2023-09-18 23:57:18 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/md5"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"strings"
|
2023-10-03 20:47:38 +00:00
|
|
|
"time"
|
2023-09-18 23:57:18 +00:00
|
|
|
|
|
|
|
argon2 "github.com/alexedwards/argon2id"
|
|
|
|
"github.com/gin-contrib/sessions"
|
|
|
|
"github.com/gin-gonic/gin"
|
2023-10-03 20:47:38 +00:00
|
|
|
log "github.com/sirupsen/logrus"
|
2024-01-11 01:23:36 +00:00
|
|
|
"reichard.io/antholume/database"
|
2024-01-28 02:02:08 +00:00
|
|
|
"reichard.io/antholume/utils"
|
2023-09-18 23:57:18 +00:00
|
|
|
)
|
|
|
|
|
2024-01-10 02:08:40 +00:00
|
|
|
// Authorization Data
|
|
|
|
type authData struct {
|
|
|
|
UserName string
|
|
|
|
IsAdmin bool
|
2024-01-28 02:02:08 +00:00
|
|
|
AuthHash string
|
2024-01-10 02:08:40 +00:00
|
|
|
}
|
|
|
|
|
2023-09-26 23:14:33 +00:00
|
|
|
// KOSync API Auth Headers
|
2023-10-05 23:56:19 +00:00
|
|
|
type authKOHeader struct {
|
2023-09-18 23:57:18 +00:00
|
|
|
AuthUser string `header:"x-auth-user"`
|
|
|
|
AuthKey string `header:"x-auth-key"`
|
|
|
|
}
|
|
|
|
|
2024-01-10 02:08:40 +00:00
|
|
|
func (api *API) authorizeCredentials(username string, password string) (auth *authData) {
|
2024-01-27 19:56:01 +00:00
|
|
|
user, err := api.db.Queries.GetUser(api.db.Ctx, username)
|
2023-09-18 23:57:18 +00:00
|
|
|
if err != nil {
|
2024-01-10 02:08:40 +00:00
|
|
|
return
|
2023-09-18 23:57:18 +00:00
|
|
|
}
|
|
|
|
|
2024-05-18 20:47:26 +00:00
|
|
|
if match, err := argon2.ComparePasswordAndHash(password, *user.Pass); err != nil || !match {
|
2024-01-10 02:08:40 +00:00
|
|
|
return
|
2023-09-18 23:57:18 +00:00
|
|
|
}
|
|
|
|
|
2024-03-11 01:48:43 +00:00
|
|
|
// Update auth cache
|
2024-01-29 03:17:58 +00:00
|
|
|
api.userAuthCache[user.ID] = *user.AuthHash
|
2024-01-28 02:02:08 +00:00
|
|
|
|
2024-01-10 02:08:40 +00:00
|
|
|
return &authData{
|
|
|
|
UserName: user.ID,
|
|
|
|
IsAdmin: user.Admin,
|
2024-01-29 03:17:58 +00:00
|
|
|
AuthHash: *user.AuthHash,
|
2024-01-10 02:08:40 +00:00
|
|
|
}
|
2023-09-18 23:57:18 +00:00
|
|
|
}
|
|
|
|
|
2023-10-05 23:56:19 +00:00
|
|
|
func (api *API) authKOMiddleware(c *gin.Context) {
|
2023-09-18 23:57:18 +00:00
|
|
|
session := sessions.Default(c)
|
|
|
|
|
2023-10-03 20:47:38 +00:00
|
|
|
// Check Session First
|
2024-05-18 20:47:26 +00:00
|
|
|
if auth, ok := api.getSession(session); ok {
|
2024-01-10 02:08:40 +00:00
|
|
|
c.Set("Authorization", auth)
|
2023-09-21 00:35:01 +00:00
|
|
|
c.Header("Cache-Control", "private")
|
2023-09-18 23:57:18 +00:00
|
|
|
c.Next()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-10-03 20:47:38 +00:00
|
|
|
// Session Failed -> Check Headers (Allowed on API for KOSync Compatibility)
|
|
|
|
|
2023-10-05 23:56:19 +00:00
|
|
|
var rHeader authKOHeader
|
2023-09-18 23:57:18 +00:00
|
|
|
if err := c.ShouldBindHeader(&rHeader); err != nil {
|
|
|
|
c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": "Incorrect Headers"})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if rHeader.AuthUser == "" || rHeader.AuthKey == "" {
|
|
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid Authorization Headers"})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-10 02:08:40 +00:00
|
|
|
authData := api.authorizeCredentials(rHeader.AuthUser, rHeader.AuthKey)
|
|
|
|
if authData == nil {
|
2023-09-18 23:57:18 +00:00
|
