go-cook/api/handlers/v1/auth.go

package v1

import (
	"errors"
	"go-cook/api/domain"
	"go-cook/api/repositories"
	"net/http"

	"github.com/golang-jwt/jwt/v5"
	"github.com/labstack/echo/v4"
)

const (
	ErrJwtMissing            = "auth token is missing"
	ErrJwtClaimsMissing      = "claims missing on token"
	ErrJwtExpired            = "auth token has expired"
	ErrJwtScopeMissing       = "required scope is missing"
	ErrUserNotFound          = "requested user does not exist"
	ErrUsernameAlreadyExists = "the requested username already exists"
)

func (h *Handler) AuthRegister(c echo.Context) error {
	username := c.FormValue("username")
	password := c.FormValue("password")

	//username := c.QueryParam("username")
	exists, err := h.userRepo.GetByName(username)
	if err != nil {
		// if we have an err, validate that if its not user not found.
		// if the user is not found, we can use that name
		if err.Error() != repositories.ErrUserNotFound {
			return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{

				Message: err.Error(),
				Success: true,
			})
		}
	}
	if exists.Name == username {
		return h.InternalServerErrorResponse(c, ErrUsernameAlreadyExists)
	}

	//password := c.QueryParam("password")
	err = h.UserService.CheckPasswordForRequirements(password)
	if err != nil {
		return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{
			Success: false,
			Message: err.Error(),
		})
	}

	_, err = h.userRepo.Create(username, password, domain.ScopeRecipeRead)
	if err != nil {
		return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{
			Success: false,
			Message: err.Error(),
		})
	}

	return nil
}

func (h *Handler) AuthLogin(c echo.Context) error {
	username := c.FormValue("name")
	password := c.FormValue("password")

	// Check to see if they are trying to login with the admin token
	if username == "" {
		return h.validateAdminToken(c, password)
	}

	// check if the user exists
	err := h.UserService.DoesUserExist(username)
	if err != nil {
		return h.InternalServerErrorResponse(c, err.Error())
	}

	// make sure the hash matches
	err = h.UserService.DoesPasswordMatchHash(username, password)
	if err != nil {
		return h.InternalServerErrorResponse(c, err.Error())
	}

	token, err := h.generateJwt(username)
	if err != nil {
		return h.InternalServerErrorResponse(c, err.Error())
	}

	return c.JSON(http.StatusOK, token)
}

func (h *Handler) validateAdminToken(c echo.Context, password string) error {
	if h.Config.AdminToken != password {
		return h.ReturnUnauthorizedResponse(c, ErrUserNotFound)
	}

	token, err := h.generateAdminJwt("admin")
	if err != nil {
		return h.InternalServerErrorResponse(c, err.Error())
	}

	return c.JSON(http.StatusOK, token)
}

func (h *Handler) AddScope(c echo.Context) error {
	token, err := h.getJwtToken(c)
	if err != nil {
		return h.ReturnUnauthorizedResponse(c, err.Error())
	}

	err = token.IsValid(domain.ScopeAll)
	if err != nil {
		return h.ReturnUnauthorizedResponse(c, err.Error())
	}

	request := domain.AddScopeRequest{}
	err = (&echo.DefaultBinder{}).BindBody(c, &request)
	if err != nil {
		return c.JSON(http.StatusBadRequest, domain.ErrorResponse{
			Success: false,
			Message: err.Error(),
		})
	}

	err = h.UserService.AddScopes(request.Username, request.Scopes)
	if err != nil {
		return h.InternalServerErrorResponse(c, err.Error())
	}

	return c.JSON(http.StatusOK, domain.ErrorResponse{
		Success: true,
	})
}

func (h *Handler) RemoveScope(c echo.Context) error {
	return c.JSON(http.StatusOK, domain.ErrorResponse{
		Success: false,
		Message: "Not Implemented",
	})
}

func (h *Handler) RefreshJwtToken(c echo.Context) error {
	return nil
}

func (h *Handler) getJwtToken(c echo.Context) (JwtToken, error) {
	// Make sure that the request came with a jwtToken
	token, ok := c.Get("user").(*jwt.Token)
	if !ok {
		return JwtToken{}, errors.New(ErrJwtMissing)
	}

