updated handlers with the new view folder and testing how to validate jwt and cookies

the portal can now validate jwt tokens and return errors when needed
reworked how the views should be setup to make it cleaner and also starting to figure out how to work with the context with templ
2024-04-13 11:51:31 -07:00 · 2024-04-13 11:51:00 -07:00 · 2024-04-13 11:50:05 -07:00
15 changed files with 161 additions and 71 deletions
--- a/go.mod
+++ b/go.mod
@ -9,6 +9,7 @@ require (

 require (
 	github.com/a-h/templ v0.2.648
+	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/gorilla/sessions v1.2.2
 	github.com/labstack/echo-contrib v0.16.0
 	github.com/labstack/echo/v4 v4.11.4
--- a/go.sum
+++ b/go.sum
@ -6,6 +6,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
--- a/handlers/auth.go
+++ b/handlers/auth.go
@ -1,9 +1,10 @@
 package handlers

 import (
+	"log"
 	"net/http"
-	"templ-test/views"
 	"templ-test/views/auth"
+	"templ-test/views/home"

 	"github.com/labstack/echo/v4"
 )
@ -39,10 +40,17 @@ func (h *Handlers) AuthLoginPost(c echo.Context) error {
 	c.SetCookie(cookie)

 	// render
-	return Render(c, http.StatusOK, views.Home())
+	return Render(c, http.StatusOK, home.Home())
 }

 func (h *Handlers) AuthShowCookies(c echo.Context) error {
+	claims, err := ValidateJwt(c, h.cfg.SharedApiSecret, h.cfg.ApiServerUri)
+	if err != nil {
+		return Render(c, http.StatusInternalServerError, home.Error(err))
+	}
+	log.Println(claims)
+
 	cookies := GetCookieValues(c)
+
 	return Render(c, http.StatusOK, auth.ShowCookie(cookies))
 }
--- a/handlers/handler.go
+++ b/handlers/handler.go
@ -1,12 +1,15 @@
 package handlers

 import (
+	"errors"
 	"templ-test/client"
 	"templ-test/models"
 	"templ-test/services"
+	"time"

 	"github.com/a-h/templ"

+	"github.com/golang-jwt/jwt/v5"
 	"github.com/labstack/echo/v4"
 )

@ -32,7 +35,9 @@ func NewHandlerClient(api client.ApiClient, cfg services.EnvConfig) *Handlers {

 func (h *Handlers) Register(group echo.Group) {
 	group.GET("/", h.HomeHandler)
-	group.GET("/list", h.ListHandler)
+	group.GET("/settings", h.Settings)
+	group.POST("/settings", h.SettingsPost)
+	//group.GET("/list", h.ListHandler)

 	auth := group.Group("/auth")
 	auth.GET("/login", h.AuthLogin)
@ -46,6 +51,43 @@ func Render(ctx echo.Context, statusCode int, t templ.Component) error {
 	return t.Render(ctx.Request().Context(), ctx.Response().Writer)
 }

+type jwtToken struct {
+	Exp        time.Time `json:"exp"`
+	Iss        string    `json:"iss"`
+	Authorized bool      `json:"authorized"`
+	UserName   string    `json:"username"`
+	Scopes     []string  `json:"scopes"`
+	jwt.RegisteredClaims
+}
+
+func ValidateJwt(ctx echo.Context, sharedSecret, issuer string) (jwtToken, error) {
+	cookies := GetCookieValues(ctx)
+	if cookies.Token == "" {
+		return jwtToken{}, errors.New("JWT Bearer Token is missing")
+	}
+
+	token, err := jwt.ParseWithClaims(cookies.Token, &jwtToken{}, func(token *jwt.Token) (interface{}, error) {
+		return []byte(sharedSecret), nil
+	})
+	if err != nil {
+		return jwtToken{}, err
+	}
+
+	if !token.Valid {
+		return jwtToken{}, errors.New("invalid jwt token")
+	}
+	
+	claims := token.Claims.(*jwtToken)
+	if !claims.Exp.After(time.Now()) {
+		return jwtToken{}, errors.New("the jwt token has expired")
+	}
+	if claims.Iss != issuer {
+		return jwtToken{}, errors.New("the issuer was invalid")
+	}
+
+	return *claims, nil
+}
+
 func GetCookieValues(ctx echo.Context) models.AllCookies {
 	m := models.AllCookies{}

