Passport/pkg/internal/http/api/factors_api.go

package api

import (
	"fmt"

	"git.solsynth.dev/hypernet/passport/pkg/authkit/models"
	"git.solsynth.dev/hypernet/passport/pkg/internal/database"
	"git.solsynth.dev/hypernet/passport/pkg/internal/http/exts"
	"git.solsynth.dev/hypernet/passport/pkg/internal/services"
	"github.com/gofiber/fiber/v2"
	jsoniter "github.com/json-iterator/go"
	"github.com/pquerna/otp/totp"
	"github.com/samber/lo"
	"github.com/spf13/viper"
	"gorm.io/datatypes"
)

func getAvailableFactors(c *fiber.Ctx) error {
	ticketId := c.QueryInt("ticketId", 0)
	if ticketId <= 0 {
		return fiber.NewError(fiber.StatusBadRequest, "must provide ticket id as a query parameter")
	}

	ticket, err := services.GetTicket(uint(ticketId))
	if err != nil {
		return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("ticket was not found: %v", err))
	}
	factors, err := services.ListUserFactor(ticket.AccountID)
	if err != nil {
		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
	}

	return c.JSON(factors)
}

func requestFactorToken(c *fiber.Ctx) error {
	id, _ := c.ParamsInt("factorId", 0)

	factor, err := services.GetFactor(uint(id))
	if err != nil {
		return fiber.NewError(fiber.StatusNotFound, err.Error())
	}

	if sent, err := services.GetFactorCode(factor); err != nil {
		return fiber.NewError(fiber.StatusNotFound, err.Error())
	} else if !sent {
		return c.SendStatus(fiber.StatusNoContent)
	} else {
		return c.SendStatus(fiber.StatusOK)
	}
}

func listFactor(c *fiber.Ctx) error {
	if err := exts.EnsureAuthenticated(c); err != nil {
		return err
	}
	user := c.Locals("user").(models.Account)

	var factors []models.AuthFactor
	if err := database.C.Where("account_id = ?", user.ID).Find(&factors).Error; err != nil {
		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
	}

	return c.JSON(factors)
}

func createFactor(c *fiber.Ctx) error {
	if err := exts.EnsureAuthenticated(c); err != nil {
		return err
	}
	user := c.Locals("user").(models.Account)

	var data struct {
		Type   models.AuthFactorType `json:"type"`
		Secret string                `json:"secret"`
	}

	if err := exts.BindAndValidate(c, &data); err != nil {
		return err
	}

	typeWhitelist := []models.AuthFactorType{
		models.EmailPasswordFactor,
		models.InAppNotifyFactor,
		models.TimeOtpFactor,
	}
	if !lo.Contains(typeWhitelist, data.Type) {
		return fiber.NewError(fiber.StatusBadRequest, "invalid factor type")
	}

	// Currently, each type of factor can only be created once
	var currentCount int64
	if err := database.C.Model(&models.AuthFactor{}).
		Where("account_id = ? AND type = ?", user.ID, data.Type).
		Count(&currentCount).Error; err != nil {
		return fiber.NewError(fiber.StatusInternalServerError, fmt.Sprintf("unable to check current factor count: %v", err))
	} else if currentCount > 0 {
		return fiber.NewError(fiber.StatusBadRequest, "this type of factor already exists")
	}

	factor := models.AuthFactor{
		Type:      data.Type,
		Secret:    data.Secret,
		Account:   user,
		AccountID: user.ID,
	}

	additionalOnceConfig := map[string]any{}

	switch data.Type {
	case models.TimeOtpFactor:
		cfg := totp.GenerateOpts{
			Issuer:      viper.GetString("name"),
			AccountName: user.Name,
			Period:      30,
			SecretSize:  20,
			Digits:      6,
		}
		key, err := totp.Generate(cfg)
		if err != nil {
			return fmt.Errorf("unable to generate totp key: %v", err)
		}
		factor.Secret = key.Secret()
		factor.Config = datatypes.NewJSONType(map[string]any{
			"issuer":       cfg.Issuer,
			"account_name": cfg.AccountName,
			"period":       cfg.Period,
			"secret_size":  cfg.SecretSize,
			"digits":       cfg.Digits,
		})
		additionalOnceConfig["url"] = key.URL()
	}

	if err := database.C.Create(&factor).Error; err != nil {
		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
	}

	if len(additionalOnceConfig) > 0 {
		data := factor.Config.Data()
		for k, v := range additionalOnceConfig {
			data[k] = v
		}
		factor.Config = datatypes.NewJSONType(data)
	}

