✨ Auth impl
This commit is contained in:
parent
632d614d1e
commit
69bae57473
@ -1,6 +1,10 @@
|
|||||||
package models
|
package models
|
||||||
|
|
||||||
import "time"
|
import (
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"gorm.io/datatypes"
|
||||||
|
)
|
||||||
|
|
||||||
type AccountState = int8
|
type AccountState = int8
|
||||||
|
|
||||||
@ -19,6 +23,7 @@ type Account struct {
|
|||||||
Challenges []AuthChallenge `json:"challenges"`
|
Challenges []AuthChallenge `json:"challenges"`
|
||||||
Factors []AuthFactor `json:"factors"`
|
Factors []AuthFactor `json:"factors"`
|
||||||
Contacts []AccountContact `json:"contacts"`
|
Contacts []AccountContact `json:"contacts"`
|
||||||
|
Permissions datatypes.JSONType[[]string] `json:"permissions"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type AccountContactType = int8
|
type AccountContactType = int8
|
||||||
|
@ -17,8 +17,7 @@ func NewChallenge(account models.Account, factors []models.AuthFactor, ip, ua st
|
|||||||
// Pickup any challenge if possible
|
// Pickup any challenge if possible
|
||||||
if err := database.C.Where(models.AuthChallenge{
|
if err := database.C.Where(models.AuthChallenge{
|
||||||
AccountID: account.ID,
|
AccountID: account.ID,
|
||||||
State: models.ActiveChallengeState,
|
}).Where("state = ?", models.ActiveChallengeState).First(&challenge).Error; err == nil {
|
||||||
}).First(&challenge).Error; err == nil {
|
|
||||||
return challenge, nil
|
return challenge, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
32
pkg/server/auth.go
Normal file
32
pkg/server/auth.go
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"code.smartsheep.studio/hydrogen/bus/pkg/kit/adaptor"
|
||||||
|
"code.smartsheep.studio/hydrogen/bus/pkg/kit/publisher"
|
||||||
|
"code.smartsheep.studio/hydrogen/bus/pkg/wire"
|
||||||
|
"code.smartsheep.studio/hydrogen/passport/pkg/security"
|
||||||
|
"code.smartsheep.studio/hydrogen/passport/pkg/services"
|
||||||
|
)
|
||||||
|
|
||||||
|
func doAuth(c *publisher.RequestCtx) error {
|
||||||
|
token := adaptor.ParseAnyToStruct[string](c.Parameters)
|
||||||
|
|
||||||
|
claims, err := security.DecodeJwt(token)
|
||||||
|
if err != nil {
|
||||||
|
return c.SendError(wire.Unauthorized, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
session, err := services.LookupSessionWithToken(claims.ID)
|
||||||
|
if err != nil {
|
||||||
|
return c.SendError(wire.Unauthorized, err)
|
||||||
|
} else if err := session.IsAvailable(); err != nil {
|
||||||
|
return c.SendError(wire.Unauthorized, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
user, err := services.GetAccount(session.AccountID)
|
||||||
|
if err != nil {
|
||||||
|
return c.SendError(wire.Unauthorized, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return c.SendResponse(user.Permissions.Data())
|
||||||
|
}
|
@ -42,4 +42,25 @@ var Commands = map[string]publisher.CommandManifest{
|
|||||||
Requirements: wire.CommandRequirements{},
|
Requirements: wire.CommandRequirements{},
|
||||||
Handle: refreshToken,
|
Handle: refreshToken,
|
||||||
},
|
},
|
||||||
|
"passport.auth": {
|
||||||
|
Name: "Auth with access token.",
|
||||||
|
Description: "Auth gateway request with access token.",
|
||||||
|
Requirements: wire.CommandRequirements{},
|
||||||
|
Providers: []wire.CommandProvider{
|
||||||
|
{
|
||||||
|
ID: "passport.auth",
|
||||||
|
Implementation: "gateway.auth",
|
||||||
|
Weight: 1000,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
Handle: doAuth,
|
||||||
|
},
|
||||||
|
"passport.test": {
|
||||||
|
Name: "Test secured resource.",
|
||||||
|
Description: "Test secured resource connectivity.",
|
||||||
|
Requirements: wire.CommandRequirements{Authorized: true},
|
||||||
|
Handle: func(c *publisher.RequestCtx) error {
|
||||||
|
return c.SendResponse("You got me!")
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,17 @@ import (
|
|||||||
"code.smartsheep.studio/hydrogen/passport/pkg/models"
|
"code.smartsheep.studio/hydrogen/passport/pkg/models"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func GetAccount(id uint) (models.Account, error) {
|
||||||
|
var account models.Account
|
||||||
|
if err := database.C.Where(models.Account{
|
||||||
|
BaseModel: models.BaseModel{ID: id},
|
||||||
|
}).First(&account).Error; err != nil {
|
||||||
|
return account, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return account, nil
|
||||||
|
}
|
||||||
|
|
||||||
func LookupAccount(id string) (models.Account, error) {
|
func LookupAccount(id string) (models.Account, error) {
|
||||||
var account models.Account
|
var account models.Account
|
||||||
if err := database.C.Where(models.Account{Name: id}).First(&account).Error; err == nil {
|
if err := database.C.Where(models.Account{Name: id}).First(&account).Error; err == nil {
|
||||||
|
18
pkg/services/sessions.go
Normal file
18
pkg/services/sessions.go
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
package services
|
||||||
|
|
||||||
|
import (
|
||||||
|
"code.smartsheep.studio/hydrogen/passport/pkg/database"
|
||||||
|
"code.smartsheep.studio/hydrogen/passport/pkg/models"
|
||||||
|
)
|
||||||
|
|
||||||
|
func LookupSessionWithToken(tokenId string) (models.AuthSession, error) {
|
||||||
|
var session models.AuthSession
|
||||||
|
if err := database.C.
|
||||||
|
Where(models.AuthSession{AccessToken: tokenId}).
|
||||||
|
Or(models.AuthSession{RefreshToken: tokenId}).
|
||||||
|
First(&session).Error; err != nil {
|
||||||
|
return session, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return session, nil
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user