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-28 02:02:08 +00:00
|
|
|
if err := api.setSession(session, *authData); err != nil {
|
2023-10-03 20:47:38 +00:00
|
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
|
|
|
|
return
|
|
|
|
}
|
2023-09-18 23:57:18 +00:00
|
|
|
|
2024-01-10 02:08:40 +00:00
|
|
|
c.Set("Authorization", *authData)
|
2023-10-03 20:47:38 +00:00
|
|
|
c.Header("Cache-Control", "private")
|
2023-09-18 23:57:18 +00:00
|
|
|
c.Next()
|
|
|
|
}
|
|
|
|
|
2023-10-05 23:56:19 +00:00
|
|
|
func (api *API) authOPDSMiddleware(c *gin.Context) {
|
|
|
|
c.Header("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
|
|
|
|
|
|
|
|
user, rawPassword, hasAuth := c.Request.BasicAuth()
|
|
|
|
|
|
|
|
// Validate Auth Fields
|
2024-05-18 20:47:26 +00:00
|
|
|
if !hasAuth || user == "" || rawPassword == "" {
|
2023-10-05 23:56:19 +00:00
|
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid Authorization Headers"})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate Auth
|
|
|
|
password := fmt.Sprintf("%x", md5.Sum([]byte(rawPassword)))
|
2024-01-10 02:08:40 +00:00
|
|
|
authData := api.authorizeCredentials(user, password)
|
|
|
|
if authData == nil {
|
2023-10-05 23:56:19 +00:00
|
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-10 02:08:40 +00:00
|
|
|
c.Set("Authorization", *authData)
|
2023-10-05 23:56:19 +00:00
|
|
|
c.Header("Cache-Control", "private")
|
|
|
|
c.Next()
|
|
|
|
}
|
|
|
|
|
2023-09-18 23:57:18 +00:00
|
|
|
func (api *API) authWebAppMiddleware(c *gin.Context) {
|
|
|
|
session := sessions.Default(c)
|
|
|
|
|
2023-10-03 20:47:38 +00:00
|
|
|
// Check Session
|
2024-05-18 20:47:26 +00:00
|
|
|
if auth, ok := api.getSession(session); ok {
|
2024-01-10 02:08:40 +00:00
|
|
|
c.Set("Authorization", auth)
|
2023-09-21 00:35:01 +00:00
|
|
|
c.Header("Cache-Control", "private")
|
2023-09-18 23:57:18 +00:00
|
|
|
c.Next()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
c.Redirect(http.StatusFound, "/login")
|
|
|
|
c.Abort()
|
|
|
|
}
|
|
|
|
|
2024-01-10 02:08:40 +00:00
|
|
|
func (api *API) authAdminWebAppMiddleware(c *gin.Context) {
|
|
|
|
if data, _ := c.Get("Authorization"); data != nil {
|
|
|
|
auth := data.(authData)
|
2024-05-18 20:47:26 +00:00
|
|
|
if auth.IsAdmin {
|
2024-01-10 02:08:40 +00:00
|
|
|
c.Next()
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-01-27 03:07:30 +00:00
|
|
|
appErrorPage(c, http.StatusUnauthorized, "Admin Permissions Required")
|
2024-01-10 02:08:40 +00:00
|
|
|
c.Abort()
|
|
|
|
}
|
|
|
|
|
2024-01-29 03:11:36 +00:00
|
|
|
func (api *API) appAuthLogin(c *gin.Context) {
|
2024-01-20 19:26:26 +00:00
|
|
|
templateVars, _ := api.getBaseTemplateVars("login", c)
|
2024-01-01 04:12:46 +00:00
|
|
|
|
2023-09-18 23:57:18 +00:00
|
|
|
username := strings.TrimSpace(c.PostForm("username"))
|
|
|
|
rawPassword := strings.TrimSpace(c.PostForm("password"))
|
|
|
|
|
|
|
|
if username == "" || rawPassword == "" {
|
2024-01-01 04:12:46 +00:00
|
|
|
templateVars["Error"] = "Invalid Credentials"
|
|
|
|
c.HTML(http.StatusUnauthorized, "page/login", templateVars)
|
2023-09-18 23:57:18 +00:00
|
|
|
return
|
|
|
|
}
|
2023-09-26 23:14:33 +00:00
|
|
|
|
|
|
|
// MD5 - KOSync Compatiblity
|
2023-09-18 23:57:18 +00:00
|
|
|
password := fmt.Sprintf("%x", md5.Sum([]byte(rawPassword)))
|
2024-01-10 02:08:40 +00:00
|
|
|
