diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index e21dc3e..465ddf5 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,35 +4,40 @@
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
+
+
+
+
+
-
-
-
+
+
+
+
+
+
{
"customColor": "",
"associatedIndex": 7
@@ -42,25 +47,27 @@
- {
- "keyToString": {
- "Go Build.Backend.executor": "Run",
- "Go 构建.Backend.executor": "Run",
- "RunOnceActivity.ShowReadmeOnStart": "true",
- "RunOnceActivity.go.formatter.settings.were.checked": "true",
- "RunOnceActivity.go.migrated.go.modules.settings": "true",
- "RunOnceActivity.go.modules.automatic.dependencies.download": "true",
- "RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
- "git-widget-placeholder": "features/consul",
- "go.import.settings.migrated": "true",
- "go.sdk.automatically.set": "true",
- "last_opened_file_path": "/Users/littlesheep/Documents/Projects/Hydrogen/Paperclip/pkg/internal/grpc",
- "node.js.detected.package.eslint": "true",
- "node.js.selected.package.eslint": "(autodetect)",
- "nodejs_package_manager_path": "npm",
- "settings.editor.selected.configurable": "preferences.lookFeel"
+
+}]]>
@@ -68,6 +75,8 @@
+
+
@@ -87,8 +96,8 @@
-
-
+
+
@@ -96,12 +105,24 @@
+
+
+
+
+
-
+
+
true
diff --git a/go.sum b/go.sum
index c007bb0..26c7d48 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,3 @@
-git.solsynth.dev/hydrogen/passport v0.0.0-20240517121420-1e2d5e9f9d87 h1:r+x72tRB9LTJFH3F2rIKydQUXREc7lgxITDnjfFWwGw=
-git.solsynth.dev/hydrogen/passport v0.0.0-20240517121420-1e2d5e9f9d87/go.mod h1:mEcDEKashAh3jvoGDbNLefK+HgsJaMj4xEc6vkLZ+Zc=
git.solsynth.dev/hydrogen/passport v0.0.0-20240622041415-c37a55b88b50 h1:DD7aOr4TkwJN0gUGf0zBgj77s9f6ozCuLB2tQjomkK0=
git.solsynth.dev/hydrogen/passport v0.0.0-20240622041415-c37a55b88b50/go.mod h1:XTNEOv75sZI52sNgpum7Z/tgYmlRcHfK7VdhyV7kc0w=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
@@ -300,8 +298,7 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
@@ -316,8 +313,7 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -366,8 +362,7 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -376,8 +371,7 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
diff --git a/pkg/internal/gap/client.go b/pkg/internal/gap/client.go
new file mode 100644
index 0000000..6a6a39e
--- /dev/null
+++ b/pkg/internal/gap/client.go
@@ -0,0 +1,12 @@
+package gap
+
+import (
+ "git.solsynth.dev/hydrogen/passport/pkg/hyper"
+ "github.com/spf13/viper"
+)
+
+var H *hyper.HyperConn
+
+func NewHyperClient() {
+ H = hyper.NewHyperConn(viper.GetString("consul.addr"))
+}
diff --git a/pkg/internal/gap/server.go b/pkg/internal/gap/server.go
index 5a5db6e..1a4a798 100644
--- a/pkg/internal/gap/server.go
+++ b/pkg/internal/gap/server.go
@@ -7,8 +7,6 @@ import (
"github.com/hashicorp/consul/api"
"github.com/spf13/viper"
- "google.golang.org/grpc"
- "google.golang.org/grpc/credentials/insecure"
)
func Register() error {
@@ -40,12 +38,3 @@ func Register() error {
return client.Agent().ServiceRegister(registration)
}
-
-func DiscoverPassport() (*grpc.ClientConn, error) {
- target := fmt.Sprintf("consul://%s/Hydrogen.Passport", viper.GetString("consul.addr"))
- return grpc.NewClient(
