400 lines
17 KiB
Go
400 lines
17 KiB
Go
package http
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"go.uber.org/zap"
|
|
|
|
"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/config"
|
|
"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/internal/interface/http/auth"
|
|
"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/internal/interface/http/middleware"
|
|
svc_auth "codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/internal/service/auth"
|
|
"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/pkg/httperror"
|
|
"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/pkg/validation"
|
|
)
|
|
|
|
// WireServer is a Wire-compatible HTTP server (without fx.Lifecycle dependency)
|
|
type WireServer struct {
|
|
server *http.Server
|
|
logger *zap.Logger
|
|
config *config.Config
|
|
mux *http.ServeMux
|
|
handlers *Handlers
|
|
registerHandler *auth.RegisterHandler
|
|
requestOTTHandler *auth.RequestOTTHandler
|
|
verifyOTTHandler *auth.VerifyOTTHandler
|
|
completeLoginHandler *auth.CompleteLoginHandler
|
|
refreshTokenHandler *auth.RefreshTokenHandler
|
|
verifyEmailHandler *auth.VerifyEmailHandler
|
|
resendVerificationHandler *auth.ResendVerificationHandler
|
|
recoveryInitiateHandler *auth.RecoveryInitiateHandler
|
|
recoveryVerifyHandler *auth.RecoveryVerifyHandler
|
|
recoveryCompleteHandler *auth.RecoveryCompleteHandler
|
|
rateLimitMiddleware *middleware.RateLimitMiddleware
|
|
securityHeadersMiddleware *middleware.SecurityHeadersMiddleware
|
|
}
|
|
|
|
// NewWireServer creates a Wire-compatible HTTP server
|
|
func NewWireServer(
|
|
cfg *config.Config,
|
|
logger *zap.Logger,
|
|
handlers *Handlers,
|
|
registerService svc_auth.RegisterService,
|
|
verifyEmailService svc_auth.VerifyEmailService,
|
|
resendVerificationService svc_auth.ResendVerificationService,
|
|
requestOTTService svc_auth.RequestOTTService,
|
|
verifyOTTService svc_auth.VerifyOTTService,
|
|
completeLoginService svc_auth.CompleteLoginService,
|
|
refreshTokenService svc_auth.RefreshTokenService,
|
|
recoveryInitiateService svc_auth.RecoveryInitiateService,
|
|
recoveryVerifyService svc_auth.RecoveryVerifyService,
|
|
recoveryCompleteService svc_auth.RecoveryCompleteService,
|
|
rateLimitMiddleware *middleware.RateLimitMiddleware,
|
|
securityHeadersMiddleware *middleware.SecurityHeadersMiddleware,
|
|
) *WireServer {
|
|
mux := http.NewServeMux()
|
|
|
|
// Initialize auth handlers with services
|
|
registerHandler := auth.NewRegisterHandler(logger, registerService)
|
|
verifyEmailHandler := auth.NewVerifyEmailHandler(logger, verifyEmailService)
|
|
resendVerificationHandler := auth.NewResendVerificationHandler(logger, resendVerificationService)
|
|
requestOTTHandler := auth.NewRequestOTTHandler(logger, requestOTTService)
|
|
verifyOTTHandler := auth.NewVerifyOTTHandler(logger, verifyOTTService)
|
|
completeLoginHandler := auth.NewCompleteLoginHandler(logger, completeLoginService)
|
|
refreshTokenHandler := auth.NewRefreshTokenHandler(logger, refreshTokenService)
|
|
recoveryInitiateHandler := auth.NewRecoveryInitiateHandler(logger, recoveryInitiateService)
|
|
recoveryVerifyHandler := auth.NewRecoveryVerifyHandler(logger, recoveryVerifyService)
|
|
recoveryCompleteHandler := auth.NewRecoveryCompleteHandler(logger, recoveryCompleteService)
|
|
|
|
s := &WireServer{
|
|
logger: logger,
|
|
config: cfg,
|
|
mux: mux,
|
|
handlers: handlers,
|
|
registerHandler: registerHandler,
|
|
requestOTTHandler: requestOTTHandler,
|
|
verifyOTTHandler: verifyOTTHandler,
|
|
completeLoginHandler: completeLoginHandler,
|
|
refreshTokenHandler: refreshTokenHandler,
