Wooo API!

2021-02-04 05:16:13 -05:00
parent c39fe6ec24
commit 082f923482
18 changed files with 977 additions and 795 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -1,185 +1,175 @@
 package auth

 import (
-    "fmt"
-    "time"
-    "errors"
-    "encoding/json"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"time"

-    "gorm.io/gorm"
-    "github.com/google/uuid"
-    log "github.com/sirupsen/logrus"
-    "github.com/lestrrat-go/jwx/jwa"
-    "github.com/lestrrat-go/jwx/jwt"
+	"github.com/google/uuid"
+	"github.com/lestrrat-go/jwx/jwa"
+	"github.com/lestrrat-go/jwx/jwt"
+	log "github.com/sirupsen/logrus"
+	"gorm.io/gorm"

-    "reichard.io/imagini/graph/model"
-    "reichard.io/imagini/internal/db"
-    "reichard.io/imagini/internal/config"
-    "reichard.io/imagini/internal/session"
+	"reichard.io/imagini/graph/model"
+	"reichard.io/imagini/internal/config"
+	"reichard.io/imagini/internal/db"
 )

 type AuthManager struct {
-    DB      *db.DBManager
-    Config  *config.Config
-    Session *session.SessionManager
+	DB     *db.DBManager
+	Config *config.Config
 }

 func NewMgr(db *db.DBManager, c *config.Config) *AuthManager {
-    session := session.NewMgr()
-    return &AuthManager{
-        DB: db,
-        Config: c,
-        Session: session,
-    }
+	return &AuthManager{
+		DB:     db,
+		Config: c,
+	}
 }

-func (auth *AuthManager) AuthenticateUser(user, password string) (bool, model.User) {
-    // Search Objects
-    userByName := &model.User{}
-    userByName.Username = user
+func (auth *AuthManager) AuthenticateUser(user, password string) (model.User, bool) {
+	// Find User by Username / Email
+	foundUser := &model.User{Username: user}
+	_, err := auth.DB.User(foundUser)

-    foundUser, err := auth.DB.User(userByName)
-    if errors.Is(err, gorm.ErrRecordNotFound) {
-        userByEmail := &model.User{}
-        userByEmail.Email = user
-        foundUser, err = auth.DB.User(userByEmail)
-    }
+	// By Username
+	if errors.Is(err, gorm.ErrRecordNotFound) {
+		foundUser = &model.User{Email: user}
+		_, err = auth.DB.User(foundUser)
+	}

-    // Error Checking
-    if errors.Is(err, gorm.ErrRecordNotFound) {
-        log.Warn("[auth] User not found: ", user)
-        return false, foundUser
-    } else if err != nil {
-        log.Error(err)
-        return false, foundUser
-    }
+	// By Email
+	if errors.Is(err, gorm.ErrRecordNotFound) {
+		log.Warn("[auth] User not found: ", user)
+		return *foundUser, false
+	} else if err != nil {
+		log.Error(err)
+		return *foundUser, false
+	}

-    log.Info("[auth] Authenticating user: ", foundUser.Username)
+	log.Info("[auth] Authenticating user: ", foundUser.Username)

-    // Determine Type
-    switch foundUser.AuthType {
-    case "Local":
-        return authenticateLocalUser(foundUser, password), foundUser
-    case "LDAP":
-        return authenticateLDAPUser(foundUser, password), foundUser
-    default:
-        return false, foundUser
-    }
-}
-
-func (auth *AuthManager) getRole(user model.User) string {
-    // TODO: Lookup role of user
-    return "User"
+	// Determine Type
+	switch foundUser.AuthType {
+	case "Local":
+		return *foundUser, authenticateLocalUser(*foundUser, password)
+	case "LDAP":
+		return *foundUser, authenticateLDAPUser(*foundUser, password)
+	default:
+		return *foundUser, false
+	}
 }

 func (auth *AuthManager) ValidateJWTRefreshToken(refreshJWT string) (jwt.Token, error) {
-    byteRefreshJWT := []byte(refreshJWT)
+	byteRefreshJWT := []byte(refreshJWT)