--- a/handlers/home.go
+++ b/handlers/home.go
@ -2,15 +2,25 @@ package handlers

 import (
 	"net/http"
-	"templ-test/views"
+	"templ-test/views/home"

 	"github.com/labstack/echo/v4"
 )

 func (h *Handlers) HomeHandler(c echo.Context) error {
-	return Render(c, http.StatusOK, views.Home())
+	return Render(c, http.StatusOK, home.Home())
 }

-func (h *Handlers) ListHandler(c echo.Context) error {
-	return Render(c, http.StatusOK, views.List())
-}
+func (h *Handlers) Settings(c echo.Context) error {
+	return Render(c, http.StatusOK, home.UserSettings())
+}
+
+func (h *Handlers) SettingsPost(c echo.Context) error {
+	// take in the updated values from he user and write the cookies... tbd
+
+	return Render(c, http.StatusOK, home.UserSettings())
+}
+
+//func (h *Handlers) ListHandler(c echo.Context) error {
+//	return Render(c, http.StatusOK, views.List())
+//}
--- a/services/config.go
+++ b/services/config.go
@ -8,8 +8,9 @@ import (
 )

 type EnvConfig struct {
-	ApiServerUri string
-	CookieSecret string
+	ApiServerUri    string
+	SharedApiSecret string
+	CookieSecret    string
 }

 func NewEnvConfig() EnvConfig {
@ -22,7 +23,8 @@ func NewEnvConfig() EnvConfig {
 	}

 	return EnvConfig{
-		ApiServerUri: os.Getenv("ApiServerUri"),
-		CookieSecret: os.Getenv("CookieSecret"),
+		ApiServerUri:    os.Getenv("ApiServerUri"),
+		SharedApiSecret: os.Getenv("SharedApiSecret"),
+		CookieSecret:    os.Getenv("CookieSecret"),
 	}
 }
--- a/views/auth/cookie.templ
+++ b/views/auth/cookie.templ
@ -1,10 +1,10 @@
 package auth

-import "templ-test/views"
 import "templ-test/models"
+import "templ-test/views/layout"

 templ ShowCookie(m models.AllCookies) {
-	@views.WithLayout("Cookie Explorer", true) {
+	@layout.Testing("Cookie Explorer") {
 		<h2>These are stored as cookies</h2>
 		<p>Username: { m.Username }</p>
 		<p>JWT Token: { m.Token }</p>
--- a/views/auth/login.templ
+++ b/views/auth/login.templ
@ -1,9 +1,9 @@
 package auth

-import "templ-test/views"
+import "templ-test/views/layout"

 templ AuthLogin() {
-	@views.WithLayout("Login", true) {
+	@layout.WithLayout("Login", true) {
 		<form hx-post="/auth/login">
 			<div class="mb-3">
 				<label for="username" class="form-label">Username</label>
@ -20,4 +20,4 @@ templ AuthLogin() {
 			<button type="submit" class="btn btn-primary">Submit</button>
 		</form>
 	}
-}
+}
--- a/views/home/error.templ
+++ b/views/home/error.templ
@ -0,0 +1,10 @@
+package home
+
+import "templ-test/views/layout"
+
+templ Error(message error) {
+	@layout.Testing("Error") {
+		<h1>Oops... :(</h1>
+		<h3>{ message.Error() } </h3>
+	}
+}
--- a/views/home/home.templ
+++ b/views/home/home.templ
@ -1,9 +1,10 @@
-package views
+package home

 import "templ-test/views/components/bootstrap"
+import "templ-test/views/layout"

 templ Home() {
-	@Testing("Home", true) {
+	@layout.WithLayout("Home", true) {
 		<p>
 			this should be above the alert
 		</p>
@ -14,9 +15,3 @@ templ Home() {

