Add authentication and metrics

2025-07-30 09:38:18 +02:00 · 2023-03-07 15:14:08 +01:00 · 2023-03-07 15:14:08 +01:00 · 6abea91d7c
commit 6abea91d7c
parent 7667ea7b90
16 changed files with 894 additions and 31 deletions
--- a/graph/generated.go
+++ b/graph/generated.go
@ -79,6 +79,7 @@ type ComplexityRoot struct {
 		DeleteEvent    func(childComplexity int, input string) int
 		EditCalendar   func(childComplexity int, input model.EditCalendar) int
 		EditEvent      func(childComplexity int, input model.EditEvent) int
+		Login          func(childComplexity int, input model.Login) int
 	}

 	Query struct {
@ -107,6 +108,7 @@ type MutationResolver interface {
 	CreateCalendar(ctx context.Context, input model.NewCalendar) (*model.Calendar, error)
 	EditCalendar(ctx context.Context, input model.EditCalendar) (*model.Calendar, error)
 	DeleteCalendar(ctx context.Context, input string) (bool, error)
+	Login(ctx context.Context, input model.Login) (string, error)
 }
 type QueryResolver interface {
 	Events(ctx context.Context, after *time.Time, before *time.Time, calendar *string) ([]*model.Event, error)
@ -312,6 +314,18 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in

 		return e.complexity.Mutation.EditEvent(childComplexity, args["input"].(model.EditEvent)), true

+	case "Mutation.login":
+		if e.complexity.Mutation.Login == nil {
+			break
+		}
+
+		args, err := ec.field_Mutation_login_args(context.TODO(), rawArgs)
+		if err != nil {
+			return 0, false
+		}
+
+		return e.complexity.Mutation.Login(childComplexity, args["input"].(model.Login)), true
+
 	case "Query.calendar":
 		if e.complexity.Query.Calendar == nil {
 			break
@ -379,6 +393,7 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler {
 	inputUnmarshalMap := graphql.BuildUnmarshalerMap(
 		ec.unmarshalInputEditCalendar,
 		ec.unmarshalInputEditEvent,
+		ec.unmarshalInputLogin,
 		ec.unmarshalInputNewCalendar,
 		ec.unmarshalInputNewEvent,
 		ec.unmarshalInputSetLocation,
@ -575,6 +590,21 @@ func (ec *executionContext) field_Mutation_editEvent_args(ctx context.Context, r
 	return args, nil
 }

+func (ec *executionContext) field_Mutation_login_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) {
+	var err error
+	args := map[string]interface{}{}
+	var arg0 model.Login
+	if tmp, ok := rawArgs["input"]; ok {
+		ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("input"))
+		arg0, err = ec.unmarshalNLogin2githubᚗcomᚋUnkn0wnCatᚋcalapiᚋgraphᚋmodelᚐLogin(ctx, tmp)
+		if err != nil {
+			return nil, err
+		}
+	}
+	args["input"] = arg0
+	return args, nil
+}
+
 func (ec *executionContext) field_Query___type_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) {
 	var err error
 	args := map[string]interface{}{}
@ -1759,6 +1789,60 @@ func (ec *executionContext) fieldContext_Mutation_deleteCalendar(ctx context.Con
 	return fc, nil
 }

+func (ec *executionContext) _Mutation_login(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) {
+	fc, err := ec.fieldContext_Mutation_login(ctx, field)
+	if err != nil {
+		return graphql.Null
+	}
+	ctx = graphql.WithFieldContext(ctx, fc)
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return ec.resolvers.Mutation().Login(rctx, fc.Args["input"].(model.Login))
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+	}
+	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
+		return graphql.Null
+	}
+	res := resTmp.(string)
+	fc.Result = res
+	return ec.marshalNString2string(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) fieldContext_Mutation_login(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
+	fc = &graphql.FieldContext{
+		Object:     "Mutation",
+		Field:      field,
+		IsMethod:   true,
+		IsResolver: true,
+		Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
+			return nil, errors.New("field of type String does not have child fields")
+		},
+	}
+	defer func() {
+		if r := recover(); r != nil {
+			err = ec.Recover(ctx, r)
+			ec.Error(ctx, err)
+		}
+	}()
+	ctx = graphql.WithFieldContext(ctx, fc)
+	if fc.Args, err = ec.field_Mutation_login_args(ctx, field.ArgumentMap(ec.Variables)); err != nil {
+		ec.Error(ctx, err)
+		return
+	}
+	return fc, nil
+}
+
 func (ec *executionContext) _Query_events(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) {
 	fc, err := ec.fieldContext_Query_events(ctx, field)
 	if err != nil {
@ -4118,6 +4202,42 @@ func (ec *executionContext) unmarshalInputEditEvent(ctx context.Context, obj int
 	return it, nil
 }

