lerko
e9ecc4c1f7
CI / test (pull_request) Successful in 2m13s
Fix goroutine-unsafe ULID entropy by wrapping in LockedMonotonicReader. Move PRAGMA foreign_keys outside transaction in v3 migration where SQLite was silently ignoring it. Escape LIKE wildcards in link resolution to prevent false matches. Add non-localhost binding warning, log writeJSON encoder errors, add ?permanent=true for explicit hard delete, preserve title/description during absorb, use millisecond backup timestamps, add path.Clean to spaHandler. Frontend gains checkedJSON() for resp.ok validation, consistent stopPropagation, and shared renderCardSections() to eliminate duplicate rendering.
81 lines
2.0 KiB
Go
81 lines
2.0 KiB
Go
package api
|
|
|
|
import (
|
|
"io/fs"
|
|
"net/http"
|
|
"path"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/chi/v5/middleware"
|
|
"github.com/lerko/nib/internal/db"
|
|
)
|
|
|
|
func NewRouter(store *db.Store, devMode bool, webFS ...fs.FS) chi.Router {
|
|
r := chi.NewRouter()
|
|
|
|
r.Use(middleware.Logger)
|
|
r.Use(middleware.Recoverer)
|
|
|
|
if devMode {
|
|
r.Use(corsMiddleware)
|
|
}
|
|
|
|
r.Route("/api", func(r chi.Router) {
|
|
r.Use(jsonContentType)
|
|
|
|
r.Get("/entities", listEntities(store))
|
|
r.Post("/entities", createEntity(store))
|
|
r.Get("/entities/{id}", getEntity(store))
|
|
r.Put("/entities/{id}", updateEntity(store))
|
|
r.Delete("/entities/{id}", deleteEntity(store))
|
|
r.Post("/entities/{id}/promote", promoteEntity(store))
|
|
r.Post("/entities/{id}/demote", demoteEntity(store))
|
|
r.Post("/entities/{id}/use", useEntity(store))
|
|
r.Post("/entities/{id}/absorb", absorbEntity(store))
|
|
r.Get("/tags", listTags(store))
|
|
})
|
|
|
|
if len(webFS) > 0 && webFS[0] != nil {
|
|
r.Get("/*", spaHandler(webFS[0]))
|
|
}
|
|
|
|
return r
|
|
}
|
|
|
|
func spaHandler(fsys fs.FS) http.HandlerFunc {
|
|
fileServer := http.FileServer(http.FS(fsys))
|
|
indexHTML, _ := fs.ReadFile(fsys, "index.html")
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
p := path.Clean(r.URL.Path)
|
|
if p == "/" || path.Ext(p) == "" {
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
w.Write(indexHTML)
|
|
return
|
|
}
|
|
fileServer.ServeHTTP(w, r)
|
|
}
|
|
}
|
|
|
|
func jsonContentType(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
func corsMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Access-Control-Allow-Origin", "*")
|
|
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
|
|
w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
|
|
|
|
if r.Method == http.MethodOptions {
|
|
w.WriteHeader(http.StatusNoContent)
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|