 	}
 }
-
-templ List() {
-	@Testing("Lists", true) {
-		
-	}
-}
--- a/views/home/settings.templ
+++ b/views/home/settings.templ
@ -0,0 +1,9 @@
+package home
+
+import "templ-test/views/layout"
+
+templ UserSettings() {
+	@layout.Testing("Settings") {
+		<h2>This is not ready yet</h2>
+	}
+}
--- a/views/layout/body.templ
+++ b/views/layout/body.templ
@ -0,0 +1,27 @@
+package layout
+
+templ WithLayout(pageName string, useDarkMode bool) {
+	<html>
+		@getHtmlHead()
+		<body>
+			@bootstrapNavBar()
+			@getBodyHeader(pageName)
+			<div class="container-fluid">
+				{ children... }
+			</div>
+		</body>
+	</html>
+}
+
+templ Testing(pageName string) {
+	<html>
+		@getHtmlHead()
+		<body>
+			@bootstrapNavBar()
+			@getBodyHeader(pageName)
+			<div class="container-fluid">
+				{ children... }
+			</div>
+		</body>
+	</html>
+}
--- a/views/layout/header.templ
+++ b/views/layout/header.templ
@ -0,0 +1,19 @@
+package layout
+
+templ getHtmlHead() {
+	<head>
+		<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous"/>
+		<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script>
+		<script src="https://unpkg.com/htmx.org@1.9.11" integrity="sha384-0gxUXCCR8yv9FM2b+U3FDbsKthCI66oH5IA9fHppQq9DDMHuMauqq1ZHBpJxQ0J0" crossorigin="anonymous"></script>
+		<meta charset="utf-8"/>
+		<meta name="twitter:card" content="fill in later"/>
+		<meta name="twitter:image" content=""/>
+		<meta name="og:image" content=""/>
+	</head>
+}
+
+templ getBodyHeader(pageName string) {
+	<header>
+		<h1>{ pageName }</h1>
+	</header>
+}
--- a/views/layout/navbar.templ
+++ b/views/layout/navbar.templ
@ -1,51 +1,7 @@
-package views
-
-templ WithLayout(pageName string, useDarkMode bool) {
-	<html>
-		@getHtmlHead()
-		<body>
-			@bootstrapNavBar()
-			@getBodyHeader(pageName)
-			<div class="container-fluid">
-				{ children... }
-			</div>
-		</body>
-	</html>
-}
-
-templ Testing(pageName string, useDarkMode bool) {
-	<html>
-		@getHtmlHead()
-		<body>
-			@bootstrapNavBar()
-			@getBodyHeader(pageName)
-			<div class="container-fluid">
-				{ children... }
-			</div>
-		</body>
-	</html>
-}
-
-templ getHtmlHead() {
-	<head>
-		<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous"/>
-		<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script>
-		<script src="https://unpkg.com/htmx.org@1.9.11" integrity="sha384-0gxUXCCR8yv9FM2b+U3FDbsKthCI66oH5IA9fHppQq9DDMHuMauqq1ZHBpJxQ0J0" crossorigin="anonymous"></script>
-		<meta charset="utf-8"/>
-		<meta name="twitter:card" content="fill in later"/>
-		<meta name="twitter:image" content=""/>
-		<meta name="og:image" content=""/>
-	</head>
-}
-
-templ getBodyHeader(pageName string) {
-	<header>
-		<h1>{ pageName }</h1>
-	</header>
-}
+package layout

 templ bootstrapNavBar() {
-	<nav class="navbar navbar-expand-lg bg-body-tertiary" data-bs-theme="dark">
+	<nav class="navbar navbar-expand-lg bg-body-tertiary" data-bs-theme={ useLightOrDarkTheme(ctx)}>
 		<div class="container-fluid">
 			<a class="navbar-brand" href="#">Navbar</a>
 			<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
--- a/views/layout/util.go
+++ b/views/layout/util.go
@ -0,0 +1,9 @@
+package layout
+
+import (
+	"context"
+)
+
+func useLightOrDarkTheme(ctx context.Context) string {
+	return "dark"
+}
Author	SHA1	Message	Date
James Tombleson	f955be507a	updated handlers with the new view folder and testing how to validate jwt and cookies	2024-04-13 11:51:31 -07:00
James Tombleson	04acb45c76	the portal can now validate jwt tokens and return errors when needed	2024-04-13 11:51:00 -07:00
James Tombleson	bdd9c8d963	reworked how the views should be setup to make it cleaner and also starting to figure out how to work with the context with templ	2024-04-13 11:50:05 -07:00