verification/internal/repository/verification.go

package repository

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"github.com/minio/minio-go/v7"
	"github.com/minio/minio-go/v7/pkg/policy"
	"github.com/minio/minio-go/v7/pkg/set"
	"go.mongodb.org/mongo-driver/bson"
	"go.mongodb.org/mongo-driver/bson/primitive"
	"go.mongodb.org/mongo-driver/mongo"
	"go.mongodb.org/mongo-driver/mongo/options"
	"go.uber.org/zap"
	"mime/multipart"
	"penahub.gitlab.yandexcloud.net/backend/verification/internal/models"
	"time"
)

type VerificationRepository struct {
	logger *zap.Logger
	mongo  *mongo.Collection
	s3     *minio.Client
}

const (
	VerificationBucket     = "verification1"
	VerificationCollection = "verification"
)

func NewVerificationRepository(logger *zap.Logger, mongoDb *mongo.Database, s3 *minio.Client) *VerificationRepository {
	return &VerificationRepository{
		logger: logger,
		mongo:  mongoDb.Collection(VerificationCollection),
		s3:     s3,
	}
}

func (r *VerificationRepository) Init(ctx context.Context) error {
	ok, err := r.s3.BucketExists(ctx, VerificationBucket)
	if r.err(err) {
		return err
	}

	if !ok {
		err = r.s3.MakeBucket(ctx, VerificationBucket, minio.MakeBucketOptions{ObjectLocking: false})
		if r.err(err) {
			return err
		}

		policyConsoleStatement := policy.Statement{
			Actions: set.CreateStringSet("*"),
			Conditions: policy.ConditionMap{
				"StringLike": policy.ConditionKeyMap{
					"aws:referer": set.CreateStringSet(fmt.Sprintf("https://console.cloud.yandex.*/folders/*/storage/buckets/%s*", VerificationBucket)),
				},
			},
			Effect:    "Allow",
			Principal: policy.User{AWS: set.CreateStringSet("*")},
			Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket),
				fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)),
			Sid: "console-statement",
		}

		policyServiceAccount := policy.Statement{
			Actions:    set.CreateStringSet("*"),
			Conditions: nil,
			Effect:     "Allow",
			Principal:  policy.User{CanonicalUser: set.CreateStringSet("ajelmc4tjbct675tjdh9")},
			Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket),
				fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)),
			Sid: "service-account-statement",
		}

		policySharingBucket := policy.Statement{
			Actions: set.CreateStringSet("s3:ListBucket", "s3:GetObject"),
			Conditions: policy.ConditionMap{
				"StringEquals": policy.ConditionKeyMap{"s3:prefix": set.CreateStringSet("*/*")},
			},
			Effect:    "Allow",
			Principal: policy.User{AWS: set.CreateStringSet("*")},
			Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket),
				fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)),
			Sid: "sharing-bucket",
		}

		p := policy.BucketAccessPolicy{Version: "2012-10-17", Statements: []policy.Statement{
			policyConsoleStatement,
			policyServiceAccount,
			policySharingBucket,
		}}

		outPolicy, err := json.Marshal(&p)
		if r.err(err) {
			return err
		}

		err = r.s3.SetBucketPolicy(ctx, VerificationBucket, string(outPolicy))
		if r.err(err) {
			return err
		}

	}

	return nil
}

func (r *VerificationRepository) Insert(
	ctx context.Context,
	userID string,
	record *models.Verification,
	innFH, ruleFH, egruleFH, certFH *multipart.FileHeader) (*models.Verification, error) {
	now := time.Now()
	record.ID = primitive.NewObjectIDFromTimestamp(now).Hex()
	record.UpdatedAt = now

	// Put inn file
	inn, err := innFH.Open()
	if r.err(err) {
		return nil, err
	}

	_, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, innFH.Filename), inn, innFH.Size, minio.PutObjectOptions{})
	if r.err(err) {
		return nil, err
	}

	rule, err := ruleFH.Open()
	if r.err(err) {
		return nil, err
	}

	// Put rule file
	_, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, ruleFH.Filename), rule, ruleFH.Size, minio.PutObjectOptions{})
	if r.err(err) {
		return nil, err
	}

	// Put egrule file
	egrule, err := egruleFH.Open()
	if r.err(err) {
		return nil, err
	}

