diff --git a/.env b/.env index 96d9037..b4fb4b8 100644 --- a/.env +++ b/.env @@ -1,2 +1,4 @@ DB_CONNECTION_STRING=postgres://isl:development@localhost:5432/isl HTTP_PORT=3000 +JWKS_URI=https://auth.joes.moosenet.work/oauth/v2/keys +LOG_LEVEL=info diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore index 82f5379..21c0095 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +.direnv/ # sql/**/*.go docker/data diff --git a/docker/docker-compose.yml b/_docker/docker-compose.yml similarity index 94% rename from docker/docker-compose.yml rename to _docker/docker-compose.yml index abc8cab..5e81b59 100644 --- a/docker/docker-compose.yml +++ b/_docker/docker-compose.yml @@ -9,7 +9,7 @@ services: - ISL_API_DB_CONNECTION_STRING=postgres://isl:development@db:5432/isl - ISL_API_HTTP_PORT=3000 ports: - - 3080:3000 + - 3000:3000 db: image: postgres restart: always @@ -26,4 +26,4 @@ services: image: adminer restart: always ports: - - 8080:8080 + - 8081:8080 diff --git a/docker/docker-entrypoint-initdb.d/dump.sql b/_docker/docker-entrypoint-initdb.d/dump.sql similarity index 100% rename from docker/docker-entrypoint-initdb.d/dump.sql rename to _docker/docker-entrypoint-initdb.d/dump.sql diff --git a/Controllers/PowerItemController.go b/controllers/PowerItemController.go similarity index 61% rename from Controllers/PowerItemController.go rename to controllers/PowerItemController.go index 7551830..b87c658 100644 --- a/Controllers/PowerItemController.go +++ b/controllers/PowerItemController.go @@ -1,4 +1,4 @@ -package Controllers +package controllers import ( "encoding/json" @@ -6,47 +6,38 @@ import ( "net/http" "strconv" - "forgejo.merr.is/annika/isl-api/Services" - "forgejo.merr.is/annika/isl-api/Types" - "github.com/julienschmidt/httprouter" + "forgejo.merr.is/annika/isl-api/entities" + "forgejo.merr.is/annika/isl-api/services" + "github.com/go-chi/chi/v5" + "github.com/gofrs/uuid" + "github.com/jackc/pgtype" ) -// TODO: Figure out a better place to put this. -func MiddleCORS(next httprouter.Handle) httprouter.Handle { - return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - w.Header().Set("Access-Control-Allow-Origin", "*") - next(w, r, ps) - } -} - type PowerItemController struct { - powerItemService *Services.PowerItemService + powerItemService *services.PowerItemService } -func NewPowerItemController(router *httprouter.Router, powerItemService *Services.PowerItemService) *PowerItemController { +func NewPowerItemController(powerItemService *services.PowerItemService) *PowerItemController { controller := &PowerItemController{ powerItemService: powerItemService, } - controller.setPowerItemEndpoints(router, "/powerItem") return controller } -func (p *PowerItemController) setPowerItemEndpoints(router *httprouter.Router, prefix string) { - router.GET(fmt.Sprintf("%v", prefix), MiddleCORS(p.getAll)) - router.GET(fmt.Sprintf("%v/asMap", prefix), MiddleCORS(p.getAllAsMap)) - router.GET(fmt.Sprintf("%v/byType/:type", prefix), MiddleCORS(p.getAllByType)) - router.GET(fmt.Sprintf("%v/byType/:type/asMap", prefix), MiddleCORS(p.getAllByTypeAsMap)) - router.POST(fmt.Sprintf("%v", prefix), MiddleCORS(p.add)) - router.POST(fmt.Sprintf("%v/multiple", prefix), MiddleCORS(p.addMultiple)) -} - -func (p *PowerItemController) add(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - var newItem Types.PowerItem +func (p *PowerItemController) Add(w http.ResponseWriter, r *http.Request) { + var newItem entities.PowerItem err := json.NewDecoder(r.Body).Decode(&newItem) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } + if newItem.ID.Status == pgtype.Null || newItem.ID.Status == pgtype.Undefined { + newID, err := uuid.DefaultGenerator.NewV4() + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + } + newItem.ID.Set(newID) + } result, err := p.powerItemService.Add(newItem) if err != nil { @@ -64,9 +55,9 @@ func (p *PowerItemController) add(w http.ResponseWriter, r *http.Request, ps htt fmt.Fprint(w, string(returnValue)) } -func (p *PowerItemController) addMultiple(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +func (p *PowerItemController) AddMultiple(w http.ResponseWriter, r *http.Request) { var itemType int32 = 3 - var newItems map[string]Types.PowerItem + var newItems map[string]entities.PowerItem err := json.NewDecoder(r.Body).Decode(&newItems) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) @@ -92,7 +83,7 @@ func (p *PowerItemController) addMultiple(w http.ResponseWriter, r *http.Request fmt.Fprint(w, string(returnValue)) } -func (p *PowerItemController) getAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +func (p *PowerItemController) GetAll(w http.ResponseWriter, r *http.Request) { result, err := p.powerItemService.GetAll() if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) @@ -109,14 +100,14 @@ func (p *PowerItemController) getAll(w http.ResponseWriter, r *http.Request, ps fmt.Fprint(w, string(data)) } -func (p *PowerItemController) getAllAsMap(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +func (p *PowerItemController) GetAllAsMap(w http.ResponseWriter, r *http.Request) { items, err := p.powerItemService.GetAll() if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } - resultMap := make(map[string]Types.PowerItem) + resultMap := make(map[string]entities.PowerItem) for _, curItem := range items { uuid := fmt.Sprintf("%x-%x-%x-%x-%x", curItem.ID.Bytes[0:4], curItem.ID.Bytes[4:6], curItem.ID.Bytes[6:8], curItem.ID.Bytes[8:10], curItem.ID.Bytes[10:16]) resultMap[uuid] = curItem @@ -132,8 +123,8 @@ func (p *PowerItemController) getAllAsMap(w http.ResponseWriter, r *http.Request fmt.Fprint(w, string(data)) } -func (p *PowerItemController) getAllByType(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - typeCode, err := strconv.Atoi(ps.ByName("type")) +func (p *PowerItemController) GetAllByType(w http.ResponseWriter, r *http.Request) { + typeCode, err := strconv.Atoi(chi.URLParam(r, "type")) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return @@ -155,8 +146,8 @@ func (p *PowerItemController) getAllByType(w http.ResponseWriter, r *http.Reques fmt.Fprint(w, string(data)) } -func (p *PowerItemController) getAllByTypeAsMap(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - typeCode, err := strconv.Atoi(ps.ByName("type")) +func (p *PowerItemController) GetAllByTypeAsMap(w http.ResponseWriter, r *http.Request) { + typeCode, err := strconv.Atoi(chi.URLParam(r, "type")) if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return @@ -168,7 +159,7 @@ func (p *PowerItemController) getAllByTypeAsMap(w http.ResponseWriter, r *http.R return } - resultMap := make(map[string]Types.PowerItem) + resultMap := make(map[string]entities.PowerItem) for _, curItem := range items { uuid := fmt.Sprintf("%x-%x-%x-%x-%x", curItem.ID.Bytes[0:4], curItem.ID.Bytes[4:6], curItem.ID.Bytes[6:8], curItem.ID.Bytes[8:10], curItem.ID.Bytes[10:16]) resultMap[uuid] = curItem diff --git a/Types/PowerItem.go b/entities/PowerItem.go similarity index 99% rename from Types/PowerItem.go rename to entities/PowerItem.go index d15123a..80ce75d 100644 --- a/Types/PowerItem.go +++ b/entities/PowerItem.go @@ -1,4 +1,4 @@ -package Types +package entities import ( "forgejo.merr.is/annika/isl-api/sql/powerItem" diff --git