authData := api.authorizeCredentials(username, password)
|
|
|
|
if authData == nil {
|
2024-01-01 04:12:46 +00:00
|
|
|
templateVars["Error"] = "Invalid Credentials"
|
|
|
|
c.HTML(http.StatusUnauthorized, "page/login", templateVars)
|
2023-09-18 23:57:18 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-10-03 20:47:38 +00:00
|
|
|
// Set Session
|
2023-09-18 23:57:18 +00:00
|
|
|
session := sessions.Default(c)
|
2024-01-28 02:02:08 +00:00
|
|
|
if err := api.setSession(session, *authData); err != nil {
|
2024-01-01 04:12:46 +00:00
|
|
|
templateVars["Error"] = "Invalid Credentials"
|
|
|
|
c.HTML(http.StatusUnauthorized, "page/login", templateVars)
|
2023-10-03 20:47:38 +00:00
|
|
|
return
|
|
|
|
}
|
2023-09-18 23:57:18 +00:00
|
|
|
|
2023-10-03 20:47:38 +00:00
|
|
|
c.Header("Cache-Control", "private")
|
2023-09-18 23:57:18 +00:00
|
|
|
c.Redirect(http.StatusFound, "/")
|
|
|
|
}
|
|
|
|
|
2024-01-29 03:11:36 +00:00
|
|
|
func (api *API) appAuthRegister(c *gin.Context) {
|
2024-01-27 19:56:01 +00:00
|
|
|
if !api.cfg.RegistrationEnabled {
|
2024-01-27 03:07:30 +00:00
|
|
|
appErrorPage(c, http.StatusUnauthorized, "Nice try. Registration is disabled.")
|
2023-10-25 23:52:01 +00:00
|
|
|
return
|
2023-09-19 23:29:55 +00:00
|
|
|
}
|
|
|
|
|
2024-01-20 19:26:26 +00:00
|
|
|
templateVars, _ := api.getBaseTemplateVars("login", c)
|
2024-01-01 04:12:46 +00:00
|
|
|
templateVars["Register"] = true
|
|
|
|
|
2023-09-18 23:57:18 +00:00
|
|
|
username := strings.TrimSpace(c.PostForm("username"))
|
|
|
|
rawPassword := strings.TrimSpace(c.PostForm("password"))
|
|
|
|
|
|
|
|
if username == "" || rawPassword == "" {
|
2024-01-01 04:12:46 +00:00
|
|
|
templateVars["Error"] = "Invalid User or Password"
|
|
|
|
c.HTML(http.StatusBadRequest, "page/login", templateVars)
|
2023-09-18 23:57:18 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
password := fmt.Sprintf("%x", md5.Sum([]byte(rawPassword)))
|
|
|
|
|
|
|
|
hashedPassword, err := argon2.CreateHash(password, argon2.DefaultParams)
|
|
|
|
if err != nil {
|
2024-01-01 04:12:46 +00:00
|
|
|
templateVars["Error"] = "Registration Disabled or User Already Exists"
|
|
|
|
c.HTML(http.StatusBadRequest, "page/login", templateVars)
|
2023-09-18 23:57:18 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-26 00:40:36 +00:00
|
|
|
// Generate auth hash
|
2024-01-28 02:02:08 +00:00
|
|
|
rawAuthHash, err := utils.GenerateToken(64)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("Failed to generate user token: ", err)
|
|
|
|
templateVars["Error"] = "Failed to Create User"
|
|
|
|
c.HTML(http.StatusBadRequest, "page/login", templateVars)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-26 00:40:36 +00:00
|
|
|
// Get current users
|
|
|
|
currentUsers, err := api.db.Queries.GetUsers(api.db.Ctx)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("Failed to check all users: ", err)
|
|
|
|
templateVars["Error"] = "Failed to Create User"
|
|
|
|
c.HTML(http.StatusBadRequest, "page/login", templateVars)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Determine if we should be admin
|
|
|
|
isAdmin := false
|
|
|
|
if len(currentUsers) == 0 {
|
|
|
|
isAdmin = true
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create user in DB
|
2024-01-29 03:17:58 +00:00
|
|
|
authHash := fmt.Sprintf("%x", rawAuthHash)
|
2024-02-26 00:40:36 +00:00
|
|
|
if rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{
