♻️ Improve code structure and much easier to read

🐛 Fix auth middleware
2024-06-22 13:04:21 +08:00
parent c37a55b88b
commit 7007cda8f2
34 changed files with 451 additions and 337 deletions
--- a/pkg/internal/server/exts/auth.go
+++ b/pkg/internal/server/exts/auth.go
@ -0,0 +1,53 @@
+package exts
+
+import (
+	"fmt"
+	"git.solsynth.dev/hydrogen/passport/pkg/hyper"
+	"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
+	"git.solsynth.dev/hydrogen/passport/pkg/internal/services"
+	"github.com/gofiber/fiber/v2"
+	"strings"
+)
+
+func AuthMiddleware(c *fiber.Ctx) error {
+	var atk string
+	if cookie := c.Cookies(hyper.CookieAtk); len(cookie) > 0 {
+		atk = cookie
+	}
+	if header := c.Get(fiber.HeaderAuthorization); len(header) > 0 {
+		tk := strings.Replace(header, "Bearer", "", 1)
+		atk = strings.TrimSpace(tk)
+	}
+
+	c.Locals("p_token", atk)
+
+	rtk := c.Cookies(hyper.CookieRtk)
+	if ctx, perms, newAtk, newRtk, err := services.Authenticate(atk, rtk, 0); err == nil {
+		if newAtk != atk {
+			SetAuthCookies(c, newAtk, newRtk)
+		}
+		c.Locals("permissions", perms)
+		c.Locals("user", ctx.Account)
+	}
+
+	return c.Next()
+}
+
+func EnsureAuthenticated(c *fiber.Ctx) error {
+	if _, ok := c.Locals("user").(models.Account); !ok {
+		return fiber.NewError(fiber.StatusUnauthorized)
+	}
+
+	return nil
+}
+
+func EnsureGrantedPerm(c *fiber.Ctx, key string, val any) error {
+	if err := EnsureAuthenticated(c); err != nil {
+		return err
+	}
+	perms := c.Locals("permissions").(map[string]any)
+	if !services.HasPermNode(perms, key, val) {
+		return fiber.NewError(fiber.StatusForbidden, fmt.Sprintf("missing permission: %s", key))
+	}
+	return nil
+}
--- a/pkg/internal/server/exts/cookies.go
+++ b/pkg/internal/server/exts/cookies.go
@ -0,0 +1,27 @@
+package exts
+
+import (
+	"git.solsynth.dev/hydrogen/passport/pkg/hyper"
+	"github.com/gofiber/fiber/v2"
+	"github.com/spf13/viper"
+	"time"
+)
+
+func SetAuthCookies(c *fiber.Ctx, atk, rtk string) {
+	c.Cookie(&fiber.Cookie{
+		Name:     hyper.CookieAtk,
+		Value:    atk,
+		Domain:   viper.GetString("security.cookie_domain"),
+		SameSite: viper.GetString("security.cookie_samesite"),
+		Expires:  time.Now().Add(60 * time.Minute),
+		Path:     "/",
+	})
+	c.Cookie(&fiber.Cookie{
+		Name:     hyper.CookieRtk,
+		Value:    rtk,
+		Domain:   viper.GetString("security.cookie_domain"),
+		SameSite: viper.GetString("security.cookie_samesite"),
+		Expires:  time.Now().Add(24 * 30 * time.Hour),
+		Path:     "/",
+	})
+}
--- a/pkg/internal/server/exts/request.go
+++ b/pkg/internal/server/exts/request.go
@ -0,0 +1,32 @@
+package exts
+
+import (
+	"github.com/go-playground/validator/v10"
+	"github.com/gofiber/fiber/v2"
+	"github.com/samber/lo"
+	"github.com/sujit-baniya/flash"
+)
+
+var validation = validator.New(validator.WithRequiredStructEnabled())
+
+func BindAndValidate(c *fiber.Ctx, out any) error {
+	if err := c.BodyParser(out); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	} else if err := validation.Struct(out); err != nil {
+		return fiber.NewError(fiber.StatusBadRequest, err.Error())
+	}
+
+	return nil
+}
+
+func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string {
+	if len(c.Query("redirect_uri")) > 0 {
+		return lo.ToPtr(c.Query("redirect_uri"))
+	} else if val, ok := flash.Get(c)["redirect_uri"].(*string); ok {
+		return val
+	} else if len(fallback) > 0 {
+		return &fallback[0]
+	} else {
+		return nil
+	}
+}