- target,
- grpc.WithTransportCredentials(insecure.NewCredentials()),
- grpc.WithDefaultServiceConfig(`{"loadBalancingPolicy": "round_robin"}`),
- )
-}
diff --git a/pkg/internal/server/attachments_api.go b/pkg/internal/server/api/attachments_api.go
similarity index 84%
rename from pkg/internal/server/attachments_api.go
rename to pkg/internal/server/api/attachments_api.go
index 0515a96..ef24643 100644
--- a/pkg/internal/server/attachments_api.go
+++ b/pkg/internal/server/api/attachments_api.go
@@ -1,11 +1,10 @@
-package server
+package api
import (
- "context"
"fmt"
"git.solsynth.dev/hydrogen/paperclip/pkg/internal/database"
- "git.solsynth.dev/hydrogen/paperclip/pkg/internal/grpc"
- "git.solsynth.dev/hydrogen/passport/pkg/grpc/proto"
+ "git.solsynth.dev/hydrogen/paperclip/pkg/internal/gap"
+ "git.solsynth.dev/hydrogen/paperclip/pkg/internal/server/exts"
"net/url"
"path/filepath"
@@ -73,7 +72,7 @@ func getAttachmentMeta(c *fiber.Ctx) error {
}
func createAttachment(c *fiber.Ctx) error {
- user := c.Locals("principal").(models.Account)
+ user := c.Locals("user").(models.Account)
destName := c.Query("destination", viper.GetString("preferred_destination"))
@@ -91,18 +90,8 @@ func createAttachment(c *fiber.Ctx) error {
return err
}
- requiredPerm, _ := jsoniter.Marshal(file.Size)
- if result, err := grpc.Auth.CheckPerm(context.Background(), &proto.CheckPermRequest{
- Token: c.Locals("token").(string),
- Key: "CreatePaperclipAttachments",
- Value: requiredPerm,
- }); err != nil {
- return fiber.NewError(fiber.StatusInternalServerError, fmt.Sprintf("failed to check permission: %v", err))
- } else if !result.GetIsValid() {
- return fiber.NewError(
- fiber.StatusForbidden,
- fmt.Sprintf("requires permission CreatePaperclipAttachments equals or greater than %d", file.Size),
- )
+ if err := gap.H.EnsureGrantedPerm(c, "CreatePaperclipAttachments", file.Size); err != nil {
+ return err
}
usermeta := make(map[string]any)
@@ -137,7 +126,11 @@ func createAttachment(c *fiber.Ctx) error {
func updateAttachmentMeta(c *fiber.Ctx) error {
id, _ := c.ParamsInt("id", 0)
- user := c.Locals("principal").(models.Account)
+ user := c.Locals("user").(models.Account)
+
+ if err := gap.H.EnsureAuthenticated(c); err != nil {
+ return err
+ }
var data struct {
Alternative string `json:"alt"`
@@ -146,7 +139,7 @@ func updateAttachmentMeta(c *fiber.Ctx) error {
IsMature bool `json:"is_mature"`
}
- if err := BindAndValidate(c, &data); err != nil {
+ if err := exts.BindAndValidate(c, &data); err != nil {
return err
}
@@ -172,7 +165,11 @@ func updateAttachmentMeta(c *fiber.Ctx) error {
func deleteAttachment(c *fiber.Ctx) error {
id, _ := c.ParamsInt("id", 0)
- user := c.Locals("principal").(models.Account)
+ user := c.Locals("user").(models.Account)
+
+ if err := gap.H.EnsureAuthenticated(c); err != nil {
+ return err
+ }
attachment, err := services.GetAttachmentByID(uint(id))
if err != nil {
diff --git a/pkg/internal/server/api/index.go b/pkg/internal/server/api/index.go
new file mode 100644
index 0000000..06950f6
--- /dev/null
+++ b/pkg/internal/server/api/index.go
@@ -0,0 +1,17 @@
+package api
+
+import "github.com/gofiber/fiber/v2"