-    // Acquire Relevant Device
-    unverifiedToken, err := jwt.ParseBytes(byteRefreshJWT)
-    did, ok := unverifiedToken.Get("did")
-    if !ok {
-        return nil, errors.New("did does not exist")
-    }
-    deviceID, err := uuid.Parse(fmt.Sprintf("%v", did))
-    if err != nil {
-        return nil, errors.New("did does not parse")
-    }
-    stringDeviceID := deviceID.String()
-    device, err := auth.DB.Device(&model.Device{ID: &stringDeviceID})
-    if err != nil {
-        return nil, err
-    }
+	// Acquire Relevant Device
+	unverifiedToken, err := jwt.ParseBytes(byteRefreshJWT)
+	did, ok := unverifiedToken.Get("did")
+	if !ok {
+		return nil, errors.New("did does not exist")
+	}
+	deviceID, err := uuid.Parse(fmt.Sprintf("%v", did))
+	if err != nil {
+		return nil, errors.New("did does not parse")
+	}
+	device := &model.Device{ID: deviceID.String()}
+	_, err = auth.DB.Device(device)
+	if err != nil {
+		return nil, err
+	}

-    // Verify & Validate Token
-    verifiedToken, err := jwt.ParseBytes(byteRefreshJWT,
-        jwt.WithValidate(true),
-        jwt.WithVerify(jwa.HS256, []byte(*device.RefreshKey)),
-    )
-    if err != nil {
-        fmt.Println("failed to parse payload: ", err)
-        return nil, err
-    }
-    return verifiedToken, nil
+	// Verify & Validate Token
+	verifiedToken, err := jwt.ParseBytes(byteRefreshJWT,
+		jwt.WithValidate(true),
+		jwt.WithVerify(jwa.HS256, []byte(*device.RefreshKey)),
+	)
+	if err != nil {
+		fmt.Println("failed to parse payload: ", err)
+		return nil, err
+	}
+	return verifiedToken, nil
 }

 func (auth *AuthManager) ValidateJWTAccessToken(accessJWT string) (jwt.Token, error) {
-    byteAccessJWT := []byte(accessJWT)
-    verifiedToken, err := jwt.ParseBytes(byteAccessJWT,
-        jwt.WithValidate(true),
-        jwt.WithVerify(jwa.HS256, []byte(auth.Config.JWTSecret)),
-    )
+	byteAccessJWT := []byte(accessJWT)
+	verifiedToken, err := jwt.ParseBytes(byteAccessJWT,
+		jwt.WithValidate(true),
+		jwt.WithVerify(jwa.HS256, []byte(auth.Config.JWTSecret)),
+	)

-    if err != nil {
-        return nil, err
-    }
+	if err != nil {
+		return nil, err
+	}

-    return verifiedToken, nil
+	return verifiedToken, nil
 }

 func (auth *AuthManager) CreateJWTRefreshToken(user model.User, device model.Device) (string, error) {
-    // Acquire Refresh Key
-    byteKey := []byte(*device.RefreshKey)
+	// Acquire Refresh Key
+	byteKey := []byte(*device.RefreshKey)

-    // Create New Token
-    tm := time.Now()
-    t := jwt.New()
-    t.Set(`did`, device.ID)          // Device ID
-    t.Set(jwt.SubjectKey, user.ID)   // User ID
-    t.Set(jwt.AudienceKey, `imagini`)     // App ID
-    t.Set(jwt.IssuedAtKey, tm)            // Issued At
+	// Create New Token
+	tm := time.Now()
+	t := jwt.New()
+	t.Set(`did`, device.ID)           // Device ID
+	t.Set(jwt.SubjectKey, user.ID)    // User ID
+	t.Set(jwt.AudienceKey, `imagini`) // App ID
+	t.Set(jwt.IssuedAtKey, tm)        // Issued At

