imagini/internal/api/auth.go

package api

import (
    "fmt"
    "time"
    "strings"
    "net/http"
    "encoding/json"
    "github.com/google/uuid"
    log "github.com/sirupsen/logrus"
    "github.com/lestrrat-go/jwx/jwt"

    "reichard.io/imagini/internal/models"
    graphql "reichard.io/imagini/graph/model"
)

func (api *API) loginHandler(w http.ResponseWriter, r *http.Request) {
    w.Header().Set("Access-Control-Allow-Origin", "*")
    if r.Method != http.MethodPost {
        errorJSON(w, "Method is not supported.", http.StatusMethodNotAllowed)
        return
    }

    // Decode into Struct
    var creds models.APICredentials
    err := json.NewDecoder(r.Body).Decode(&creds)
    if err != nil {
        errorJSON(w, "Invalid parameters.", http.StatusBadRequest)
        return
    }

    // Validate
    if creds.User == "" || creds.Password == "" {
        errorJSON(w, "Invalid parameters.", http.StatusBadRequest)
        return
    }

    // Do login
    resp, user := api.Auth.AuthenticateUser(creds)
    if !resp {
        errorJSON(w, "Invalid credentials.", http.StatusUnauthorized)
        return
    }

    // Upsert device
    device, err := api.upsertRequestedDevice(user, r)
    if err != nil {
        log.Error("[api] loginHandler - Failed to upsert device: ", err)
        errorJSON(w, "DB error. Unable to proceed.", http.StatusUnauthorized)
        return
    }

    // Create Tokens
    accessToken, err := api.Auth.CreateJWTAccessToken(user, device)
    refreshToken, err := api.Auth.CreateJWTRefreshToken(user, device)

    // Set appropriate cookies
    accessCookie := http.Cookie{Name: "AccessToken", Value: accessToken, Path: "/", HttpOnly: true}
    refreshCookie := http.Cookie{Name: "RefreshToken", Value: refreshToken, Path: "/", HttpOnly: true}
    http.SetCookie(w, &accessCookie)
    http.SetCookie(w, &refreshCookie)

    // Response success
    successJSON(w, "Login success.", http.StatusOK)
}

func (api *API) logoutHandler(w http.ResponseWriter, r *http.Request) {
    if r.Method != http.MethodPost {
        http.Error(w, "Method is not supported.", http.StatusMethodNotAllowed)
        return
    }

    // TODO: Reset Refresh Key

    // Clear Cookies
    http.SetCookie(w, &http.Cookie{Name: "AccessToken", Expires: time.Unix(0, 0)})
    http.SetCookie(w, &http.Cookie{Name: "RefreshToken", Expires: time.Unix(0, 0)})

    successJSON(w, "Logout success.", http.StatusOK)
}

/**
 * This will find or create the requested device based on ID and User.
 **/
func (api *API) upsertRequestedDevice(user graphql.User, r *http.Request) (graphql.Device, error) {
    requestedDevice := deriveRequestedDevice(r)
    requestedDevice.Type = deriveDeviceType(r)
    requestedDevice.User.ID = user.ID

    if *requestedDevice.ID == "" {
        err := api.DB.CreateDevice(&requestedDevice)
        createdDevice, err := api.DB.Device(&requestedDevice)
        return createdDevice, err
    }

    foundDevice, err := api.DB.Device(&graphql.Device{
        ID: requestedDevice.ID,
        User: &user,
    })

    return foundDevice, err
}

func deriveDeviceType(r *http.Request) graphql.DeviceType {
    userAgent := strings.ToLower(r.Header.Get("User-Agent"))
    if strings.HasPrefix(userAgent, "ios-imagini"){
        return graphql.DeviceTypeIOs
    } else if strings.HasPrefix(userAgent, "android-imagini"){
        return graphql.DeviceTypeAndroid
    } else if strings.HasPrefix(userAgent, "chrome"){
        return graphql.DeviceTypeChrome
    } else if strings.HasPrefix(userAgent, "firefox"){
        return graphql.DeviceTypeFirefox
    } else if strings.HasPrefix(userAgent, "msie"){
        return graphql.DeviceTypeInternetExplorer
    } else if strings.HasPrefix(userAgent, "edge"){
        return graphql.DeviceTypeEdge
    } else if strings.HasPrefix(userAgent, "safari"){
        return graphql.DeviceTypeSafari
    }
    return graphql.DeviceTypeUnknown
}

func deriveRequestedDevice(r *http.Request) graphql.Device {
    deviceSkeleton := graphql.Device{}
    authHeader := r.Header.Get("X-Imagini-Authorization")
    splitAuthInfo := strings.Split(authHeader, ",")