	var out map[string]any
	raw, _ := jsoniter.Marshal(factor)
	jsoniter.Unmarshal(raw, &out)
	out["config"] = factor.Config.Data()

	return c.JSON(out)
}

func deleteFactor(c *fiber.Ctx) error {
	id, _ := c.ParamsInt("factorId", 0)

	if err := exts.EnsureAuthenticated(c); err != nil {
		return err
	}
	user := c.Locals("user").(models.Account)

	var factor models.AuthFactor
	if err := database.C.Where("id = ? AND account_id = ?", id, user.ID).First(&factor).Error; err != nil {
		return fiber.NewError(fiber.StatusNotFound, err.Error())
	}

	if factor.Type == models.PasswordAuthFactor {
		return fiber.NewError(fiber.StatusBadRequest, "unable to delete password factor")
	}

	if err := database.C.Delete(&factor).Error; err != nil {
		return fiber.NewError(fiber.StatusInternalServerError, err.Error())
	}

	return c.SendStatus(fiber.StatusOK)
}
:recycle: Improve code structure and much easier to read :bug: Fix auth middleware 2024-06-22 13:04:21 +08:00			`package api`
:wastebasket: Remove bus deps and code 2024-01-27 01:11:32 +08:00
			`import (`
:recycle: Update the sign in web page to the latest API 2024-06-24 23:54:45 +08:00			`"fmt"`
:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00
			`"git.solsynth.dev/hypernet/passport/pkg/authkit/models"`
			`"git.solsynth.dev/hypernet/passport/pkg/internal/database"`
:truck: Update package name from Hypdrogen to Hypernet 2024-10-31 20:38:50 +08:00			`"git.solsynth.dev/hypernet/passport/pkg/internal/http/exts"`
			`"git.solsynth.dev/hypernet/passport/pkg/internal/services"`
:wastebasket: Remove bus deps and code 2024-01-27 01:11:32 +08:00			`"github.com/gofiber/fiber/v2"`
:bug: Trying to fix factor respond with null config 2025-01-28 19:27:48 +08:00			`jsoniter "github.com/json-iterator/go"`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`"github.com/pquerna/otp/totp"`
:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`"github.com/samber/lo"`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`"github.com/spf13/viper"`
			`"gorm.io/datatypes"`
:wastebasket: Remove bus deps and code 2024-01-27 01:11:32 +08:00			`)`

:recycle: Update the sign in web page to the latest API 2024-06-24 23:54:45 +08:00			`func getAvailableFactors(c *fiber.Ctx) error {`
			`ticketId := c.QueryInt("ticketId", 0)`
			`if ticketId <= 0 {`
			`return fiber.NewError(fiber.StatusBadRequest, "must provide ticket id as a query parameter")`
			`}`

			`ticket, err := services.GetTicket(uint(ticketId))`
			`if err != nil {`
			`return fiber.NewError(fiber.StatusBadRequest, fmt.Sprintf("ticket was not found: %v", err))`
			`}`
			`factors, err := services.ListUserFactor(ticket.AccountID)`
			`if err != nil {`
			`return fiber.NewError(fiber.StatusInternalServerError, err.Error())`
			`}`

			`return c.JSON(factors)`
			`}`

:wastebasket: Remove bus deps and code 2024-01-27 01:11:32 +08:00			`func requestFactorToken(c *fiber.Ctx) error {`
			`id, _ := c.ParamsInt("factorId", 0)`

:sparkles: New ticket ways 2024-04-20 19:04:33 +08:00			`factor, err := services.GetFactor(uint(id))`
:wastebasket: Remove bus deps and code 2024-01-27 01:11:32 +08:00			`if err != nil {`
			`return fiber.NewError(fiber.StatusNotFound, err.Error())`
			`}`

:sparkles: Email notification 2024-01-29 16:11:59 +08:00			`if sent, err := services.GetFactorCode(factor); err != nil {`
:wastebasket: Remove bus deps and code 2024-01-27 01:11:32 +08:00			`return fiber.NewError(fiber.StatusNotFound, err.Error())`
:sparkles: User login 2024-01-28 00:05:19 +08:00			`} else if !sent {`
			`return c.SendStatus(fiber.StatusNoContent)`
			`} else {`
			`return c.SendStatus(fiber.StatusOK)`
:wastebasket: Remove bus deps and code 2024-01-27 01:11:32 +08:00			`}`
			`}`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00
:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`func listFactor(c *fiber.Ctx) error {`
			`if err := exts.EnsureAuthenticated(c); err != nil {`
			`return err`
			`}`
			`user := c.Locals("user").(models.Account)`

