go-socket/packages/httpRequest/hubs.go

package httpRequest

import (
	"context"
	"encoding/json"
	"maps"
	"net/http"
	"slices"
	"strings"
	"time"

	"go-socket/packages/convertions"

	"go-socket/packages/cache"
	"go-socket/packages/types"
	"go-socket/packages/wsServer"

	"github.com/google/uuid"
)

func haveHubUserPermission(u *types.HubUser, h *types.Hub, needed types.Permissions) (id uint8, has bool) {
	h.Mu.Lock()
	defer h.Mu.Unlock()
	for _, role := range h.Roles {
		if role == nil {
			continue
		}
		if !u.Roles.Has(role.Id) {
			continue
		}
		if (needed&role.Permissions) == needed && role.Id > id {
			id = role.Id
			has = true
		}
	}
	return id, has
}

func hubUserHighestRoleId(u *types.HubUser, h *types.Hub) (id uint8) {
	h.Mu.Lock()
	defer h.Mu.Unlock()

	for _, role := range h.Roles {
		if role == nil {
			continue
		}
		if !u.Roles.Has(role.Id) {
			continue
		}
		if role.Id > id {
			id = role.Id
		}
	}
	return id
}

func haveHubUserCachedPermissions(needed types.CachedUserPermissions, user *types.HubUser, channel *types.HubChannel) bool {
	channel.Mu.RLock()
	checkAgainst, ok := channel.UsersCachedPermissions[user.OriginalId]
	channel.Mu.RUnlock()
	if !ok || (needed&checkAgainst) != needed {
		return false
	}
	return true
}

func HandleHubCreate(response http.ResponseWriter, request *http.Request) {
	if !validCheckWithResponseOnFail(response, request, normal) {
		return
	}

	ctx := request.Context()
	user, err := getUserByToken(ctx, request.Header.Get("token"))
	if err != nil {
		http.Error(response, "invalid token", http.StatusUnauthorized)
		return
	}

	hubName := request.FormValue("hubname")
	if hubName == "" {
		http.Error(response, "hub name is required", http.StatusBadRequest)
		return
	}

	hub := types.NewHub()
	hub.Name = hubName
	hub.Color = types.RandomRgba()
	hub.Id = uuid.New()
	hub.Creator = user.Id
	hub.CreatedAt = time.Now()
	user.Hubs[user.Id] = hub

	creator := types.NewHubUser()
	creator.OriginalId = user.Id
	creator.CreatedAt = hub.CreatedAt
	hub.Users[creator.OriginalId] = creator

	rootRole := &types.HubRole{
		Id:          uint8(0),
		Permissions: types.PermissionAll(),
		Name:        "root",
		Color:       types.RandomRgba(),
		CreatedAt:   hub.CreatedAt,
	}
	hub.Roles[rootRole.Id] = rootRole
	creator.Roles.Add(rootRole.Id)

	memberRole := &types.HubRole{
		Id:        types.HubBoundRolesMax,
		Name:      "member",
		Color:     types.RandomRgba(),
		CreatedAt: hub.CreatedAt,
	}
	hub.JoinRole = memberRole
	hub.Roles[memberRole.Id] = memberRole
	creator.Roles.Add(memberRole.Id)

	channel := types.NewHubChannel()
	channel.Name = "main channel"
	channel.Position = uint8(0)
	channel.Id = uuid.New()
	channel.Description = "The fist channel!"
	channel.CreatedAt = hub.CreatedAt
	channel.RolesCanMessage.Add(rootRole.Id)
	channel.RolesCanMessage.Add(memberRole.Id)
	channel.RolesCanView.Add(rootRole.Id)
	channel.RolesCanView.Add(memberRole.Id)
	channel.RolesCanReadHistory.Add(rootRole.Id)
	channel.RolesCanReadHistory.Add(memberRole.Id)
	channel.UsersCachedPermissions[creator.OriginalId] = types.CachedUserPermissionsAll
	hub.Channels[channel.Id] = channel

	cache.SaveHub(hub)
}

func HandleHubJoin(response http.ResponseWriter, request *http.Request) {
	if !validCheckWithResponseOnFail(response, request, normal) {
		return
	}
	ctx := request.Context()
	user, err := getUserByToken(ctx, request.Header.Get("token"))
	if err != nil {
		http.Error(response, "invalid token", http.StatusUnauthorized)
		return
	}
	hub, err := getHubByIdStr(ctx, request.Header.Get("hubid"))
	if err != nil {
		http.Error(response, "invalid hubid", http.StatusBadRequest)
		return
	}