    // For each Key - Value pair
    for i := range splitAuthInfo {

        // Split Key - Value
        item := strings.TrimSpace(splitAuthInfo[i])
        splitItem := strings.SplitN(item, "=", 2)
        if len(splitItem) != 2 {
            continue
        }

        // Derive Key
        key := strings.ToLower(strings.TrimSpace(splitItem[0]))
        if key != "deviceid" && key != "devicename" {
            continue
        }

        // Derive Value
        val := trimQuotes(strings.TrimSpace(splitItem[1]))
        if key == "deviceid" {
            parsedDeviceUUID, err := uuid.Parse(val)
            if err != nil {
                log.Warn("[auth] deriveRequestedDevice - Unable to parse requested DeviceUUID: ", val)
                continue
            }
            stringDeviceUUID := parsedDeviceUUID.String()
            deviceSkeleton.ID = &stringDeviceUUID
        } else if key == "devicename" {
            deviceSkeleton.Name = val
        }
    }

    // If name not set, set to type
    if deviceSkeleton.Name == "" {
        deviceSkeleton.Name = deviceSkeleton.Type.String()
    }

    return deviceSkeleton
}

func (api *API) refreshAccessToken(w http.ResponseWriter, r *http.Request) (jwt.Token, error) {
    refreshCookie, err := r.Cookie("RefreshToken")
    if err != nil {
        log.Warn("[middleware] RefreshToken not found")
        return nil, err
    }

    // Validate Refresh Token
    refreshToken, err := api.Auth.ValidateJWTRefreshToken(refreshCookie.Value)
    if err != nil {
        http.SetCookie(w, &http.Cookie{Name: "AccessToken", Expires: time.Unix(0, 0)})
        http.SetCookie(w, &http.Cookie{Name: "RefreshToken", Expires: time.Unix(0, 0)})
        return nil, err
    }

    // Acquire User & Device (Trusted)
    did, ok := refreshToken.Get("did")
    if !ok {
        return nil, err
    }
    uid, ok := refreshToken.Get(jwt.SubjectKey)
    if !ok {
        return nil, err
    }
    deviceUUID, err := uuid.Parse(fmt.Sprintf("%v", did))
    if err != nil {
        return nil, err
    }
    userUUID, err := uuid.Parse(fmt.Sprintf("%v", uid))
    if err != nil {
        return nil, err
    }

    stringUserUUID := userUUID.String()
    stringDeviceUUID := deviceUUID.String()

    // Device & User Skeleton
    user := graphql.User{ID: &stringUserUUID}
    device := graphql.Device{ID: &stringDeviceUUID}

    // Update token
    accessTokenString, err := api.Auth.CreateJWTAccessToken(user, device)
    if err != nil {
        return nil, err
    }
    accessCookie := http.Cookie{Name: "AccessToken", Value: accessTokenString}
    http.SetCookie(w, &accessCookie)

    // TODO: Update Refresh Key & Token

    // Convert to jwt.Token
    accessTokenBytes := []byte(accessTokenString)
    accessToken, err := jwt.ParseBytes(accessTokenBytes)

    return accessToken, err
}

func trimQuotes(s string) string {
    if len(s) >= 2 {
        if s[0] == '"' && s[len(s)-1] == '"' {
            return s[1 : len(s)-1]
        }
    }
    return s
}
Finally Framework 2021-01-16 22:00:17 +00:00			`package api`
DB & Route Organization 2021-01-10 00:44:02 +00:00
			`import (`
Basic Access & Refresh Token 2021-01-18 21:16:52 +00:00			`"fmt"`
WIP 2021-01-12 04:48:32 +00:00			`"time"`
Basic Access & Refresh Token 2021-01-18 21:16:52 +00:00			`"strings"`
DB & Route Organization 2021-01-10 00:44:02 +00:00			`"net/http"`
Basic Access & Refresh Token 2021-01-18 21:16:52 +00:00			`"encoding/json"`
			`"github.com/google/uuid"`
			`log "github.com/sirupsen/logrus"`
Fix Formatting 2021-01-18 21:24:28 +00:00			`"github.com/lestrrat-go/jwx/jwt"`
Basic Access & Refresh Token 2021-01-18 21:16:52 +00:00
WIP 2021-01-12 04:48:32 +00:00			`"reichard.io/imagini/internal/models"`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`graphql "reichard.io/imagini/graph/model"`
DB & Route Organization 2021-01-10 00:44:02 +00:00			`)`