a/envConfigs.go b/envConfigs.go index 06ee51e..fc589c1 100644 --- a/envConfigs.go +++ b/envConfigs.go @@ -1,6 +1,28 @@ package main +import ( + "log/slog" + "strings" +) + type EnvConfigs struct { HttpPort string `mapstructure:"HTTP_PORT"` ConnectionString string `mapstructure:"DB_CONNECTION_STRING"` + JWKSURI string `mapstructure:"JWKS_URI"` + LogLevel string `mapstructure:"LOG_LEVEL"` +} + +func (ec *EnvConfigs) GetLogLevel() slog.Level { + switch strings.ToLower(ec.LogLevel) { + case "debug": + return slog.LevelDebug + case "info": + return slog.LevelInfo + case "warn": + return slog.LevelWarn + case "error": + return slog.LevelError + default: + return slog.LevelInfo + } } diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1cbfc64 --- /dev/null +++ b/flake.lock @@ -0,0 +1,25 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1712963716, + "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "revCount": 611350, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.611350%2Brev-cfd6b5fc90b15709b780a5a1619695a88505a176/018eddfc-e6d9-74bb-a823-20f2ae60079b/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..0051e4b --- /dev/null +++ b/flake.nix @@ -0,0 +1,38 @@ +{ + description = "A Nix-flake-based Go 1.22 development environment"; + + inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.*.tar.gz"; + + outputs = { self, nixpkgs }: + let + goVersion = 22; # Change this to update the whole stack + overlays = [ (final: prev: { go = prev."go_1_${toString goVersion}"; }) ]; + supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; + forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f { + pkgs = import nixpkgs { inherit overlays system; }; + }); + in + { + devShells = forEachSupportedSystem ({ pkgs }: { + default = pkgs.mkShell { + packages = with pkgs; [ + # go 1.22 (specified by overlay) + go_1_22 + + # goimports, godoc, etc. + gotools + + # https://github.com/golangci/golangci-lint + golangci-lint + + gopls + go-outline + gopkgs + gocode-gomod + godef + golint + ]; + }; + }); + }; +} diff --git a/go.mod b/go.mod index bc26edc..55f5295 100644 --- a/go.mod +++ b/go.mod @@ -3,14 +3,22 @@ module forgejo.merr.is/annika/isl-api go 1.21.6 require ( - github.com/google/uuid v1.6.0 + github.com/go-chi/chi/v5 v5.0.11 + github.com/go-chi/cors v1.2.1 + github.com/go-chi/httplog/v2 v2.0.9 + github.com/gofrs/uuid v4.0.0+incompatible github.com/jackc/pgconn v1.14.1 github.com/jackc/pgtype v1.14.1 github.com/jackc/pgx/v4 v4.18.1 + github.com/lestrrat-go/jwx/v2 v2.0.19 + github.com/lmittmann/tint v1.0.4 + github.com/spf13/viper v1.18.2 ) require ( + github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/goccy/go-json v0.10.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgio v1.0.0 // indirect @@ -18,22 +26,27 @@ require ( github.com/jackc/pgproto3/v2 v2.3.2 // indirect github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect github.com/jackc/puddle v1.3.0 // indirect - github.com/julienschmidt/httprouter v1.3.0 // indirect + github.com/lestrrat-go/blackmagic v1.0.2 // indirect + github.com/lestrrat-go/httpcc v1.0.1 // indirect + github.com/lestrrat-go/httprc v1.0.4 // indirect + github.com/lestrrat-go/iter v1.0.2 // indirect + github.com/lestrrat-go/option v1.0.1 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect + github.com/rogpeppe/go-internal v1.11.0 // indirect github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect + github.com/segmentio/asm v1.2.0 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.18.