✨ Auth impl

pkg/models/accounts.go

@@ -1,6 +1,10 @@
 package models
 
-import "time"
+import (
+	"time"
+
+	"gorm.io/datatypes"
+)
 
 type AccountState = int8
 
@@ -19,6 +23,7 @@ type Account struct {
 	Challenges  []AuthChallenge              `json:"challenges"`
 	Factors     []AuthFactor                 `json:"factors"`
 	Contacts    []AccountContact             `json:"contacts"`
+	Permissions datatypes.JSONType[[]string] `json:"permissions"`
 }
 
 type AccountContactType = int8

pkg/security/challanges.go

@@ -17,8 +17,7 @@ func NewChallenge(account models.Account, factors []models.AuthFactor, ip, ua st
 	// Pickup any challenge if possible
 	if err := database.C.Where(models.AuthChallenge{
 		AccountID: account.ID,
-		State:     models.ActiveChallengeState,
-	}).First(&challenge).Error; err == nil {
+	}).Where("state = ?", models.ActiveChallengeState).First(&challenge).Error; err == nil {
 		return challenge, nil
 	}
 

pkg/server/auth.go

@@ -0,0 +1,32 @@
+package server
+
+import (
+	"code.smartsheep.studio/hydrogen/bus/pkg/kit/adaptor"
+	"code.smartsheep.studio/hydrogen/bus/pkg/kit/publisher"
+	"code.smartsheep.studio/hydrogen/bus/pkg/wire"
+	"code.smartsheep.studio/hydrogen/passport/pkg/security"
+	"code.smartsheep.studio/hydrogen/passport/pkg/services"
+)
+
+func doAuth(c *publisher.RequestCtx) error {
+	token := adaptor.ParseAnyToStruct[string](c.Parameters)
+
+	claims, err := security.DecodeJwt(token)
+	if err != nil {
+		return c.SendError(wire.Unauthorized, err)
+	}
+
+	session, err := services.LookupSessionWithToken(claims.ID)
+	if err != nil {
+		return c.SendError(wire.Unauthorized, err)
+	} else if err := session.IsAvailable(); err != nil {
+		return c.SendError(wire.Unauthorized, err)
+	}
+
+	user, err := services.GetAccount(session.AccountID)
+	if err != nil {
+		return c.SendError(wire.Unauthorized, err)
+	}
+
+	return c.SendResponse(user.Permissions.Data())
+}

pkg/server/index.go

@@ -42,4 +42,25 @@ var Commands = map[string]publisher.CommandManifest{
 		Requirements: wire.CommandRequirements{},
 		Handle:       refreshToken,
 	},
+	"passport.auth": {
+		Name:         "Auth with access token.",
+		Description:  "Auth gateway request with access token.",
+		Requirements: wire.CommandRequirements{},
+		Providers: []wire.CommandProvider{
+			{
+				ID:             "passport.auth",
+				Implementation: "gateway.auth",
+				Weight:         1000,
+			},
+		},
+		Handle: doAuth,
+	},
+	"passport.test": {
+		Name:         "Test secured resource.",
+		Description:  "Test secured resource connectivity.",
+		Requirements: wire.CommandRequirements{Authorized: true},
+		Handle: func(c *publisher.RequestCtx) error {
+			return c.SendResponse("You got me!")
+		},
+	},
 }

pkg/services/accounts.go

@@ -7,6 +7,17 @@ import (
 	"code.smartsheep.studio/hydrogen/passport/pkg/models"
 )
 
+func GetAccount(id uint) (models.Account, error) {
+	var account models.Account
+	if err := database.C.Where(models.Account{
+		BaseModel: models.BaseModel{ID: id},
+	}).First(&account).Error; err != nil {
+		return account, err
+	}
+
+	return account, nil
+}
+
 func LookupAccount(id string) (models.Account, error) {
 	var account models.Account
 	if err := database.C.Where(models.Account{Name: id}).First(&account).Error; err == nil {

pkg/services/sessions.go

@@ -0,0 +1,18 @@
+package services
+
+import (
+	"code.smartsheep.studio/hydrogen/passport/pkg/database"
+	"code.smartsheep.studio/hydrogen/passport/pkg/models"
+)
+
+func LookupSessionWithToken(tokenId string) (models.AuthSession, error) {
+	var session models.AuthSession
+	if err := database.C.
+		Where(models.AuthSession{AccessToken: tokenId}).
+		Or(models.AuthSession{RefreshToken: tokenId}).
+		First(&session).Error; err != nil {
+		return session, err
+	}
+
+	return session, nil
+}