	// Generate the claims from the token
	claims, ok := token.Claims.(*JwtToken)
	if !ok {
		return JwtToken{}, errors.New(ErrJwtClaimsMissing)
	}

	return *claims, nil
}
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`package v1`

			`import (`
The jwt token is now checked to see if it expires and will return an error 2024-03-29 14:49:57 -07:00			`"errors"`
mostly reworking how the JWT is processed 2024-03-31 17:49:09 -07:00			`"go-cook/api/domain"`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`"go-cook/api/repositories"`
			`"net/http"`

			`"github.com/golang-jwt/jwt/v5"`
			`"github.com/labstack/echo/v4"`
			`)`

The jwt token is now checked to see if it expires and will return an error 2024-03-29 14:49:57 -07:00			`const (`
auth now uses UrlFormEncoded like it should 2024-04-01 17:50:07 -07:00			`ErrJwtMissing = "auth token is missing"`
			`ErrJwtClaimsMissing = "claims missing on token"`
			`ErrJwtExpired = "auth token has expired"`
			`ErrJwtScopeMissing = "required scope is missing"`
			`ErrUserNotFound = "requested user does not exist"`
found a bug that would let the same username get used over and over 2024-04-01 17:48:38 -07:00			`ErrUsernameAlreadyExists = "the requested username already exists"`
The jwt token is now checked to see if it expires and will return an error 2024-03-29 14:49:57 -07:00			`)`

playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`func (h *Handler) AuthRegister(c echo.Context) error {`
found a bug that would let the same username get used over and over 2024-04-01 17:48:38 -07:00			`username := c.FormValue("username")`
			`password := c.FormValue("password")`

			`//username := c.QueryParam("username")`
			`exists, err := h.userRepo.GetByName(username)`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`if err != nil {`
			`// if we have an err, validate that if its not user not found.`
			`// if the user is not found, we can use that name`
			`if err.Error() != repositories.ErrUserNotFound {`
mostly reworking how the JWT is processed 2024-03-31 17:49:09 -07:00			`return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{`
scopes/add now requires jwt and minor ez response methods 2024-04-03 16:12:18 -07:00
			`Message: err.Error(),`
			`Success: true,`
The jwt token is now checked to see if it expires and will return an error 2024-03-29 14:49:57 -07:00			`})`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`}`
			`}`
found a bug that would let the same username get used over and over 2024-04-01 17:48:38 -07:00			`if exists.Name == username {`
			`return h.InternalServerErrorResponse(c, ErrUsernameAlreadyExists)`
			`}`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00
found a bug that would let the same username get used over and over 2024-04-01 17:48:38 -07:00			`//password := c.QueryParam("password")`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`err = h.UserService.CheckPasswordForRequirements(password)`
			`if err != nil {`
mostly reworking how the JWT is processed 2024-03-31 17:49:09 -07:00			`return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{`
scopes/add now requires jwt and minor ez response methods 2024-04-03 16:12:18 -07:00			`Success: false,`
			`Message: err.Error(),`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`})`
			`}`

found a bug that would let the same username get used over and over 2024-04-01 17:48:38 -07:00			`_, err = h.userRepo.Create(username, password, domain.ScopeRecipeRead)`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`if err != nil {`
mostly reworking how the JWT is processed 2024-03-31 17:49:09 -07:00			`return c.JSON(http.StatusInternalServerError, domain.ErrorResponse{`
scopes/add now requires jwt and minor ez response methods 2024-04-03 16:12:18 -07:00			`Success: false,`
			`Message: err.Error(),`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`})`
			`}`