+
+func MapAPIs(app *fiber.App) {
+ app.Get("/.well-known", getMetadata)
+ app.Get("/.well-known/destinations", getDestinations)
+
+ api := app.Group("/api").Name("API")
+ {
+ api.Get("/attachments/:id/meta", getAttachmentMeta)
+ api.Get("/attachments/:id", openAttachment)
+ api.Post("/attachments", createAttachment)
+ api.Put("/attachments/:id", updateAttachmentMeta)
+ api.Delete("/attachments/:id", deleteAttachment)
+ }
+}
diff --git a/pkg/internal/server/well_known_api.go b/pkg/internal/server/api/well_known_api.go
similarity index 97%
rename from pkg/internal/server/well_known_api.go
rename to pkg/internal/server/api/well_known_api.go
index bbb6339..1c5740e 100644
--- a/pkg/internal/server/well_known_api.go
+++ b/pkg/internal/server/api/well_known_api.go
@@ -1,4 +1,4 @@
-package server
+package api
import (
"github.com/gofiber/fiber/v2"
diff --git a/pkg/internal/server/auth.go b/pkg/internal/server/auth.go
deleted file mode 100644
index e14d77a..0000000
--- a/pkg/internal/server/auth.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package server
-
-import (
- "git.solsynth.dev/hydrogen/paperclip/pkg/internal/services"
- "github.com/gofiber/fiber/v2"
- "strings"
-)
-
-func authMiddleware(c *fiber.Ctx) error {
- var token string
- if cookie := c.Cookies(services.CookieAccessKey); len(cookie) > 0 {
- token = cookie
- }
- if header := c.Get(fiber.HeaderAuthorization); len(header) > 0 {
- tk := strings.Replace(header, "Bearer", "", 1)
- token = strings.TrimSpace(tk)
- }
-
- c.Locals("token", token)
-
- if err := authFunc(c); err != nil {
- return err
- }
-
- return c.Next()
-}
-
-func authFunc(c *fiber.Ctx, overrides ...string) error {
- var token string
- if len(overrides) > 0 {
- token = overrides[0]
- } else {
- if tk, ok := c.Locals("token").(string); !ok {
- return fiber.NewError(fiber.StatusUnauthorized)
- } else {
- token = tk
- }
- }
-
- rtk := c.Cookies(services.CookieRefreshKey)
- if user, atk, rtk, err := services.Authenticate(token, rtk); err == nil {
- if atk != token {
- services.SetJwtCookieSet(c, atk, rtk)
- }
- c.Locals("principal", user)
- return nil
- } else {
- return fiber.NewError(fiber.StatusUnauthorized, err.Error())
- }
-}
diff --git a/pkg/internal/server/exts/auth.go b/pkg/internal/server/exts/auth.go
new file mode 100644
index 0000000..a018ec3
--- /dev/null
+++ b/pkg/internal/server/exts/auth.go
@@ -0,0 +1,19 @@
+package exts
+
+import (
+ "git.solsynth.dev/hydrogen/paperclip/pkg/internal/services"
+ "git.solsynth.dev/hydrogen/passport/pkg/proto"
+ "github.com/gofiber/fiber/v2"
+)
+
+func LinkAccountMiddleware(c *fiber.Ctx) error {
+ if val, ok := c.Locals("p_user").(*proto.Userinfo); ok {
+ if account, err := services.LinkAccount(val); err != nil {
+ return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+ } else {
+ c.Locals("user", account)
+ }
+ }
+
+ return c.Next()
+}
diff --git a/pkg/internal/server/utils.go b/pkg/internal/server/exts/utils.go
similarity index 96%
rename from pkg/internal/server/utils.go
rename to pkg/internal/server/exts/utils.go
index 8502c7f..f34e873 100644
--- a/pkg/internal/server/utils.go
+++ b/pkg/internal/server/exts/utils.go
