mirror of
https://git.freecumextremist.com/grumbulon/pomme.git
synced 2024-10-31 22:40:35 +00:00
116 lines
3.1 KiB
Go
116 lines
3.1 KiB
Go
package api
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
"math/rand"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"git.freecumextremist.com/grumbulon/pomme/internal"
|
|
"git.freecumextremist.com/grumbulon/pomme/internal/db"
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/render"
|
|
"github.com/go-pkgz/auth"
|
|
"github.com/go-pkgz/auth/avatar"
|
|
"github.com/go-pkgz/auth/provider"
|
|
"github.com/go-pkgz/auth/token"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// API handler
|
|
func Api() (api *chi.Mux) {
|
|
options := auth.Opts{
|
|
SecretReader: token.SecretFunc(func(id string) (string, error) { // secret key for JWT
|
|
return "secret", nil
|
|
}),
|
|
TokenDuration: time.Minute * 5, // token expires in 5 minutes
|
|
CookieDuration: time.Hour * 24, // cookie expires in 1 day and will enforce re-login
|
|
Issuer: "pomme",
|
|
URL: "http://127.0.0.1:8080",
|
|
AvatarStore: avatar.NewLocalFS("/tmp"),
|
|
Validator: token.ValidatorFunc(func(_ string, claims token.Claims) bool {
|
|
// allow only dev_* names
|
|
return claims.User != nil && strings.HasPrefix(claims.User.Name, "dev_")
|
|
}),
|
|
}
|
|
service := auth.NewService(options)
|
|
service.AddDirectProvider("local", provider.CredCheckerFunc(func(user, password string) (ok bool, err error) {
|
|
ok, err = Login(user, password)
|
|
return ok, err
|
|
}))
|
|
|
|
m := service.Middleware()
|
|
|
|
api = chi.NewRouter()
|
|
|
|
api.Get("/create", NewUser)
|
|
api.Post("/check", Ingest)
|
|
api.With(m.Auth).Get("/private", AuthTest)
|
|
authRoutes, avaRoutes := service.Handlers()
|
|
api.Mount("/auth", authRoutes) // add auth handlers
|
|
api.Mount("/avatar", avaRoutes) // add avatar handler
|
|
|
|
return
|
|
}
|
|
|
|
func Ingest(w http.ResponseWriter, r *http.Request) {
|
|
data := &internal.ZoneRequest{}
|
|
log.Println(data)
|
|
if err := render.Bind(r, data); err != nil {
|
|
http.Error(w, "Unable to parse Zonefile", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
zonefile := data.Zone
|
|
render.Status(r, http.StatusAccepted)
|
|
render.Render(w, r, internal.NewZoneResponse(zonefile))
|
|
// todo write to database, maybe?
|
|
|
|
// todo -- add functions to apply to master zonefile if above check is OK
|
|
}
|
|
|
|
func NewUser(w http.ResponseWriter, r *http.Request) {
|
|
r.ParseForm()
|
|
username := r.Form.Get("username")
|
|
if username == "" {
|
|
username = autoUname()
|
|
}
|
|
password := r.Form.Get("password")
|
|
if password == "" {
|
|
password = "nigga" //testing purposes
|
|
}
|
|
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
db := db.InitDb()
|
|
db.Create(&internal.User{Username: username, HashedPassword: string(hashedPassword)})
|
|
|
|
w.Write([]byte(username))
|
|
w.Write([]byte("██████████"))
|
|
w.Write(hashedPassword)
|
|
}
|
|
|
|
func Login(username, password string) (bool, error) {
|
|
username = "user22457"
|
|
password = "nigga" //testing purposes
|
|
|
|
hashedpassword := "$2a$10$uISHvOh/1Thfri1sJQNVmeWHIbIo/V.OmcpQV7UyIoyOwKSnhODtC"
|
|
|
|
err := bcrypt.CompareHashAndPassword([]byte(hashedpassword), []byte(password))
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return true, err
|
|
}
|
|
|
|
func autoUname() string {
|
|
rand.Seed(time.Now().UnixNano())
|
|
return fmt.Sprintf("user%d", rand.Intn(99999-00000))
|
|
}
|
|
|
|
func AuthTest(w http.ResponseWriter, r *http.Request) {
|
|
w.Write([]byte("██████████"))
|
|
}
|