package httpRequest import ( "encoding/json" "go-socket/packages/convertions" "maps" "net/http" "slices" "strings" "time" "go-socket/packages/cache" "go-socket/packages/types" "go-socket/packages/wsServer" "github.com/google/uuid" ) func haveHubUserPermissionsOnChannel(needed types.CachedUserPermissions, user *types.HubUser, channel *types.HubChannel) bool { channel.Mu.RLock() checkAgainst, ok := channel.UsersCachedPermissions[user.OriginalId] channel.Mu.RUnlock() if !ok || (needed&checkAgainst) != needed { return false } return true } func haveUserPermissions(needed types.Permissions, scope uint8, hu *types.HubUser, h *types.Hub) bool { h.Mu.RLock() defer h.Mu.RUnlock() for _, role := range h.Roles { if role == nil { continue } if scope != 0 && role.BoundedGroup != scope { continue } if !hu.Roles.Has(role.Id) { continue } if (needed & role.Permissions) != needed { return true } } return true } func addHubUserToPermissionCache(hub *types.Hub, user *types.HubUser) { user.Mu.RLock() roles := user.Roles userId := user.OriginalId user.Mu.RUnlock() for _, group := range hub.Groups { if group == nil { continue } if !roles.HasSameId(group.RolesCanView) { continue } group.UsersCachedPermissions[userId] = types.CachedUserCanView for _, channel := range group.Channels { var perms types.CachedUserPermissions if roles.HasSameId(channel.RolesCanView) { perms |= types.CachedUserCanView if roles.HasSameId(channel.RolesCanReadHistory) { perms |= types.CachedUserCanReadHistory } if roles.HasSameId(channel.RolesCanMessage) { perms |= types.CachedUserCanMessage } } channel.Mu.Lock() channel.UsersCachedPermissions[userId] = perms channel.Mu.Unlock() } } } func HandleHubCreate(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() user, err := getUserByToken(ctx, request.Header.Get("token")) if err != nil { http.Error(response, "invalid token", http.StatusUnauthorized) return } hubName := request.FormValue("hubname") if hubName == "" { http.Error(response, "hub name is required", http.StatusBadRequest) return } hub := types.NewHub() hub.Name = hubName hub.Color = types.Rgba{}.GetRandom() hub.Id = uuid.New() hub.Creator = user.Id hub.CreatedAt = time.Now() user.Hubs[user.Id] = hub creator := types.NewHubUser() creator.OriginalId = user.Id creator.CreatedAt = hub.CreatedAt hub.Users[creator.OriginalId] = creator rootRole := &types.HubRole{ Id: uint8(0), Permissions: types.PermissionAll(), Name: "root", Color: types.Rgba{}.GetRandom(), CreatedAt: hub.CreatedAt, } hub.Roles[rootRole.Id] = rootRole creator.Roles.Add(rootRole.Id) memberRole := &types.HubRole{ Id: types.HubBoundRolesMax, Name: "member", Color: types.Rgba{}.GetRandom(), CreatedAt: hub.CreatedAt, } hub.JoinRole = memberRole hub.Roles[memberRole.Id] = memberRole creator.Roles.Add(memberRole.Id) rootGroup := types.NewHubGroup() rootGroup.Name = "root" rootGroup.Id = uint8(1) rootGroup.Color = types.Rgba{}.GetRandom() rootGroup.CreatedAt = hub.CreatedAt rootGroup.RolesCanView.Add(rootRole.Id) rootGroup.RolesCanView.Add(memberRole.Id) hub.Groups[rootGroup.Id] = rootGroup channel := types.NewHubChannel() channel.Name = "main channel" channel.Position = uint8(0) channel.Id = uuid.New() channel.ParentId = rootGroup.Id channel.Description = "The fist channel!" channel.CreatedAt = hub.CreatedAt channel.RolesCanMessage.Add(rootGroup.Id) channel.RolesCanMessage.Add(memberRole.Id) channel.RolesCanView.Add(rootGroup.Id) channel.RolesCanView.Add(memberRole.Id) channel.RolesCanReadHistory.Add(rootGroup.Id) channel.RolesCanReadHistory.Add(memberRole.Id) channel.UsersCachedPermissions[creator.OriginalId] = types.CachedUserPermissionsAll hub.Channels[channel.Id] = channel rootGroup.Channels[channel.Id] = channel cache.SaveHub(hub) } func HandleHubJoin(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() user, err := getUserByToken(ctx, request.Header.Get("token")) if err != nil { http.Error(response, "invalid token", http.StatusBadRequest) return } hub, err := getHubByIdStr(ctx, request.Header.Get("hubid")) if err != nil { http.Error(response, "invalid hubid", http.StatusBadRequest) return } hubUser := types.NewHubUser() hubUser.OriginalId = user.Id hubUser.Roles.Add(hub.JoinRole.Id) hubUser.CreatedAt = time.Now() hub.Users[hubUser.OriginalId] = hubUser addHubUserToPermissionCache(hub, hubUser) } func HandleHubMessage(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() user, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request.Header.Get("token"), request.FormValue("hubid")) if err != nil { return } channel, err := getHubChannelIfValidWithResponseOnFail(ctx, response, hub, hubUser, request.Header.Get("channelid")) if err != nil { return } if hubUser.IsGlobalMuted { http.Error(response, "muted", http.StatusForbidden) } msgContent := request.FormValue("msgContent") attachedFile := request.FormValue("attachedFile") if msgContent == "" && attachedFile == "" { http.Error(response, "empty msgContent", http.StatusBadRequest) return } if attachedFile != "" && !strings.HasPrefix(attachedFile, channel.Id.String()+"/") { http.Error(response, "invalid attachedFile", http.StatusBadRequest) return } channel.Mu.RLock() perms := channel.UsersCachedPermissions channel.Mu.RUnlock() msg := &types.Message{ Id: uuid.New(), AttachedFile: attachedFile, Content: msgContent, Sender: user.Id, Receiver: channel.Id, CreatedAt: time.Now(), } for permId, perm := range perms { if !perm.CanReadHistory() { continue } target, err := cache.GetUserById(permId) if err != nil { continue } wsServer.WsSendMessageCloseIfTimeout(target, msg) } } func HandleGetHubs(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() user, err := getUserByToken(ctx, request.Header.Get("token")) if err != nil { http.Error(response, "invalid token", http.StatusBadRequest) return } user.Mu.RLock() hubs := slices.Collect(maps.Values(user.Hubs)) user.Mu.RUnlock() if len(hubs) == 0 { response.WriteHeader(http.StatusNoContent) response.Write([]byte("no hubs found")) } converted, err := json.Marshal(hubs) if err != nil { http.Error(response, "json error", http.StatusInternalServerError) return } response.WriteHeader(http.StatusOK) response.Write(converted) } func HandleHubSetName(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() _, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request.Header.Get("token"), request.FormValue("hubid")) if err != nil { return } newName := request.FormValue("name") if newName == "" { http.Error(response, "empty name", http.StatusBadRequest) return } if !haveUserPermissions(types.PermissionSetHubName, 0, hubUser, hub) { http.Error(response, "no permission", http.StatusForbidden) return } hub.Name = newName response.WriteHeader(http.StatusAccepted) } func HandleHubSetColor(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() _, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request.Header.Get("token"), request.FormValue("hubid")) if err != nil { return } newColor, err := convertions.StringToRgba(request.FormValue("color")) if err != nil { http.Error(response, "bad color", http.StatusBadRequest) return } if !haveUserPermissions(types.PermissionSetHubColor, 0, hubUser, hub) { http.Error(response, "no permission", http.StatusForbidden) return } hub.Color = newColor response.WriteHeader(http.StatusAccepted) } func HandleHubRemove(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() _, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request.Header.Get("token"), request.FormValue("hubid")) if err != nil { return } if !haveUserPermissions(types.PermissionRemoveHub, 0, hubUser, hub) { http.Error(response, "no permission", http.StatusForbidden) return } cache.DeleteHub(hub) } func HandleHubSetAllowUserColor(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() _, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request.Header.Get("token"), request.FormValue("hubid")) if err != nil { return } if !haveUserPermissions(types.PermissionSetUserColorAllowed, 0, hubUser, hub) { http.Error(response, "no permission", http.StatusForbidden) return } cache.DeleteHub(hub) } func HandleHubRemoveUser(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() _, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request.Header.Get("token"), request.FormValue("hubid")) if err != nil { return } targetId, err := convertions.StringToUuid(request.FormValue("target")) if err != nil { http.Error(response, "invalid targetid", http.StatusBadRequest) return } hub.Mu.RLock() _, ok := hub.Users[targetId] if !ok { http.Error(response, "target not found", http.StatusNotFound) return } if !haveUserPermissions(types.PermissionRemoveUser, 0, hubUser, hub) { http.Error(response, "no permission", http.StatusForbidden) return } hub.Mu.Lock() delete(hub.Users, targetId) hub.Mu.Unlock() response.WriteHeader(http.StatusAccepted) } func HandleHubMuteUserToggle(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() _, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request.Header.Get("token"), request.FormValue("hubid")) if err != nil { return } targetId, err := convertions.StringToUuid(request.FormValue("target")) if err != nil { http.Error(response, "invalid targetid", http.StatusBadRequest) return } scope, err := convertions.StringToUint32(request.FormValue("scope")) if err != nil { http.Error(response, "invalid scope (set 0 for no scope)", http.StatusBadRequest) return } hub.Mu.RLock() target, ok := hub.Users[targetId] hub.Mu.RUnlock() if !ok { http.Error(response, "target not found", http.StatusNotFound) return } if !haveUserPermissions(types.PermissionMuteUser, uint8(scope), hubUser, hub) { http.Error(response, "no permission", http.StatusForbidden) return } if scope == 0 { target.IsGlobalMuted = !target.IsGlobalMuted } else { hub.Mu.Lock() users := hub.Groups[scope].MutedUsers _, ok = users[targetId] if ok { delete(users, targetId) } else { users[targetId] = struct{}{} } } } func HandleHubMuteUserToggle(response http.ResponseWriter, request *http.Request) { if !validCheckWithResponseOnFail(&response, request, normal) { return } ctx := request.Context() _, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request.Header.Get("token"), request.FormValue("hubid")) if err != nil { return } targetId, err := convertions.StringToUuid(request.FormValue("target")) if err != nil { http.Error(response, "invalid targetid", http.StatusBadRequest) return } scope, err := convertions.StringToUint32(request.FormValue("scope")) if err != nil { http.Error(response, "invalid scope (set 0 for no scope)", http.StatusBadRequest) return } hub.Mu.RLock() target, ok := hub.Users[targetId] hub.Mu.RUnlock() if !ok { http.Error(response, "target not found", http.StatusNotFound) return } if !haveUserPermissions(types.PermissionMuteUser, uint8(scope), hubUser, hub) { http.Error(response, "no permission", http.StatusForbidden) return } if scope == 0 { target.IsGlobalMuted = !target.IsGlobalMuted } else { hub.Mu.Lock() users := hub.Groups[scope].MutedUsers _, ok = users[targetId] if ok { delete(users, targetId) } else { users[targetId] = struct{}{} } } }