+func (ec *executionContext) unmarshalInputLogin(ctx context.Context, obj interface{}) (model.Login, error) {
+	var it model.Login
+	asMap := map[string]interface{}{}
+	for k, v := range obj.(map[string]interface{}) {
+		asMap[k] = v
+	}
+
+	fieldsInOrder := [...]string{"username", "password"}
+	for _, k := range fieldsInOrder {
+		v, ok := asMap[k]
+		if !ok {
+			continue
+		}
+		switch k {
+		case "username":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("username"))
+			it.Username, err = ec.unmarshalNString2string(ctx, v)
+			if err != nil {
+				return it, err
+			}
+		case "password":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("password"))
+			it.Password, err = ec.unmarshalNString2string(ctx, v)
+			if err != nil {
+				return it, err
+			}
+		}
+	}
+
+	return it, nil
+}
+
 func (ec *executionContext) unmarshalInputNewCalendar(ctx context.Context, obj interface{}) (model.NewCalendar, error) {
 	var it model.NewCalendar
 	asMap := map[string]interface{}{}
@ -4515,6 +4635,12 @@ func (ec *executionContext) _Mutation(ctx context.Context, sel ast.SelectionSet)
 				return ec._Mutation_deleteCalendar(ctx, field)
 			})

+		case "login":
+
+			out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) {
+				return ec._Mutation_login(ctx, field)
+			})
+
 		default:
 			panic("unknown field " + strconv.Quote(field.Name))
 		}
@ -5150,6 +5276,11 @@ func (ec *executionContext) marshalNID2string(ctx context.Context, sel ast.Selec
 	return res
 }

+func (ec *executionContext) unmarshalNLogin2githubᚗcomᚋUnkn0wnCatᚋcalapiᚋgraphᚋmodelᚐLogin(ctx context.Context, v interface{}) (model.Login, error) {
+	res, err := ec.unmarshalInputLogin(ctx, v)
+	return res, graphql.ErrorOnPath(ctx, err)
+}
+
 func (ec *executionContext) unmarshalNNewCalendar2githubᚗcomᚋUnkn0wnCatᚋcalapiᚋgraphᚋmodelᚐNewCalendar(ctx context.Context, v interface{}) (model.NewCalendar, error) {
 	res, err := ec.unmarshalInputNewCalendar(ctx, v)
 	return res, graphql.ErrorOnPath(ctx, err)
--- a/graph/model/models_gen.go
+++ b/graph/model/models_gen.go
@ -29,6 +29,11 @@ type Location struct {
 	Address *string  `json:"address"`
 }

+type Login struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
 type NewCalendar struct {
 	Name        string `json:"name"`
 	Description string `json:"description"`
--- a/graph/schema.graphqls
+++ b/graph/schema.graphqls
@ -89,6 +89,11 @@ input EditCalendar {
  description: String
 }

+input Login {
+  username: String!
+  password: String!
+}
+
 type Mutation {
  createEvent(input: NewEvent!): Event!
  editEvent(input: EditEvent!): Event!
@ -97,4 +102,6 @@ type Mutation {
  createCalendar(input: NewCalendar!): Calendar!
  editCalendar(input: EditCalendar!): Calendar!
  deleteCalendar(input: ID!): Boolean!
+
+  login(input: Login!): String!
 }
--- a/graph/schema.resolvers.go
+++ b/graph/schema.resolvers.go
@ -7,6 +7,11 @@ package graph
 import (
 	"context"
 	"errors"
+	"github.com/99designs/gqlgen/graphql"
+	"github.com/Unkn0wnCat/calapi/internal/auth"
+	"github.com/Unkn0wnCat/calapi/internal/logger"
+	"github.com/go-chi/chi/middleware"
+	"go.uber.org/zap"
 	"strconv"
 	"time"

