added cloud and verify

auth/auth.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"acooldomain.co/backend/models"
@@ -20,7 +21,7 @@ var secret []byte
 var method string
 
 type Connection struct {
-	connection *mongo.Client
+	databaseConnection *mongo.Client
 }
 
 type TokenInfo struct {
@@ -112,7 +113,7 @@ func (con Connection) signUp(c *gin.Context) {
 
 	var token InviteToken
 
-	err = con.connection.Database("Backend").Collection("Tokens").FindOne(
+	err = con.databaseConnection.Database("Backend").Collection("Tokens").FindOne(
 		context.TODO(),
 		bson.D{{}},
 		options.FindOne(),
@@ -133,7 +134,7 @@ func (con Connection) signUp(c *gin.Context) {
 		return
 	}
 
-	_, err = con.connection.Database("Backend").Collection("Users").InsertOne(context.TODO(), &models.User{
+	_, err = con.databaseConnection.Database("Backend").Collection("Users").InsertOne(context.TODO(), &models.User{
 		Username:        request.Username,
 		HashedPass:      hashedPass,
 		Permissions:     token.Permissions,
@@ -164,7 +165,7 @@ func (con Connection) signIn(c *gin.Context) {
 		return
 	}
 	var userItem models.User
-	err = con.connection.Database("Backend").Collection("Users").FindOne(context.TODO(), bson.D{{Key: "Username", Value: request.Username}}).Decode(&userItem)
+	err = con.databaseConnection.Database("Backend").Collection("Users").FindOne(context.TODO(), bson.D{{Key: "Username", Value: request.Username}}).Decode(&userItem)
 	if err != nil {
 		c.AbortWithError(403, err)
 		return
@@ -190,23 +191,77 @@ func (con Connection) signIn(c *gin.Context) {
 	c.IndentedJSON(http.StatusOK, signedToken)
 }
 
-func (con Connection) test(c *gin.Context) {
+func (con Connection) verify(c *gin.Context) {
 	claims, exists := c.Get("claims")
 	if !exists {
 		fmt.Println("No Claims")
 		c.AbortWithStatus(403)
 		return
 	}
-	c.IndentedJSON(http.StatusOK, claims)
+
+	forwarded_host := c.Request.Header.Get("x-forwarded-host")
+	domainSegments := strings.Split(forwarded_host, ".")
+
+	serverId, service := domainSegments[0], domainSegments[1]
+	c.AddParam("server_id", serverId)
+
+	if service == "browsers" {
+		if claims.(*AuthClaims).Permissions&models.Browse == models.Browse || claims.(*AuthClaims).Permissions&models.Admin == models.Admin || con.ServerAuthorized(models.Browse)(c) {
+			c.Header("X-Username", claims.(*AuthClaims).Username)
+			c.Status(200)
+			return
+		}
+
+	}
+
+	if service == "cloud" {
+		if claims.(*AuthClaims).Permissions&models.Cloud == models.Cloud || claims.(*AuthClaims).Permissions&models.Admin == models.Admin {
+			c.Header("X-Username", claims.(*AuthClaims).Username)
+			c.Status(200)
+			return
+		}
+	}
+
+	c.Redirect(303, "http://%s/login")
+}
+
+func (con Connection) ServerAuthorized(permissions models.Permission) func(*gin.Context) bool {
+	return func(ctx *gin.Context) bool {
+		claims, exists := ctx.Get("claims")
+		if !exists {
+			return false
+		}
+
+		server_id := ctx.Param("server_id")
+		if server_id == "" {
+			return false
+		}
+
+		var serverData models.ServerData
+
+		con.databaseConnection.Database("Backend").Collection("Servers").FindOne(context.TODO(), bson.D{{Key: "Id", Value: server_id}}).Decode(&serverData)
+
+		if serverData.OwnerId == claims.(*AuthClaims).Username {
+			return true
+		}
+
+		userPermissions := serverData.UserPermissions[claims.(*AuthClaims).Username]
+
+		if userPermissions&permissions == permissions || userPermissions&models.Admin == models.Admin {
+			return true
+		}
+
+		return false
+	}
 }
 
 func LoadGroup(group *gin.RouterGroup, client *mongo.Client, config models.GlobalConfig) {
-	connection := Connection{connection: client}
+	connection := Connection{databaseConnection: client}
 
 	secret = []byte(config.Key)
 	method = config.Algorithm
 
 	group.POST("/signin", connection.signIn)
 	group.POST("/signup", AuthorizedTo(models.Admin), connection.signUp)
-	group.GET("/test", AuthorizedTo(models.Admin), connection.test)
+	group.GET("/verify", AuthorizedTo(0), connection.verify)
 }