-    // iOS & Android = Never Expiring Refresh Token
-    if device.Type != "iOS" && device.Type != "Android" {
-        t.Set(jwt.ExpirationKey, tm.Add(time.Hour * 24))    // 1 Day Access Key
-    }
+	// iOS & Android = Never Expiring Refresh Token
+	if device.Type != "iOS" && device.Type != "Android" {
+		t.Set(jwt.ExpirationKey, tm.Add(time.Hour*24)) // 1 Day Access Key
+	}

-    // Validate Token Creation
-    _, err := json.MarshalIndent(t, "", "  ")
-    if err != nil {
-        fmt.Printf("failed to generate JSON: %s\n", err)
-        return "", err
-    }
+	// Validate Token Creation
+	_, err := json.MarshalIndent(t, "", "  ")
+	if err != nil {
+		fmt.Printf("failed to generate JSON: %s\n", err)
+		return "", err
+	}

-    // Sign Token
-    signed, err := jwt.Sign(t, jwa.HS256, byteKey)
-    if err != nil {
-        log.Printf("failed to sign token: %s", err)
-        return "", err
-    }
+	// Sign Token
+	signed, err := jwt.Sign(t, jwa.HS256, byteKey)
+	if err != nil {
+		log.Printf("failed to sign token: %s", err)
+		return "", err
+	}

-    // Return Token
-    return string(signed), nil
+	// Return Token
+	return string(signed), nil
 }

 func (auth *AuthManager) CreateJWTAccessToken(user model.User, device model.Device) (string, error) {
-    // Create New Token
-    tm := time.Now()
-    t := jwt.New()
-    t.Set(`did`, device.ID)                    // Device ID
-    t.Set(`role`, auth.getRole(user))               // User Role (Admin / User)
-    t.Set(jwt.SubjectKey, user.ID)             // User ID
-    t.Set(jwt.AudienceKey, `imagini`)               // App ID
-    t.Set(jwt.IssuedAtKey, tm)                      // Issued At
-    t.Set(jwt.ExpirationKey, tm.Add(time.Hour * 2)) // 2 Hour Access Key
+	// Create New Token
+	tm := time.Now()
+	t := jwt.New()
+	t.Set(`did`, device.ID)                       // Device ID
+	t.Set(`role`, user.Role.String())             // User Role (Admin / User)
+	t.Set(jwt.SubjectKey, user.ID)                // User ID
+	t.Set(jwt.AudienceKey, `imagini`)             // App ID
+	t.Set(jwt.IssuedAtKey, tm)                    // Issued At
+	t.Set(jwt.ExpirationKey, tm.Add(time.Hour*2)) // 2 Hour Access Key

-    // Validate Token Creation
-    _, err := json.MarshalIndent(t, "", "  ")
-    if err != nil {
-        fmt.Printf("failed to generate JSON: %s\n", err)
-        return "", err
-    }
+	// Validate Token Creation
+	_, err := json.MarshalIndent(t, "", "  ")
+	if err != nil {
+		fmt.Printf("failed to generate JSON: %s\n", err)
+		return "", err
+	}

-    // Use Server Key
-    byteKey := []byte(auth.Config.JWTSecret)
+	// Use Server Key
+	byteKey := []byte(auth.Config.JWTSecret)

-    // Sign Token
-    signed, err := jwt.Sign(t, jwa.HS256, byteKey)
-    if err != nil {
-        log.Printf("failed to sign token: %s", err)
-        return "", err
-    }
+	// Sign Token
+	signed, err := jwt.Sign(t, jwa.HS256, byteKey)
+	if err != nil {
+		log.Printf("failed to sign token: %s", err)
+		return "", err
+	}

-    // Return Token
-    return string(signed), nil
+	// Return Token
+	return string(signed), nil
 }