@ -18,6 +23,10 @@ import (

 // Events is the resolver for the events field.
 func (r *calendarResolver) Events(ctx context.Context, obj *model.Calendar, after *time.Time, before *time.Time) ([]*model.Event, error) {
+	if auth.ChallengeQuery(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	if after == nil {
 		now := time.Now()
 		after = &now
@ -51,6 +60,10 @@ func (r *calendarResolver) Events(ctx context.Context, obj *model.Calendar, afte

 // Calendar is the resolver for the calendar field.
 func (r *eventResolver) Calendar(ctx context.Context, obj *model.Event) (*model.Calendar, error) {
+	if auth.ChallengeQuery(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	modelCalendar := model.FromCalendar(*obj.DbCalendar)

 	return &modelCalendar, nil
@ -58,6 +71,10 @@ func (r *eventResolver) Calendar(ctx context.Context, obj *model.Event) (*model.

 // CreateEvent is the resolver for the createEvent field.
 func (r *mutationResolver) CreateEvent(ctx context.Context, input model.NewEvent) (*model.Event, error) {
+	if auth.ChallengeMutation(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	actualId, err := strconv.ParseUint(input.Calendar, 16, 64)
 	if err != nil {
 		return nil, err
@ -106,11 +123,21 @@ func (r *mutationResolver) CreateEvent(ctx context.Context, input model.NewEvent

 	modelEvent := model.FromEvent(event)

+	logger.Logger.Info("event created",
+		zap.String("requestId", middleware.GetReqID(ctx)),
+		zap.String("gqlPath", graphql.GetPath(ctx).String()),
+		zap.Uint64("newID", event.Id),
+	)
+
 	return &modelEvent, nil
 }

 // EditEvent is the resolver for the editEvent field.
 func (r *mutationResolver) EditEvent(ctx context.Context, input model.EditEvent) (*model.Event, error) {
+	if auth.ChallengeMutation(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	actualId, err := strconv.ParseUint(input.ID, 16, 64)
 	if err != nil {
 		return nil, err
@ -178,11 +205,21 @@ func (r *mutationResolver) EditEvent(ctx context.Context, input model.EditEvent)

 	modelEvent := model.FromEvent(*event)

+	logger.Logger.Info("event edited",
+		zap.String("requestId", middleware.GetReqID(ctx)),
+		zap.String("gqlPath", graphql.GetPath(ctx).String()),
+		zap.Uint64("ID", event.Id),
+	)
+
 	return &modelEvent, nil
 }

 // DeleteEvent is the resolver for the deleteEvent field.
 func (r *mutationResolver) DeleteEvent(ctx context.Context, input string) (bool, error) {
+	if auth.ChallengeMutation(ctx) != nil {
+		return false, errors.New("unauthorized")
+	}
+
 	actualId, err := strconv.ParseUint(input, 16, 64)
 	if err != nil {
 		return false, err
@ -194,11 +231,21 @@ func (r *mutationResolver) DeleteEvent(ctx context.Context, input string) (bool,
 		return false, err
 	}

+	logger.Logger.Info("event deleted",
+		zap.String("requestId", middleware.GetReqID(ctx)),
+		zap.String("gqlPath", graphql.GetPath(ctx).String()),
+		zap.Uint64("oldID", actualId),
+	)
+
 	return true, nil
 }

 // CreateCalendar is the resolver for the createCalendar field.
 func (r *mutationResolver) CreateCalendar(ctx context.Context, input model.NewCalendar) (*model.Calendar, error) {
+	if auth.ChallengeMutation(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	calendar := db_model.Calendar{
 		Name:        input.Name,
 		Description: input.Description,
@ -213,11 +260,21 @@ func (r *mutationResolver) CreateCalendar(ctx context.Context, input model.NewCa

 	modelCalendar := model.FromCalendar(calendar)

