5 files changed, 450 insertions, 0 deletions
diff --git a/srv/api/api.go b/srv/api/api.go
new file mode 100644
index 0000000..ae0970b
--- /dev/null
+++ b/srv/api/api.go
@@ -0,0 +1,174 @@
+// Package api implements the HTTP-based api for the mediocre-blog.
+package api
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"os"
+
+	"github.com/mediocregopher/blog.mediocregopher.com/srv/cfg"
+	"github.com/mediocregopher/blog.mediocregopher.com/srv/mailinglist"
+	"github.com/mediocregopher/blog.mediocregopher.com/srv/pow"
+	"github.com/mediocregopher/mediocre-go-lib/v2/mctx"
+	"github.com/mediocregopher/mediocre-go-lib/v2/mlog"
+)
+
+// Params are used to instantiate a new API instance. All fields are required
+// unless otherwise noted.
+type Params struct {
+	Logger      *mlog.Logger
+	PowManager  pow.Manager
+	MailingList mailinglist.MailingList
+
+	// ListenProto and ListenAddr are passed into net.Listen to create the
+	// API's listener. Both "tcp" and "unix" protocols are explicitly
+	// supported.
+	ListenProto, ListenAddr string
+
+	// StaticDir and StaticProxy are mutually exclusive.
+	//
+	// If StaticDir is set then that directory on the filesystem will be used to
+	// serve the static site.
+	//
+	// Otherwise if StaticProxy is set all requests for the static site will be
+	// reverse-proxied there.
+	StaticDir   string
+	StaticProxy *url.URL
+}
+
+// SetupCfg implement the cfg.Cfger interface.
+func (p *Params) SetupCfg(cfg *cfg.Cfg) {
+
+	cfg.StringVar(&p.ListenProto, "listen-proto", "tcp", "Protocol to listen for HTTP requests with")
+	cfg.StringVar(&p.ListenAddr, "listen-addr", ":4000", "Address/path to listen for HTTP requests on")
+
+	cfg.StringVar(&p.StaticDir, "static-dir", "", "Directory from which static files are served (mutually exclusive with -static-proxy-url)")
+	staticProxyURLStr := cfg.String("static-proxy-url", "", "HTTP address from which static files are served (mutually exclusive with -static-dir)")
+
+	cfg.OnInit(func(ctx context.Context) error {
+		if *staticProxyURLStr != "" {
+			var err error
+			if p.StaticProxy, err = url.Parse(*staticProxyURLStr); err != nil {
+				return fmt.Errorf("parsing -static-proxy-url: %w", err)
+			}
+
+		} else if p.StaticDir == "" {
+			return errors.New("-static-dir or -static-proxy-url is required")
+		}
+
+		return nil
+	})
+}
+
+// Annotate implements mctx.Annotator interface.
+func (p *Params) Annotate(a mctx.Annotations) {
+	a["listenProto"] = p.ListenProto
+	a["listenAddr"] = p.ListenAddr
+
+	if p.StaticProxy != nil {
+		a["staticProxy"] = p.StaticProxy.String()
+		return
+	}
+
+	a["staticDir"] = p.StaticDir
+}
+
+// API will listen on the port configured for it, and serve HTTP requests for
+// the mediocre-blog.
+type API interface {
+	Shutdown(ctx context.Context) error
+}
+
+type api struct {
+	params Params
+	srv    *http.Server
+}
+
+// New initializes and returns a new API instance, including setting up all
+// listening ports.
