Adding nix direnv flake...

Updated .env to Use New Auth Server
Added Logic To Set a UUID For New Items
2025-12-13 06:55:42 -05:00 · 2024-06-08 09:16:49 -04:00 · 2024-02-29 22:23:08 -05:00 · 2024-02-10 18:36:16 -05:00 · 2024-02-10 17:27:08 -05:00 · 2024-02-10 17:18:22 -05:00
17 changed files with 542 additions and 90 deletions
--- a/.env
+++ b/.env
@ -1,2 +1,4 @@
 DB_CONNECTION_STRING=postgres://isl:development@localhost:5432/isl
 HTTP_PORT=3000
+JWKS_URI=https://auth.joes.moosenet.work/oauth/v2/keys
+LOG_LEVEL=info
--- a/.envrc
+++ b/.envrc
@ -0,0 +1 @@
+use flake
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
+.direnv/
 # sql/**/*.go
 docker/data
--- a/_docker/docker-compose.yml
+++ b/_docker/docker-compose.yml
@ -3,7 +3,7 @@ version: '3.1'

 services:
  api:
-    image: moosetheory/isl-api:0.1.1
+    image: forgejo.merr.is/annika/isl-api:latest
    restart: always
    environment:
      - ISL_API_DB_CONNECTION_STRING=postgres://isl:development@db:5432/isl
@ -26,4 +26,4 @@ services:
    image: adminer
    restart: always
    ports:
-      - 8080:8080
+      - 8081:8080
--- a/_docker/docker-entrypoint-initdb.d/dump.sql
+++ b/_docker/docker-entrypoint-initdb.d/dump.sql
--- a/controllers/PowerItemController.go
+++ b/controllers/PowerItemController.go
@ -1,4 +1,4 @@
-package Controllers
+package controllers

 import (
 	"encoding/json"
@ -6,39 +6,38 @@ import (
 	"net/http"
 	"strconv"

-	"forgejo.merr.is/annika/isl-api/Services"
-	"forgejo.merr.is/annika/isl-api/Types"
-	"github.com/julienschmidt/httprouter"
+	"forgejo.merr.is/annika/isl-api/entities"
+	"forgejo.merr.is/annika/isl-api/services"
+	"github.com/go-chi/chi/v5"
+	"github.com/gofrs/uuid"
+	"github.com/jackc/pgtype"
 )

 type PowerItemController struct {
-	powerItemService *Services.PowerItemService
+	powerItemService *services.PowerItemService
 }

-func NewPowerItemController(router *httprouter.Router, powerItemService *Services.PowerItemService) *PowerItemController {
+func NewPowerItemController(powerItemService *services.PowerItemService) *PowerItemController {
 	controller := &PowerItemController{
 		powerItemService: powerItemService,
 	}
-	controller.setPowerItemEndpoints(router, "/powerItem")
 	return controller
 }

-func (p *PowerItemController) setPowerItemEndpoints(router *httprouter.Router, prefix string) {
-	router.HandlerFunc("GET", fmt.Sprintf("%v", prefix), p.getAll)
-	router.HandlerFunc("GET", fmt.Sprintf("%v/asMap", prefix), p.getAllAsMap)
-	router.HandlerFunc("GET", fmt.Sprintf("%v/byType/:type", prefix), p.getAllByType)
-	router.HandlerFunc("GET", fmt.Sprintf("%v/byType/:type/asMap", prefix), p.getAllByTypeAsMap)
-	router.HandlerFunc("POST", fmt.Sprintf("%v", prefix), p.add)
-	router.HandlerFunc("POST", fmt.Sprintf("%v/multiple", prefix), p.addMultiple)
-}
-
-func (p *PowerItemController) add(w http.ResponseWriter, r *http.Request) {
-	var newItem Types.PowerItem
+func (p *PowerItemController) Add(w http.ResponseWriter, r *http.Request) {
+	var newItem entities.PowerItem
 	err := json.NewDecoder(r.Body).Decode(&newItem)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
+	if newItem.ID.Status == pgtype.Null || newItem.ID.Status == pgtype.Undefined {
+		newID, err := uuid.DefaultGenerator.NewV4()
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+		}
+		newItem.ID.Set(newID)
+	}

 	result, err := p.powerItemService.Add(newItem)
 	if err != nil {
@ -56,9 +55,9 @@ func (p *PowerItemController) add(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprint(w, string(returnValue))
 }