Finally Framework 2021-01-16 22:00:17 +00:00			`func (api API) loginHandler(w http.ResponseWriter, r http.Request) {`
Pre graphql 2021-02-01 23:24:09 +00:00			`w.Header().Set("Access-Control-Allow-Origin", "*")`
WIP 2021-01-12 04:48:32 +00:00			`if r.Method != http.MethodPost {`
Finally Framework 2021-01-16 22:00:17 +00:00			`errorJSON(w, "Method is not supported.", http.StatusMethodNotAllowed)`
WIP 2021-01-12 04:48:32 +00:00			`return`
			`}`

			`// Decode into Struct`
			`var creds models.APICredentials`
			`err := json.NewDecoder(r.Body).Decode(&creds)`
			`if err != nil {`
Finally Framework 2021-01-16 22:00:17 +00:00			`errorJSON(w, "Invalid parameters.", http.StatusBadRequest)`
WIP 2021-01-12 04:48:32 +00:00			`return`
			`}`

			`// Validate`
			`if creds.User == "" \|\| creds.Password == "" {`
Finally Framework 2021-01-16 22:00:17 +00:00			`errorJSON(w, "Invalid parameters.", http.StatusBadRequest)`
WIP 2021-01-12 04:48:32 +00:00			`return`
			`}`
DB & Route Organization 2021-01-10 00:44:02 +00:00
WIP 2021-01-12 04:48:32 +00:00			`// Do login`
Basic Access & Refresh Token 2021-01-18 21:16:52 +00:00			`resp, user := api.Auth.AuthenticateUser(creds)`
(WIP) Refresh & Access 2021-01-18 04:56:56 +00:00			`if !resp {`
Finally Framework 2021-01-16 22:00:17 +00:00			`errorJSON(w, "Invalid credentials.", http.StatusUnauthorized)`
(WIP) Refresh & Access 2021-01-18 04:56:56 +00:00			`return`
WIP 2021-01-12 04:48:32 +00:00			`}`
(WIP) Refresh & Access 2021-01-18 04:56:56 +00:00
More 2021-01-19 20:50:48 +00:00			`// Upsert device`
			`device, err := api.upsertRequestedDevice(user, r)`
			`if err != nil {`
			`log.Error("[api] loginHandler - Failed to upsert device: ", err)`
			`errorJSON(w, "DB error. Unable to proceed.", http.StatusUnauthorized)`
			`return`
			`}`
Basic Access & Refresh Token 2021-01-18 21:16:52 +00:00
			`// Create Tokens`
			`accessToken, err := api.Auth.CreateJWTAccessToken(user, device)`
			`refreshToken, err := api.Auth.CreateJWTRefreshToken(user, device)`
(WIP) Refresh & Access 2021-01-18 04:56:56 +00:00
			`// Set appropriate cookies`
Image Saving & Serving 2021-01-22 05:00:55 +00:00			`accessCookie := http.Cookie{Name: "AccessToken", Value: accessToken, Path: "/", HttpOnly: true}`
			`refreshCookie := http.Cookie{Name: "RefreshToken", Value: refreshToken, Path: "/", HttpOnly: true}`
(WIP) Refresh & Access 2021-01-18 04:56:56 +00:00			`http.SetCookie(w, &accessCookie)`
			`http.SetCookie(w, &refreshCookie)`

			`// Response success`
			`successJSON(w, "Login success.", http.StatusOK)`
DB & Route Organization 2021-01-10 00:44:02 +00:00			`}`