+func New(params Params) (API, error) {
+
+	l, err := net.Listen(params.ListenProto, params.ListenAddr)
+	if err != nil {
+		return nil, fmt.Errorf("creating listen socket: %w", err)
+	}
+
+	if params.ListenProto == "unix" {
+		if err := os.Chmod(params.ListenAddr, 0777); err != nil {
+			return nil, fmt.Errorf("chmod-ing unix socket: %w", err)
+		}
+	}
+
+	a := &api{
+		params: params,
+	}
+
+	a.srv = &http.Server{Handler: a.handler()}
+
+	go func() {
+
+		err := a.srv.Serve(l)
+		if err != nil && !errors.Is(err, http.ErrServerClosed) {
+			ctx := mctx.Annotate(context.Background(), a.params)
+			params.Logger.Fatal(ctx, fmt.Sprintf("%s: %v", "serving http server", err))
+		}
+	}()
+
+	return a, nil
+}
+
+func (a *api) Shutdown(ctx context.Context) error {
+	if err := a.srv.Shutdown(ctx); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (a *api) handler() http.Handler {
+
+	var staticHandler http.Handler
+	if a.params.StaticDir != "" {
+		staticHandler = http.FileServer(http.Dir(a.params.StaticDir))
+	} else {
+		staticHandler = httputil.NewSingleHostReverseProxy(a.params.StaticProxy)
+	}
+
+	// sugar
+	requirePow := func(h http.Handler) http.Handler {
+		return a.requirePowMiddleware(h)
+	}
+
+	mux := http.NewServeMux()
+
+	mux.Handle("/", staticHandler)
+
+	apiMux := http.NewServeMux()
+	apiMux.Handle("/pow/challenge", a.newPowChallengeHandler())
+	apiMux.Handle("/pow/check",
+		requirePow(
+			http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {}),
+		),
+	)
+
+	apiMux.Handle("/mailinglist/subscribe", requirePow(a.mailingListSubscribeHandler()))
+	apiMux.Handle("/mailinglist/finalize", a.mailingListFinalizeHandler())
+	apiMux.Handle("/mailinglist/unsubscribe", a.mailingListUnsubscribeHandler())
+
+	apiHandler := logMiddleware(a.params.Logger, apiMux)
+	apiHandler = annotateMiddleware(apiHandler)
+	apiHandler = addResponseHeaders(map[string]string{
+		"Cache-Control": "no-store, max-age=0",
+		"Pragma":        "no-cache",
+		"Expires":       "0",
+	}, apiHandler)
+
+	mux.Handle("/api/", http.StripPrefix("/api", apiHandler))
+
+	return mux
+}
diff --git a/srv/api/mailinglist.go b/srv/api/mailinglist.go
new file mode 100644
index 0000000..2ddfbe6
--- /dev/null
+++ b/srv/api/mailinglist.go
@@ -0,0 +1,87 @@
+package api
+
+import (
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/mediocregopher/blog.mediocregopher.com/srv/mailinglist"
+)
+
+func (a *api) mailingListSubscribeHandler() http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		email := r.PostFormValue("email")
+		if parts := strings.Split(email, "@"); len(parts) != 2 ||
+			parts[0] == "" ||
+			parts[1] == "" ||
+			len(email) >= 512 {
+			badRequest(rw, r, errors.New("invalid email"))
+			return
+		}
+
+		err := a.params.MailingList.BeginSubscription(email)
+
+		if errors.Is(err, mailinglist.ErrAlreadyVerified) {
+			// just eat the error, make it look to the user like the
+			// verification email was sent.
+		} else if err != nil {
+			internalServerError(rw, r, err)
+			return
+		}
+
+		jsonResult(rw, r, struct{}{})
+	})
+}
+
+func (a *api) mailingListFinalizeHandler() http.Handler {
+	var errInvalidSubToken = errors.New("invalid subToken")
+
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		subToken := r.PostFormValue("subToken")
+		if l := len(subToken); l == 0 || l > 128 {
+			badRequest(rw, r, errInvalidSubToken)
+			return
+		}
+
+		err := a.params.MailingList.FinalizeSubscription(subToken)
+
+		if errors.Is(err, mailinglist.ErrNotFound) {
+			badRequest(rw, r, errInvalidSubToken)
+			return
+
+		} else if errors.Is(err, mailinglist.ErrAlreadyVerified) {
+			// no problem
+
+		} else if err != nil {
+			internalServerError(rw, r, err)
+			return
+		}
+
+		jsonResult(rw, r, struct{}{})
+	})
+}
+
+func (a *api) mailingListUnsubscribeHandler() http.Handler {
+	var errInvalidUnsubToken = errors.New("invalid unsubToken")
+
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		unsubToken := r.PostFormValue("unsubToken")
+		if l := len(unsubToken); l == 0 || l > 128 {
+			badRequest(rw, r, errInvalidUnsubToken)
+			return
+		}
+
+		err := a.params.MailingList.Unsubscribe(unsubToken)
+
+		if errors.Is(err, mailinglist.ErrNotFound) {
+			badRequest(rw, r, errInvalidUnsubToken)
+			return
+
+		} else if err != nil {
+			internalServerError(rw, r, err)
+			return
+		}
+
+		jsonResult(rw, r, struct{}{})
+	})
+}
diff --git a/srv/api/middleware.go b/srv/api/middleware.go
new file mode 100644