-func (p *PowerItemController) addMultiple(w http.ResponseWriter, r *http.Request) {
+func (p *PowerItemController) AddMultiple(w http.ResponseWriter, r *http.Request) {
 	var itemType int32 = 3
-	var newItems map[string]Types.PowerItem
+	var newItems map[string]entities.PowerItem
 	err := json.NewDecoder(r.Body).Decode(&newItems)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
@ -84,7 +83,7 @@ func (p *PowerItemController) addMultiple(w http.ResponseWriter, r *http.Request
 	fmt.Fprint(w, string(returnValue))
 }

-func (p *PowerItemController) getAll(w http.ResponseWriter, r *http.Request) {
+func (p *PowerItemController) GetAll(w http.ResponseWriter, r *http.Request) {
 	result, err := p.powerItemService.GetAll()
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@ -101,14 +100,14 @@ func (p *PowerItemController) getAll(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprint(w, string(data))
 }

-func (p *PowerItemController) getAllAsMap(w http.ResponseWriter, r *http.Request) {
+func (p *PowerItemController) GetAllAsMap(w http.ResponseWriter, r *http.Request) {
 	items, err := p.powerItemService.GetAll()
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}

-	resultMap := make(map[string]Types.PowerItem)
+	resultMap := make(map[string]entities.PowerItem)
 	for _, curItem := range items {
 		uuid := fmt.Sprintf("%x-%x-%x-%x-%x", curItem.ID.Bytes[0:4], curItem.ID.Bytes[4:6], curItem.ID.Bytes[6:8], curItem.ID.Bytes[8:10], curItem.ID.Bytes[10:16])
 		resultMap[uuid] = curItem
@ -124,9 +123,8 @@ func (p *PowerItemController) getAllAsMap(w http.ResponseWriter, r *http.Request
 	fmt.Fprint(w, string(data))
 }

-func (p *PowerItemController) getAllByType(w http.ResponseWriter, r *http.Request) {
-	params := httprouter.ParamsFromContext(r.Context())
-	typeCode, err := strconv.Atoi(params.ByName("type"))
+func (p *PowerItemController) GetAllByType(w http.ResponseWriter, r *http.Request) {
+	typeCode, err := strconv.Atoi(chi.URLParam(r, "type"))
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
@ -148,9 +146,8 @@ func (p *PowerItemController) getAllByType(w http.ResponseWriter, r *http.Reques
 	fmt.Fprint(w, string(data))
 }

-func (p *PowerItemController) getAllByTypeAsMap(w http.ResponseWriter, r *http.Request) {
-	params := httprouter.ParamsFromContext(r.Context())
-	typeCode, err := strconv.Atoi(params.ByName("type"))
+func (p *PowerItemController) GetAllByTypeAsMap(w http.ResponseWriter, r *http.Request) {
+	typeCode, err := strconv.Atoi(chi.URLParam(r, "type"))
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
@ -162,7 +159,7 @@ func (p *PowerItemController) getAllByTypeAsMap(w http.ResponseWriter, r *http.R
 		return
 	}

-	resultMap := make(map[string]Types.PowerItem)
+	resultMap := make(map[string]entities.PowerItem)
 	for _, curItem := range items {
 		uuid := fmt.Sprintf("%x-%x-%x-%x-%x", curItem.ID.Bytes[0:4], curItem.ID.Bytes[4:6], curItem.ID.Bytes[6:8], curItem.ID.Bytes[8:10], curItem.ID.Bytes[10:16])
 		resultMap[uuid] = curItem
--- a/entities/PowerItem.go
+++ b/entities/PowerItem.go
@ -1,4 +1,4 @@
-package Types
+package entities

 import (
 	"forgejo.merr.is/annika/isl-api/sql/powerItem"
--- a/envConfigs.go
+++ b/envConfigs.go
@ -1,6 +1,28 @@
 package main

