github.com/xzl8028/xenia-server@v0.0.0-20190809101854-18450a97da63/api4/handlers.go (about) 1 // Copyright (c) 2017-present Xenia, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "net/http" 8 9 "github.com/NYTimes/gziphandler" 10 "github.com/xzl8028/xenia-server/web" 11 ) 12 13 type Context = web.Context 14 15 // ApiHandler provides a handler for API endpoints which do not require the user to be logged in order for access to be 16 // granted. 17 func (api *API) ApiHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { 18 handler := &web.Handler{ 19 GetGlobalAppOptions: api.GetGlobalAppOptions, 20 HandleFunc: h, 21 RequireSession: false, 22 TrustRequester: false, 23 RequireMfa: false, 24 IsStatic: false, 25 } 26 if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" { 27 return gziphandler.GzipHandler(handler) 28 } 29 return handler 30 } 31 32 // ApiSessionRequired provides a handler for API endpoints which require the user to be logged in in order for access to 33 // be granted. 34 func (api *API) ApiSessionRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { 35 handler := &web.Handler{ 36 GetGlobalAppOptions: api.GetGlobalAppOptions, 37 HandleFunc: h, 38 RequireSession: true, 39 TrustRequester: false, 40 RequireMfa: true, 41 IsStatic: false, 42 } 43 if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" { 44 return gziphandler.GzipHandler(handler) 45 } 46 return handler 47 48 } 49 50 // ApiSessionRequiredMfa provides a handler for API endpoints which require a logged-in user session but when accessed, 51 // if MFA is enabled, the MFA process is not yet complete, and therefore the requirement to have completed the MFA 52 // authentication must be waived. 53 func (api *API) ApiSessionRequiredMfa(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { 54 handler := &web.Handler{ 55 GetGlobalAppOptions: api.GetGlobalAppOptions, 56 HandleFunc: h, 57 RequireSession: true, 58 TrustRequester: false, 59 RequireMfa: false, 60 IsStatic: false, 61 } 62 if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" { 63 return gziphandler.GzipHandler(handler) 64 } 65 return handler 66 67 } 68 69 // ApiHandlerTrustRequester provides a handler for API endpoints which do not require the user to be logged in and are 70 // allowed to be requested directly rather than via javascript/XMLHttpRequest, such as site branding images or the 71 // websocket. 72 func (api *API) ApiHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { 73 handler := &web.Handler{ 74 GetGlobalAppOptions: api.GetGlobalAppOptions, 75 HandleFunc: h, 76 RequireSession: false, 77 TrustRequester: true, 78 RequireMfa: false, 79 IsStatic: false, 80 } 81 if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" { 82 return gziphandler.GzipHandler(handler) 83 } 84 return handler 85 86 } 87 88 // ApiSessionRequiredTrustRequester provides a handler for API endpoints which do require the user to be logged in and 89 // are allowed to be requested directly rather than via javascript/XMLHttpRequest, such as emoji or file uploads. 90 func (api *API) ApiSessionRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { 91 handler := &web.Handler{ 92 GetGlobalAppOptions: api.GetGlobalAppOptions, 93 HandleFunc: h, 94 RequireSession: true, 95 TrustRequester: true, 96 RequireMfa: true, 97 IsStatic: false, 98 } 99 if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" { 100 return gziphandler.GzipHandler(handler) 101 } 102 return handler 103 104 }