package api import ( "context" "fmt" "log" "math/rand" "net/http" "strings" "time" "git.freecumextremist.com/grumbulon/pomme/internal" "git.freecumextremist.com/grumbulon/pomme/internal/db" "github.com/go-chi/chi/v5" "github.com/go-chi/render" "github.com/go-pkgz/auth" "github.com/go-pkgz/auth/avatar" "github.com/go-pkgz/auth/provider" "github.com/go-pkgz/auth/token" "golang.org/x/crypto/bcrypt" "gorm.io/gorm" ) func SetDBMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { db := db.InitDb() timeoutContext, _ := context.WithTimeout(context.Background(), time.Second) ctx := context.WithValue(r.Context(), "DB", db.WithContext(timeoutContext)) next.ServeHTTP(w, r.WithContext(ctx)) }) } // API handler func Api() (api *chi.Mux) { options := auth.Opts{ SecretReader: token.SecretFunc(func(id string) (string, error) { // secret key for JWT return "secret", nil }), TokenDuration: time.Minute * 5, // token expires in 5 minutes CookieDuration: time.Hour * 24, // cookie expires in 1 day and will enforce re-login Issuer: "pomme", URL: "http://127.0.0.1:8080", AvatarStore: avatar.NewLocalFS("/tmp"), Validator: token.ValidatorFunc(func(_ string, claims token.Claims) bool { // allow only dev_* names return claims.User != nil && strings.HasPrefix(claims.User.Name, "dev_") }), } service := auth.NewService(options) service.AddDirectProvider("local", provider.CredCheckerFunc(func(user, password string) (ok bool, err error) { return ok, err })) m := service.Middleware() api = chi.NewRouter() api.Use(SetDBMiddleware) api.With(SetDBMiddleware).Post("/create", NewUser) api.With(SetDBMiddleware).Post("/login", Login) api.Post("/check", Ingest) api.With(m.Auth).Get("/private", AuthTest) authRoutes, avaRoutes := service.Handlers() api.Mount("/auth", authRoutes) // add auth handlers api.Mount("/avatar", avaRoutes) // add avatar handler return } func Ingest(w http.ResponseWriter, r *http.Request) { data := &internal.ZoneRequest{} log.Println(data) if err := render.Bind(r, data); err != nil { http.Error(w, "Unable to parse Zonefile", http.StatusBadRequest) return } zonefile := data.Zone render.Status(r, http.StatusAccepted) render.Render(w, r, internal.NewZoneResponse(zonefile)) // todo write to database, maybe? // todo -- add functions to apply to master zonefile if above check is OK } func NewUser(w http.ResponseWriter, r *http.Request) { db, ok := r.Context().Value("DB").(*gorm.DB) if !ok { http.Error(w, "internal server error", http.StatusInternalServerError) } var result internal.User r.ParseForm() username := r.Form.Get("username") if username == "" { username = autoUname() } password := r.Form.Get("password") if password == "" { http.Error(w, "No password entered", http.StatusInternalServerError) } db.Where("username = ?", username).First(&result) if result.Username != "" { http.Error(w, "User already exists", http.StatusInternalServerError) return } hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) } db.Create(&internal.User{Username: username, HashedPassword: string(hashedPassword)}) w.Write([]byte(username)) w.Write([]byte("\n")) w.Write(hashedPassword) w.WriteHeader(200) } func Login(w http.ResponseWriter, r *http.Request) { var result internal.User r.ParseForm() username := r.Form.Get("username") if username == "" { username = autoUname() } password := r.Form.Get("password") if password == "" { http.Error(w, "No password provided", http.StatusInternalServerError) // this should prob be handled by the frontend } db, ok := r.Context().Value("DB").(*gorm.DB) if !ok { http.Error(w, "internal server error", http.StatusInternalServerError) return } db.Model(internal.User{Username: username}).First(&result) err := bcrypt.CompareHashAndPassword([]byte(result.HashedPassword), []byte(password)) if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } w.WriteHeader(208) } func autoUname() string { rand.Seed(time.Now().UnixNano()) return fmt.Sprintf("user%d", rand.Intn(99999-00000)) } func AuthTest(w http.ResponseWriter, r *http.Request) { w.Write([]byte("██████████")) }