	_, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, egruleFH.Filename), egrule, egruleFH.Size, minio.PutObjectOptions{})
	if r.err(err) {
		return nil, err
	}

	// Put certificate file
	if certFH != nil {
		cert, err := certFH.Open()
		if r.err(err) {
			return nil, err
		}

		_, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, certFH.Filename), cert, certFH.Size, minio.PutObjectOptions{})
		if r.err(err) {
			return nil, err
		}

		record.Files = []models.VerificationFiles{
			{
				Name: "certificate",
				Url:  fmt.Sprintf("%s/%s/%s/%s", r.s3.EndpointURL(), VerificationBucket, userID, certFH.Filename),
			},
		}
	}

	// Insert to MongoDB
	record.Files = append(record.Files, []models.VerificationFiles{
		{
			Name: "inn",
			Url:  fmt.Sprintf("%s/%s/%s/%s", r.s3.EndpointURL(), VerificationBucket, userID, innFH.Filename),
		},
		{
			Name: "rule",
			Url:  fmt.Sprintf("%s/%s/%s/%s", r.s3.EndpointURL(), VerificationBucket, userID, ruleFH.Filename),
		},
		{
			Name: "egrule",
			Url:  fmt.Sprintf("%s/%s/%s/%s", r.s3.EndpointURL(), VerificationBucket, userID, egruleFH.Filename),
		},
	}...)

	result, err := r.mongo.InsertOne(ctx, record)
	if r.err(err) {
		return nil, err
	}

	record.ID = result.InsertedID.(string)
	return record, nil
}

func (r *VerificationRepository) GetByUserId(ctx context.Context, userID string) (*models.Verification, error) {
	if userID == "" {
		err := errors.New("userID cannot be empty")
		r.logger.Error("VerificationRepositoryError", zap.Error(err))
		return nil, err
	}

	filter := bson.M{
		"user_id": userID,
	}

	var result models.Verification
	err := r.mongo.FindOne(ctx, filter).Decode(&result)
	if err != nil {
		if err == mongo.ErrNoDocuments {
			return nil, nil
		}
		r.logger.Error("VerificationRepositoryError", zap.Error(err))
		return nil, err
	}

	return &result, nil
}

func (r *VerificationRepository) Get(ctx context.Context, id string) (*models.Verification, error) {
	if id == "" {
		err := errors.New("_id cannot be empty")
		r.logger.Error("VerificationRepositoryError", zap.Error(err))
		return nil, err
	}

	filter := bson.M{
		"_id": id,
	}

	var result models.Verification
	err := r.mongo.FindOne(ctx, filter).Decode(&result)
	if err != nil {
		if err == mongo.ErrNoDocuments {
			return nil, nil
		}
		r.logger.Error("VerificationRepositoryError", zap.Error(err))
		return nil, err
	}

	return &result, nil
}

func (r *VerificationRepository) Update(ctx context.Context, record *models.Verification) (*models.Verification, error) {
	record.UpdatedAt = time.Now()

	var result models.Verification
	err := r.mongo.FindOneAndUpdate(ctx, bson.M{"_id": record.ID}, bson.M{"$set": record}, options.FindOneAndUpdate().SetReturnDocument(options.After)).Decode(&result)
	if r.err(err) {
		return nil, err
	}

	return &result, nil
}
func (r *VerificationRepository) err(err error) bool {
	if err != nil {
		r.logger.Error("VerificationRepositoryError", zap.Error(err))
		return true
	}
	return false
}
Version 0.1 2023-06-12 14:19:10 +00:00			`package repository`

			`import (`
			`"context"`
			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"github.com/minio/minio-go/v7"`
			`"github.com/minio/minio-go/v7/pkg/policy"`
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`"github.com/minio/minio-go/v7/pkg/set"`
Version 0.1 2023-06-12 14:19:10 +00:00			`"go.mongodb.org/mongo-driver/bson"`
			`"go.mongodb.org/mongo-driver/bson/primitive"`
			`"go.mongodb.org/mongo-driver/mongo"`
			`"go.mongodb.org/mongo-driver/mongo/options"`
			`"go.uber.org/zap"`
			`"mime/multipart"`
Version 0.2 Changes: - rename project to remote gitlab - changes envs in internal\config\config.go - added deployments\staging\docker-compose.yaml - added Dockerfile - added staging.env 2023-07-03 11:40:20 +00:00			`"penahub.gitlab.yandexcloud.net/backend/verification/internal/models"`
Version 0.1 2023-06-12 14:19:10 +00:00			`"time"`
			`)`