|
|
verifyEmailHandler: verifyEmailHandler,
|
|
resendVerificationHandler: resendVerificationHandler,
|
|
recoveryInitiateHandler: recoveryInitiateHandler,
|
|
recoveryVerifyHandler: recoveryVerifyHandler,
|
|
recoveryCompleteHandler: recoveryCompleteHandler,
|
|
rateLimitMiddleware: rateLimitMiddleware,
|
|
securityHeadersMiddleware: securityHeadersMiddleware,
|
|
}
|
|
|
|
// Register routes (simplified for Phase 2)
|
|
s.registerRoutes()
|
|
|
|
// Create HTTP server with middleware
|
|
s.server = &http.Server{
|
|
Addr: fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port),
|
|
Handler: s.applyMiddleware(mux),
|
|
ReadTimeout: cfg.Server.ReadTimeout,
|
|
WriteTimeout: cfg.Server.WriteTimeout,
|
|
IdleTimeout: cfg.Server.IdleTimeout,
|
|
}
|
|
|
|
return s
|
|
}
|
|
|
|
// Start starts the HTTP server
|
|
func (s *WireServer) Start() error {
|
|
s.logger.Info("Starting HTTP server",
|
|
zap.String("address", s.server.Addr),
|
|
zap.String("environment", s.config.App.Environment),
|
|
)
|
|
|
|
if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
|
|
return fmt.Errorf("HTTP server failed: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Shutdown gracefully shuts down the HTTP server
|
|
func (s *WireServer) Shutdown(ctx context.Context) error {
|
|
s.logger.Info("Shutting down HTTP server")
|
|
return s.server.Shutdown(ctx)
|
|
}
|
|
|
|
// registerRoutes registers all HTTP routes
|
|
func (s *WireServer) registerRoutes() {
|
|
s.logger.Info("Registering HTTP routes")
|
|
|
|
// ===== Public Routes =====
|
|
s.mux.HandleFunc("GET /health", s.healthCheckHandler)
|
|
s.mux.HandleFunc("GET /version", s.versionHandler)
|
|
|
|
// User lookup - Public route for user public key lookup
|
|
s.mux.HandleFunc("GET /iam/api/v1/users/lookup", s.handlers.UserPublicLookup.ServeHTTP)
|
|
|
|
// Auth routes - Registration & Email Verification (with auth rate limiting)
|
|
// These endpoints use general auth rate limiting to prevent automated abuse
|
|
s.mux.HandleFunc("POST /api/v1/register", s.rateLimitMiddleware.AuthRateLimit(s.registerHandler.ServeHTTP))
|
|
s.mux.HandleFunc("POST /api/v1/verify-email-code", s.rateLimitMiddleware.AuthRateLimit(s.verifyEmailHandler.ServeHTTP))
|
|
s.mux.HandleFunc("POST /api/v1/resend-verification", s.rateLimitMiddleware.AuthRateLimit(s.resendVerificationHandler.ServeHTTP))
|
|
|
|
// Auth routes - Login Flow (OTT-based) (with login rate limiting)
|
|
// These endpoints use login-specific rate limiting with account lockout
|
|
// CWE-307: Protection against brute force attacks
|
|
s.mux.HandleFunc("POST /api/v1/request-ott", s.rateLimitMiddleware.LoginRateLimit(s.requestOTTHandler.ServeHTTP))
|
|
s.mux.HandleFunc("POST /api/v1/verify-ott", s.rateLimitMiddleware.LoginRateLimit(s.verifyOTTHandler.ServeHTTP))
|
|
s.mux.HandleFunc("POST /api/v1/complete-login", s.rateLimitMiddleware.LoginRateLimit(s.completeLoginHandler.ServeHTTP))
|
|
|
|
// Auth routes - Token Management (with auth rate limiting)
|
|
s.mux.HandleFunc("POST /api/v1/token/refresh", s.rateLimitMiddleware.AuthRateLimit(s.refreshTokenHandler.ServeHTTP))
|
|
|
|
// Auth routes - Account Recovery (with login rate limiting)
|
|
// Recovery endpoints need same protection as login to prevent enumeration attacks
|
|
s.mux.HandleFunc("POST /api/v1/recovery/initiate", s.rateLimitMiddleware.LoginRateLimit(s.recoveryInitiateHandler.ServeHTTP))
|
|
s.mux.HandleFunc("POST /api/v1/recovery/verify", s.rateLimitMiddleware.LoginRateLimit(s.recoveryVerifyHandler.ServeHTTP))
|
|
s.mux.HandleFunc("POST /api/v1/recovery/complete", s.rateLimitMiddleware.LoginRateLimit(s.recoveryCompleteHandler.ServeHTTP))
