Auth impl

This commit is contained in:
LittleSheep 2024-01-07 15:52:23 +08:00
parent 632d614d1e
commit 69bae57473
6 changed files with 96 additions and 10 deletions

View File

@ -1,6 +1,10 @@
package models package models
import "time" import (
"time"
"gorm.io/datatypes"
)
type AccountState = int8 type AccountState = int8
@ -19,6 +23,7 @@ type Account struct {
Challenges []AuthChallenge `json:"challenges"` Challenges []AuthChallenge `json:"challenges"`
Factors []AuthFactor `json:"factors"` Factors []AuthFactor `json:"factors"`
Contacts []AccountContact `json:"contacts"` Contacts []AccountContact `json:"contacts"`
Permissions datatypes.JSONType[[]string] `json:"permissions"`
} }
type AccountContactType = int8 type AccountContactType = int8

View File

@ -17,8 +17,7 @@ func NewChallenge(account models.Account, factors []models.AuthFactor, ip, ua st
// Pickup any challenge if possible // Pickup any challenge if possible
if err := database.C.Where(models.AuthChallenge{ if err := database.C.Where(models.AuthChallenge{
AccountID: account.ID, AccountID: account.ID,
State: models.ActiveChallengeState, }).Where("state = ?", models.ActiveChallengeState).First(&challenge).Error; err == nil {
}).First(&challenge).Error; err == nil {
return challenge, nil return challenge, nil
} }

32
pkg/server/auth.go Normal file
View File

@ -0,0 +1,32 @@
package server
import (
"code.smartsheep.studio/hydrogen/bus/pkg/kit/adaptor"
"code.smartsheep.studio/hydrogen/bus/pkg/kit/publisher"
"code.smartsheep.studio/hydrogen/bus/pkg/wire"
"code.smartsheep.studio/hydrogen/passport/pkg/security"
"code.smartsheep.studio/hydrogen/passport/pkg/services"
)
func doAuth(c *publisher.RequestCtx) error {
token := adaptor.ParseAnyToStruct[string](c.Parameters)
claims, err := security.DecodeJwt(token)
if err != nil {
return c.SendError(wire.Unauthorized, err)
}
session, err := services.LookupSessionWithToken(claims.ID)
if err != nil {
return c.SendError(wire.Unauthorized, err)
} else if err := session.IsAvailable(); err != nil {
return c.SendError(wire.Unauthorized, err)
}
user, err := services.GetAccount(session.AccountID)
if err != nil {
return c.SendError(wire.Unauthorized, err)
}
return c.SendResponse(user.Permissions.Data())
}

View File

@ -42,4 +42,25 @@ var Commands = map[string]publisher.CommandManifest{
Requirements: wire.CommandRequirements{}, Requirements: wire.CommandRequirements{},
Handle: refreshToken, Handle: refreshToken,
}, },
"passport.auth": {
Name: "Auth with access token.",
Description: "Auth gateway request with access token.",
Requirements: wire.CommandRequirements{},
Providers: []wire.CommandProvider{
{
ID: "passport.auth",
Implementation: "gateway.auth",
Weight: 1000,
},
},
Handle: doAuth,
},
"passport.test": {
Name: "Test secured resource.",
Description: "Test secured resource connectivity.",
Requirements: wire.CommandRequirements{Authorized: true},
Handle: func(c *publisher.RequestCtx) error {
return c.SendResponse("You got me!")
},
},
} }

View File

@ -7,6 +7,17 @@ import (
"code.smartsheep.studio/hydrogen/passport/pkg/models" "code.smartsheep.studio/hydrogen/passport/pkg/models"
) )
func GetAccount(id uint) (models.Account, error) {
var account models.Account
if err := database.C.Where(models.Account{
BaseModel: models.BaseModel{ID: id},
}).First(&account).Error; err != nil {
return account, err
}
return account, nil
}
func LookupAccount(id string) (models.Account, error) { func LookupAccount(id string) (models.Account, error) {
var account models.Account var account models.Account
if err := database.C.Where(models.Account{Name: id}).First(&account).Error; err == nil { if err := database.C.Where(models.Account{Name: id}).First(&account).Error; err == nil {

18
pkg/services/sessions.go Normal file
View File

@ -0,0 +1,18 @@
package services
import (
"code.smartsheep.studio/hydrogen/passport/pkg/database"
"code.smartsheep.studio/hydrogen/passport/pkg/models"
)
func LookupSessionWithToken(tokenId string) (models.AuthSession, error) {
var session models.AuthSession
if err := database.C.
Where(models.AuthSession{AccessToken: tokenId}).
Or(models.AuthSession{RefreshToken: tokenId}).
First(&session).Error; err != nil {
return session, err
}
return session, nil
}