api.go

package main

import (
	"encoding/json"
	"errors"
	"net/http"
	"strconv"
	"strings"
	"time"

	"github.com/Luzifer/ots/pkg/metrics"
	"github.com/Luzifer/ots/pkg/storage"
	"github.com/gofrs/uuid"
	"github.com/gorilla/mux"
	"github.com/sirupsen/logrus"
)

const (
	errorReasonInvalidJSON    = "invalid_json"
	errorReasonSecretMissing  = "secret_missing"
	errorReasonSecretSize     = "secret_size"
	errorReasonStorageError   = "storage_error"
	errorReasonSecretNotFound = "secret_not_found"
)

type apiServer struct {
	collector *metrics.Collector
	store     storage.Storage
}

type apiResponse struct {
	Success   bool       `json:"success"`
	Error     string     `json:"error,omitempty"`
	ExpiresAt *time.Time `json:"expires_at,omitempty"`
	Secret    string     `json:"secret,omitempty"`
	SecretID  string     `json:"secret_id,omitempty"`
}

type apiRequest struct {
	Secret string `json:"secret"`
}

func newAPI(s storage.Storage, c *metrics.Collector) *apiServer {
	return &apiServer{
		collector: c,
		store:     s,
	}
}

func (a apiServer) Register(r *mux.Router) {
	r.HandleFunc("/create", a.handleCreate)
	r.HandleFunc("/get/{id}", a.handleRead)
	r.HandleFunc("/isWritable", func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusNoContent) })
	r.HandleFunc("/settings", a.handleSettings).Methods(http.MethodGet)
	r.HandleFunc("/healthz", func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusOK) })
}

func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
	if cust.MaxSecretSize > 0 {
		// As a safeguard against HUGE payloads behind a misconfigured
		// proxy we take double the maximum secret size after which we
		// just close the read and cut the connection to the sender.
		r.Body = http.MaxBytesReader(res, r.Body, cust.MaxSecretSize*2) //nolint:mnd
	}

	var (
		expiry = cfg.SecretExpiry
		secret string
	)

	if !cust.DisableExpiryOverride {
		if ev, err := strconv.ParseInt(r.URL.Query().Get("expire"), 10, 64); err == nil && (ev < expiry || cfg.SecretExpiry == 0) {
			expiry = ev
		}
	}

	if strings.HasPrefix(r.Header.Get("Content-Type"), "application/json") {
		tmp := apiRequest{}
		if err := json.NewDecoder(r.Body).Decode(&tmp); err != nil {
			if _, ok := err.(*http.MaxBytesError); ok {
				a.collector.CountSecretCreateError(errorReasonSecretSize)
				// We don't do an error response here as the MaxBytesReader
				// automatically cuts the ResponseWriter and we simply cannot
				// answer them.
				return
			}

			a.collector.CountSecretCreateError(errorReasonInvalidJSON)
			a.errorResponse(res, http.StatusBadRequest, err, "decoding request body")
			return
		}
		secret = tmp.Secret
	} else {
		secret = r.FormValue("secret")
	}

	if secret == "" {
		a.collector.CountSecretCreateError(errorReasonSecretMissing)
		a.errorResponse(res, http.StatusBadRequest, errors.New("secret missing"), "")
		return
	}

	if cust.MaxSecretSize > 0 && len(secret) > int(cust.MaxSecretSize) {
		a.collector.CountSecretCreateError(errorReasonSecretSize)
		a.errorResponse(res, http.StatusBadRequest, errors.New("secret size exceeds maximum"), "")
		return
	}

	id, err := a.store.Create(secret, time.Duration(expiry)*time.Second)
	if err != nil {
		a.collector.CountSecretCreateError(errorReasonStorageError)
		a.errorResponse(res, http.StatusInternalServerError, err, "creating secret")
		return
	}

	var expiresAt *time.Time
	if expiry > 0 {
		expiresAt = func(v time.Time) *time.Time { return &v }(time.Now().UTC().Add(time.Duration(expiry) * time.Second))
	}

	a.collector.CountSecretCreated()
	go updateStoredSecretsCount(a.store, a.collector)
	a.jsonResponse(res, http.StatusCreated, apiResponse{
		ExpiresAt: expiresAt,
		Success:   true,
		SecretID:  id,
	})
}

func (a apiServer) handleRead(res http.ResponseWriter, r *http.Request) {
	vars := mux.Vars(r)
	id := vars["id"]
	if id == "" {
		a.errorResponse(res, http.StatusBadRequest, errors.New("id missing"), "")
		return
	}

	secret, err := a.store.ReadAndDestroy(id)
	if err != nil {
		status := http.StatusInternalServerError
		if errors.Is(err, storage.ErrSecretNotFound) {
			a.collector.CountSecretReadError(errorReasonSecretNotFound)
			status = http.StatusNotFound
		} else {
			a.collector.CountSecretReadError(errorReasonStorageError)
		}
		a.errorResponse(res, status, err, "reading & destroying secret")
		return
	}

	a.collector.CountSecretRead()
	go updateStoredSecretsCount(a.store, a.collector)
	a.jsonResponse(res, http.StatusOK, apiResponse{
		Success: true,
		Secret:  secret,
	})
}

func (a apiServer) handleSettings(w http.ResponseWriter, _ *http.Request) {
	a.jsonResponse(w, http.StatusOK, cust)
}

func (a apiServer) errorResponse(res http.ResponseWriter, status int, err error, desc string) {
	errID := uuid.Must(uuid.NewV4()).String()

	if desc != "" {
		// No description: Nothing interesting for the server log
		logrus.WithField("err_id", errID).WithError(err).Error(desc)
	}

	a.jsonResponse(res, status, apiResponse{
		Error: errID,
	})
}

func (apiServer) jsonResponse(res http.ResponseWriter, status int, response any) {
	res.Header().Set("Content-Type", "application/json")
	res.Header().Set("Cache-Control", "no-store, max-age=0")
	res.WriteHeader(status)

	if err := json.NewEncoder(res).Encode(response); err != nil {
		logrus.WithError(err).Error("encoding JSON response")
		http.Error(res, `{"error":"could not encode response"}`, http.StatusInternalServerError)
	}
}