Finally Framework 2021-01-16 22:00:17 +00:00			`func (api API) logoutHandler(w http.ResponseWriter, r http.Request) {`
WIP 2021-01-12 04:48:32 +00:00			`if r.Method != http.MethodPost {`
			`http.Error(w, "Method is not supported.", http.StatusMethodNotAllowed)`
			`return`
			`}`

More 2021-01-19 20:50:48 +00:00			`// TODO: Reset Refresh Key`
WIP 2021-01-12 04:48:32 +00:00
More 2021-01-19 20:50:48 +00:00			`// Clear Cookies`
			`http.SetCookie(w, &http.Cookie{Name: "AccessToken", Expires: time.Unix(0, 0)})`
			`http.SetCookie(w, &http.Cookie{Name: "RefreshToken", Expires: time.Unix(0, 0)})`
DB & Route Organization 2021-01-10 00:44:02 +00:00
More 2021-01-19 20:50:48 +00:00			`successJSON(w, "Logout success.", http.StatusOK)`
DB & Route Organization 2021-01-10 00:44:02 +00:00			`}`
(WIP) Refresh & Access 2021-01-18 04:56:56 +00:00
More 2021-01-19 20:50:48 +00:00			`/**`
			`* This will find or create the requested device based on ID and User.`
			`**/`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`func (api API) upsertRequestedDevice(user graphql.User, r http.Request) (graphql.Device, error) {`
More 2021-01-19 20:50:48 +00:00			`requestedDevice := deriveRequestedDevice(r)`
			`requestedDevice.Type = deriveDeviceType(r)`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`requestedDevice.User.ID = user.ID`
More 2021-01-19 20:50:48 +00:00
GraphQL Framework 2021-02-02 20:34:10 +00:00			`if *requestedDevice.ID == "" {`
Pre graphql 2021-02-01 23:24:09 +00:00			`err := api.DB.CreateDevice(&requestedDevice)`
			`createdDevice, err := api.DB.Device(&requestedDevice)`
More 2021-01-19 20:50:48 +00:00			`return createdDevice, err`
			`}`

GraphQL Framework 2021-02-02 20:34:10 +00:00			`foundDevice, err := api.DB.Device(&graphql.Device{`
			`ID: requestedDevice.ID,`
			`User: &user,`
More 2021-01-19 20:50:48 +00:00			`})`

			`return foundDevice, err`
			`}`

GraphQL Framework 2021-02-02 20:34:10 +00:00			`func deriveDeviceType(r *http.Request) graphql.DeviceType {`
More 2021-01-19 20:50:48 +00:00			`userAgent := strings.ToLower(r.Header.Get("User-Agent"))`
			`if strings.HasPrefix(userAgent, "ios-imagini"){`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`return graphql.DeviceTypeIOs`
More 2021-01-19 20:50:48 +00:00			`} else if strings.HasPrefix(userAgent, "android-imagini"){`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`return graphql.DeviceTypeAndroid`
More 2021-01-19 20:50:48 +00:00			`} else if strings.HasPrefix(userAgent, "chrome"){`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`return graphql.DeviceTypeChrome`
More 2021-01-19 20:50:48 +00:00			`} else if strings.HasPrefix(userAgent, "firefox"){`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`return graphql.DeviceTypeFirefox`
More 2021-01-19 20:50:48 +00:00			`} else if strings.HasPrefix(userAgent, "msie"){`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`return graphql.DeviceTypeInternetExplorer`
More 2021-01-19 20:50:48 +00:00			`} else if strings.HasPrefix(userAgent, "edge"){`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`return graphql.DeviceTypeEdge`
More 2021-01-19 20:50:48 +00:00			`} else if strings.HasPrefix(userAgent, "safari"){`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`return graphql.DeviceTypeSafari`
More 2021-01-19 20:50:48 +00:00			`}`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`return graphql.DeviceTypeUnknown`
More 2021-01-19 20:50:48 +00:00			`}`

GraphQL Framework 2021-02-02 20:34:10 +00:00			`func deriveRequestedDevice(r *http.Request) graphql.Device {`
			`deviceSkeleton := graphql.Device{}`
More 2021-01-19 20:50:48 +00:00			`authHeader := r.Header.Get("X-Imagini-Authorization")`
			`splitAuthInfo := strings.Split(authHeader, ",")`