+import (
+	"log/slog"
+	"strings"
+)
+
 type EnvConfigs struct {
 	HttpPort         string `mapstructure:"HTTP_PORT"`
 	ConnectionString string `mapstructure:"DB_CONNECTION_STRING"`
+	JWKSURI          string `mapstructure:"JWKS_URI"`
+	LogLevel         string `mapstructure:"LOG_LEVEL"`
+}
+
+func (ec *EnvConfigs) GetLogLevel() slog.Level {
+	switch strings.ToLower(ec.LogLevel) {
+	case "debug":
+		return slog.LevelDebug
+	case "info":
+		return slog.LevelInfo
+	case "warn":
+		return slog.LevelWarn
+	case "error":
+		return slog.LevelError
+	default:
+		return slog.LevelInfo
+	}
 }
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,25 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1712963716,
+        "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=",
+        "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176",
+        "revCount": 611350,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.611350%2Brev-cfd6b5fc90b15709b780a5a1619695a88505a176/018eddfc-e6d9-74bb-a823-20f2ae60079b/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,38 @@
+{
+  description = "A Nix-flake-based Go 1.22 development environment";
+
+  inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.*.tar.gz";
+
+  outputs = { self, nixpkgs }:
+    let
+      goVersion = 22; # Change this to update the whole stack
+      overlays = [ (final: prev: { go = prev."go_1_${toString goVersion}"; }) ];
+      supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+      forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
+        pkgs = import nixpkgs { inherit overlays system; };
+      });
+    in
+    {
+      devShells = forEachSupportedSystem ({ pkgs }: {
+        default = pkgs.mkShell {
+          packages = with pkgs; [
+            # go 1.22 (specified by overlay)
+            go_1_22
+
+            # goimports, godoc, etc.
+            gotools
+
+            # https://github.com/golangci/golangci-lint
+            golangci-lint
+
+            gopls
+            go-outline
+            gopkgs
+            gocode-gomod
+            godef
+            golint
+          ];
+        };
+      });
+    };
+}
--- a/go.mod
+++ b/go.mod
@ -3,36 +3,50 @@ module forgejo.merr.is/annika/isl-api
 go 1.21.6

 require (
-	github.com/google/uuid v1.6.0
+	github.com/go-chi/chi/v5 v5.0.11
+	github.com/go-chi/cors v1.2.1
+	github.com/go-chi/httplog/v2 v2.0.9
+	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/jackc/pgconn v1.14.1
 	github.com/jackc/pgtype v1.14.1
 	github.com/jackc/pgx/v4 v4.18.1
+	github.com/lestrrat-go/jwx/v2 v2.0.19
+	github.com/lmittmann/tint v1.0.4
+	github.com/spf13/viper v1.18.2
 )