	hubUser := types.NewHubUser()
	hubUser.OriginalId = user.Id
	hubUser.Roles.Add(hub.JoinRole.Id)
	hubUser.CreatedAt = time.Now()
	hub.Users[hubUser.OriginalId] = hubUser
}

func HandleHubMessage(response http.ResponseWriter, request *http.Request) {
	if !validCheckWithResponseOnFail(response, request, normal) {
		return
	}
	ctx := request.Context()
	user, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
	if err != nil {
		return
	}
	channel, err := getHubChannelIfValidWithResponseOnFail(ctx, response, hub, hubUser, request.Header.Get("channelid"))
	if err != nil {
		return
	}

	if hubUser.IsMuted {
		http.Error(response, "muted", http.StatusForbidden)
		return
	}

	msgContent := request.FormValue("msgContent")
	attachedFile := request.FormValue("attachedFile")

	if msgContent == "" && attachedFile == "" {
		http.Error(response, "empty msgContent", http.StatusBadRequest)
		return
	}

	if attachedFile != "" && !strings.HasPrefix(attachedFile, channel.Id.String()+"/") {
		http.Error(response, "invalid attachedFile", http.StatusBadRequest)
		return
	}

	channel.Mu.RLock()
	perms := channel.UsersCachedPermissions
	channel.Mu.RUnlock()

	msg := &types.Message{
		Id:           uuid.New(),
		AttachedFile: attachedFile,
		Content:      msgContent,
		Sender:       user.Id,
		Receiver:     channel.Id,
		CreatedAt:    time.Now(),
	}

	for permId, perm := range perms {
		if !perm.CanReadHistory() {
			continue
		}

		target, err := cache.GetUserById(permId)
		if err != nil {
			continue
		}
		wsServer.WsSendMessageCloseIfTimeout(target, msg)
	}
}

func HandleGetHubs(response http.ResponseWriter, request *http.Request) {
	if !validCheckWithResponseOnFail(response, request, normal) {
		return
	}
	ctx := request.Context()
	user, err := getUserByToken(ctx, request.Header.Get("token"))
	if err != nil {
		http.Error(response, "invalid token", http.StatusBadRequest)
		return
	}

	user.Mu.RLock()
	hubs := slices.Collect(maps.Values(user.Hubs))
	user.Mu.RUnlock()
	if len(hubs) == 0 {
		response.WriteHeader(http.StatusNoContent)
		response.Write([]byte("no hubs found"))
		return
	}
	converted, err := json.Marshal(hubs)
	if err != nil {
		http.Error(response, "json error", http.StatusInternalServerError)
		return
	}
	response.WriteHeader(http.StatusOK)
	response.Write(converted)
}

func hubPermissionContext(response http.ResponseWriter, request *http.Request, rt bodyLimit, needed types.Permissions) (*types.HubUser, *types.Hub, context.Context, uint8, bool) {
	if !validCheckWithResponseOnFail(response, request, rt) {
		return nil, nil, nil, 0, false
	}
	ctx := request.Context()
	_, hubUser, hub, err := getHubUserIfValidWithResponseOnFail(ctx, response, request)
	if err != nil {
		return nil, nil, nil, 0, false
	}

	roleId, ok := haveHubUserPermission(hubUser, hub, needed)

	if !ok {
		http.Error(response, "", http.StatusForbidden)
		return nil, nil, nil, 0, false
	}
	return hubUser, hub, ctx, roleId, true
}

func HandleHubSetName(response http.ResponseWriter, request *http.Request) {
	_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubName)
	if !ok {
		return
	}
	newName := request.FormValue("newname")
	if newName == "" {
		http.Error(response, "empty name", http.StatusBadRequest)
		return
	}
	hub.Name = newName
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubSetColor(response http.ResponseWriter, request *http.Request) {
	_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetHubColor)
	if !ok {
		return
	}
	color, err := convertions.StringToRgba(request.FormValue("newname"))
	if err != nil {
		http.Error(response, "bad color", http.StatusBadRequest)
		return
	}
	hub.Color = color
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubRemove(response http.ResponseWriter, request *http.Request) {
	_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveHub)
	if !ok {
		return
	}
	cache.DeleteHub(hub)
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubToggleUserColorAllowed(response http.ResponseWriter, request *http.Request) {
	_, hub, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSetUserColorAllowed)
	if !ok {
		return
	}
	hub.UserColorAllowed = !hub.UserColorAllowed
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubUserRemove(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveUser)
	if !ok {
		return
	}
	targetId, err := convertions.StringToUuid(request.FormValue("targetid"))
	if err != nil {
		http.Error(response, "bad targetid", http.StatusBadRequest)
		return
	}
	hub.Mu.RLock()
	target, exists := hub.Users[targetId]
	if !exists {
		hub.Mu.Unlock()
		http.Error(response, "user not found", http.StatusNotFound)
		return
	}
	hub.Mu.RUnlock()

