server-manager/backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
backend/auth/auth.go
ACoolName 9834ab88c8 moved stuff around
2024-05-18 04:10:28 +03:00

182 lines
4.4 KiB
Go
Raw Blame History

package auth
import (
"context"
"encoding/json"
"fmt"
"net/http"
"time"
"acooldomain.co/backend/models"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/mongo"
"golang.org/x/crypto/bcrypt"
)
var secret []byte
var method string
type Connection struct {
connection *mongo.Client
}
type TokenInfo struct {
Username string `json:"username"`
Permissions models.Permission `json:"permissions"`
}
type AuthClaims struct {
*jwt.StandardClaims
TokenInfo
}
type InviteToken struct {
Email string `bson:"Email"`
Permissions []models.Permission `bson:"Permissions"`
Token string `bson:"Token"`
}
func signToken(token TokenInfo) (string, error) {
t := jwt.New(jwt.GetSigningMethod(method))
t.Claims = &AuthClaims{
&jwt.StandardClaims{
ExpiresAt: time.Now().Add(time.Hour * 24 * 30).Unix(),
},
token,
}
return t.SignedString(secret)
}
func hashPassword(password string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
return string(bytes), err
}
func AuthorizedTo(requiredPermissions models.Permission, overwriters ...func(*gin.Context) bool) gin.HandlerFunc {
return func(ctx *gin.Context) {
authCookie, err := ctx.Request.Cookie("auth")
if err != nil {
ctx.AbortWithError(403, err)
return
}
token, err := jwt.ParseWithClaims(authCookie.Value, &AuthClaims{}, func(token *jwt.Token) (interface{}, error) {
// Don't forget to validate the alg is what you expect:
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
return secret, nil
})
if err != nil {
ctx.AbortWithError(403, err)
return
}
if claims, ok := token.Claims.(*AuthClaims); ok && token.Valid {
ctx.Set("claims", claims)
if requiredPermissions&claims.Permissions != requiredPermissions && models.Admin&claims.Permissions != models.Admin {
for _, overwrite := range overwriters {
if overwrite(ctx) {
return
}
}
ctx.AbortWithStatus(403)
return
}
} else {
ctx.AbortWithStatus(500)
}
}
}
type SignUpRequest struct {
Token string
Username string
Password string
}
func (con Connection) signUp(c *gin.Context) {
var token TokenInfo
err := json.NewDecoder(c.Request.Body).Decode(&token)
if err != nil {
c.AbortWithError(500, err)
}
signedToken, err := signToken(token)
if err != nil {
c.AbortWithError(500, err)
}
c.SetCookie("auth", signedToken, -1, "", "", false, false)
c.IndentedJSON(http.StatusOK, signedToken)
}
type SignInRequest struct {
Username string `json:"username"`
Password string `json:"password"`
}
func (con Connection) signIn(c *gin.Context) {
var request SignInRequest
err := json.NewDecoder(c.Request.Body).Decode(&request)
if err != nil {
c.AbortWithError(500, err)
return
}
var userItem models.User
err = con.connection.Database("Backend").Collection("Users").FindOne(context.TODO(), bson.D{{Key: "Username", Value: request.Username}}).Decode(&userItem)
if err != nil {
c.AbortWithError(403, err)
return
}
if bcrypt.CompareHashAndPassword([]byte(userItem.HashedPass), []byte(request.Password)) != nil {
c.AbortWithStatus(403)
return
}
token := TokenInfo{
Username: userItem.Username,
Permissions: userItem.Permissions,
}
signedToken, err := signToken(token)
if err != nil {
c.AbortWithError(500, err)
return
}
c.SetCookie("auth", signedToken, -1, "", "", false, false)
c.IndentedJSON(http.StatusOK, signedToken)
}
func (con Connection) test(c *gin.Context) {
claims, exists := c.Get("claims")
if !exists {
fmt.Println("No Claims")
c.AbortWithStatus(403)
return
}
c.IndentedJSON(http.StatusOK, claims)
}
func LoadGroup(group *gin.RouterGroup, client *mongo.Client, config models.GlobalConfig) {
connection := Connection{connection: client}
secret = []byte(config.Key)
method = config.Algorithm
group.POST("/signin", connection.signIn)
group.POST("/signup", AuthorizedTo(models.Admin), connection.signUp)
group.GET("/test", AuthorizedTo(models.Admin), connection.test)
}
Reference in New Issue View Git Blame Copy Permalink