 require (
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
 	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgproto3/v2 v2.3.2 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/julienschmidt/httprouter v1.3.0 // indirect
+	github.com/jackc/puddle v1.3.0 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc v1.0.4 // indirect
+	github.com/lestrrat-go/iter v1.0.2 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.18.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
-	golang.org/x/crypto v0.16.0 // indirect
-	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
+	golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 // indirect
 	golang.org/x/sys v0.15.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -6,19 +6,31 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA=
+github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
+github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4=
+github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
+github.com/go-chi/httplog/v2 v2.0.9 h1:RK1TBETd4SSwu075tcfm0KKxR/k98RUfzmOWxLaocGg=
+github.com/go-chi/httplog/v2 v2.0.9/go.mod h1:/XXdxicJsp4BA5fapgIC3VuTD+z0Z/VzukoB3VDc1YE=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
@ -70,21 +82,38 @@ github.com/jackc/pgx/v4 v4.18.1/go.mod h1:FydWkUyadDmdNH/mHnGob881GawxeEm7TcMCzk
 github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.3.0 h1:eHK/5clGOatcjX3oWGBO/MpxpbHzSwud5EWTSCI+MX0=
 github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJGdI8=
+github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
+github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
+github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
+github.com/lestrrat-go/jwx/v2 v2.0.19 h1:ekv1qEZE6BVct89QA+pRF6+4pCpfVrOnEJnTnT4RXoY=
+github.com/lestrrat-go/jwx/v2 v2.0.19/go.mod h1:l3im3coce1lL2cDeAjqmaR+Awx+X8Ih+2k8BuHNJ4CU=
+github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
+github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8=
 github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lmittmann/tint v1.0.4 h1:LeYihpJ9hyGvE0w+K2okPTGUdVLfng1+nDNVR4vWISc=
+github.com/lmittmann/tint v1.0.4/go.mod h1:HIS3gSy7qNwGCj+5oRjAutErFBl4BzdQP6cJZ0NfMwE=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
@ -96,13 +125,15 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
 github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
@ -111,6 +142,8 @@ github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgY
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
 github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@ -135,10 +168,10 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
@ -171,12 +204,11 @@ golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
-golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
-golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 h1:+iq7lrkxmFNBM7xx+Rae2W6uyPfhPeDWD+n+JgppptE=
+golang.org/x/exp v0.0.0-20231219180239-dc181d75b848/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
@ -217,7 +249,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
@ -238,6 +269,8 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
--- a/helpers/jwtHelpers.go
+++ b/helpers/jwtHelpers.go
@ -0,0 +1,22 @@
+package helpers
+
+func JwtHasClaim(claims map[string]interface{}, role string) bool {
+	zitadelRoles, ok := claims["urn:zitadel:iam:org:project:roles"].(map[string]interface{})
+	if !ok {
+		return false
+	}
+	_, ok = zitadelRoles[role]
+	return ok
+}
+
+func GetJwtClaim(claims map[string]interface{}, role string) interface{} {
+	zitadelRoles, ok := claims["urn:zitadel:iam:org:project:roles"].(map[string]interface{})
+	if !ok {
+		return nil
+	}
+	claim, ok := zitadelRoles[role]
+	if !ok {
+		return nil
+	}
+	return claim
+}
--- a/main.go
+++ b/main.go
@ -3,34 +3,56 @@ package main
 import (
 	"context"
 	"fmt"
-	"log"
+	"log/slog"
 	"net/http"
+	"os"
+	"time"

-	"forgejo.merr.is/annika/isl-api/Controllers"
-	"forgejo.merr.is/annika/isl-api/Services"
+	"forgejo.merr.is/annika/isl-api/controllers"
+	"forgejo.merr.is/annika/isl-api/middlewares"
+	"forgejo.merr.is/annika/isl-api/routes"
+	"forgejo.merr.is/annika/isl-api/services"
 	"forgejo.merr.is/annika/isl-api/sql/powerItem"
-	"github.com/jackc/pgx/v4"
-	"github.com/julienschmidt/httprouter"
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/cors"
+	"github.com/go-chi/httplog/v2"
+	"github.com/jackc/pgx/v4/pgxpool"
+	"github.com/lmittmann/tint"
 	"github.com/spf13/viper"
 )

 var conf *EnvConfigs
+var logger *slog.Logger

 func init() {
+	w := os.Stderr
+	logger = slog.New(
+		tint.NewHandler(w, &tint.Options{
+			TimeFormat: time.RFC3339Nano,
+		}),
+	)
+	logger.Info("Initializing isl-api")
 	setupConfig()
+	logger = slog.New(
+		tint.NewHandler(w, &tint.Options{
+			Level:      conf.GetLogLevel(),
+			TimeFormat: time.RFC3339Nano,
+		}),
+	)
 }

 func main() {
+	logger.Info("Starting isl-api")
 	deps := dependencies{}
 	deps.initializeDependencies()

