✨ Fetch userinfo in auth middleware

2024-10-22 22:58:09 +08:00
parent 406031b966
commit 0f4112e08b
13 changed files with 320 additions and 150 deletions
--- a/pkg/internal/auth/http.go
+++ b/pkg/internal/auth/http.go
@ -1,14 +1,18 @@
 package auth

-import "github.com/gofiber/fiber/v2"
+import (
+	"github.com/gofiber/fiber/v2"
+)

-func SoftAuthMiddleware(c *fiber.Ctx) error {
+func AuthContextMiddleware(c *fiber.Ctx) error {
 	atk := tokenExtract(c)
-	c.Locals("nex_token", atk)
+	c.Locals("nex_in_token", atk)

 	if claims, err := tokenRead(atk); err == nil && claims != nil {
 		c.Locals("nex_principal", claims)
-		// TODO fetch user info
+		if err = userinfoFetch(c); err != nil {
+			return err
+		}
 	} else if err != nil {
 		c.Locals("nex_auth_error", err)
 	}
@ -16,7 +20,7 @@ func SoftAuthMiddleware(c *fiber.Ctx) error {
 	return c.Next()
 }

-func HardAuthMiddleware(c *fiber.Ctx) error {
+func AuthMiddleware(c *fiber.Ctx) error {
 	if c.Locals("nex_principal") == nil {
 		err := c.Locals("nex_auth_error").(error)
 		return fiber.NewError(fiber.StatusUnauthorized, err.Error())
--- a/pkg/internal/auth/token.go
+++ b/pkg/internal/auth/token.go
@ -8,6 +8,9 @@ import (

 var JReader *sec.JwtReader

+var IReader *sec.InternalTokenReader
+var IWriter *sec.InternalTokenWriter
+
 func tokenExtract(c *fiber.Ctx) string {
 	var atk string
 	if cookie := c.Cookies(sec.CookieAccessToken); len(cookie) > 0 {
--- a/pkg/internal/auth/userinfo.go
+++ b/pkg/internal/auth/userinfo.go
@ -1 +1,46 @@
 package auth
+
+import (
+	"context"
+	"fmt"
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/directory"
+	"git.solsynth.dev/hypernet/nexus/pkg/nex"
+	"git.solsynth.dev/hypernet/nexus/pkg/nex/sec"
+	"git.solsynth.dev/hypernet/nexus/pkg/proto"
+	"github.com/gofiber/fiber/v2"
+	"github.com/rs/zerolog/log"
+	"time"
+)
+
+func userinfoFetch(c *fiber.Ctx) error {
+	claims, ok := c.Locals("nex_principal").(*sec.JwtClaims)
+	if !ok {
+		return fiber.NewError(fiber.StatusUnauthorized, "user principal data was not found")
+	}
+
+	service := directory.GetServiceInstanceByType(nex.ServiceTypeAuth)
+	if service != nil {
+		conn, err := service.GetGrpcConn()
+		if err != nil {
+			log.Warn().Str("id", service.ID).Err(err).Msg("Unable to fetch userinfo, the implementation of id service is down")
+		} else {
+			ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+			defer cancel()
+			resp, err := proto.NewAuthServiceClient(conn).Authenticate(ctx, &proto.AuthRequest{
+				SessionId: uint64(claims.Session),
+			})
+			if err != nil {
+				return fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("unable to load userinfo: %v", err))
+			}
+			userinfo := sec.NewUserInfoFromProto(resp.Info.Info)
+			tk, err := IWriter.WriteUserInfoJwt(userinfo)
+			if err != nil {
+				return fiber.NewError(fiber.StatusInternalServerError, fmt.Sprintf("unable to sign userinfo: %v", err))
+			}
+			c.Locals("nex_token", tk)
+		}
+	} else {
+		log.Warn().Msg("Unable to fetch userinfo, no implementation of id service")
+	}
+	return nil
+}
--- a/pkg/internal/directory/service.go
+++ b/pkg/internal/directory/service.go
@ -21,7 +21,7 @@ func (v *ServiceInstance) GetGrpcConn() (*grpc.ClientConn, error) {
 	var err error
 	v.grpcConn, err = ConnectService(v)
 	if err != nil {
-		RemoveServiceInstance(v.ID)
+		_ = RemoveServiceInstance(v.ID)
 		return nil, err
 	}