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/crypto v0.16.0 // indirect - golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect + golang.org/x/crypto v0.17.0 // indirect + golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 // indirect golang.org/x/sys v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 0a68bee..e76fa94 100644 --- a/go.sum +++ b/go.sum @@ -6,19 +6,31 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA= +github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= +github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= +github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= +github.com/go-chi/httplog/v2 v2.0.9 h1:RK1TBETd4SSwu075tcfm0KKxR/k98RUfzmOWxLaocGg= +github.com/go-chi/httplog/v2 v2.0.9/go.mod h1:/XXdxicJsp4BA5fapgIC3VuTD+z0Z/VzukoB3VDc1YE= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= +github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= @@ -72,20 +84,36 @@ github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0f github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.3.0 h1:eHK/5clGOatcjX3oWGBO/MpxpbHzSwud5EWTSCI+MX0= github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= -github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U= -github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k= +github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= +github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= +github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= +github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8= +github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= +github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= +github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= +github.com/lestrrat-go/jwx/v2 v2.0.19 h1:ekv1qEZE6BVct89QA+pRF6+4pCpfVrOnEJnTnT4RXoY= +github.com/lestrrat-go/jwx/v2 v2.0.19/go.mod h1:l3im3coce1lL2cDeAjqmaR+Awx+X8Ih+2k8BuHNJ4CU= +github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= +github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lmittmann/tint v1.0.4 h1:LeYihpJ9hyGvE0w+K2okPTGUdVLfng1+nDNVR4vWISc= +github.com/lmittmann/tint v1.0.4/go.mod h1:HIS3gSy7qNwGCj+5oRjAutErFBl4BzdQP6cJZ0NfMwE= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= @@ -97,13 +125,15 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= @@ -112,6 +142,8 @@ github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgY github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= +github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -136,10 +168,10 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= @@ -172,12 +204,11 @@ golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= -golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 h1:+iq7lrkxmFNBM7xx+Rae2W6uyPfhPeDWD+n+JgppptE= +golang.org/x/exp v0.0.0-20231219180239-dc181d75b848/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= @@ -218,7 +249,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= @@ -239,6 +269,8 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= diff --git a/helpers/jwtHelpers.go b/helpers/jwtHelpers.go new file mode 100644 index 0000000..4519eb1 --- /dev/null +++ b/helpers/jwtHelpers.go @@ -0,0 +1,22 @@ +package helpers + +func JwtHasClaim(claims map[string]interface{}, role string) bool { + zitadelRoles, ok := claims["urn:zitadel:iam:org:project:roles"].(map[string]interface{}) + if !ok { + return false + } + _, ok = zitadelRoles[role] + return ok +} + +func GetJwtClaim(claims map[string]interface{}, role string) interface{} { + zitadelRoles, ok := claims["urn:zitadel:iam:org:project:roles"].