Create auth API & comment code

2025-06-01 10:11:59 +02:00 · 2022-02-23 18:58:46 +01:00 · 2022-02-23 18:58:46 +01:00 · c8d1c33cb4
commit c8d1c33cb4
parent 1b15b12859
17 changed files with 475 additions and 101 deletions
--- a/internal/web/api/api.go
+++ b/internal/web/api/api.go
@ -0,0 +1,86 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"github.com/gorilla/mux"
+	"net/http"
+	"strings"
+)
+
+func SetupAPI(router *mux.Router) {
+	router.NotFoundHandler = NotFoundHandler{}
+	router.MethodNotAllowedHandler = MethodNotAllowedHandler{}
+
+	router.Path("/auth/login").Methods("POST").HandlerFunc(apiHandleAuthLogin)
+	router.Path("/auth/register").Methods("POST").HandlerFunc(apiHandleAuthRegister)
+
+	bot := router.PathPrefix("/bot").Subrouter()
+	bot.Use(checkAuthMiddleware)
+
+	bot.Path("/test").HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
+		writer.WriteHeader(200)
+
+		claims := request.Context().Value("claims").(jwtClaims)
+
+		writer.Write([]byte(`hello ` + claims.Username))
+	})
+}
+
+func checkAuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(res http.ResponseWriter, req *http.Request) {
+		token := req.Header.Get("Authorization")
+		tokenSplit := strings.Split(token, " ")
+
+		if token == "" || len(tokenSplit) < 2 {
+			writeJSONError(res, http.StatusUnauthorized, errors.New("bearer token required"))
+			return
+		}
+
+		token = tokenSplit[1]
+
+		claims, _, err := parseToken(token)
+		if err != nil {
+			writeJSONError(res, http.StatusUnauthorized, errors.New("invalid token"))
+			return
+		}
+
+		ctx := context.WithValue(req.Context(), "claims", *claims)
+
+		req = req.WithContext(ctx)
+
+		next.ServeHTTP(res, req)
+	})
+}
+
+func writeJSONError(res http.ResponseWriter, statusCode int, err error) {
+	res.Header().Set("Content-Type", "application/json")
+	res.WriteHeader(statusCode)
+
+	enc, _ := json.Marshal(struct {
+		Error     string `json:"error"`
+		ErrorCode int    `json:"error_code"`
+	}{
+		Error:     err.Error(),
+		ErrorCode: statusCode,
+	})
+
+	_, _ = res.Write(enc)
+}
+
+type NotFoundHandler struct{}
+
+func (NotFoundHandler) ServeHTTP(res http.ResponseWriter, req *http.Request) {
+	res.Header().Set("Content-Type", "application/json")
+	res.WriteHeader(http.StatusNotFound)
+	_, _ = res.Write([]byte(`{"error": "not_found","error_code":404}`))
+}
+
+type MethodNotAllowedHandler struct{}
+
+func (MethodNotAllowedHandler) ServeHTTP(res http.ResponseWriter, req *http.Request) {
+	res.Header().Set("Content-Type", "application/json")
+	res.WriteHeader(http.StatusMethodNotAllowed)
+	_, _ = res.Write([]byte(`{"error": "method_not_allowed","error_code":405}`))
+}
--- a/internal/web/api/auth.go
+++ b/internal/web/api/auth.go
@ -0,0 +1,173 @@
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"github.com/Unkn0wnCat/matrix-veles/internal/db"
+	"github.com/Unkn0wnCat/matrix-veles/internal/db/model"
+	"github.com/golang-jwt/jwt/v4"
+	"github.com/spf13/viper"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/mongo"
+	"net/http"
+	"time"
+)
+
+type apiAuthRequestBody struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+type jwtClaims struct {
+	Username string `json:"username"`
+	jwt.RegisteredClaims
+}
+
+func parseToken(tokenString string) (*jwtClaims, *jwt.Token, error) {
+	claims := jwtClaims{}
+	jwtSigningKey := []byte(viper.GetString("bot.web.secret"))
+
+	token, err := jwt.ParseWithClaims(tokenString, &claims, func(token *jwt.Token) (interface{}, error) {