			`// For each Key - Value pair`
			`for i := range splitAuthInfo {`

			`// Split Key - Value`
			`item := strings.TrimSpace(splitAuthInfo[i])`
			`splitItem := strings.SplitN(item, "=", 2)`
			`if len(splitItem) != 2 {`
			`continue`
			`}`

			`// Derive Key`
			`key := strings.ToLower(strings.TrimSpace(splitItem[0]))`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`if key != "deviceid" && key != "devicename" {`
More 2021-01-19 20:50:48 +00:00			`continue`
			`}`

			`// Derive Value`
Another 2021-01-19 21:26:10 +00:00			`val := trimQuotes(strings.TrimSpace(splitItem[1]))`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`if key == "deviceid" {`
More 2021-01-19 20:50:48 +00:00			`parsedDeviceUUID, err := uuid.Parse(val)`
			`if err != nil {`
			`log.Warn("[auth] deriveRequestedDevice - Unable to parse requested DeviceUUID: ", val)`
			`continue`
			`}`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`stringDeviceUUID := parsedDeviceUUID.String()`
			`deviceSkeleton.ID = &stringDeviceUUID`
More 2021-01-19 20:50:48 +00:00			`} else if key == "devicename" {`
			`deviceSkeleton.Name = val`
			`}`
			`}`

			`// If name not set, set to type`
			`if deviceSkeleton.Name == "" {`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`deviceSkeleton.Name = deviceSkeleton.Type.String()`
More 2021-01-19 20:50:48 +00:00			`}`

			`return deviceSkeleton`
			`}`

Pre graphql 2021-02-01 23:24:09 +00:00			`func (api API) refreshAccessToken(w http.ResponseWriter, r http.Request) (jwt.Token, error) {`
			`refreshCookie, err := r.Cookie("RefreshToken")`
			`if err != nil {`
			`log.Warn("[middleware] RefreshToken not found")`
			`return nil, err`
			`}`

			`// Validate Refresh Token`
			`refreshToken, err := api.Auth.ValidateJWTRefreshToken(refreshCookie.Value)`
			`if err != nil {`
			`http.SetCookie(w, &http.Cookie{Name: "AccessToken", Expires: time.Unix(0, 0)})`
			`http.SetCookie(w, &http.Cookie{Name: "RefreshToken", Expires: time.Unix(0, 0)})`
			`return nil, err`
			`}`

			`// Acquire User & Device (Trusted)`
			`did, ok := refreshToken.Get("did")`
			`if !ok {`
			`return nil, err`
			`}`
			`uid, ok := refreshToken.Get(jwt.SubjectKey)`
			`if !ok {`
			`return nil, err`
			`}`
			`deviceUUID, err := uuid.Parse(fmt.Sprintf("%v", did))`
			`if err != nil {`
			`return nil, err`
			`}`
			`userUUID, err := uuid.Parse(fmt.Sprintf("%v", uid))`
			`if err != nil {`
			`return nil, err`
			`}`

GraphQL Framework 2021-02-02 20:34:10 +00:00			`stringUserUUID := userUUID.String()`
			`stringDeviceUUID := deviceUUID.String()`

Pre graphql 2021-02-01 23:24:09 +00:00			`// Device & User Skeleton`
GraphQL Framework 2021-02-02 20:34:10 +00:00			`user := graphql.User{ID: &stringUserUUID}`
			`device := graphql.Device{ID: &stringDeviceUUID}`
Pre graphql 2021-02-01 23:24:09 +00:00
			`// Update token`
			`accessTokenString, err := api.Auth.CreateJWTAccessToken(user, device)`
			`if err != nil {`
			`return nil, err`
			`}`
			`accessCookie := http.Cookie{Name: "AccessToken", Value: accessTokenString}`
			`http.SetCookie(w, &accessCookie)`

			`// TODO: Update Refresh Key & Token`

			`// Convert to jwt.Token`
			`accessTokenBytes := []byte(accessTokenString)`
			`accessToken, err := jwt.ParseBytes(accessTokenBytes)`

			`return accessToken, err`
			`}`

More 2021-01-19 20:50:48 +00:00			`func trimQuotes(s string) string {`
			`if len(s) >= 2 {`
			`if s[0] == '"' && s[len(s)-1] == '"' {`
			`return s[1 : len(s)-1]`
			`}`
			`}`
			`return s`
			`}`