPIWithAdminAuth.DELETE("/:groupid/members/:userid", h.HandleDeleteGroup) + } } eventsAPI := apiWithAuth.Group("/events") @@ -87,28 +92,37 @@ func (h *Handlers) SetupRoute() *echo.Echo { eventsAPI.GET("", h.HandleGetEvents) eventsAPI.POST("", h.HandlePostEvent, middleware.BodyDump(h.WebhookEventHandler)) eventsAPI.GET("/:eventid", h.HandleGetEvent) - eventsAPI.PUT("/:eventid", h.HandleUpdateEvent, h.EventAdminsMiddleware, middleware.BodyDump(h.WebhookEventHandler)) - eventsAPI.DELETE("/:eventid", h.HandleDeleteEvent, h.EventAdminsMiddleware) eventsAPI.PUT("/:eventid/attendees/me", h.HandleUpsertMeEventSchedule) eventsAPI.POST("/:eventid/tags", h.HandleAddEventTag) eventsAPI.DELETE("/:eventid/tags/:tagName", h.HandleDeleteEventTag) + + // イベント管理者権限が必要 + eventsAPIWithAdminAuth := eventsAPI.Group("", h.EventAdminsMiddleware) + { + eventsAPIWithAdminAuth.PUT("/:eventid", h.HandleUpdateEvent, middleware.BodyDump(h.WebhookEventHandler)) + eventsAPIWithAdminAuth.DELETE("/:eventid", h.HandleDeleteEvent) + } } roomsAPI := apiWithAuth.Group("/rooms") { roomsAPI.GET("", h.HandleGetRooms) roomsAPI.POST("", h.HandlePostRoom) - roomsAPI.POST("/all", h.HandleCreateVerifedRooms, h.PrevilegeUserMiddleware) roomsAPI.GET("/:roomid", h.HandleGetRoom) roomsAPI.DELETE("/:roomid", h.HandleDeleteRoom) - roomsAPI.POST("/:roomid/verified", h.HandleVerifyRoom, h.PrevilegeUserMiddleware) - roomsAPI.DELETE("/:roomid/verified", h.HandleUnVerifyRoom, h.PrevilegeUserMiddleware) + + // サービス管理者権限が必要 + roomsAPIWithPrevilegeAuth := roomsAPI.Group("", h.PrevilegeUserMiddleware) + { + roomsAPIWithPrevilegeAuth.POST("/all", h.HandleCreateVerifedRooms) + roomsAPIWithPrevilegeAuth.POST("/:roomid/verified", h.HandleVerifyRoom) + roomsAPIWithPrevilegeAuth.DELETE("/:roomid/verified", h.HandleUnVerifyRoom) + } } usersAPI := apiWithAuth.Group("/users") { usersAPI.GET("", h.HandleGetUsers) - usersAPI.POST("/sync", h.HandleSyncUser, h.PrevilegeUserMiddleware) usersAPI.GET("/me", h.HandleGetUserMe) usersAPI.GET("/me/ical", h.HandleGetiCal) usersAPI.PUT("/me/ical", h.HandleUpdateiCal) @@ -116,6 +130,12 @@ func (h *Handlers) SetupRoute() *echo.Echo { usersAPI.GET("/me/events", h.HandleGetMeEvents) usersAPI.GET("/:userid/events", h.HandleGetEventsByUserID) usersAPI.GET("/:userid/groups", h.HandleGetGroupIDsByUserID) + + // サービス管理者権限が必要 + usersAPIWithPrevilegeAuth := usersAPI.Group("", h.PrevilegeUserMiddleware) + { + usersAPIWithPrevilegeAuth.POST("/sync", h.HandleSyncUser) + } } tagsAPI := apiWithAuth.Group("/tags")