+		return jwtSigningKey, nil
+	})
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return &claims, token, nil
+}
+
+func apiHandleAuthLogin(res http.ResponseWriter, req *http.Request) {
+	body := req.Body
+
+	bodyContent := apiAuthRequestBody{}
+
+	err := json.NewDecoder(body).Decode(&bodyContent)
+	if err != nil {
+		writeJSONError(res, http.StatusBadRequest, errors.New("malformed body"))
+		return
+	}
+
+	user, err := db.GetUserByUsername(bodyContent.Username)
+	if err != nil {
+		if errors.Is(err, mongo.ErrNoDocuments) {
+			writeJSONError(res, http.StatusUnauthorized, errors.New("invalid credentials"))
+			return
+		}
+
+		writeJSONError(res, http.StatusInternalServerError, errors.New("database error"))
+		return
+	}
+
+	err = user.CheckPassword(bodyContent.Password)
+	if err != nil {
+		writeJSONError(res, http.StatusUnauthorized, errors.New("invalid credentials"))
+		return
+	}
+
+	jwtSigningKey := []byte(viper.GetString("bot.web.secret"))
+
+	claims := jwtClaims{
+		Username: user.Username,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24 * 365 * 100)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+			Issuer:    "veles-api",
+			Subject:   user.ID.Hex(),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	ss, err := token.SignedString(jwtSigningKey)
+	if err != nil {
+		writeJSONError(res, http.StatusInternalServerError, errors.New("unable to create token"))
+		return
+	}
+
+	res.Header().Set("Content-Type", "application/json")
+	res.WriteHeader(http.StatusOK)
+
+	enc, err := json.Marshal(struct {
+		Token string `json:"token"`
+	}{
+		Token: ss,
+	})
+
+	_, _ = res.Write(enc)
+}
+
+type apiAuthRegisterBody struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+func apiHandleAuthRegister(res http.ResponseWriter, req *http.Request) {
+	body := req.Body
+
+	bodyContent := apiAuthRegisterBody{}
+
+	err := json.NewDecoder(body).Decode(&bodyContent)
+	if err != nil {
+		writeJSONError(res, http.StatusBadRequest, errors.New("malformed body"))
+		return
+	}
+
+	_, err = db.GetUserByUsername(bodyContent.Username)
+	if err == nil {
+		writeJSONError(res, http.StatusBadRequest, errors.New("username taken"))
+		return
+	}
+	if !errors.Is(err, mongo.ErrNoDocuments) {
+		writeJSONError(res, http.StatusInternalServerError, errors.New("database error"))
+		return
+	}
+
+	user := model.DBUser{
+		ID:       primitive.NewObjectID(),
+		Username: bodyContent.Username,
+		Password: &bodyContent.Password,
+	}
+
+	err = user.HashPassword()
+	if err != nil {
+		writeJSONError(res, http.StatusInternalServerError, errors.New("unable to hash password"))
+		return
+	}
+
+	err = db.SaveUser(&user)
+	if err != nil {
+		writeJSONError(res, http.StatusInternalServerError, errors.New("database error"))
+		return
+	}
+
+	jwtSigningKey := viper.GetString("bot.web.secret")
+
+	claims := jwtClaims{
+		Username: user.Username,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+			Issuer:    "veles-api",
+			Subject:   user.ID.Hex(),
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	ss, err := token.SignedString(jwtSigningKey)
+	if err != nil {
+		writeJSONError(res, http.StatusInternalServerError, errors.New("unable to create token"))
+	}
+
+	res.Header().Set("Content-Type", "application/json")
+	res.WriteHeader(http.StatusOK)
+
+	enc, err := json.Marshal(struct {
+		Token string `json:"token"`
+	}{
+		Token: ss,
+	})
+
+	_, _ = res.Write(enc)
+}