			`var factors []models.AuthFactor`
			`if err := database.C.Where("account_id = ?", user.ID).Find(&factors).Error; err != nil {`
			`return fiber.NewError(fiber.StatusInternalServerError, err.Error())`
			`}`

			`return c.JSON(factors)`
			`}`

			`func createFactor(c *fiber.Ctx) error {`
			`if err := exts.EnsureAuthenticated(c); err != nil {`
			`return err`
			`}`
			`user := c.Locals("user").(models.Account)`

:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00			`var data struct {`
:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			Type models.AuthFactorType `json:"type"`
			Secret string `json:"secret"`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00			`}`

			`if err := exts.BindAndValidate(c, &data); err != nil {`
			`return err`
			`}`

:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`typeWhitelist := []models.AuthFactorType{`
			`models.EmailPasswordFactor,`
			`models.InAppNotifyFactor,`
			`models.TimeOtpFactor,`
			`}`
			`if !lo.Contains(typeWhitelist, data.Type) {`
			`return fiber.NewError(fiber.StatusBadRequest, "invalid factor type")`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00			`}`

:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`// Currently, each type of factor can only be created once`
			`var currentCount int64`
			`if err := database.C.Model(&models.AuthFactor{}).`
			`Where("account_id = ? AND type = ?", user.ID, data.Type).`
			`Count(&currentCount).Error; err != nil {`
			`return fiber.NewError(fiber.StatusInternalServerError, fmt.Sprintf("unable to check current factor count: %v", err))`
			`} else if currentCount > 0 {`
			`return fiber.NewError(fiber.StatusBadRequest, "this type of factor already exists")`
			`}`

			`factor := models.AuthFactor{`
			`Type: data.Type,`
			`Secret: data.Secret,`
			`Account: user,`
			`AccountID: user.ID,`
			`}`
:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00
			`additionalOnceConfig := map[string]any{}`

			`switch data.Type {`
			`case models.TimeOtpFactor:`
			`cfg := totp.GenerateOpts{`
			`Issuer: viper.GetString("name"),`
			`AccountName: user.Name,`
			`Period: 30,`
			`SecretSize: 20,`
			`Digits: 6,`
			`}`
			`key, err := totp.Generate(cfg)`
			`if err != nil {`
			`return fmt.Errorf("unable to generate totp key: %v", err)`
			`}`
			`factor.Secret = key.Secret()`
			`factor.Config = datatypes.NewJSONType(map[string]any{`
			`"issuer": cfg.Issuer,`
			`"account_name": cfg.AccountName,`
			`"period": cfg.Period,`
			`"secret_size": cfg.SecretSize,`
			`"digits": cfg.Digits,`
			`})`
			`additionalOnceConfig["url"] = key.URL()`
			`}`

:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`if err := database.C.Create(&factor).Error; err != nil {`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00			`return fiber.NewError(fiber.StatusInternalServerError, err.Error())`
			`}`

:sparkles: Impl for totp code, and in app notify factor 2025-01-28 18:20:18 +08:00			`if len(additionalOnceConfig) > 0 {`
			`data := factor.Config.Data()`
			`for k, v := range additionalOnceConfig {`
			`data[k] = v`
			`}`
			`factor.Config = datatypes.NewJSONType(data)`
			`}`

:bug: Trying to fix factor respond with null config 2025-01-28 19:27:48 +08:00			`var out map[string]any`
			`raw, _ := jsoniter.Marshal(factor)`
			`jsoniter.Unmarshal(raw, &out)`
			`out["config"] = factor.Config.Data()`

			`return c.JSON(out)`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00			`}`

:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`func deleteFactor(c *fiber.Ctx) error {`
			`id, _ := c.ParamsInt("factorId", 0)`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00
:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`if err := exts.EnsureAuthenticated(c); err != nil {`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00			`return err`
			`}`
:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`user := c.Locals("user").(models.Account)`

			`var factor models.AuthFactor`
			`if err := database.C.Where("id = ? AND account_id = ?", id, user.ID).First(&factor).Error; err != nil {`
			`return fiber.NewError(fiber.StatusNotFound, err.Error())`
			`}`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00
:sparkles: List, create & delete auth factor apis 2025-01-27 19:19:31 +08:00			`if factor.Type == models.PasswordAuthFactor {`
			`return fiber.NewError(fiber.StatusBadRequest, "unable to delete password factor")`
			`}`

			`if err := database.C.Delete(&factor).Error; err != nil {`
			`return fiber.NewError(fiber.StatusInternalServerError, err.Error())`
:sparkles: Reset password APIs 2024-06-30 17:01:39 +08:00			`}`

			`return c.SendStatus(fiber.StatusOK)`
			`}`