	if usedRoleId <= hubUserHighestRoleId(target, hub) {
		http.Error(response, "target higher in hierarchy", http.StatusForbidden)
		return
	}
	hub.Mu.Lock()
	delete(hub.Users, targetId)
	hub.Mu.Unlock()
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubRenameUser(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRenameUser)
	if !ok {
		return
	}
	newName := request.FormValue("newname")
	targetId, err := convertions.StringToUuid(request.FormValue("targetid"))
	if err != nil {
		http.Error(response, "bad targetid", http.StatusBadRequest)
		return
	}
	hub.Mu.RLock()
	target, exists := hub.Users[targetId]
	if !exists {
		hub.Mu.Unlock()
		http.Error(response, "user not found", http.StatusNotFound)
		return
	}
	hub.Mu.RUnlock()

	if usedRoleId <= hubUserHighestRoleId(target, hub) {
		http.Error(response, "target higher in hierarchy", http.StatusForbidden)
		return
	}
	target.Name = newName

	response.WriteHeader(http.StatusAccepted)
}

func HandleHubRenameSelf(response http.ResponseWriter, request *http.Request) {
	requestor, _, _, _, ok := hubPermissionContext(response, request, normal, types.PermissionSelfRename)
	if !ok {
		return
	}
	requestor.Name = request.FormValue("newname")
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubToggleMuteUser(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionMuteUser)
	if !ok {
		return
	}
	targetId, err := convertions.StringToUuid(request.FormValue("targetid"))
	if err != nil {
		http.Error(response, "bad targetid", http.StatusBadRequest)
		return
	}
	hub.Mu.RLock()
	target, exists := hub.Users[targetId]
	if !exists {
		hub.Mu.Unlock()
		http.Error(response, "user not found", http.StatusNotFound)
		return
	}
	hub.Mu.RUnlock()

	if usedRoleId <= hubUserHighestRoleId(target, hub) {
		http.Error(response, "target higher in hierarchy", http.StatusForbidden)
		return
	}
	hub.Mu.RLock()
	target.IsMuted = !target.IsMuted
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubUserAddRole(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserAddRole)
	if !ok {
		return
	}
	targetId, err := convertions.StringToUuid(request.FormValue("targetid"))
	if err != nil {
		http.Error(response, "bad targetid", http.StatusBadRequest)
		return
	}
	roleId, err := convertions.StringToUint8(request.FormValue("roleid"))
	if err != nil {
		http.Error(response, "bad roleid", http.StatusBadRequest)
		return
	}
	if roleId > usedRoleId {
		http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
		return
	}

	hub.Mu.RLock()
	target, ok := hub.Users[targetId]
	role := hub.Roles[roleId]
	hub.Mu.RUnlock()
	if !ok {
		http.Error(response, "user not found", http.StatusNotFound)
		return
	}
	if role == nil {
		http.Error(response, "role not found", http.StatusNotFound)
		return
	}
	target.Roles.Add(roleId)
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubUserRemoveRole(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserRemoveRole)
	if !ok {
		return
	}
	targetId, err := convertions.StringToUuid(request.FormValue("targetid"))
	if err != nil {
		http.Error(response, "bad targetid", http.StatusBadRequest)
		return
	}
	roleId, err := convertions.StringToUint8(request.FormValue("roleid"))
	if err != nil {
		http.Error(response, "bad roleid", http.StatusBadRequest)
		return
	}
	if roleId > usedRoleId {
		http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
		return
	}

	hub.Mu.RLock()
	target, ok := hub.Users[targetId]
	hub.Mu.RUnlock()
	if !ok {
		http.Error(response, "user not found", http.StatusNotFound)
		return
	}
	target.Roles.Remove(roleId)
	response.WriteHeader(http.StatusAccepted)
}

func HandleHubCreateRole(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionCreateRole)
	if !ok {
		return
	}
	name := request.FormValue("name")
	if name == "" {
		http.Error(response, "empty name", http.StatusBadRequest)
		return
	}
	hub.Mu.Lock()
	var freeId uint8
	found := false
	for i := uint8(1); i < types.HubBoundRolesMax; i++ {
		if hub.Roles[i] == nil && usedRoleId > i {
			freeId = i
			found = true
			break
		}
	}
	if !found {
		hub.Mu.Unlock()
		http.Error(response, "no role slots available", http.StatusConflict)
		return
	}
	hub.Roles[freeId] = &types.HubRole{
		Id:        freeId,
		Name:      name,
		Color:     types.RandomRgba(),
		CreatedAt: time.Now(),
	}
	hub.Mu.Unlock()
	response.WriteHeader(http.StatusCreated)
}