index 0000000..e3e85bb
--- /dev/null
+++ b/srv/api/middleware.go
@@ -0,0 +1,78 @@
+package api
+
+import (
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/mediocregopher/mediocre-go-lib/v2/mctx"
+	"github.com/mediocregopher/mediocre-go-lib/v2/mlog"
+)
+
+func addResponseHeaders(headers map[string]string, h http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		for k, v := range headers {
+			rw.Header().Set(k, v)
+		}
+		h.ServeHTTP(rw, r)
+	})
+}
+
+func annotateMiddleware(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+
+		type reqInfoKey string
+
+		ip, _, _ := net.SplitHostPort(r.RemoteAddr)
+
+		ctx := r.Context()
+		ctx = mctx.Annotate(ctx,
+			reqInfoKey("remote_ip"), ip,
+			reqInfoKey("url"), r.URL,
+			reqInfoKey("method"), r.Method,
+		)
+
+		r = r.WithContext(ctx)
+		h.ServeHTTP(rw, r)
+	})
+}
+
+type logResponseWriter struct {
+	http.ResponseWriter
+	statusCode int
+}
+
+func newLogResponseWriter(rw http.ResponseWriter) *logResponseWriter {
+	return &logResponseWriter{
+		ResponseWriter: rw,
+		statusCode:     200,
+	}
+}
+
+func (lrw *logResponseWriter) WriteHeader(statusCode int) {
+	lrw.statusCode = statusCode
+	lrw.ResponseWriter.WriteHeader(statusCode)
+}
+
+func logMiddleware(logger *mlog.Logger, h http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+
+		r = setRequestLogger(r, logger)
+
+		lrw := newLogResponseWriter(rw)
+
+		started := time.Now()
+		h.ServeHTTP(lrw, r)
+		took := time.Since(started)
+
+		type logCtxKey string
+
+		ctx := r.Context()
+		ctx = mctx.Annotate(ctx,
+			logCtxKey("took"), took.String(),
+			logCtxKey("response_code"), lrw.statusCode,
+		)
+
+		logger.Info(ctx, "handled HTTP request")
+	})
+}
diff --git a/srv/api/pow.go b/srv/api/pow.go
new file mode 100644
index 0000000..096e252
--- /dev/null
+++ b/srv/api/pow.go
@@ -0,0 +1,51 @@
+package api
+
+import (
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"net/http"
+)
+
+func (a *api) newPowChallengeHandler() http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+
+		challenge := a.params.PowManager.NewChallenge()
+
+		jsonResult(rw, r, struct {
+			Seed   string `json:"seed"`
+			Target uint32 `json:"target"`
+		}{
+			Seed:   hex.EncodeToString(challenge.Seed),
+			Target: challenge.Target,
+		})
+	})
+}
+
+func (a *api) requirePowMiddleware(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+
+		seedHex := r.PostFormValue("powSeed")
+		seed, err := hex.DecodeString(seedHex)
+		if err != nil || len(seed) == 0 {
+			badRequest(rw, r, errors.New("invalid powSeed"))
+			return
+		}
+
+		solutionHex := r.PostFormValue("powSolution")
+		solution, err := hex.DecodeString(solutionHex)
+		if err != nil || len(seed) == 0 {
+			badRequest(rw, r, errors.New("invalid powSolution"))
+			return
+		}
+
+		err = a.params.PowManager.CheckSolution(seed, solution)
+
+		if err != nil {
+			badRequest(rw, r, fmt.Errorf("checking proof-of-work solution: %w", err))
+			return
+		}
+
+		h.ServeHTTP(rw, r)
+	})
+}
diff --git a/srv/api/utils.go b/srv/api/utils.go
new file mode 100644
index 0000000..8e2a63b
--- /dev/null
+++ b/srv/api/utils.go
@@ -0,0 +1,60 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+
+	"github.com/mediocregopher/mediocre-go-lib/v2/mlog"
+)
+
+type loggerCtxKey int
+
+func setRequestLogger(r *http.Request, logger *mlog.Logger) *http.Request {
+	ctx := r.Context()
+	ctx = context.WithValue(ctx, loggerCtxKey(0), logger)
+	return r.WithContext(ctx)
+}
+
+func getRequestLogger(r *http.Request) *mlog.Logger {
+	ctx := r.Context()
+	logger, _ := ctx.Value(loggerCtxKey(0)).(*mlog.Logger)
+	if logger == nil {
+		logger = mlog.Null
+	}
+	return logger
+}
+
+func jsonResult(rw http.ResponseWriter, r *http.Request, v interface{}) {
+	b, err := json.Marshal(v)
+	if err != nil {
+		internalServerError(rw, r, err)
+		return
+	}
+	b = append(b, '\n')
+
+	rw.Header().Set("Content-Type", "application/json")
+	rw.Write(b)
+}
+
+func badRequest(rw http.ResponseWriter, r *http.Request, err error) {
+	getRequestLogger(r).Warn(r.Context(), "bad request", err)
+
+	rw.WriteHeader(400)
+	jsonResult(rw, r, struct {
+		Error string `json:"error"`
+	}{
+		Error: err.Error(),
+	})
+}
+
+func internalServerError(rw http.ResponseWriter, r *http.Request, err error) {
+	getRequestLogger(r).Error(r.Context(), "internal server error", err)
+
+	rw.WriteHeader(500)
+	jsonResult(rw, r, struct {
+		Error string `json:"error"`
+	}{
+		Error: "internal server error",
+	})
+}