⬆️ Upgrade Passport

pkg/services/accounts.go

@@ -5,9 +5,9 @@ import (
 	"git.solsynth.dev/hydrogen/messaging/pkg/database"
 	"time"
 
-	"git.solsynth.dev/hydrogen/identity/pkg/grpc/proto"
 	"git.solsynth.dev/hydrogen/messaging/pkg/grpc"
 	"git.solsynth.dev/hydrogen/messaging/pkg/models"
+	"git.solsynth.dev/hydrogen/passport/pkg/grpc/proto"
 	"github.com/spf13/viper"
 )
 

pkg/services/auth.go

@@ -7,10 +7,10 @@ import (
 	"reflect"
 	"time"
 
-	"git.solsynth.dev/hydrogen/identity/pkg/grpc/proto"
 	"git.solsynth.dev/hydrogen/messaging/pkg/database"
 	"git.solsynth.dev/hydrogen/messaging/pkg/grpc"
 	"git.solsynth.dev/hydrogen/messaging/pkg/models"
+	"git.solsynth.dev/hydrogen/passport/pkg/grpc/proto"
 	"gorm.io/gorm"
 )
 

pkg/services/channel_members.go

@@ -19,7 +19,7 @@ func ListChannelMember(channelId uint) ([]models.ChannelMember, error) {
 	return members, nil
 }
 
-func InviteChannelMember(user models.Account, target models.Channel) error {
+func AddChannelMemberWithCheck(user models.Account, target models.Channel) error {
 	if _, err := GetAccountFriend(user.ID, target.AccountID, 1); err != nil {
 		return fmt.Errorf("you only can invite your friends to your channel")
 	}

pkg/services/encryptor.go

@@ -0,0 +1,12 @@
+package services
+
+import "golang.org/x/crypto/bcrypt"
+
+func HashPassword(raw string) string {
+	data, _ := bcrypt.GenerateFromPassword([]byte(raw), 12)
+	return string(data)
+}
+
+func VerifyPassword(text string, password string) bool {
+	return bcrypt.CompareHashAndPassword([]byte(password), []byte(text)) == nil
+}

pkg/services/jwt.go

@@ -0,0 +1,81 @@
+package services
+
+import (
+	"fmt"
+	"github.com/gofiber/fiber/v2"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/spf13/viper"
+)
+
+type PayloadClaims struct {
+	jwt.RegisteredClaims
+
+	Type string `json:"typ"`
+}
+
+const (
+	JwtAccessType  = "access"
+	JwtRefreshType = "refresh"
+)
+
+const (
+	CookieAccessKey  = "identity_auth_key"
+	CookieRefreshKey = "identity_refresh_key"
+)
+
+func EncodeJwt(id string, typ, sub string, aud []string, exp time.Time) (string, error) {
+	tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
+		jwt.RegisteredClaims{
+			Subject:   sub,
+			Audience:  aud,
+			Issuer:    fmt.Sprintf("https://%s", viper.GetString("domain")),
+			ExpiresAt: jwt.NewNumericDate(exp),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			ID:        id,
+		},
+		typ,
+	})
+
+	return tk.SignedString([]byte(viper.GetString("secret")))
+}
+
+func DecodeJwt(str string) (PayloadClaims, error) {
+	var claims PayloadClaims
+	tk, err := jwt.ParseWithClaims(str, &claims, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		return []byte(viper.GetString("secret")), nil
+	})
+	if err != nil {
+		return claims, err
+	}
+
+	if data, ok := tk.Claims.(*PayloadClaims); ok {
+		return *data, nil
+	} else {
+		return claims, fmt.Errorf("unexpected token payload: not payload claims type")
+	}
+}
+
+func SetJwtCookieSet(c *fiber.Ctx, access, refresh string) {
+	c.Cookie(&fiber.Cookie{
+		Name:     CookieAccessKey,
+		Value:    access,
+		Domain:   viper.GetString("security.cookie_domain"),
+		SameSite: viper.GetString("security.cookie_samesite"),
+		Expires:  time.Now().Add(60 * time.Minute),
+		Path:     "/",
+	})
+	c.Cookie(&fiber.Cookie{
+		Name:     CookieRefreshKey,
+		Value:    refresh,
+		Domain:   viper.GetString("security.cookie_domain"),
+		SameSite: viper.GetString("security.cookie_samesite"),
+		Expires:  time.Now().Add(24 * 30 * time.Hour),
+		Path:     "/",
+	})
+}

pkg/services/realms.go

@@ -0,0 +1,82 @@
+package services
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"git.solsynth.dev/hydrogen/messaging/pkg/database"
+	"git.solsynth.dev/hydrogen/messaging/pkg/grpc"
+	"git.solsynth.dev/hydrogen/messaging/pkg/models"
+	"git.solsynth.dev/hydrogen/passport/pkg/grpc/proto"
+	"github.com/samber/lo"
+	"gorm.io/gorm"
+)
+
+func GetRealm(id uint) (models.Realm, error) {
+	var realm models.Realm
+	response, err := grpc.Realms.GetRealm(context.Background(), &proto.RealmLookupRequest{
+		Id: lo.ToPtr(uint64(id)),
+	})
+	if err != nil {
+		return realm, err
+	}
+	return LinkRealm(response)
+}
+
+func GetRealmWithAlias(alias string) (models.Realm, error) {
+	var realm models.Realm
+	response, err := grpc.Realms.GetRealm(context.Background(), &proto.RealmLookupRequest{
+		Alias: &alias,
+	})
+	if err != nil {
+		return realm, err
+	}
+	return LinkRealm(response)
+}
+
+func GetRealmMember(realmId uint, userId uint) (*proto.RealmMemberResponse, error) {
+	response, err := grpc.Realms.GetRealmMember(context.Background(), &proto.RealmMemberLookupRequest{
+		RealmId: uint64(realmId),
+		UserId:  lo.ToPtr(uint64(userId)),
+	})
+	if err != nil {
+		return nil, err
+	} else {
+		return response, nil
+	}
+}
+
+func ListRealmMember(realmId uint) ([]*proto.RealmMemberResponse, error) {
+	response, err := grpc.Realms.ListRealmMember(context.Background(), &proto.RealmMemberLookupRequest{
+		RealmId: uint64(realmId),
+	})
+	if err != nil {
+		return nil, err
+	} else {
+		return response.Data, nil
+	}
+}
+
+func LinkRealm(info *proto.RealmResponse) (models.Realm, error) {
+	var realm models.Realm
+	if info == nil {
+		return realm, fmt.Errorf("remote realm info was not found")
+	}
+	if err := database.C.Where(&models.Realm{
+		ExternalID: uint(info.Id),
+	}).First(&realm).Error; err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			realm = models.Realm{
+				Alias:       info.Alias,
+				Name:        info.Name,
+				Description: info.Description,
+				IsPublic:    info.IsPublic,
+				IsCommunity: info.IsCommunity,
+				ExternalID:  uint(info.Id),
+			}
+			return realm, database.C.Save(&realm).Error
+		}
+		return realm, err
+	}
+	return realm, nil
+}