mirror of
https://git.freecumextremist.com/grumbulon/pomme.git
synced 2024-06-26 08:36:06 +00:00
157 lines
4.3 KiB
Go
157 lines
4.3 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"math/rand"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"git.freecumextremist.com/grumbulon/pomme/internal"
|
|
"git.freecumextremist.com/grumbulon/pomme/internal/db"
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/render"
|
|
"github.com/go-pkgz/auth"
|
|
"github.com/go-pkgz/auth/avatar"
|
|
"github.com/go-pkgz/auth/provider"
|
|
"github.com/go-pkgz/auth/token"
|
|
"golang.org/x/crypto/bcrypt"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
func SetDBMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
db := db.InitDb()
|
|
timeoutContext, _ := context.WithTimeout(context.Background(), time.Second)
|
|
ctx := context.WithValue(r.Context(), "DB", db.WithContext(timeoutContext))
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
})
|
|
}
|
|
|
|
// API handler
|
|
func Api() (api *chi.Mux) {
|
|
options := auth.Opts{
|
|
SecretReader: token.SecretFunc(func(id string) (string, error) { // secret key for JWT
|
|
return "secret", nil
|
|
}),
|
|
TokenDuration: time.Minute * 5, // token expires in 5 minutes
|
|
CookieDuration: time.Hour * 24, // cookie expires in 1 day and will enforce re-login
|
|
Issuer: "pomme",
|
|
URL: "http://127.0.0.1:8080",
|
|
AvatarStore: avatar.NewLocalFS("/tmp"),
|
|
Validator: token.ValidatorFunc(func(_ string, claims token.Claims) bool {
|
|
// allow only dev_* names
|
|
return claims.User != nil && strings.HasPrefix(claims.User.Name, "dev_")
|
|
}),
|
|
}
|
|
service := auth.NewService(options)
|
|
service.AddDirectProvider("local", provider.CredCheckerFunc(func(user, password string) (ok bool, err error) {
|
|
return ok, err
|
|
}))
|
|
|
|
m := service.Middleware()
|
|
|
|
api = chi.NewRouter()
|
|
api.Use(SetDBMiddleware)
|
|
api.With(SetDBMiddleware).Post("/create", NewUser)
|
|
api.With(SetDBMiddleware).Post("/login", Login)
|
|
api.Post("/check", Ingest)
|
|
api.With(m.Auth).Get("/private", AuthTest)
|
|
authRoutes, avaRoutes := service.Handlers()
|
|
api.Mount("/auth", authRoutes) // add auth handlers
|
|
api.Mount("/avatar", avaRoutes) // add avatar handler
|
|
|
|
return
|
|
}
|
|
|
|
func Ingest(w http.ResponseWriter, r *http.Request) {
|
|
data := &internal.ZoneRequest{}
|
|
log.Println(data)
|
|
if err := render.Bind(r, data); err != nil {
|
|
http.Error(w, "Unable to parse Zonefile", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
zonefile := data.Zone
|
|
render.Status(r, http.StatusAccepted)
|
|
render.Render(w, r, internal.NewZoneResponse(zonefile))
|
|
// todo write to database, maybe?
|
|
|
|
// todo -- add functions to apply to master zonefile if above check is OK
|
|
}
|
|
|
|
func NewUser(w http.ResponseWriter, r *http.Request) {
|
|
db, ok := r.Context().Value("DB").(*gorm.DB)
|
|
if !ok {
|
|
http.Error(w, "internal server error", http.StatusInternalServerError)
|
|
}
|
|
|
|
var result internal.User
|
|
|
|
r.ParseForm()
|
|
username := r.Form.Get("username")
|
|
if username == "" {
|
|
username = autoUname()
|
|
}
|
|
password := r.Form.Get("password")
|
|
if password == "" {
|
|
http.Error(w, "No password entered", http.StatusInternalServerError)
|
|
}
|
|
db.Where("username = ?", username).First(&result)
|
|
|
|
if result.Username != "" {
|
|
http.Error(w, "User already exists", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
}
|
|
|
|
db.Create(&internal.User{Username: username, HashedPassword: string(hashedPassword)})
|
|
|
|
w.Write([]byte(username))
|
|
w.Write([]byte("\n"))
|
|
w.Write(hashedPassword)
|
|
w.WriteHeader(200)
|
|
}
|
|
|
|
func Login(w http.ResponseWriter, r *http.Request) {
|
|
var result internal.User
|
|
r.ParseForm()
|
|
username := r.Form.Get("username")
|
|
if username == "" {
|
|
username = autoUname()
|
|
}
|
|
password := r.Form.Get("password")
|
|
if password == "" {
|
|
http.Error(w, "No password provided", http.StatusInternalServerError) // this should prob be handled by the frontend
|
|
}
|
|
|
|
db, ok := r.Context().Value("DB").(*gorm.DB)
|
|
if !ok {
|
|
http.Error(w, "internal server error", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
|
|
db.Model(internal.User{Username: username}).First(&result)
|
|
err := bcrypt.CompareHashAndPassword([]byte(result.HashedPassword), []byte(password))
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.WriteHeader(208)
|
|
}
|
|
|
|
func autoUname() string {
|
|
rand.Seed(time.Now().UnixNano())
|
|
return fmt.Sprintf("user%d", rand.Intn(99999-00000))
|
|
}
|
|
|
|
func AuthTest(w http.ResponseWriter, r *http.Request) {
|
|
w.Write([]byte("██████████"))
|
|
}
|