-	deps.router.HandlerFunc("GET", "/", index)
-
+	logger.Info(fmt.Sprintf("Preparing to listen on `:%v`", conf.HttpPort))
 	err := http.ListenAndServe(fmt.Sprintf(":%v", conf.HttpPort), deps.router)
-	log.Fatal(err)
+	logger.Error("Error starting server", "error", err)
 }

 func setupConfig() {
+	logger.Info("Loading config")
 	viper.AddConfigPath(".")
 	viper.SetConfigName(".env")
 	viper.SetConfigType("env")
@ -39,38 +61,60 @@ func setupConfig() {
 	viper.AutomaticEnv()

 	if err := viper.ReadInConfig(); err != nil {
-		fmt.Printf("Error reading env file: %v\n", err)
+		logger.Error("Error reading env file, exiting", "error", err)
+		panic(err)
 	}

 	if err := viper.Unmarshal(&conf); err != nil {
-		log.Fatal(err)
+		logger.Error("Unable to unmarshal configuration, exiting", "error", err)
+		panic(err)
 	}
+	logger.Info("Finished loading config")
 }

 type dependencies struct {
-	router              *httprouter.Router
-	postgresConnection  *pgx.Conn
+	router              *chi.Mux
+	postgresConnection  *pgxpool.Pool
 	context             context.Context
 	powerItemQuerier    *powerItem.DBQuerier
-	powerItemService    *Services.PowerItemService
-	powerItemController *Controllers.PowerItemController
+	powerItemService    *services.PowerItemService
+	powerItemController *controllers.PowerItemController
 }

 func (d *dependencies) initializeDependencies() error {
+	logger.Info("Initializing dependencies")
 	var err error

