api.spaceplanner.app

auth.go (3048B)

---

 package main
 
 import (
 	"errors"
 	"log"
 	"net/http"
 	"time"
 
 	"github.com/gin-gonic/gin"
 	jwt "github.com/appleboy/gin-jwt/v2"
 
 	"jacobedwards.org/spaceplanner.app/internal/backend"
 )
 
 var (
 	identityKey = "id"
 )
 
 func AuthMiddleware(authMiddleware *jwt.GinJWTMiddleware) gin.HandlerFunc {
 	return func(context *gin.Context) {
 		errInit := authMiddleware.MiddlewareInit()
 		if errInit != nil {
 			log.Fatal("authMiddleware.MiddlewareInit() Error:" + errInit.Error())
 		}
 	}
 }
 
 func (e *Env) AuthParams(key []byte) (*jwt.GinJWTMiddleware, error) {
 	if key == nil || len(key) == 0 {
 		return nil, errors.New("Invalid key")
 	}
 	return &jwt.GinJWTMiddleware{
 		// TODO: Don't know what Realm is, but should probably be changed
 		Realm: "test zone",
 		Key: key,
 		Timeout: time.Hour * 24 * 7,
 		MaxRefresh: time.Hour * 24,
 		IdentityKey: identityKey,
 		PayloadFunc: payloadFunc(),
 
 		IdentityHandler: identityHandler(),
 		Authenticator: e.authenticator(),
 		Authorizator: authorizator(),
 		Unauthorized: unauthorized(),
 		TokenLookup: "header: Authorization, query: token, cookie: jwt",
 		// TokenLookup: "query:token",
 		// TokenLookup: "cookie:token",
 		TokenHeadName: "Bearer",
 		TimeFunc: time.Now,
 	}, nil
 }
 
 func payloadFunc() func(data interface{}) jwt.MapClaims {
 	return func(data interface{}) jwt.MapClaims {
 		if v, ok := data.(backend.User); ok {
 			return jwt.MapClaims{
 				identityKey: v.Name,
 			}
 		}
 		return jwt.MapClaims{}
 	}
 }
 
 func identityHandler() func(c *gin.Context) interface{} {
 	return func(c *gin.Context) interface{} {
 		claims := jwt.ExtractClaims(c)
 		return &backend.User{
 			Name: claims[identityKey].(string),
 		}
 	}
 }
 
 func (e *Env) authenticator() func(c *gin.Context) (interface{}, error) {
 	return func(c *gin.Context) (interface{}, error) {
 		var creds Credentials
 		if err := c.ShouldBind(&creds); err != nil {
 			return "", jwt.ErrMissingLoginValues
 		}
 
 		user, err := e.backend.LoginUser(creds.Username, creds.Password)
 		if err != nil {
 			return nil, err
 		}
 		return user, nil
 	}
 }
 
 func authorizator() func(data interface{}, c *gin.Context) bool {
 	// Is authenticated user allowed to do X?
 	return func(data interface{}, c *gin.Context) bool {
 		owner := c.Param("user")
 		v, ok := data.(*backend.User)
 		if !ok {
 			log.Panic("Expected *backend.User")
 		}
 
 		if v.Name == owner {
 			return true
 		}
 		log.Printf("User %q unauthorized to access resource owned by %q", v.Name, owner)
 		return false
 	}
 }
 
 func unauthorized() func(c *gin.Context, code int, message string) {
 	return func(c *gin.Context, code int, message string) {
 		RespondError(c, code, "Unauthorized: %s", message);
 	}
 }
 
 func handleNoRoute() func(c *gin.Context) {
 	return func(c *gin.Context) {
 		claims := jwt.ExtractClaims(c)
 		log.Printf("NoRoute claims: %#v\n", claims)
 		RespondError(c, http.StatusNotFound, "Endpoint not found")
 	}
 }
 
 func testHandler(c *gin.Context) {
 	claims := jwt.ExtractClaims(c)
 	user, _ := c.Get(identityKey)
 	c.JSON(200, gin.H{
 		"ID": claims[identityKey],
 		"Username": user,
 		"text": "Test.",
 	})
 }