			`type VerificationRepository struct {`
			`logger *zap.Logger`
			`mongo *mongo.Collection`
			`s3 *minio.Client`
			`}`

			`const (`
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`VerificationBucket = "verification1"`
Version 0.1 2023-06-12 14:19:10 +00:00			`VerificationCollection = "verification"`
			`)`

			`func NewVerificationRepository(logger zap.Logger, mongoDb mongo.Database, s3 minio.Client) VerificationRepository {`
			`return &VerificationRepository{`
			`logger: logger,`
			`mongo: mongoDb.Collection(VerificationCollection),`
			`s3: s3,`
			`}`
			`}`

			`func (r *VerificationRepository) Init(ctx context.Context) error {`
			`ok, err := r.s3.BucketExists(ctx, VerificationBucket)`
			`if r.err(err) {`
			`return err`
			`}`

			`if !ok {`
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`err = r.s3.MakeBucket(ctx, VerificationBucket, minio.MakeBucketOptions{ObjectLocking: false})`
Version 0.1 2023-06-12 14:19:10 +00:00			`if r.err(err) {`
			`return err`
			`}`

Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`policyConsoleStatement := policy.Statement{`
			`Actions: set.CreateStringSet("*"),`
			`Conditions: policy.ConditionMap{`
			`"StringLike": policy.ConditionKeyMap{`
			`"aws:referer": set.CreateStringSet(fmt.Sprintf("https://console.cloud.yandex./folders//storage/buckets/%s*", VerificationBucket)),`
			`},`
			`},`
			`Effect: "Allow",`
			`Principal: policy.User{AWS: set.CreateStringSet("*")},`
			`Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket),`
			`fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)),`
			`Sid: "console-statement",`
			`}`

			`policyServiceAccount := policy.Statement{`
			`Actions: set.CreateStringSet("*"),`
			`Conditions: nil,`
			`Effect: "Allow",`
			`Principal: policy.User{CanonicalUser: set.CreateStringSet("ajelmc4tjbct675tjdh9")},`
			`Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket),`
			`fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)),`
			`Sid: "service-account-statement",`
			`}`
Version 0.1 2023-06-12 14:19:10 +00:00
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`policySharingBucket := policy.Statement{`
			`Actions: set.CreateStringSet("s3:ListBucket", "s3:GetObject"),`
			`Conditions: policy.ConditionMap{`
			`"StringEquals": policy.ConditionKeyMap{"s3:prefix": set.CreateStringSet("/")},`
			`},`
			`Effect: "Allow",`
			`Principal: policy.User{AWS: set.CreateStringSet("*")},`
			`Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket),`
			`fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)),`
			`Sid: "sharing-bucket",`
			`}`

			`p := policy.BucketAccessPolicy{Version: "2012-10-17", Statements: []policy.Statement{`
			`policyConsoleStatement,`
			`policyServiceAccount,`
			`policySharingBucket,`
			`}}`
Version 0.1 2023-06-12 14:19:10 +00:00
			`outPolicy, err := json.Marshal(&p)`
			`if r.err(err) {`
			`return err`
			`}`

			`err = r.s3.SetBucketPolicy(ctx, VerificationBucket, string(outPolicy))`
			`if r.err(err) {`
			`return err`
			`}`
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00
Version 0.1 2023-06-12 14:19:10 +00:00			`}`

			`return nil`
			`}`

			`func (r *VerificationRepository) Insert(`
			`ctx context.Context,`
			`userID string,`
			`record *models.Verification,`
			`innFH, ruleFH, egruleFH, certFH multipart.FileHeader) (models.Verification, error) {`
			`now := time.Now()`
			`record.ID = primitive.NewObjectIDFromTimestamp(now).Hex()`
			`record.UpdatedAt = now`