-	d.router = httprouter.New()
+	d.router = chi.NewRouter()
+
+	httpLogger := httplog.NewLogger("isl-api", httplog.Options{
+		Concise:        true,
+		RequestHeaders: true,
+	})
+	httpLogger.Logger = logger
+	d.router.Use(httplog.RequestLogger(httpLogger))
+
+	d.router.Use(cors.Handler(cors.Options{
+		AllowedOrigins: []string{"*"},
+		AllowedMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+		AllowedHeaders: []string{"Cache-Control", "Expires", "Pragma"},
+	}))
 	d.context = context.Background()
-	d.postgresConnection, err = pgx.Connect(d.context, conf.ConnectionString)
+	d.postgresConnection, err = pgxpool.Connect(d.context, conf.ConnectionString)
 	if err != nil {
+		logger.Error("Error setting up database connection", "error", err)
 		return err
 	}
 	d.powerItemQuerier = powerItem.NewQuerier(d.postgresConnection)
-	d.powerItemService = Services.NewPowerItemService(d.powerItemQuerier)
-	d.powerItemController = Controllers.NewPowerItemController(d.router, d.powerItemService)
+	d.powerItemService = services.NewPowerItemService(d.powerItemQuerier)
+	d.powerItemController = controllers.NewPowerItemController(d.powerItemService)
+
+	tokenAuth, err := middlewares.New(conf.JWKSURI, d.context)
+	if err != nil {
+		logger.Error("Error setting up JWT authentication middleware", "error", err)
+	}
+
+	d.router.Mount("/powerItems", routes.SetupPowerItemRoutes(*d.powerItemController, tokenAuth))
+	logger.Info("Finished initializing dependencies")
 	return nil
 }
-
-func index(w http.ResponseWriter, r *http.Request) {
-	fmt.Fprint(w, "Index")
-}
--- a/middlewares/jwtAuth.go
+++ b/middlewares/jwtAuth.go
@ -0,0 +1,224 @@
+package middlewares
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"strings"
+	"time"
+
+	"forgejo.merr.is/annika/isl-api/helpers"
+	"github.com/lestrrat-go/jwx/v2/jwk"
+	"github.com/lestrrat-go/jwx/v2/jwt"
+)
+
+type JWTAuth struct {
+	jwksUri         string
+	jwksCache       *jwk.Cache
+	jwksContext     context.Context
+	jwkKeySet       jwk.Set
+	verifier        jwt.ParseOption
+	validateOptions []jwt.ValidateOption
+}
+
+type ContextKey struct {
+	name string
+}
+
+// Errors!
+var (
+	ErrUnauthorized = errors.New("token is unauthorized")
+	ErrExpired      = errors.New("token is expired")
+	ErrNBFInvalid   = errors.New("token nbf validation failed")
+	ErrIATInvalid   = errors.New("token iat validation failed")
+	ErrNoTokenFound = errors.New("no token found")
+	ErrAlgoInvalid  = errors.New("algorithm mismatch")
+)
+
+func ErrorReason(err error) error {
+	switch {
+	case errors.Is(err, jwt.ErrTokenExpired()), err == ErrExpired:
+		return ErrExpired
+	case errors.Is(err, jwt.ErrInvalidIssuedAt()), err == ErrIATInvalid:
+		return ErrIATInvalid
+	case errors.Is(err, jwt.ErrTokenNotYetValid()), err == ErrNBFInvalid:
+		return ErrNBFInvalid
+	default:
+		return ErrUnauthorized
+	}
+}
+
+var TokenContextKey = &ContextKey{"Token"}
+var ErrorContextKey = &ContextKey{"Error"}
+
+func New(jwksUri string, ctx context.Context) (*JWTAuth, error) {
+	jwtAuth := &JWTAuth{
+		jwksContext: ctx,
+		jwksUri:     jwksUri,
+	}
+
+	if jwtAuth.jwksUri != "" {
+		jwtAuth.jwksCache = jwk.NewCache(jwtAuth.jwksContext)
+		jwtAuth.jwksCache.Register(jwtAuth.jwksUri, jwk.WithRefreshInterval(15*time.Minute))
+		var err error
+		jwtAuth.jwkKeySet, err = jwtAuth.jwksCache.Refresh(jwtAuth.jwksContext, jwtAuth.jwksUri)
+		if err != nil {
+			return nil, err
+		}
+		jwtAuth.verifier = jwt.WithKeySet(jwtAuth.jwkKeySet)
+	}
+
+	return jwtAuth, nil
+}
+
+func (ja *JWTAuth) Verifier() func(http.Handler) http.Handler {
+	return ja.Verify(TokenFromHeader, TokenFromCookie)
+}
+
+func (ja *JWTAuth) Verify(findTokenFns ...func(r *http.Request) string) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		handlerFunc := func(w http.ResponseWriter, r *http.Request) {
+			ctx := r.Context()
+			// Refresh the JWKS keyset
+			var err error
+			ja.jwkKeySet, err = ja.jwksCache.Get(ctx, ja.jwksUri)
+			ja.verifier = jwt.WithKeySet(ja.jwkKeySet)
+			if err != nil {
+				ctx = context.WithValue(ctx, ErrorContextKey, err)
+				next.ServeHTTP(w, r.WithContext(ctx))
+				return
+			}
+			// Now we do stuff with it
+			token, err := ja.VerifyRequest(r, findTokenFns...)