|
2024-01-28 02:02:08 +00:00
|
|
|
ID: username,
|
|
|
|
Pass: &hashedPassword,
|
2024-01-29 03:17:58 +00:00
|
|
|
AuthHash: &authHash,
|
2024-02-26 00:40:36 +00:00
|
|
|
Admin: isAdmin,
|
|
|
|
}); err != nil {
|
2024-01-27 01:45:07 +00:00
|
|
|
log.Error("CreateUser DB Error:", err)
|
2024-01-01 04:12:46 +00:00
|
|
|
templateVars["Error"] = "Registration Disabled or User Already Exists"
|
|
|
|
c.HTML(http.StatusBadRequest, "page/login", templateVars)
|
2023-09-18 23:57:18 +00:00
|
|
|
return
|
2024-02-26 00:40:36 +00:00
|
|
|
} else if rows == 0 {
|
2024-01-27 01:45:07 +00:00
|
|
|
log.Warn("User Already Exists:", username)
|
2024-01-01 04:12:46 +00:00
|
|
|
templateVars["Error"] = "Registration Disabled or User Already Exists"
|
|
|
|
c.HTML(http.StatusBadRequest, "page/login", templateVars)
|
2023-09-18 23:57:18 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-26 00:40:36 +00:00
|
|
|
// Get user
|
2024-01-27 19:56:01 +00:00
|
|
|
user, err := api.db.Queries.GetUser(api.db.Ctx, username)
|
2024-01-10 02:08:40 +00:00
|
|
|
if err != nil {
|
2024-01-27 01:45:07 +00:00
|
|
|
log.Error("GetUser DB Error:", err)
|
2024-01-10 02:08:40 +00:00
|
|
|
templateVars["Error"] = "Registration Disabled or User Already Exists"
|
|
|
|
c.HTML(http.StatusBadRequest, "page/login", templateVars)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-26 00:40:36 +00:00
|
|
|
// Set session
|
2024-01-10 02:08:40 +00:00
|
|
|
auth := authData{
|
|
|
|
UserName: user.ID,
|
|
|
|
IsAdmin: user.Admin,
|
2024-01-29 03:17:58 +00:00
|
|
|
AuthHash: *user.AuthHash,
|
2024-01-10 02:08:40 +00:00
|
|
|
}
|
2023-09-18 23:57:18 +00:00
|
|
|
session := sessions.Default(c)
|
2024-01-28 02:02:08 +00:00
|
|
|
if err := api.setSession(session, auth); err != nil {
|
2024-01-27 03:07:30 +00:00
|
|
|
appErrorPage(c, http.StatusUnauthorized, "Unauthorized.")
|
2023-10-03 20:47:38 +00:00
|
|
|
return
|
|
|
|
}
|
2023-09-18 23:57:18 +00:00
|
|
|
|
2023-10-03 20:47:38 +00:00
|
|
|
c.Header("Cache-Control", "private")
|
2023-09-18 23:57:18 +00:00
|
|
|
c.Redirect(http.StatusFound, "/")
|
|
|
|
}
|
2023-09-26 23:14:33 +00:00
|
|
|
|
2024-01-01 04:12:46 +00:00
|
|
|
func (api *API) appAuthLogout(c *gin.Context) {
|
2023-09-26 23:14:33 +00:00
|
|
|
session := sessions.Default(c)
|
|
|
|
session.Clear()
|
2024-05-18 20:47:26 +00:00
|
|
|
if err := session.Save(); err != nil {
|
|
|
|
log.Error("unable to save session")
|
|
|
|
}
|
|
|
|
|
2023-09-26 23:14:33 +00:00
|
|
|
c.Redirect(http.StatusFound, "/login")
|
|
|
|
}
|
2023-10-03 20:47:38 +00:00
|
|
|
|
2024-01-29 03:11:36 +00:00
|
|
|
func (api *API) koAuthRegister(c *gin.Context) {
|
|
|
|
if !api.cfg.RegistrationEnabled {
|
|
|
|
c.AbortWithStatus(http.StatusConflict)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
var rUser requestUser
|
|
|
|
if err := c.ShouldBindJSON(&rUser); err != nil {
|
|
|
|
log.Error("Invalid JSON Bind")
|
|
|
|
apiErrorPage(c, http.StatusBadRequest, "Invalid User Data")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if rUser.Username == "" || rUser.Password == "" {
|
|
|
|
log.Error("Invalid User - Empty Username or Password")
|
|
|
|
apiErrorPage(c, http.StatusBadRequest, "Invalid User Data")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-26 00:40:36 +00:00
|
|
|
// Generate password hash
|
2024-01-29 03:11:36 +00:00
|