			`return nil`
			`}`

			`func (h *Handler) AuthLogin(c echo.Context) error {`
auth now uses UrlFormEncoded like it should 2024-04-01 17:50:07 -07:00			`username := c.FormValue("name")`
			`password := c.FormValue("password")`
The jwt token is now checked to see if it expires and will return an error 2024-03-29 14:49:57 -07:00
if a user provides the env admin token, a token will generate with god permissions 2024-03-31 18:05:33 -07:00			`// Check to see if they are trying to login with the admin token`
			`if username == "" {`
adminToken validation now has its own method 2024-03-31 18:10:53 -07:00			`return h.validateAdminToken(c, password)`
if a user provides the env admin token, a token will generate with god permissions 2024-03-31 18:05:33 -07:00			`}`

playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`// check if the user exists`
auth now uses UrlFormEncoded like it should 2024-04-01 17:50:07 -07:00			`err := h.UserService.DoesUserExist(username)`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`if err != nil {`
if a user provides the env admin token, a token will generate with god permissions 2024-03-31 18:05:33 -07:00			`return h.InternalServerErrorResponse(c, err.Error())`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`}`

			`// make sure the hash matches`
			`err = h.UserService.DoesPasswordMatchHash(username, password)`
			`if err != nil {`
if a user provides the env admin token, a token will generate with god permissions 2024-03-31 18:05:33 -07:00			`return h.InternalServerErrorResponse(c, err.Error())`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`}`

mostly reworking how the JWT is processed 2024-03-31 17:49:09 -07:00			`token, err := h.generateJwt(username)`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`if err != nil {`
if a user provides the env admin token, a token will generate with god permissions 2024-03-31 18:05:33 -07:00			`return h.InternalServerErrorResponse(c, err.Error())`
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`}`

			`return c.JSON(http.StatusOK, token)`
			`}`

adminToken validation now has its own method 2024-03-31 18:10:53 -07:00			`func (h *Handler) validateAdminToken(c echo.Context, password string) error {`
			`if h.Config.AdminToken != password {`
			`return h.ReturnUnauthorizedResponse(c, ErrUserNotFound)`
			`}`

			`token, err := h.generateAdminJwt("admin")`
			`if err != nil {`
			`return h.InternalServerErrorResponse(c, err.Error())`
			`}`

			`return c.JSON(http.StatusOK, token)`
			`}`

scopes/add now requires jwt and minor ez response methods 2024-04-03 16:12:18 -07:00			`func (h *Handler) AddScope(c echo.Context) error {`
			`token, err := h.getJwtToken(c)`
			`if err != nil {`
			`return h.ReturnUnauthorizedResponse(c, err.Error())`
			`}`

			`err = token.IsValid(domain.ScopeAll)`
			`if err != nil {`
			`return h.ReturnUnauthorizedResponse(c, err.Error())`
			`}`

			`request := domain.AddScopeRequest{}`
			`err = (&echo.DefaultBinder{}).BindBody(c, &request)`
			`if err != nil {`
			`return c.JSON(http.StatusBadRequest, domain.ErrorResponse{`
			`Success: false,`
			`Message: err.Error(),`
			`})`
			`}`

			`err = h.UserService.AddScopes(request.Username, request.Scopes)`
			`if err != nil {`
			`return h.InternalServerErrorResponse(c, err.Error())`
			`}`

			`return c.JSON(http.StatusOK, domain.ErrorResponse{`
			`Success: true,`
			`})`
			`}`

			`func (h *Handler) RemoveScope(c echo.Context) error {`
			`return c.JSON(http.StatusOK, domain.ErrorResponse{`
			`Success: false,`
			`Message: "Not Implemented",`
			`})`
			`}`
mostly reworking how the JWT is processed 2024-03-31 17:49:09 -07:00
playing with the handler to get jwt working 2024-03-26 17:54:22 -07:00			`func (h *Handler) RefreshJwtToken(c echo.Context) error {`
			`return nil`
			`}`
The jwt token is now checked to see if it expires and will return an error 2024-03-29 14:49:57 -07:00
			`func (h *Handler) getJwtToken(c echo.Context) (JwtToken, error) {`
			`// Make sure that the request came with a jwtToken`
			`token, ok := c.Get("user").(*jwt.Token)`
			`if !ok {`
			`return JwtToken{}, errors.New(ErrJwtMissing)`
			`}`

			`// Generate the claims from the token`
			`claims, ok := token.Claims.(*JwtToken)`
			`if !ok {`
			`return JwtToken{}, errors.New(ErrJwtClaimsMissing)`
			`}`

			`return *claims, nil`
			`}`