|
|
|
|
// ===== Protected Routes =====
|
|
|
|
// Me / Profile routes
|
|
s.mux.HandleFunc("GET /api/v1/me", s.handlers.GetMe.ServeHTTP)
|
|
s.mux.HandleFunc("PUT /api/v1/me", s.handlers.UpdateMe.ServeHTTP)
|
|
s.mux.HandleFunc("DELETE /api/v1/me", s.handlers.DeleteMe.ServeHTTP)
|
|
|
|
// Blocked Email routes
|
|
s.mux.HandleFunc("POST /api/v1/me/blocked-emails", s.handlers.CreateBlockedEmail.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/me/blocked-emails", s.handlers.ListBlockedEmails.ServeHTTP)
|
|
s.mux.HandleFunc("DELETE /api/v1/me/blocked-emails/{email}", s.handlers.DeleteBlockedEmail.ServeHTTP)
|
|
|
|
// Invite Email routes
|
|
s.mux.HandleFunc("POST /api/v1/invites/send-email", s.handlers.SendInviteEmail.ServeHTTP)
|
|
|
|
// Dashboard
|
|
s.mux.HandleFunc("GET /api/v1/dashboard", s.handlers.GetDashboard.ServeHTTP)
|
|
|
|
// Collections - Basic CRUD
|
|
s.mux.HandleFunc("POST /api/v1/collections", s.handlers.CreateCollection.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/collections", s.handlers.ListUserCollections.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/collections/{id}", s.handlers.GetCollection.ServeHTTP)
|
|
s.mux.HandleFunc("PUT /api/v1/collections/{id}", s.handlers.UpdateCollection.ServeHTTP)
|
|
s.mux.HandleFunc("DELETE /api/v1/collections/{id}", s.handlers.SoftDeleteCollection.ServeHTTP)
|
|
|
|
// Collections - Hierarchical
|
|
s.mux.HandleFunc("GET /api/v1/collections/root", s.handlers.FindRootCollections.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/collections/parent/{parent_id}", s.handlers.FindCollectionsByParent.ServeHTTP)
|
|
s.mux.HandleFunc("PUT /api/v1/collections/{id}/move", s.handlers.MoveCollection.ServeHTTP)
|
|
|
|
// Collections - Sharing
|
|
s.mux.HandleFunc("POST /api/v1/collections/{id}/share", s.handlers.ShareCollection.ServeHTTP)
|
|
s.mux.HandleFunc("DELETE /api/v1/collections/{id}/members/{user_id}", s.handlers.RemoveMember.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/collections/shared", s.handlers.ListSharedCollections.ServeHTTP)
|
|
|
|
// Collections - Operations
|
|
s.mux.HandleFunc("PUT /api/v1/collections/{id}/archive", s.handlers.ArchiveCollection.ServeHTTP)
|
|
s.mux.HandleFunc("PUT /api/v1/collections/{id}/restore", s.handlers.RestoreCollection.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/collections/filtered", s.handlers.GetFilteredCollections.ServeHTTP)
|
|
s.mux.HandleFunc("POST /api/v1/collections/sync", s.handlers.CollectionSync.ServeHTTP)
|
|
|
|
// Tags - Basic CRUD (non-parameterized routes first)
|
|
s.mux.HandleFunc("POST /api/v1/tags", s.handlers.CreateTag.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/tags", s.handlers.ListTags.ServeHTTP)
|
|
|
|
// Tags - Filtering operations (specific paths before wildcards)
|
|
s.mux.HandleFunc("GET /api/v1/tags/collections", s.handlers.ListCollectionsByTag.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/tags/files", s.handlers.ListFilesByTag.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/tags/search", s.handlers.SearchByTags.ServeHTTP)
|
|
|
|
// Tags - Retrieval by entity (using /for/ prefix to avoid route conflicts)
|
|
s.mux.HandleFunc("GET /api/v1/tags/for/collection/{collection_id}", s.handlers.GetTagsForCollection.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/tags/for/file/{file_id}", s.handlers.GetTagsForFile.ServeHTTP)
|
|
|
|
// Tags - Assignment operations (specific paths before generic {id})
|
|
s.mux.HandleFunc("POST /api/v1/tags/{id}/assign", s.handlers.AssignTag.ServeHTTP)
|
|