@@ -1,4 +1,4 @@
-package server
+package exts
import (
"github.com/go-playground/validator/v10"
diff --git a/pkg/internal/server/startup.go b/pkg/internal/server/server.go
similarity index 77%
rename from pkg/internal/server/startup.go
rename to pkg/internal/server/server.go
index 12ee67f..40dffd0 100644
--- a/pkg/internal/server/startup.go
+++ b/pkg/internal/server/server.go
@@ -1,6 +1,9 @@
package server
import (
+ "git.solsynth.dev/hydrogen/paperclip/pkg/internal/gap"
+ "git.solsynth.dev/hydrogen/paperclip/pkg/internal/server/api"
+ "git.solsynth.dev/hydrogen/paperclip/pkg/internal/server/exts"
"strings"
"github.com/gofiber/fiber/v2"
@@ -49,17 +52,10 @@ func NewServer() {
Output: log.Logger,
}))
- A.Get("/.well-known", getMetadata)
- A.Get("/.well-known/destinations", getDestinations)
+ A.Use(gap.H.AuthMiddleware)
+ A.Use(exts.LinkAccountMiddleware)
- api := A.Group("/api").Name("API")
- {
- api.Get("/attachments/:id/meta", getAttachmentMeta)
- api.Get("/attachments/:id", openAttachment)
- api.Post("/attachments", authMiddleware, createAttachment)
- api.Put("/attachments/:id", authMiddleware, updateAttachmentMeta)
- api.Delete("/attachments/:id", authMiddleware, deleteAttachment)
- }
+ api.MapAPIs(A)
}
func Listen() {
diff --git a/pkg/internal/services/auth.go b/pkg/internal/services/auth.go
index 8cdd4cf..9c6645c 100644
--- a/pkg/internal/services/auth.go
+++ b/pkg/internal/services/auth.go
@@ -1,18 +1,13 @@
package services
import (
- "context"
"errors"
"fmt"
- "reflect"
- "time"
-
"git.solsynth.dev/hydrogen/paperclip/pkg/internal/database"
- "git.solsynth.dev/hydrogen/paperclip/pkg/internal/gap"
-
"git.solsynth.dev/hydrogen/paperclip/pkg/internal/models"
- "git.solsynth.dev/hydrogen/passport/pkg/grpc/proto"
+ "git.solsynth.dev/hydrogen/passport/pkg/proto"
"gorm.io/gorm"
+ "reflect"
)
func LinkAccount(userinfo *proto.Userinfo) (models.Account, error) {
@@ -54,30 +49,3 @@ func LinkAccount(userinfo *proto.Userinfo) (models.Account, error) {
return account, err
}
-
-func Authenticate(atk, rtk string) (models.Account, string, string, error) {
- ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
- defer cancel()
-
- var err error
- var user models.Account
-
- pc, err := gap.DiscoverPassport()
- if err != nil {
- return user, atk, rtk, fmt.Errorf("authenticate services was not available")
- }
-
- reply, err := proto.NewAuthClient(pc).Authenticate(ctx, &proto.AuthRequest{
- AccessToken: atk,
- RefreshToken: &rtk,
- })
- if err != nil {
- return user, reply.GetAccessToken(), reply.GetRefreshToken(), err
- } else if !reply.IsValid {
- return user, reply.GetAccessToken(), reply.GetRefreshToken(), fmt.Errorf("invalid authorization context")
- }
-
- user, err = LinkAccount(reply.Userinfo)
-
- return user, reply.GetAccessToken(), reply.GetRefreshToken(), err
-}
diff --git a/pkg/main.go b/pkg/main.go
index 0b6b3ec..7f2b23d 100644
--- a/pkg/main.go
+++ b/pkg/main.go
@@ -46,6 +46,8 @@ func main() {
// Connect other services
if err := gap.Register(); err != nil {
log.Error().Err(err).Msg("An error occurred when registering service to gateway...")
+ } else {
+ gap.NewHyperClient()
}
// Configure timed tasks