/
api.go
74 lines (60 loc) · 2.26 KB
/
api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package api
import (
"context"
"io"
"net/http"
"github.com/ONSdigital/log.go/v2/log"
"github.com/gorilla/mux"
"github.com/nshumoogum/food-recipes/models"
"go.mongodb.org/mongo-driver/mongo"
)
// FoodRecipeAPI manages access to food recipes
type FoodRecipeAPI struct {
DefaultMaxResults int
MongoClient *mongo.Client
Router *mux.Router
}
// NewFoodRecipeAPI create a new Food Recipe API instance and register the API routes based on the application configuration.
func NewFoodRecipeAPI(ctx context.Context, connectionString string, mongoClient *mongo.Client, data map[string]models.Recipe, defaultMaxResults int, router *mux.Router) *FoodRecipeAPI {
api := &FoodRecipeAPI{
DefaultMaxResults: defaultMaxResults,
MongoClient: mongoClient,
Router: router,
}
api.Router.HandleFunc("/recipes", authorise(connectionString, api.createRecipe)).Methods("POST")
api.Router.HandleFunc("/recipes", api.getRecipes).Methods("GET")
api.Router.HandleFunc("/recipes/{id}", api.getRecipe).Methods("GET")
api.Router.HandleFunc("/recipes/{id}", authorise(connectionString, api.updateRecipe)).Methods("PUT")
api.Router.HandleFunc("/recipes/{id}", authorise(connectionString, api.partialRecipeUpdate)).Methods("PATCH")
api.Router.HandleFunc("/recipes/{id}", authorise(connectionString, api.removeRecipe)).Methods("DELETE")
return api
}
func authorise(connectionString string, handler http.HandlerFunc) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
ctx := req.Context()
logData := log.Data{"requested_uri": req.URL.RequestURI()}
authValue := req.Header.Get("Authorization")
// Check connection string
if authValue != connectionString || authValue == "" {
log.Warn(ctx, "caller unauthorised to perform requested action", logData)
w.WriteHeader(401)
return
}
log.Info(ctx, "caller authorised to perform requested action", logData)
handler(w, req)
})
}
// DrainBody drains the body of the given HTTP request
func DrainBody(r *http.Request) {
if r.Body == nil {
return
}
_, err := io.Copy(io.Discard, r.Body)
if err != nil {
log.Error(r.Context(), "error draining request body", err)
}
err = r.Body.Close()
if err != nil {
log.Error(r.Context(), "error closing request body", err)
}
}