+			ctx = context.WithValue(ctx, TokenContextKey, token)
+			ctx = context.WithValue(ctx, ErrorContextKey, err)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		}
+		return http.HandlerFunc(handlerFunc)
+	}
+}
+
+func (ja *JWTAuth) VerifyRequest(r *http.Request, findTokenFns ...func(r *http.Request) string) (jwt.Token, error) {
+	var tokenString string
+
+	for _, fn := range findTokenFns {
+		tokenString = fn(r)
+		if tokenString != "" {
+			break
+		}
+	}
+	if tokenString == "" {
+		return nil, ErrNoTokenFound
+	}
+
+	return ja.VerifyToken(tokenString)
+}
+
+func (ja *JWTAuth) VerifyToken(tokenString string) (jwt.Token, error) {
+	token, err := ja.Decode(tokenString)
+	if err != nil {
+		return token, err
+	}
+	if token == nil {
+		return nil, ErrUnauthorized
+	}
+	if err := jwt.Validate(token, ja.validateOptions...); err != nil {
+		return token, err
+	}
+
+	return token, nil
+}
+
+func (ja *JWTAuth) Decode(tokenString string) (jwt.Token, error) {
+	return ja.parse([]byte(tokenString))
+}
+
+func (ja *JWTAuth) parse(payload []byte) (jwt.Token, error) {
+	return jwt.Parse(payload, ja.verifier, jwt.WithValidate(false))
+}
+
+func (ja *JWTAuth) Authenticator() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		handlerFunc := func(w http.ResponseWriter, r *http.Request) {
+			token, _, err := FromContext(r.Context())
+
+			if err != nil {
+				http.Error(w, err.Error(), http.StatusUnauthorized)
+				return
+			}
+
+			if token == nil || jwt.Validate(token, ja.validateOptions...) != nil {
+				http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+				return
+			}
+
+			// Token is authenticated, pass it through
+			next.ServeHTTP(w, r)
+		}
+		return http.HandlerFunc(handlerFunc)
+	}
+}
+
+func (ja *JWTAuth) AuthorizeRoles(roles []string) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		handlerFunc := func(w http.ResponseWriter, r *http.Request) {
+			token := r.Context().Value(TokenContextKey).(jwt.Token)
+			hasAllRoles := true
+			privateClaims := token.PrivateClaims()
+			for _, role := range roles {
+				hasRole := helpers.JwtHasClaim(privateClaims, role)
+				if !hasRole {
+					hasAllRoles = false
+					break
+				}
+			}
+			if !hasAllRoles {
+				http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+				return
+			}
+			next.ServeHTTP(w, r)
+		}
+		return http.HandlerFunc(handlerFunc)
+	}
+}
+
+func FromContext(ctx context.Context) (jwt.Token, map[string]interface{}, error) {
+	token, _ := ctx.Value(TokenContextKey).(jwt.Token)
+
+	var err error
+	var claims map[string]interface{}
+
+	if token != nil {
+		claims, err = token.AsMap(context.Background())
+		if err != nil {
+			return token, nil, err
+		}
+	} else {
+		claims = map[string]interface{}{}
+	}
+
+	err, _ = ctx.Value(ErrorContextKey).(error)
+	return token, claims, err
+}
+
+func TokenFromCookie(r *http.Request) string {
+	cookie, err := r.Cookie("jwt")
+	if err != nil {
+		return ""
+	}
+	return cookie.Value
+}
+
+func TokenFromHeader(r *http.Request) string {
+	// Get token from authorization header.
+	bearer := r.Header.Get("Authorization")
+	if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
+		return bearer[7:]
+	}
+	return ""
+}
+
+func TokenFromQuery(r *http.Request) string {
+	// Get token from query param named "jwt".
+	return r.URL.Query().Get("jwt")
+}
--- a/routes/PowerItemRoutes.go
+++ b/routes/PowerItemRoutes.go
@ -0,0 +1,29 @@
+package routes
+
+import (
+	"forgejo.merr.is/annika/isl-api/controllers"
+	"forgejo.merr.is/annika/isl-api/middlewares"
+	"github.com/go-chi/chi/v5"
+)
+
+func SetupPowerItemRoutes(c controllers.PowerItemController, tokenAuth *middlewares.JWTAuth) *chi.Mux {
+	r := chi.NewRouter()
+
+	r.Get("/", c.GetAll)
+	r.Get("/asMap", c.GetAllAsMap)
+	r.Get("/byType/{type:[1-3]}", c.GetAllByType)
+	r.Get("/byType/{type:[1-3]}/asMap", c.GetAllByTypeAsMap)
+
+	ar := chi.NewRouter()
+	ar.Group(func(r chi.Router) {
+		r.Use(tokenAuth.Verifier())
+		r.Use(tokenAuth.Authenticator())
+		r.Use(tokenAuth.AuthorizeRoles([]string{"add_item"}))
+
+		r.Post("/", c.Add)
+		r.Post("/multiple", c.AddMultiple)
+	})
+	r.Mount("/", ar)
+
+	return r
+}
--- a/services/PowerItemService.go
+++ b/services/PowerItemService.go
@ -1,9 +1,9 @@
-package Services
+package services

