Secure Routes

authenticated.go

package routes

import (
	"encoding/base64"
	. "mobilebid/controllers"
	"net/http"
	"os"

	db "mobilebid/database"

	env "mobilebid/environment"

	"github.com/auth0/go-jwt-middleware"
	"github.com/codegangsta/negroni"
	jwt "github.com/dgrijalva/jwt-go"
	"github.com/gorilla/mux"
)

var jwtMiddle *jwtmiddleware.JWTMiddleware

type dbHandler func(db.AppDB) http.HandlerFunc

func init() {

	jwtMiddle = jwtmiddleware.New(jwtmiddleware.Options{
		ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
			decoded, err := base64.URLEncoding.DecodeString(os.Getenv(env.Auth0ClientSecret))
			if err != nil {
				return nil, err
			}
			return decoded, nil
		},
	})
}

//attachDB closure takes a db.AppDB interface
// Returns a function accepting a dbHandler, which will then return a Negroni handler.
func attachDB(DB db.AppDB) func(dbHandler) *negroni.Negroni {
	return func(handler dbHandler) *negroni.Negroni {
		return negroni.New(
			negroni.HandlerFunc(jwtMiddle.HandlerWithNext),
			negroni.Wrap(http.HandlerFunc(handler(DB))),
		)
	}
}

// SetAuthenticatedRoutes returns the *mux.Router with middleware passed to each route from jwt to authenticate.
func SetAuthenticatedRoutes(r *mux.Router, DB db.AppDB) *mux.Router {

	auth := attachDB(DB)

	r.Handle("/auth_user", auth(BidLogin)).Methods("POST")

	r.Handle("/portal/e/{event}", auth(GetEvent)).Methods("GET") //Get event specific GetEventInformation

	//Get all events for that user ID
	r.Handle("/portal/events/{user_id}", auth(GetAllEventsForUser)).Methods("GET")

	r.Handle("/portal/event_types", auth(GetEventTypes)).Methods("GET") //Get all event types

	r.Handle("/portal/bid_items/{user_id}", auth(GetBidItemsForBidderID)).Methods("GET") //Get all bid items for a user ID

	r.Handle("/portal/create_event", auth(CreateEventAndImages)).Methods("POST")

	r.Handle("/portal/item", auth(InsertBidItem)).Methods("POST") //Inserts a single item in to the bid_items database

	//Inserts a single item in to the bid_items database
	r.Handle("/portal/insert_retrieve", auth(InsertAndRetrieveBidItems)).Methods("POST")

	//Retrieves items for an event
	r.Handle("/event/{event_key}", auth(GetBidItemsForEvent)).Methods("GET")

	//Retrieves items for an event
	r.Handle("/items/{event_id}", auth(GetBidItemsForEvent)).Methods("GET")

	//Retrieves items for an event
	r.Handle("/portal/archive_item/{event_id}/{user_id}", auth(ArchiveItem)).Methods("GET")

	r.Handle("/portal/archive_event/{event_id}/{user_id}", auth(ArchiveEvent)).Methods("GET")

	r.Handle("/findevent", auth(GetEventKey)).Methods("POST")

	r.Handle("/watch", auth(ChangeWatch)).Methods("POST")

	r.Handle("/notifications", auth(GetNotifications)).Methods("POST")

	r.Handle("/notification", auth(UpdateNotification)).Methods("POST")

	r.Handle("/opt/phone/{user_id}/{opt}", auth(UpdateOptPhone)).Methods("GET")

	r.Handle("/opt/email/{user_id}/{opt}", auth(UpdateOptEmail)).Methods("GET")

	r.Handle("/update/phone/{user_id}/{phone}", auth(UpdatePhone)).Methods("GET")

	r.Handle("/update/email/{user_id}/{email}", auth(UpdateEmail)).Methods("GET")

	r.Handle("/update/opt_in_notified/{user_id}/{opt}", auth(UpdateOptInNotified)).Methods("GET")

	r.Handle("/createBillableBidder", auth(CreateBillableBidObject)).Methods("POST")

	r.Handle("/updateCCWarning/{user_id}", auth(UpdateCCWarning)).Methods("GET")

	// r.Handle("/charges/{acct}", auth(ChargesFromDest)).Methods("GET")

	return r
}