⬆️ Upgrade Passport and use Hyper SDK

pkg/internal/server/api/attachments_api.go

@@ -1,11 +1,10 @@
-package server
+package api
 
 import (
-	"context"
 	"fmt"
 	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/database"
-	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/grpc"
-	"git.solsynth.dev/hydrogen/passport/pkg/grpc/proto"
+	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/gap"
+	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/server/exts"
 	"net/url"
 	"path/filepath"
 
@@ -73,7 +72,7 @@ func getAttachmentMeta(c *fiber.Ctx) error {
 }
 
 func createAttachment(c *fiber.Ctx) error {
-	user := c.Locals("principal").(models.Account)
+	user := c.Locals("user").(models.Account)
 
 	destName := c.Query("destination", viper.GetString("preferred_destination"))
 
@@ -91,18 +90,8 @@ func createAttachment(c *fiber.Ctx) error {
 		return err
 	}
 
-	requiredPerm, _ := jsoniter.Marshal(file.Size)
-	if result, err := grpc.Auth.CheckPerm(context.Background(), &proto.CheckPermRequest{
-		Token: c.Locals("token").(string),
-		Key:   "CreatePaperclipAttachments",
-		Value: requiredPerm,
-	}); err != nil {
-		return fiber.NewError(fiber.StatusInternalServerError, fmt.Sprintf("failed to check permission: %v", err))
-	} else if !result.GetIsValid() {
-		return fiber.NewError(
-			fiber.StatusForbidden,
-			fmt.Sprintf("requires permission CreatePaperclipAttachments equals or greater than %d", file.Size),
-		)
+	if err := gap.H.EnsureGrantedPerm(c, "CreatePaperclipAttachments", file.Size); err != nil {
+		return err
 	}
 
 	usermeta := make(map[string]any)
@@ -137,7 +126,11 @@ func createAttachment(c *fiber.Ctx) error {
 
 func updateAttachmentMeta(c *fiber.Ctx) error {
 	id, _ := c.ParamsInt("id", 0)
-	user := c.Locals("principal").(models.Account)
+	user := c.Locals("user").(models.Account)
+
+	if err := gap.H.EnsureAuthenticated(c); err != nil {
+		return err
+	}
 
 	var data struct {
 		Alternative string         `json:"alt"`
@@ -146,7 +139,7 @@ func updateAttachmentMeta(c *fiber.Ctx) error {
 		IsMature    bool           `json:"is_mature"`
 	}
 
-	if err := BindAndValidate(c, &data); err != nil {
+	if err := exts.BindAndValidate(c, &data); err != nil {
 		return err
 	}
 
@@ -172,7 +165,11 @@ func updateAttachmentMeta(c *fiber.Ctx) error {
 
 func deleteAttachment(c *fiber.Ctx) error {
 	id, _ := c.ParamsInt("id", 0)
-	user := c.Locals("principal").(models.Account)
+	user := c.Locals("user").(models.Account)
+
+	if err := gap.H.EnsureAuthenticated(c); err != nil {
+		return err
+	}
 
 	attachment, err := services.GetAttachmentByID(uint(id))
 	if err != nil {

pkg/internal/server/api/index.go

@@ -0,0 +1,17 @@
+package api
+
+import "github.com/gofiber/fiber/v2"
+
+func MapAPIs(app *fiber.App) {
+	app.Get("/.well-known", getMetadata)
+	app.Get("/.well-known/destinations", getDestinations)
+
+	api := app.Group("/api").Name("API")
+	{
+		api.Get("/attachments/:id/meta", getAttachmentMeta)
+		api.Get("/attachments/:id", openAttachment)
+		api.Post("/attachments", createAttachment)
+		api.Put("/attachments/:id", updateAttachmentMeta)
+		api.Delete("/attachments/:id", deleteAttachment)
+	}
+}

pkg/internal/server/api/well_known_api.go

@@ -1,4 +1,4 @@
-package server
+package api
 
 import (
 	"github.com/gofiber/fiber/v2"

pkg/internal/server/auth.go

@@ -1,50 +0,0 @@
-package server
-
-import (
-	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/services"
-	"github.com/gofiber/fiber/v2"
-	"strings"
-)
-
-func authMiddleware(c *fiber.Ctx) error {
-	var token string
-	if cookie := c.Cookies(services.CookieAccessKey); len(cookie) > 0 {
-		token = cookie
-	}
-	if header := c.Get(fiber.HeaderAuthorization); len(header) > 0 {
-		tk := strings.Replace(header, "Bearer", "", 1)
-		token = strings.TrimSpace(tk)
-	}
-
-	c.Locals("token", token)
-
-	if err := authFunc(c); err != nil {
-		return err
-	}
-
-	return c.Next()
-}
-
-func authFunc(c *fiber.Ctx, overrides ...string) error {
-	var token string
-	if len(overrides) > 0 {
-		token = overrides[0]
-	} else {
-		if tk, ok := c.Locals("token").(string); !ok {
-			return fiber.NewError(fiber.StatusUnauthorized)
-		} else {
-			token = tk
-		}
-	}
-
-	rtk := c.Cookies(services.CookieRefreshKey)
-	if user, atk, rtk, err := services.Authenticate(token, rtk); err == nil {
-		if atk != token {
-			services.SetJwtCookieSet(c, atk, rtk)
-		}
-		c.Locals("principal", user)
-		return nil
-	} else {
-		return fiber.NewError(fiber.StatusUnauthorized, err.Error())
-	}
-}

pkg/internal/server/exts/auth.go

@@ -0,0 +1,19 @@
+package exts
+
+import (
+	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/services"
+	"git.solsynth.dev/hydrogen/passport/pkg/proto"
+	"github.com/gofiber/fiber/v2"
+)
+
+func LinkAccountMiddleware(c *fiber.Ctx) error {
+	if val, ok := c.Locals("p_user").(*proto.Userinfo); ok {
+		if account, err := services.LinkAccount(val); err != nil {
+			return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+		} else {
+			c.Locals("user", account)
+		}
+	}
+
+	return c.Next()
+}

pkg/internal/server/exts/utils.go

@@ -1,4 +1,4 @@
-package server
+package exts
 
 import (
 	"github.com/go-playground/validator/v10"

pkg/internal/server/server.go

@@ -1,6 +1,9 @@
 package server
 
 import (
+	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/gap"
+	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/server/api"
+	"git.solsynth.dev/hydrogen/paperclip/pkg/internal/server/exts"
 	"strings"
 
 	"github.com/gofiber/fiber/v2"
@@ -49,17 +52,10 @@ func NewServer() {
 		Output: log.Logger,
 	}))
 
-	A.Get("/.well-known", getMetadata)
-	A.Get("/.well-known/destinations", getDestinations)
+	A.Use(gap.H.AuthMiddleware)
+	A.Use(exts.LinkAccountMiddleware)
 
-	api := A.Group("/api").Name("API")
-	{
-		api.Get("/attachments/:id/meta", getAttachmentMeta)
-		api.Get("/attachments/:id", openAttachment)
-		api.Post("/attachments", authMiddleware, createAttachment)
-		api.Put("/attachments/:id", authMiddleware, updateAttachmentMeta)
-		api.Delete("/attachments/:id", authMiddleware, deleteAttachment)
-	}
+	api.MapAPIs(A)
 }
 
 func Listen() {