func HandleHubRemoveRole(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionRemoveRole)
	if !ok {
		return
	}
	targetRoleId, err := convertions.StringToUint8(request.FormValue("roleid"))
	if err != nil {
		http.Error(response, "bad roleid", http.StatusBadRequest)
		return
	}
	if targetRoleId == 0 {
		http.Error(response, "cannot remove root role", http.StatusForbidden)
		return
	}
	if targetRoleId > usedRoleId {
		http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
		return
	}

	hub.Mu.Lock()
	if hub.Roles[targetRoleId] == nil {
		hub.Mu.Unlock()
		http.Error(response, "role not found", http.StatusNotFound)
		return
	}
	hub.Roles[targetRoleId] = nil
	hub.Mu.Unlock()
	response.WriteHeader(http.StatusAccepted)
}

func HandlePermissionSetRoleName(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRoleName)
	if !ok {
		return
	}
	roleId, err := convertions.StringToUint8(request.FormValue("roleid"))
	if err != nil {
		http.Error(response, "bad roleid", http.StatusBadRequest)
		return
	}
	if roleId > usedRoleId {
		http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
		return
	}
	newName := request.FormValue("newname")
	if newName == "" {
		http.Error(response, "name empty", http.StatusBadRequest)
		return
	}

	hub.Mu.Lock()
	role := hub.Roles[roleId]
	if role == nil {
		http.Error(response, "no such role", http.StatusNotFound)
		return
	}
	role.Name = newName
	hub.Mu.Unlock()
	response.WriteHeader(http.StatusAccepted)
}

func HandlePermissionSetRoleColor(response http.ResponseWriter, request *http.Request) {
	_, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRoleColor)
	if !ok {
		return
	}
	roleId, err := convertions.StringToUint8(request.FormValue("roleid"))
	if err != nil {
		http.Error(response, "bad roleid", http.StatusBadRequest)
		return
	}
	if roleId > usedRoleId {
		http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
		return
	}
	color, err := convertions.StringToRgba(request.FormValue("newcolor"))
	if err != nil {
		http.Error(response, "invalid newcolor", http.StatusBadRequest)
		return
	}

	hub.Mu.Lock()
	role := hub.Roles[roleId]
	if role == nil {
		http.Error(response, "no such role", http.StatusNotFound)
		return
	}
	role.Color = color
	hub.Mu.Unlock()
	response.WriteHeader(http.StatusAccepted)
}

func HandlePermissionSetRolePermissions(response http.ResponseWriter, request *http.Request) {
	requestor, hub, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionSetRolePermissions)
	if !ok {
		return
	}
	targetRoleId, err := convertions.StringToUint8(request.FormValue("roleid"))
	if err != nil {
		http.Error(response, "bad roleid", http.StatusBadRequest)
		return
	}
	if targetRoleId > usedRoleId {
		http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
		return
	}
	hub.Mu.Lock()
	targetRole := hub.Roles[targetRoleId]
	hub.Mu.Unlock()
	if targetRole == nil {
		http.Error(response, "no such role", http.StatusNotFound)
		return
	}

	query := request.URL.Query()
	for key, values := range query {
		permission, ok := types.PermissionLookup(key)
		if !ok {
			continue
		}
		permRoleId, ok := haveHubUserPermission(requestor, hub, permission)
		if !ok {
			http.Error(response, "permission needed: "+key, http.StatusNotFound)
		}
		if permRoleId <= targetRoleId {
			http.Error(response, "target role higher in hierarchy", http.StatusForbidden)
			return
		}

		if convertions.StringToBool(values[0]) {
			targetRole.Permissions.Grant(permission)
		} else {
			targetRole.Permissions.Revoke(permission)
		}
	}
	response.WriteHeader(http.StatusAccepted)
}

func HandlePermissionSelfRoleRemove(response http.ResponseWriter, request *http.Request) {
	requestor, _, _, usedRoleId, ok := hubPermissionContext(response, request, normal, types.PermissionUserSelfRoleRemove)
	if !ok {
		return
	}
	requestor.Roles.Remove(usedRoleId)
	response.WriteHeader(http.StatusAccepted)
}