|
|
hashedPassword, err := argon2.CreateHash(rUser.Password, argon2.DefaultParams)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("Argon2 Hash Failure:", err)
|
|
|
|
apiErrorPage(c, http.StatusBadRequest, "Unknown Error")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-26 00:40:36 +00:00
|
|
|
// Generate auth hash
|
2024-01-29 03:11:36 +00:00
|
|
|
rawAuthHash, err := utils.GenerateToken(64)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("Failed to generate user token: ", err)
|
|
|
|
apiErrorPage(c, http.StatusBadRequest, "Unknown Error")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-02-26 00:40:36 +00:00
|
|
|
// Get current users
|
|
|
|
currentUsers, err := api.db.Queries.GetUsers(api.db.Ctx)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("Failed to check all users: ", err)
|
|
|
|
apiErrorPage(c, http.StatusBadRequest, "Failed to Create User")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Determine if we should be admin
|
|
|
|
isAdmin := false
|
|
|
|
if len(currentUsers) == 0 {
|
|
|
|
isAdmin = true
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create user
|
2024-01-29 03:17:58 +00:00
|
|
|
authHash := fmt.Sprintf("%x", rawAuthHash)
|
2024-02-26 00:40:36 +00:00
|
|
|
if rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{
|
2024-01-29 03:11:36 +00:00
|
|
|
ID: rUser.Username,
|
|
|
|
Pass: &hashedPassword,
|
2024-01-29 03:17:58 +00:00
|
|
|
AuthHash: &authHash,
|
2024-02-26 00:40:36 +00:00
|
|
|
Admin: isAdmin,
|
|
|
|
}); err != nil {
|
2024-01-29 03:11:36 +00:00
|
|
|
log.Error("CreateUser DB Error:", err)
|
|
|
|
apiErrorPage(c, http.StatusBadRequest, "Invalid User Data")
|
|
|
|
return
|
2024-02-26 00:40:36 +00:00
|
|
|
} else if rows == 0 {
|
2024-01-29 03:11:36 +00:00
|
|
|
log.Error("User Already Exists:", rUser.Username)
|
|
|
|
apiErrorPage(c, http.StatusBadRequest, "User Already Exists")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
c.JSON(http.StatusCreated, gin.H{
|
|
|
|
"username": rUser.Username,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2024-01-28 02:02:08 +00:00
|
|
|
func (api *API) getSession(session sessions.Session) (auth authData, ok bool) {
|
|
|
|
// Get Session
|
2023-10-03 20:47:38 +00:00
|
|
|
authorizedUser := session.Get("authorizedUser")
|
2024-01-10 02:08:40 +00:00
|
|
|
isAdmin := session.Get("isAdmin")
|
|
|
|
expiresAt := session.Get("expiresAt")
|
2024-01-28 02:02:08 +00:00
|
|
|
authHash := session.Get("authHash")
|
|
|
|
if authorizedUser == nil || isAdmin == nil || expiresAt == nil || authHash == nil {
|
2024-01-10 02:08:40 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create Auth Object
|
|
|
|
auth = authData{
|
|
|
|
UserName: authorizedUser.(string),
|
|
|
|
IsAdmin: isAdmin.(bool),
|
2024-01-28 02:02:08 +00:00
|
|
|
AuthHash: authHash.(string),
|
|
|
|
}
|
|
|
|
|
|
|
|
// Validate Auth Hash
|
|
|
|
correctAuthHash, err := api.getUserAuthHash(auth.UserName)
|
|
|
|
if err != nil || correctAuthHash != auth.AuthHash {
|
|
|
|
return
|
2023-10-03 20:47:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Refresh
|
2024-01-10 02:08:40 +00:00
|
|
|
if expiresAt.(int64)-time.Now().Unix() < 60*60*24 {
|
2024-01-27 01:45:07 +00:00
|
|
|
log.Info("Refreshing Session")
|
2024-05-18 20:47:26 +00:00
|
|
|
if err := api.setSession(session, auth); err != nil {
|
|
|
|
log.Error("unable to get session")