s.mux.HandleFunc("DELETE /api/v1/tags/{tagId}/entities/{entityId}", s.handlers.UnassignTag.ServeHTTP)
|
|
|
|
// Tags - Generic CRUD with {id} parameter (MUST come last to avoid conflicts)
|
|
s.mux.HandleFunc("GET /api/v1/tags/{id}", s.handlers.GetTag.ServeHTTP)
|
|
s.mux.HandleFunc("PUT /api/v1/tags/{id}", s.handlers.UpdateTag.ServeHTTP)
|
|
s.mux.HandleFunc("DELETE /api/v1/tags/{id}", s.handlers.DeleteTag.ServeHTTP)
|
|
|
|
// Files - Non-parameterized routes (no wildcards)
|
|
s.mux.HandleFunc("POST /api/v1/files/pending", s.handlers.CreatePendingFile.ServeHTTP)
|
|
s.mux.HandleFunc("POST /api/v1/files/delete-multiple", s.handlers.DeleteMultipleFiles.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/files/recent", s.handlers.ListRecentFiles.ServeHTTP)
|
|
s.mux.HandleFunc("POST /api/v1/files/sync", s.handlers.FileSync.ServeHTTP)
|
|
|
|
// Files - Parameterized routes under /file/ prefix (singular) to avoid conflicts
|
|
s.mux.HandleFunc("POST /api/v1/file/{id}/complete", s.handlers.CompleteFileUpload.ServeHTTP)
|
|
s.mux.HandleFunc("POST /api/v1/file/{id}/download-completed", s.handlers.ReportDownloadCompleted.ServeHTTP)
|
|
s.mux.HandleFunc("PUT /api/v1/file/{id}/archive", s.handlers.ArchiveFile.ServeHTTP)
|
|
s.mux.HandleFunc("PUT /api/v1/file/{id}/restore", s.handlers.RestoreFile.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/file/{id}/upload-url", s.handlers.GetPresignedUploadURL.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/file/{id}/download-url", s.handlers.GetPresignedDownloadURL.ServeHTTP)
|
|
s.mux.HandleFunc("GET /api/v1/file/{id}", s.handlers.GetFile.ServeHTTP)
|
|
s.mux.HandleFunc("PUT /api/v1/file/{id}", s.handlers.UpdateFile.ServeHTTP)
|
|
s.mux.HandleFunc("DELETE /api/v1/file/{id}", s.handlers.SoftDeleteFile.ServeHTTP)
|
|
|
|
// Files by collection - under /collection/ prefix
|
|
s.mux.HandleFunc("GET /api/v1/collection/{collection_id}/files", s.handlers.ListFilesByCollection.ServeHTTP)
|
|
|
|
s.logger.Info("HTTP routes registered", zap.Int("total_routes", 71))
|
|
}
|
|
|
|
// Health check handler
|
|
func (s *WireServer) healthCheckHandler(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte(`{"status":"healthy","service":"maplefile-backend","di":"Wire"}`))
|
|
}
|
|
|
|
// Version handler
|
|
func (s *WireServer) versionHandler(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(http.StatusOK)
|
|
version := fmt.Sprintf(`{"version":"%s","environment":"%s","di":"Wire"}`,
|
|
s.config.App.Version,
|
|
s.config.App.Environment)
|
|
w.Write([]byte(version))
|
|
}
|
|
|
|
// Middleware implementations
|
|
|
|
// applyMiddleware applies global middleware to the handler
|
|
func (s *WireServer) applyMiddleware(handler http.Handler) http.Handler {
|
|
// Apply middleware in reverse order (last applied is executed first)
|
|
|
|
// Logging middleware (outermost)
|
|
handler = s.loggingMiddleware(handler)
|
|
|
|
// CORS middleware
|
|
handler = s.corsMiddleware(handler)
|
|
|
|
// Security headers middleware (adds security headers to all responses)
|
|
handler = s.securityHeadersMiddleware.Handler(handler)
|
|
|
|
// Recovery middleware (catches panics)
|
|
handler = s.recoveryMiddleware(handler)
|
|
|
|
return handler
|
|
}
|
|
|
|
func (s *WireServer) loggingMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// Skip logging health check requests
|
|
if r.URL.Path == "/health" {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
// Simple logging for Wire version
|
|
s.logger.Info("HTTP request",
|
|
zap.String("method", r.Method),
|
|
zap.String("path", r.URL.Path),
|
|
zap.String("remote_addr", validation.MaskIP(r.RemoteAddr)),
