package repository import ( "context" "encoding/json" "errors" "fmt" "mime/multipart" "time" "github.com/minio/minio-go/v7" "github.com/minio/minio-go/v7/pkg/policy" "github.com/minio/minio-go/v7/pkg/set" "go.mongodb.org/mongo-driver/bson" "go.mongodb.org/mongo-driver/bson/primitive" "go.mongodb.org/mongo-driver/mongo" "go.mongodb.org/mongo-driver/mongo/options" "go.uber.org/zap" "penahub.gitlab.yandexcloud.net/backend/verification/internal/models" ) type VerificationRepository struct { logger *zap.Logger mongo *mongo.Collection s3 *minio.Client } const ( VerificationEndpointURL = "https://hub.pena.digital" VerificationBucket = "verification1" VerificationCollection = "verification" ) func NewVerificationRepository(logger *zap.Logger, mongoDb *mongo.Database, s3 *minio.Client) *VerificationRepository { return &VerificationRepository{ logger: logger, mongo: mongoDb.Collection(VerificationCollection), s3: s3, } } func (r *VerificationRepository) Init(ctx context.Context) error { ok, err := r.s3.BucketExists(ctx, VerificationBucket) if r.err(err) { return err } if !ok { err = r.s3.MakeBucket(ctx, VerificationBucket, minio.MakeBucketOptions{ObjectLocking: false}) if r.err(err) { return err } policyConsoleStatement := policy.Statement{ Actions: set.CreateStringSet("*"), Conditions: policy.ConditionMap{ "StringLike": policy.ConditionKeyMap{ "aws:referer": set.CreateStringSet(fmt.Sprintf("https://console.cloud.yandex.*/folders/*/storage/buckets/%s*", VerificationBucket)), }, }, Effect: "Allow", Principal: policy.User{AWS: set.CreateStringSet("*")}, Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket), fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)), Sid: "console-statement", } policyServiceAccount := policy.Statement{ Actions: set.CreateStringSet("*"), Conditions: nil, Effect: "Allow", Principal: policy.User{CanonicalUser: set.CreateStringSet("ajelmc4tjbct675tjdh9")}, Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket), fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)), Sid: "service-account-statement", } policySharingBucket := policy.Statement{ Actions: set.CreateStringSet("s3:GetObject"), Conditions: nil, Effect: "Allow", Principal: policy.User{AWS: set.CreateStringSet("*")}, Resources: set.CreateStringSet(fmt.Sprintf("arn:aws:s3:::%s/*", VerificationBucket), fmt.Sprintf("arn:aws:s3:::%s", VerificationBucket)), Sid: "sharing-bucket", } p := policy.BucketAccessPolicy{Version: "2012-10-17", Statements: []policy.Statement{ policyConsoleStatement, policyServiceAccount, policySharingBucket, }} outPolicy, err := json.Marshal(&p) if r.err(err) { return err } err = r.s3.SetBucketPolicy(ctx, VerificationBucket, string(outPolicy)) if r.err(err) { return err } } return nil } func (r *VerificationRepository) Insert( ctx context.Context, userID string, record *models.Verification, innFH, ruleFH, egruleFH, certFH *multipart.FileHeader) (*models.Verification, error) { now := time.Now() record.ID = primitive.NewObjectIDFromTimestamp(now).Hex() record.UpdatedAt = now // Put inn file inn, err := innFH.Open() if r.err(err) { return nil, err } _, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, innFH.Filename), inn, innFH.Size, minio.PutObjectOptions{}) if r.err(err) { return nil, err } rule, err := ruleFH.Open() if r.err(err) { return nil, err } // Put rule file _, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, ruleFH.Filename), rule, ruleFH.Size, minio.PutObjectOptions{}) if r.err(err) { return nil, err } // Put egrule file egrule, err := egruleFH.Open() if r.err(err) { return nil, err } _, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, egruleFH.Filename), egrule, egruleFH.Size, minio.PutObjectOptions{}) if r.err(err) { return nil, err } // Put certificate file if certFH != nil { cert, err := certFH.Open() if r.err(err) { return nil, err } _, err = r.s3.PutObject(ctx, VerificationBucket, fmt.Sprintf("%s/%s", userID, certFH.Filename), cert, certFH.Size, minio.PutObjectOptions{}) if r.err(err) { return nil, err } record.Files = []models.VerificationFiles{ { Name: "certificate", Url: fmt.Sprintf("%s/%s/%s/%s", VerificationEndpointURL, VerificationBucket, userID, certFH.Filename), }, } } // Insert to MongoDB record.Files = append(record.Files, []models.VerificationFiles{ { Name: "inn", Url: fmt.Sprintf("%s/%s/%s/%s", VerificationEndpointURL, VerificationBucket, userID, innFH.Filename), }, { Name: "rule", Url: fmt.Sprintf("%s/%s/%s/%s", VerificationEndpointURL, VerificationBucket, userID, ruleFH.Filename), }, { Name: "egrule", Url: fmt.Sprintf("%s/%s/%s/%s", VerificationEndpointURL, VerificationBucket, userID, egruleFH.Filename), }, }...) result, err := r.mongo.InsertOne(ctx, record) if r.err(err) { return nil, err } record.ID = result.InsertedID.(string) return record, nil } func (r *VerificationRepository) GetByUserId(ctx context.Context, userID string) (*models.Verification, error) { if userID == "" { err := errors.New("userID cannot be empty") r.logger.Error("VerificationRepositoryError", zap.Error(err)) return nil, err } filter := bson.M{ "user_id": userID, } opts := options.FindOne().SetSort(bson.D{{Key: "updated_at", Value: -1}}) var result models.Verification err := r.mongo.FindOne(ctx, filter, opts).Decode(&result) if err != nil { if err == mongo.ErrNoDocuments { return nil, nil } r.logger.Error("VerificationRepositoryError", zap.Error(err)) return nil, err } return &result, nil } func (r *VerificationRepository) Get(ctx context.Context, id string) (*models.Verification, error) { if id == "" { err := errors.New("_id cannot be empty") r.logger.Error("VerificationRepositoryError", zap.Error(err)) return nil, err } filter := bson.M{ "_id": id, } var result models.Verification err := r.mongo.FindOne(ctx, filter).Decode(&result) if err != nil { if err == mongo.ErrNoDocuments { return nil, nil } r.logger.Error("VerificationRepositoryError", zap.Error(err)) return nil, err } return &result, nil } func (r *VerificationRepository) Update(ctx context.Context, record *models.Verification) (*models.Verification, error) { record.UpdatedAt = time.Now() var result models.Verification err := r.mongo.FindOneAndUpdate(ctx, bson.M{"_id": record.ID}, bson.M{"$set": record}, options.FindOneAndUpdate().SetReturnDocument(options.After)).Decode(&result) if r.err(err) { return nil, err } return &result, nil } func (r *VerificationRepository) err(err error) bool { if err != nil { r.logger.Error("VerificationRepositoryError", zap.Error(err)) return true } return false }