|
|
|
|
return
|
|
|
|
}
|
2023-10-03 20:47:38 +00:00
|
|
|
}
|
|
|
|
|
2024-01-10 02:08:40 +00:00
|
|
|
// Authorized
|
|
|
|
return auth, true
|
2023-10-03 20:47:38 +00:00
|
|
|
}
|
|
|
|
|
2024-01-28 02:02:08 +00:00
|
|
|
func (api *API) setSession(session sessions.Session, auth authData) error {
|
2023-10-03 20:47:38 +00:00
|
|
|
// Set Session Cookie
|
2024-01-10 02:08:40 +00:00
|
|
|
session.Set("authorizedUser", auth.UserName)
|
|
|
|
session.Set("isAdmin", auth.IsAdmin)
|
2023-10-03 20:47:38 +00:00
|
|
|
session.Set("expiresAt", time.Now().Unix()+(60*60*24*7))
|
2024-01-28 02:02:08 +00:00
|
|
|
session.Set("authHash", auth.AuthHash)
|
|
|
|
|
2023-10-03 20:47:38 +00:00
|
|
|
return session.Save()
|
|
|
|
}
|
2024-01-28 02:02:08 +00:00
|
|
|
|
|
|
|
func (api *API) getUserAuthHash(username string) (string, error) {
|
|
|
|
// Return Cache
|
|
|
|
if api.userAuthCache[username] != "" {
|
|
|
|
return api.userAuthCache[username], nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get DB
|
|
|
|
user, err := api.db.Queries.GetUser(api.db.Ctx, username)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("GetUser DB Error:", err)
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Update Cache
|
2024-01-29 03:17:58 +00:00
|
|
|
api.userAuthCache[username] = *user.AuthHash
|
2024-01-28 02:02:08 +00:00
|
|
|
|
|
|
|
return api.userAuthCache[username], nil
|
|
|
|
}
|
|
|
|
|
2024-01-28 16:38:44 +00:00
|
|
|
func (api *API) rotateAllAuthHashes() error {
|
|
|
|
// Do Transaction
|
|
|
|
tx, err := api.db.DB.Begin()
|
|
|
|
if err != nil {
|
|
|
|
log.Error("Transaction Begin DB Error: ", err)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Defer & Start Transaction
|
2024-05-18 20:47:26 +00:00
|
|
|
defer func() {
|
|
|
|
if err := tx.Rollback(); err != nil {
|
|
|
|
log.Error("DB Rollback Error:", err)
|
|
|
|
}
|
|
|
|
}()
|
2024-01-28 16:38:44 +00:00
|
|
|
qtx := api.db.Queries.WithTx(tx)
|
|
|
|
|
|
|
|
users, err := qtx.GetUsers(api.db.Ctx)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2024-05-18 20:47:26 +00:00
|
|
|
// Update Users
|
|
|
|
newAuthHashCache := make(map[string]string, 0)
|
2024-01-28 16:38:44 +00:00
|
|
|
for _, user := range users {
|
|
|
|
// Generate Auth Hash
|
|
|
|
rawAuthHash, err := utils.GenerateToken(64)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Update User
|
2024-01-29 03:17:58 +00:00
|
|
|
authHash := fmt.Sprintf("%x", rawAuthHash)
|
2024-01-28 16:38:44 +00:00
|
|
|
if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
|
|
|
|
UserID: user.ID,
|
2024-01-29 03:17:58 +00:00
|
|
|
AuthHash: &authHash,
|
2024-03-11 01:48:43 +00:00
|
|
|
Admin: user.Admin,
|
2024-01-28 16:38:44 +00:00
|
|
|
}); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2024-05-18 20:47:26 +00:00
|
|
|
// Save New Hash Cache
|
|
|
|
newAuthHashCache[user.ID] = fmt.Sprintf("%x", rawAuthHash)
|
2024-01-28 16:38:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Commit Transaction
|
|
|
|
if err := tx.Commit(); err != nil {
|
|
|
|
log.Error("Transaction Commit DB Error: ", err)
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2024-05-18 20:47:26 +00:00
|
|
|
// Transaction Succeeded -> Update Cache
|
|
|
|
for user, hash := range newAuthHashCache {
|
|
|
|
api.userAuthCache[user] = hash
|
2024-03-12 05:20:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|