|
|
)
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
func (s *WireServer) corsMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// Get the origin from the request
|
|
origin := r.Header.Get("Origin")
|
|
|
|
// Build allowed origins map
|
|
allowedOrigins := make(map[string]bool)
|
|
|
|
// In development, always allow localhost origins
|
|
if s.config.App.Environment == "development" {
|
|
allowedOrigins["http://localhost:5173"] = true // Vite dev server
|
|
allowedOrigins["http://localhost:5174"] = true // Alternative Vite port
|
|
allowedOrigins["http://localhost:3000"] = true // Common React port
|
|
allowedOrigins["http://127.0.0.1:5173"] = true
|
|
allowedOrigins["http://127.0.0.1:5174"] = true
|
|
allowedOrigins["http://127.0.0.1:3000"] = true
|
|
}
|
|
|
|
// Add production origins from configuration
|
|
for _, allowedOrigin := range s.config.Security.AllowedOrigins {
|
|
if allowedOrigin != "" {
|
|
allowedOrigins[allowedOrigin] = true
|
|
}
|
|
}
|
|
|
|
// Check if the request origin is allowed
|
|
if allowedOrigins[origin] {
|
|
// SECURITY FIX: Validate origin before setting CORS headers
|
|
// CWE-942: Permissive Cross-domain Policy with Untrusted Domains
|
|
// OWASP A05:2021: Security Misconfiguration - Secure CORS configuration
|
|
|
|
// Prevent wildcard origin with credentials (major security risk)
|
|
if origin == "*" {
|
|
s.logger.Error("CRITICAL: Wildcard origin (*) cannot be used with credentials",
|
|
zap.String("path", r.URL.Path))
|
|
// Don't set CORS headers for wildcard - this is a misconfiguration
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
|
|
// In production, enforce HTTPS origins for security
|
|
if s.config.App.Environment == "production" {
|
|
if len(origin) >= 5 && origin[:5] == "http:" {
|
|
s.logger.Warn("Non-HTTPS origin rejected in production",
|
|
zap.String("origin", origin),
|
|
zap.String("path", r.URL.Path))
|
|
// Don't set CORS headers for non-HTTPS origins in production
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
}
|
|
|
|
// Set CORS headers for validated origins
|
|
w.Header().Set("Access-Control-Allow-Origin", origin)
|
|
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
|
|
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
|
|
|
|
// Only set credentials for specific, non-wildcard origins
|
|
// This prevents credential leakage to untrusted domains
|
|
if origin != "*" && origin != "" {
|
|
w.Header().Set("Access-Control-Allow-Credentials", "true")
|
|
}
|
|
|
|
w.Header().Set("Access-Control-Max-Age", "3600") // Cache preflight for 1 hour
|
|
|
|
s.logger.Debug("CORS headers added",
|
|
zap.String("origin", origin),
|
|
zap.String("path", r.URL.Path),
|
|
zap.Bool("credentials_allowed", origin != "*"))
|
|
} else if origin != "" {
|
|
// Log rejected origins for debugging
|
|
s.logger.Warn("CORS request from disallowed origin",
|
|
zap.String("origin", origin),
|
|
zap.String("path", r.URL.Path))
|
|
}
|
|
|
|
// Handle preflight requests
|
|
if r.Method == "OPTIONS" {
|
|
w.WriteHeader(http.StatusOK)
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
func (s *WireServer) recoveryMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
defer func() {
|
|
if err := recover(); err != nil {
|
|
s.logger.Error("Panic recovered",
|
|
zap.Any("error", err),
|
|
zap.String("path", r.URL.Path),
|
|
)
|
|
problem := httperror.NewInternalServerError("An unexpected error occurred")
|
|
problem.WithInstance(r.URL.Path)
|
|
httperror.RespondWithProblem(w, problem)
|
|
}
|
|
}()
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|