(map[string]interface{}) + if !ok { + return nil + } + claim, ok := zitadelRoles[role] + if !ok { + return nil + } + return claim +} diff --git a/main.go b/main.go index f0a7f3a..2ec0f1c 100644 --- a/main.go +++ b/main.go @@ -3,35 +3,56 @@ package main import ( "context" "fmt" - "log" + "log/slog" "net/http" + "os" + "time" - "forgejo.merr.is/annika/isl-api/Controllers" - "forgejo.merr.is/annika/isl-api/Services" + "forgejo.merr.is/annika/isl-api/controllers" + "forgejo.merr.is/annika/isl-api/middlewares" + "forgejo.merr.is/annika/isl-api/routes" + "forgejo.merr.is/annika/isl-api/services" "forgejo.merr.is/annika/isl-api/sql/powerItem" + "github.com/go-chi/chi/v5" + "github.com/go-chi/cors" + "github.com/go-chi/httplog/v2" "github.com/jackc/pgx/v4/pgxpool" - "github.com/julienschmidt/httprouter" + "github.com/lmittmann/tint" "github.com/spf13/viper" ) var conf *EnvConfigs +var logger *slog.Logger func init() { + w := os.Stderr + logger = slog.New( + tint.NewHandler(w, &tint.Options{ + TimeFormat: time.RFC3339Nano, + }), + ) + logger.Info("Initializing isl-api") setupConfig() + logger = slog.New( + tint.NewHandler(w, &tint.Options{ + Level: conf.GetLogLevel(), + TimeFormat: time.RFC3339Nano, + }), + ) } func main() { + logger.Info("Starting isl-api") deps := dependencies{} deps.initializeDependencies() - deps.router.HandlerFunc("GET", "/", index) - - fmt.Printf("Preparing to listen on `:%v`\n", conf.HttpPort) + logger.Info(fmt.Sprintf("Preparing to listen on `:%v`", conf.HttpPort)) err := http.ListenAndServe(fmt.Sprintf(":%v", conf.HttpPort), deps.router) - log.Fatal(err) + logger.Error("Error starting server", "error", err) } func setupConfig() { + logger.Info("Loading config") viper.AddConfigPath(".") viper.SetConfigName(".env") viper.SetConfigType("env") @@ -40,53 +61,60 @@ func setupConfig() { viper.AutomaticEnv() if err := viper.ReadInConfig(); err != nil { - fmt.Printf("Error reading env file: %v\n", err) + logger.Error("Error reading env file, exiting", "error", err) + panic(err) } if err := viper.Unmarshal(&conf); err != nil { - log.Fatal(err) + logger.Error("Unable to unmarshal configuration, exiting", "error", err) + panic(err) } + logger.Info("Finished loading config") } type dependencies struct { - router *httprouter.Router + router *chi.Mux postgresConnection *pgxpool.Pool context context.Context powerItemQuerier *powerItem.DBQuerier - powerItemService *Services.PowerItemService - powerItemController *Controllers.PowerItemController + powerItemService *services.PowerItemService + powerItemController *controllers.PowerItemController } func (d *dependencies) initializeDependencies() error { + logger.Info("Initializing dependencies") var err error - d.router = httprouter.New() - d.router.GlobalOPTIONS = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Header.Get("Access-Control-Request-Method") != "" { - header := w.Header() - header.Set("Access-Control-Allow-Methods", header.Get("Allow")) - header.Set("Access-Control-Allow-Headers", "Cache-Control, Expires, Pragma") - header.Set("Access-Control-Allow-Origin", "*") - } + d.router = chi.NewRouter() + + httpLogger := httplog.NewLogger("isl-api", httplog.Options{ + Concise: true, + RequestHeaders: true, }) + httpLogger.Logger = logger + d.router.Use(httplog.RequestLogger(httpLogger)) + + d.router.Use(cors.Handler(cors.Options{ + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}, + AllowedHeaders: []string{"Cache-Control", "Expires", "Pragma"}, + })) d.context = context.Background() d.postgresConnection, err = pgxpool.Connect(d.context, conf.ConnectionString) if err != nil { + logger.Error("Error setting up database connection", "error", err) return err } d.powerItemQuerier = powerItem.NewQuerier(d.postgresConnection) - d.powerItemService = Services.NewPowerItemService(d.powerItemQuerier) - d.powerItemController = Controllers.NewPowerItemController(d.router, d.powerItemService) + d.powerItemService = services.NewPowerItemService(d.powerItemQuerier) + d.powerItemController = controllers.NewPowerItemController(d.powerItemService) + + tokenAuth, err := middlewares.New(conf.JWKSURI, d.context) + if err != nil { + logger.Error("Error setting up JWT authentication middleware", "error", err) + } + + d.router.Mount("/powerItems", routes.SetupPowerItemRoutes(*d.powerItemController, tokenAuth)) + logger.Info("Finished initializing dependencies") return nil } - -func MiddleCORS(next httprouter.Handle) httprouter.Handle { - return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - w.Header().Set("Access-Control-Allow-Origin", "*") - next(w, r, ps) - } -} - -func index(w http.ResponseWriter, r *http.Request) { - fmt.Fprint(w, "Index") -} diff --git a/middlewares/jwtAuth.go b/middlewares/jwtAuth.go new file mode 100644 index 0000000..bcd2a8c --- /dev/null +++ b/middlewares/jwtAuth.go @@ -0,0 +1,224 @@ +package middlewares + +import ( + "context" + "errors" + "net/http" + "strings" + "time" + + "forgejo.merr.is/annika/isl-api/helpers" + "github.com/lestrrat-go/jwx/v2/jwk" + "github.com/lestrrat-go/jwx/v2/jwt" +) + +type JWTAuth struct { + jwksUri string + jwksCache *jwk.Cache + jwksContext context.Context + jwkKeySet jwk.Set + verifier jwt.ParseOption + validateOptions []jwt.ValidateOption +} + +type ContextKey struct { + name string +} + +// Errors! +var ( + ErrUnauthorized = errors.New("token is unauthorized") + ErrExpired = errors.New("token is expired") + ErrNBFInvalid = errors.New("token nbf validation failed") + ErrIATInvalid = errors.New("token iat validation failed") + ErrNoTokenFound = errors.New("no token found") + ErrAlgoInvalid = errors.New("algorithm mismatch") +) + +func ErrorReason(err error) error { + switch { + case errors.Is(err, jwt.ErrTokenExpired()), err == ErrExpired: + return ErrExpired + case errors.Is(err, jwt.ErrInvalidIssuedAt()), err == ErrIATInvalid: + return ErrIATInvalid + case errors.Is(err, jwt.ErrTokenNotYetValid()), err == ErrNBFInvalid: + return ErrNBFInvalid + default: + return ErrUnauthorized + } +} + +var TokenContextKey = &ContextKey{"Token"} +var ErrorContextKey = &ContextKey{"Error"} + +func New(jwksUri string, ctx context.Context) (*JWTAuth, error) { + jwtAuth := &JWTAuth{ + jwksContext: ctx, + jwksUri: jwksUri, + } + + if jwtAuth.jwksUri != "" { + jwtAuth.jwksCache = jwk.NewCache(jwtAuth.jwksContext) + jwtAuth.jwksCache.Register(jwtAuth.jwksUri, jwk.WithRefreshInterval(15*time.Minute)) + var err error + jwtAuth.jwkKeySet, err = jwtAuth.jwksCache.Refresh(jwtAuth.jwksContext, jwtAuth.jwksUri) + if err != nil { + return nil, err + } + jwtAuth.verifier = jwt.WithKeySet(jwtAuth.jwkKeySet) + } + + return jwtAuth, nil +} + +func (ja *JWTAuth) Verifier() func(http.Handler) http.Handler { + return ja.Verify(TokenFromHeader, TokenFromCookie) +} + +func (ja *JWTAuth) Verify(findTokenFns ...func(r *http.Request) string) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + handlerFunc := func(w http.ResponseWriter, r *http.Request) { + ctx := r.Context() + // Refresh the JWKS keyset + var err error + ja.jwkKeySet, err = ja.jwksCache.Get(ctx, ja.jwksUri) + ja.verifier = jwt.WithKeySet(ja.jwkKeySet) + if err != nil { + ctx = context.WithValue(ctx, ErrorContextKey, err) + next.ServeHTTP(w, r.WithContext(ctx)) + return + } + // Now we do stuff with it + token, err := ja.VerifyRequest(r, findTokenFns...) + ctx = context.WithValue(ctx, TokenContextKey, token) + ctx = context.WithValue(ctx, ErrorContextKey, err) + next.ServeHTTP(w, r.WithContext(ctx)) + } + return http.HandlerFunc(handlerFunc) + } +} + +func (ja *JWTAuth) VerifyRequest(r *http.Request, findTokenFns ...func(r *http.Request) string) (jwt.Token, error) { + var tokenString string + + for _, fn := range findTokenFns { + tokenString = fn(r) + if tokenString != "" { + break + } + } + if tokenString == "" { + return nil, ErrNoTokenFound + } + + return ja.VerifyToken(tokenString) +} + +func (ja *JWTAuth) VerifyToken(tokenString string) (jwt.Token, error) { + token, err := ja.Decode(tokenString) + if err != nil { + return token, err + } + if token == nil { + return nil, ErrUnauthorized + } + if err := jwt.Validate(token, ja.validateOptions...); err != nil { + return token, err + } + + return token, nil +} + +func (ja *JWTAuth) Decode(tokenString string) (jwt.Token, error) { + return ja.parse([]byte(tokenString)) +} + +func (ja *JWTAuth) parse(payload []byte) (jwt.Token, error) { + return jwt.Parse(payload, ja.verifier, jwt.WithValidate(false)) +} + +func (ja *JWTAuth) Authenticator() func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + handlerFunc := func(w http.ResponseWriter, r *http.Request) { + token, _, err := FromContext(r.Context()) + + if err != nil { + http.Error(w, err.Error(), http.StatusUnauthorized) + return + } + + if token == nil || jwt.Validate(token, ja.validateOptions...) != nil { + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return + } + + // Token is authenticated, pass it through + next.ServeHTTP(w, r) + } + return http.HandlerFunc(handlerFunc) + } +} + +func (ja *JWTAuth) AuthorizeRoles(roles []string) func(http.Handler) http.Handler { + return func(next http.Handler) http.Handler { + handlerFunc := func(w http.ResponseWriter, r *http.Request) { + token := r.Context().Value(TokenContextKey).(jwt.Token) + hasAllRoles := true + privateClaims := token.PrivateClaims() + for _, role := range roles { + hasRole := helpers.JwtHasClaim(privateClaims, role) + if !hasRole { + hasAllRoles = false + break + } + } + if !hasAllRoles { + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return + } + next.ServeHTTP(w, r) + } + return http.HandlerFunc(handlerFunc) + } +} + +func FromContext(ctx context.Context) (jwt.Token, map[string]interface{}, error) { + token, _ := ctx.Value(TokenContextKey).(jwt.Token) + + var err error + var claims map[string]interface{} + + if token != nil { + claims, err = token.AsMap(context.Background()) + if err != nil { + return token, nil, err + } + } else { + claims = map[string]interface{}{} + } + + err, _ = ctx.Value(ErrorContextKey).(error) + return token, claims, err +} + +func TokenFromCookie(r *http.Request) string { + cookie, err := r.Cookie("jwt") + if err != nil { + return "" + } + return cookie.Value +} + +func TokenFromHeader(r *http.Request) string { + // Get token from authorization header. + bearer := r.Header.Get("Authorization") + if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" { + return bearer[7:] + } + return "" +} + +func TokenFromQuery(r *http.Request) string { + // Get token from query param named "jwt". + return r.URL.Query().Get("jwt") +} diff --git a/routes/PowerItemRoutes.go b/routes/PowerItemRoutes.go new file mode 100644 index 0000000..2084b9e --- /dev/null +++ b/routes/PowerItemRoutes.go @@ -0,0 +1,29 @@ +package routes + +import ( + "forgejo.merr.is/annika/isl-api/controllers" + "forgejo.merr.is/annika/isl-api/middlewares" + "github.com/go-chi/chi/v5" +) + +func SetupPowerItemRoutes(c controllers.PowerItemController, tokenAuth *middlewares.JWTAuth) *chi.Mux { + r := chi.NewRouter() + + r.Get("/", c.GetAll) + r.Get("/asMap", c.GetAllAsMap) + r.Get("/byType/{type:[1-3]}", c.GetAllByType) + r.Get("/byType/{type:[1-3]}/asMap", c.GetAllByTypeAsMap) + + ar := chi.NewRouter() + ar.Group(func(r chi.Router) { + r.Use(tokenAuth.Verifier()) + r.Use(tokenAuth.Authenticator()) + r.Use(tokenAuth.AuthorizeRoles([]string{"add_item"})) + + r.Post("/", c.Add) + r.Post("/multiple", c.AddMultiple) + }) + r.Mount("/", ar) + + return r +} diff --git a/Services/PowerItemService.go b/services/PowerItemService.go similarity index 65% rename from Services/PowerItemService.go rename to services/PowerItemService.go index 0e3d17f..5c91450 100644 --- a/Services/PowerItemService.go +++ b/services/PowerItemService.go @@ -1,9 +1,9 @@ -package Services +package services import ( "context" - "forgejo.merr.is/annika/isl-api/Types" + "forgejo.merr.is/annika/isl-api/entities" "forgejo.merr.is/annika/isl-api/sql/powerItem" "github.com/jackc/pgtype" ) @@ -20,31 +20,31 @@ func NewPowerItemService(querier *powerItem.DBQuerier) *PowerItemService { } } -func (p *PowerItemService) GetAll() ([]Types.PowerItem, error) { +func (p *PowerItemService) GetAll() ([]entities.PowerItem, error) { rows, err := p.querier.GetAllItems(p.context) if err != nil { - return []Types.PowerItem{}, err + return []entities.PowerItem{}, err } - var powerItems []Types.PowerItem + var powerItems []entities.PowerItem for _, sqlItem := range rows { - powerItems = append(powerItems, Types.FromGetAllItemsRow(sqlItem)) + powerItems = append(powerItems, entities.FromGetAllItemsRow(sqlItem)) } return powerItems, nil } -func (p *PowerItemService) GetAllByType(itemType int) ([]Types.PowerItem, error) { +func (p *PowerItemService) GetAllByType(itemType int) ([]entities.PowerItem, error) { rows, err := p.querier.GetAllByType(p.context, int32(itemType)) if err != nil { - return []Types.PowerItem{}, err + return []entities.PowerItem{}, err } - var powerItems []Types.PowerItem + var powerItems []entities.PowerItem for _, sqlItem := range rows { - powerItems = append(powerItems, Types.FromGetAllItemsByTypeRow(sqlItem)) + powerItems = append(powerItems, entities.FromGetAllItemsByTypeRow(sqlItem)) } return powerItems, nil } -func (p *PowerItemService) Add(newItem Types.PowerItem) (Types.PowerItem, error) { +func (p *PowerItemService) Add(newItem entities.PowerItem) (entities.PowerItem, error) { sqlItem := powerItem.AddNewItemWithIDParams{ ID: newItem.ID, ItemType: newItem.ItemType, @@ -59,14 +59,14 @@ func (p *PowerItemService) Add(newItem Types.PowerItem) (Types.PowerItem, error) } row, err := p.querier.AddNewItemWithID(p.context, powerItem.AddNewItemWithIDParams(sqlItem)) if err != nil { - return Types.PowerItem{}, err + return entities.PowerItem{}, err } - return Types.FromAddNewItemWithIDParams(row), nil + return entities.FromAddNewItemWithIDParams(row), nil } -func (p *PowerItemService) AddMultipile(newItems map[string]Types.PowerItem, itemType int32) ([]Types.PowerItem, []error) { +func (p *PowerItemService) AddMultipile(newItems map[string]entities.PowerItem, itemType int32) ([]entities.PowerItem, []error) { var errors []error - var addedItems []Types.PowerItem + var addedItems []entities.PowerItem for key, value := range newItems { id := pgtype.UUID{} id.Set(key) @@ -87,7 +87,7 @@ func (p *PowerItemService) AddMultipile(newItems map[string]Types.PowerItem, ite errors = append(errors, err) continue } - addedItems = append(addedItems, Types.FromAddNewItemWithIDParams(row)) + addedItems = append(addedItems, entities.FromAddNewItemWithIDParams(row)) } return addedItems, errors }