GraphQL Framework

internal/auth/auth.go

@@ -14,6 +14,8 @@ import (
 
     "reichard.io/imagini/internal/db"
     "reichard.io/imagini/internal/config"
+
+    graphql "reichard.io/imagini/graph/model"
     "reichard.io/imagini/internal/models"
     "reichard.io/imagini/internal/session"
 )
@@ -33,11 +35,16 @@ func NewMgr(db *db.DBManager, c *config.Config) *AuthManager {
     }
 }
 
-func (auth *AuthManager) AuthenticateUser(creds models.APICredentials) (bool, models.User) {
-    // By Username
-    foundUser, err := auth.DB.User(&models.User{Username: creds.User})
+func (auth *AuthManager) AuthenticateUser(creds models.APICredentials) (bool, graphql.User) {
+    // Search Objects
+    userByName := &graphql.User{}
+    userByName.Username = creds.User
+
+    foundUser, err := auth.DB.User(userByName)
     if errors.Is(err, gorm.ErrRecordNotFound) {
-        foundUser, err = auth.DB.User(&models.User{Email: creds.User})
+        userByEmail := &graphql.User{}
+        userByEmail.Email = creds.User
+        foundUser, err = auth.DB.User(userByEmail)
     }
 
     // Error Checking
@@ -62,7 +69,7 @@ func (auth *AuthManager) AuthenticateUser(creds models.APICredentials) (bool, mo
     }
 }
 
-func (auth *AuthManager) getRole(user models.User) string {
+func (auth *AuthManager) getRole(user graphql.User) string {
     // TODO: Lookup role of user
     return "User"
 }
@@ -80,7 +87,8 @@ func (auth *AuthManager) ValidateJWTRefreshToken(refreshJWT string) (jwt.Token,
     if err != nil {
         return nil, errors.New("did does not parse")
     }
-    device, err := auth.DB.Device(&models.Device{Base: models.Base{UUID: deviceID}})
+    stringDeviceID := deviceID.String()
+    device, err := auth.DB.Device(&graphql.Device{ID: &stringDeviceID})
     if err != nil {
         return nil, err
     }
@@ -88,7 +96,7 @@ func (auth *AuthManager) ValidateJWTRefreshToken(refreshJWT string) (jwt.Token,
     // Verify & Validate Token
     verifiedToken, err := jwt.ParseBytes(byteRefreshJWT,
         jwt.WithValidate(true),
-        jwt.WithVerify(jwa.HS256, []byte(device.RefreshKey)),
+        jwt.WithVerify(jwa.HS256, []byte(*device.RefreshKey)),
     )
     if err != nil {
         fmt.Println("failed to parse payload: ", err)
@@ -111,17 +119,17 @@ func (auth *AuthManager) ValidateJWTAccessToken(accessJWT string) (jwt.Token, er
     return verifiedToken, nil
 }
 
-func (auth *AuthManager) CreateJWTRefreshToken(user models.User, device models.Device) (string, error) {
+func (auth *AuthManager) CreateJWTRefreshToken(user graphql.User, device graphql.Device) (string, error) {
     // Acquire Refresh Key
-    byteKey := []byte(device.RefreshKey)
+    byteKey := []byte(*device.RefreshKey)
 
     // Create New Token
     tm := time.Now()
     t := jwt.New()
-    t.Set(`did`, device.UUID.String())          // Device ID
-    t.Set(jwt.SubjectKey, user.UUID.String())   // User ID
-    t.Set(jwt.AudienceKey, `imagini`)           // App ID
-    t.Set(jwt.IssuedAtKey, tm)                  // Issued At
+    t.Set(`did`, device.ID)          // Device ID
+    t.Set(jwt.SubjectKey, user.ID)   // User ID
+    t.Set(jwt.AudienceKey, `imagini`)     // App ID
+    t.Set(jwt.IssuedAtKey, tm)            // Issued At
 
     // iOS & Android = Never Expiring Refresh Token
     if device.Type != "iOS" && device.Type != "Android" {
@@ -146,16 +154,16 @@ func (auth *AuthManager) CreateJWTRefreshToken(user models.User, device models.D
     return string(signed), nil
 }
 
-func (auth *AuthManager) CreateJWTAccessToken(user models.User, device models.Device) (string, error) {
+func (auth *AuthManager) CreateJWTAccessToken(user graphql.User, device graphql.Device) (string, error) {
     // Create New Token
     tm := time.Now()
     t := jwt.New()
-    t.Set(`did`, device.UUID.String())                  // Device ID
-    t.Set(`role`, auth.getRole(user))                   // User Role (Admin / User)
-    t.Set(jwt.SubjectKey, user.UUID.String())           // User ID
-    t.Set(jwt.AudienceKey, `imagini`)                   // App ID
-    t.Set(jwt.IssuedAtKey, tm)                          // Issued At
-    t.Set(jwt.ExpirationKey, tm.Add(time.Hour * 2))     // 2 Hour Access Key
+    t.Set(`did`, device.ID)                    // Device ID
+    t.Set(`role`, auth.getRole(user))               // User Role (Admin / User)
+    t.Set(jwt.SubjectKey, user.ID)             // User ID
+    t.Set(jwt.AudienceKey, `imagini`)               // App ID
+    t.Set(jwt.IssuedAtKey, tm)                      // Issued At
+    t.Set(jwt.ExpirationKey, tm.Add(time.Hour * 2)) // 2 Hour Access Key
 
     // Validate Token Creation
     _, err := json.MarshalIndent(t, "", "  ")

internal/auth/ldap.go

@@ -1,9 +1,9 @@
 package auth
 
 import (
-    "reichard.io/imagini/internal/models"
+    "reichard.io/imagini/graph/model"
 )
 
-func authenticateLDAPUser(user models.User, pw string) bool {
+func authenticateLDAPUser(user model.User, pw string) bool {
     return false
 }

internal/auth/local.go

@@ -3,12 +3,12 @@ package auth
 import (
     "golang.org/x/crypto/bcrypt"
     log "github.com/sirupsen/logrus"
-    "reichard.io/imagini/internal/models"
+    "reichard.io/imagini/graph/model"
 )
 
-func authenticateLocalUser(user models.User, pw string) bool {
+func authenticateLocalUser(user model.User, pw string) bool {
     bPassword :=[]byte(pw)
-    err := bcrypt.CompareHashAndPassword([]byte(user.Password), bPassword)
+    err := bcrypt.CompareHashAndPassword([]byte(*user.Password), bPassword)
     if err == nil {
         log.Info("[auth] Authentication successfull: ", user.Username)
         return true