+	logger.Logger.Info("calendar created",
+		zap.String("requestId", middleware.GetReqID(ctx)),
+		zap.String("gqlPath", graphql.GetPath(ctx).String()),
+		zap.Uint64("newID", calendar.Id),
+	)
+
 	return &modelCalendar, nil
 }

 // EditCalendar is the resolver for the editCalendar field.
 func (r *mutationResolver) EditCalendar(ctx context.Context, input model.EditCalendar) (*model.Calendar, error) {
+	if auth.ChallengeMutation(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	actualId, err := strconv.ParseUint(input.ID, 16, 64)
 	if err != nil {
 		return nil, err
@ -247,11 +304,21 @@ func (r *mutationResolver) EditCalendar(ctx context.Context, input model.EditCal

 	modelCalendar := model.FromCalendar(*calendar)

+	logger.Logger.Info("calendar edited",
+		zap.String("requestId", middleware.GetReqID(ctx)),
+		zap.String("gqlPath", graphql.GetPath(ctx).String()),
+		zap.Uint64("ID", calendar.Id),
+	)
+
 	return &modelCalendar, nil
 }

 // DeleteCalendar is the resolver for the deleteCalendar field.
 func (r *mutationResolver) DeleteCalendar(ctx context.Context, input string) (bool, error) {
+	if auth.ChallengeMutation(ctx) != nil {
+		return false, errors.New("unauthorized")
+	}
+
 	actualId, err := strconv.ParseUint(input, 16, 64)
 	if err != nil {
 		return false, err
@ -263,11 +330,36 @@ func (r *mutationResolver) DeleteCalendar(ctx context.Context, input string) (bo
 		return false, err
 	}

+	logger.Logger.Info("calendar deleted",
+		zap.String("requestId", middleware.GetReqID(ctx)),
+		zap.String("gqlPath", graphql.GetPath(ctx).String()),
+		zap.Uint64("newID", actualId),
+	)
+
 	return true, nil
 }

+// Login is the resolver for the login field.
+func (r *mutationResolver) Login(ctx context.Context, input model.Login) (string, error) {
+	user, err := auth.Authenticate(ctx, input.Username, input.Password)
+	if err != nil || user == nil {
+		return "", errors.New("invalid credentials")
+	}
+
+	token, err := auth.MakeJWT(user)
+	if err != nil {
+		return "", errors.New("failed to create token")
+	}
+
+	return token, nil
+}
+
 // Events is the resolver for the events field.
 func (r *queryResolver) Events(ctx context.Context, after *time.Time, before *time.Time, calendar *string) ([]*model.Event, error) {
+	if auth.ChallengeQuery(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	if after == nil {
 		now := time.Now()
 		after = &now
@ -308,6 +400,10 @@ func (r *queryResolver) Events(ctx context.Context, after *time.Time, before *ti

 // Calendars is the resolver for the calendars field.
 func (r *queryResolver) Calendars(ctx context.Context) ([]*model.Calendar, error) {
+	if auth.ChallengeQuery(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	calendarBox := db_model.BoxForCalendar(database.ObjectBox)
 	results, err := calendarBox.GetAll()
 	if err != nil {
@ -326,6 +422,10 @@ func (r *queryResolver) Calendars(ctx context.Context) ([]*model.Calendar, error

 // Calendar is the resolver for the calendar field.
 func (r *queryResolver) Calendar(ctx context.Context, id string) (*model.Calendar, error) {
+	if auth.ChallengeQuery(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	actualId, err := strconv.ParseUint(id, 16, 64)
 	if err != nil {
 		return nil, err
@ -347,6 +447,10 @@ func (r *queryResolver) Calendar(ctx context.Context, id string) (*model.Calenda

 // Event is the resolver for the event field.
 func (r *queryResolver) Event(ctx context.Context, id string) (*model.Event, error) {
+	if auth.ChallengeQuery(ctx) != nil {
+		return nil, errors.New("unauthorized")
+	}
+
 	actualId, err := strconv.ParseUint(id, 16, 64)
 	if err != nil {
 		return nil, err