			`// Put inn file`
			`inn, err := innFH.Open()`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`_, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, innFH.Filename), inn, innFH.Size, minio.PutObjectOptions{})`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`rule, err := ruleFH.Open()`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`// Put rule file`
			`_, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, ruleFH.Filename), rule, ruleFH.Size, minio.PutObjectOptions{})`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`// Put egrule file`
			`egrule, err := egruleFH.Open()`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`_, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, egruleFH.Filename), egrule, egruleFH.Size, minio.PutObjectOptions{})`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`// Put certificate file`
			`if certFH != nil {`
			`cert, err := certFH.Open()`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`_, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, certFH.Filename), cert, certFH.Size, minio.PutObjectOptions{})`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`record.Files = []models.VerificationFiles{`
			`{`
			`Name: "certificate",`
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`Url: fmt.Sprintf("%s/%s/%s/%s", r.s3.EndpointURL(), VerificationBucket, userID, certFH.Filename),`
Version 0.1 2023-06-12 14:19:10 +00:00			`},`
			`}`
			`}`

			`// Insert to MongoDB`
			`record.Files = append(record.Files, []models.VerificationFiles{`
			`{`
			`Name: "inn",`
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`Url: fmt.Sprintf("%s/%s/%s/%s", r.s3.EndpointURL(), VerificationBucket, userID, innFH.Filename),`
Version 0.1 2023-06-12 14:19:10 +00:00			`},`
			`{`
			`Name: "rule",`
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`Url: fmt.Sprintf("%s/%s/%s/%s", r.s3.EndpointURL(), VerificationBucket, userID, ruleFH.Filename),`
Version 0.1 2023-06-12 14:19:10 +00:00			`},`
			`{`
			`Name: "egrule",`
Version 0.2.1 Changes: Fixed bug with ACL and Policy 2023-07-03 16:55:26 +00:00			`Url: fmt.Sprintf("%s/%s/%s/%s", r.s3.EndpointURL(), VerificationBucket, userID, egruleFH.Filename),`
Version 0.1 2023-06-12 14:19:10 +00:00			`},`
			`}...)`

			`result, err := r.mongo.InsertOne(ctx, record)`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`record.ID = result.InsertedID.(string)`
			`return record, nil`
			`}`

			`func (r VerificationRepository) GetByUserId(ctx context.Context, userID string) (models.Verification, error) {`
			`if userID == "" {`
			`err := errors.New("userID cannot be empty")`
			`r.logger.Error("VerificationRepositoryError", zap.Error(err))`
			`return nil, err`
			`}`

			`filter := bson.M{`
			`"user_id": userID,`
			`}`

			`var result models.Verification`
			`err := r.mongo.FindOne(ctx, filter).Decode(&result)`
			`if err != nil {`
			`if err == mongo.ErrNoDocuments {`
			`return nil, nil`
			`}`
			`r.logger.Error("VerificationRepositoryError", zap.Error(err))`
			`return nil, err`
			`}`

			`return &result, nil`
			`}`

			`func (r VerificationRepository) Get(ctx context.Context, id string) (models.Verification, error) {`
			`if id == "" {`
			`err := errors.New("_id cannot be empty")`
			`r.logger.Error("VerificationRepositoryError", zap.Error(err))`
			`return nil, err`
			`}`

			`filter := bson.M{`
			`"_id": id,`
			`}`

			`var result models.Verification`
			`err := r.mongo.FindOne(ctx, filter).Decode(&result)`
			`if err != nil {`
			`if err == mongo.ErrNoDocuments {`
			`return nil, nil`
			`}`
			`r.logger.Error("VerificationRepositoryError", zap.Error(err))`
			`return nil, err`
			`}`

			`return &result, nil`
			`}`

			`func (r VerificationRepository) Update(ctx context.Context, record models.Verification) (*models.Verification, error) {`
			`record.UpdatedAt = time.Now()`

			`var result models.Verification`
			`err := r.mongo.FindOneAndUpdate(ctx, bson.M{"_id": record.ID}, bson.M{"$set": record}, options.FindOneAndUpdate().SetReturnDocument(options.After)).Decode(&result)`
			`if r.err(err) {`
			`return nil, err`
			`}`

			`return &result, nil`
			`}`
			`func (r *VerificationRepository) err(err error) bool {`
			`if err != nil {`
			`r.logger.Error("VerificationRepositoryError", zap.Error(err))`
			`return true`
			`}`
			`return false`
			`}`