From 615f1184ab8c4ca4fe57ad10c3e66f662c09e59a Mon Sep 17 00:00:00 2001
From: James Tombleson <luther38@gmail.com>
Date: Sun, 31 Mar 2024 18:05:33 -0700
Subject: [PATCH] if a user provides the env admin token, a token will generate
 with god permissions

---
 api/handlers/v1/auth.go    | 45 +++++++++++++++++++++++++++++++++-----
 api/handlers/v1/handler.go |  7 ++++++
 2 files changed, 46 insertions(+), 6 deletions(-)

diff --git a/api/handlers/v1/auth.go b/api/handlers/v1/auth.go
index 93bcc98..d35d1bb 100644
--- a/api/handlers/v1/auth.go
+++ b/api/handlers/v1/auth.go
@@ -17,6 +17,7 @@ const (
 	ErrJwtClaimsMissing = "claims missing on token"
 	ErrJwtExpired       = "auth token has expired"
 	ErrJwtScopeMissing  = "required scope is missing"
+	ErrUserNotFound     = "requested user does not exist"
 )
 
 type JwtToken struct {
@@ -86,6 +87,24 @@ func (h *Handler) generateJwt(username string) (string, error) {
 	return tokenString, nil
 }
 
+func (h *Handler) generateAdminJwt(username string) (string, error) {
+	secret := []byte(h.Config.JwtSecret)
+
+	token := jwt.New(jwt.SigningMethodHS256)
+	claims := token.Claims.(jwt.MapClaims)
+	claims["exp"] = time.Now().Add(10 * time.Minute)
+	claims["authorized"] = true
+	claims["username"] = username
+	claims["scopes"] = domain.ScopeAll
+
+	tokenString, err := token.SignedString(secret)
+	if err != nil {
+		return "", err
+	}
+
+	return tokenString, nil
+}
+
 func (h *Handler) AuthRegister(c echo.Context) error {
 	username := c.QueryParam("username")
 	_, err := h.userRepo.GetByName(username)
@@ -124,29 +143,43 @@ func (h *Handler) AuthLogin(c echo.Context) error {
 	username := c.QueryParam("username")
 	password := c.QueryParam("password")
 
+	// Check to see if they are trying to login with the admin token
+	if username == "" {
+		if h.Config.AdminToken != password {
+			return h.ReturnUnauthorizedResponse(c, ErrUserNotFound)
+		}
+
+		token, err := h.generateAdminJwt("admin")
+		if err != nil {
+			return h.InternalServerErrorResponse(c, err.Error())
+		}
+
+		return c.JSON(http.StatusOK, token)
+	}
+
 	// check if the user exists
 	err := h.UserService.DoesUserExist(username)
 	if err != nil {
-		return c.JSON(http.StatusInternalServerError, err)
+		return h.InternalServerErrorResponse(c, err.Error())
 	}
 
 	// make sure the hash matches
 	err = h.UserService.DoesPasswordMatchHash(username, password)
 	if err != nil {
-		return c.JSON(http.StatusInternalServerError, err)
+		return h.InternalServerErrorResponse(c, err.Error())
 	}
 
 	token, err := h.generateJwt(username)
 	if err != nil {
-		return c.JSON(http.StatusInternalServerError, err)
+		return h.InternalServerErrorResponse(c, err.Error())
 	}
 
 	return c.JSON(http.StatusOK, token)
 }
 
-func (h *Handler) AddScope(c echo.Context) error {
-
-}
+//func (h *Handler) AddScope(c echo.Context) error {
+//
+//}
 
 func (h *Handler) RefreshJwtToken(c echo.Context) error {
 	return nil
diff --git a/api/handlers/v1/handler.go b/api/handlers/v1/handler.go
index 6ca447c..5268b45 100644
--- a/api/handlers/v1/handler.go
+++ b/api/handlers/v1/handler.go
@@ -65,3 +65,10 @@ func (h *Handler) ReturnUnauthorizedResponse(c echo.Context, message string) err
 		Message:  message,
 	})
 }
+
+func (h *Handler) InternalServerErrorResponse(c echo.Context, message string) error {
+	return c.JSON(http.StatusServiceUnavailable, domain.ErrorResponse{
+		HttpCode: http.StatusInternalServerError,
+		Message: message,
+	})
+}