 import (
 	"context"

-	"forgejo.merr.is/annika/isl-api/Types"
+	"forgejo.merr.is/annika/isl-api/entities"
 	"forgejo.merr.is/annika/isl-api/sql/powerItem"
 	"github.com/jackc/pgtype"
 )
@ -20,31 +20,31 @@ func NewPowerItemService(querier *powerItem.DBQuerier) *PowerItemService {
 	}
 }

-func (p *PowerItemService) GetAll() ([]Types.PowerItem, error) {
+func (p *PowerItemService) GetAll() ([]entities.PowerItem, error) {
 	rows, err := p.querier.GetAllItems(p.context)
 	if err != nil {
-		return []Types.PowerItem{}, err
+		return []entities.PowerItem{}, err
 	}
-	var powerItems []Types.PowerItem
+	var powerItems []entities.PowerItem
 	for _, sqlItem := range rows {
-		powerItems = append(powerItems, Types.FromGetAllItemsRow(sqlItem))
+		powerItems = append(powerItems, entities.FromGetAllItemsRow(sqlItem))
 	}
 	return powerItems, nil
 }

-func (p *PowerItemService) GetAllByType(itemType int) ([]Types.PowerItem, error) {
+func (p *PowerItemService) GetAllByType(itemType int) ([]entities.PowerItem, error) {
 	rows, err := p.querier.GetAllByType(p.context, int32(itemType))
 	if err != nil {
-		return []Types.PowerItem{}, err
+		return []entities.PowerItem{}, err
 	}
-	var powerItems []Types.PowerItem
+	var powerItems []entities.PowerItem
 	for _, sqlItem := range rows {
-		powerItems = append(powerItems, Types.FromGetAllItemsByTypeRow(sqlItem))
+		powerItems = append(powerItems, entities.FromGetAllItemsByTypeRow(sqlItem))
 	}
 	return powerItems, nil
 }

-func (p *PowerItemService) Add(newItem Types.PowerItem) (Types.PowerItem, error) {
+func (p *PowerItemService) Add(newItem entities.PowerItem) (entities.PowerItem, error) {
 	sqlItem := powerItem.AddNewItemWithIDParams{
 		ID:           newItem.ID,
 		ItemType:     newItem.ItemType,
@ -59,14 +59,14 @@ func (p *PowerItemService) Add(newItem Types.PowerItem) (Types.PowerItem, error)
 	}
 	row, err := p.querier.AddNewItemWithID(p.context, powerItem.AddNewItemWithIDParams(sqlItem))
 	if err != nil {
-		return Types.PowerItem{}, err
+		return entities.PowerItem{}, err
 	}
-	return Types.FromAddNewItemWithIDParams(row), nil
+	return entities.FromAddNewItemWithIDParams(row), nil
 }

-func (p *PowerItemService) AddMultipile(newItems map[string]Types.PowerItem, itemType int32) ([]Types.PowerItem, []error) {
+func (p *PowerItemService) AddMultipile(newItems map[string]entities.PowerItem, itemType int32) ([]entities.PowerItem, []error) {
 	var errors []error
-	var addedItems []Types.PowerItem
+	var addedItems []entities.PowerItem
 	for key, value := range newItems {
 		id := pgtype.UUID{}
 		id.Set(key)
@ -87,7 +87,7 @@ func (p *PowerItemService) AddMultipile(newItems map[string]Types.PowerItem, ite
 			errors = append(errors, err)
 			continue
 		}
-		addedItems = append(addedItems, Types.FromAddNewItemWithIDParams(row))
+		addedItems = append(addedItems, entities.FromAddNewItemWithIDParams(row))
 	}
 	return addedItems, errors
 }
Author	SHA1	Message	Date
Annika Merris	7e296092ff	Adding nix direnv flake...	2024-06-08 09:16:49 -04:00
Annika Merris	5b1e10badf	Updated .env to Use New Auth Server	2024-02-29 22:23:08 -05:00
Annika Merris	26e6b52b04	Added Logic To Set a UUID For New Items	2024-02-10 18:36:16 -05:00
Annika Merris	f483833260	Cleaned Up Logging And Variables	2024-02-10 17:27:08 -05:00
Annika Merris	b5ea01729b	Added JWT Auth Wrote my own JWT auth middleware, since I could not get the go-chi middleware to accept a JWKS instead of a certificate.	2024-02-10 17:18:22 -05:00
Annika Merris	ac18b94a86	This can verify a JWT using the JWKS fetched from an OAuth's endpoint.	2024-02-09 19:30:50 -05:00
Annika Merris	d4b2d5fefb	Switched From `httprouter` to `chi` I believe all functionality works properly	2024-02-07 19:15:25 -05:00
Annika Merris	c1231d487a	Made Changes To Use a `pgx` Connection Pool	2024-02-05 17:05:02 -05:00