diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 298d7d5..d6000e7 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,14 +4,19 @@
-
+
+
+
+
-
-
-
-
-
+
+
+
+
+
+
+
@@ -158,7 +163,6 @@
-
@@ -183,7 +187,8 @@
-
+
+
true
diff --git a/pkg/internal/models/auth.go b/pkg/internal/models/auth.go
index a37739f..64fa958 100644
--- a/pkg/internal/models/auth.go
+++ b/pkg/internal/models/auth.go
@@ -46,8 +46,6 @@ type AuthTicket struct {
Account Account `json:"account"`
AccountID uint `json:"account_id"`
-
- IsApiKey bool `json:"is_api_key"`
}
func (v AuthTicket) IsAvailable() error {
diff --git a/pkg/internal/models/bot.go b/pkg/internal/models/bot.go
new file mode 100644
index 0000000..9e14bf8
--- /dev/null
+++ b/pkg/internal/models/bot.go
@@ -0,0 +1,11 @@
+package models
+
+type ApiKey struct {
+ BaseModel
+
+ Name string `json:"name"`
+ Description string `json:"description"`
+ Lifecycle *int64 `json:"lifecycle"`
+ Ticket AuthTicket `json:"ticket" gorm:"TicketID"`
+ TicketID uint `json:"ticket_id"`
+}
diff --git a/pkg/internal/server/api/bot_token_api.go b/pkg/internal/server/api/bot_token_api.go
new file mode 100644
index 0000000..3542b83
--- /dev/null
+++ b/pkg/internal/server/api/bot_token_api.go
@@ -0,0 +1,142 @@
+package api
+
+import (
+ "git.solsynth.dev/hydrogen/passport/pkg/internal/database"
+ "git.solsynth.dev/hydrogen/passport/pkg/internal/models"
+ "git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
+ "git.solsynth.dev/hydrogen/passport/pkg/internal/services"
+ "github.com/gofiber/fiber/v2"
+)
+
+func listBotKeys(c *fiber.Ctx) error {
+ if err := exts.EnsureAuthenticated(c); err != nil {
+ return err
+ }
+ user := c.Locals("user").(models.Account)
+
+ var keys []models.ApiKey
+ if err := database.C.Where("account_id = ?", user.ID).Find(&keys).Error; err != nil {
+ return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+ }
+
+ return c.JSON(keys)
+}
+
+func getBotKey(c *fiber.Ctx) error {
+ if err := exts.EnsureAuthenticated(c); err != nil {
+ return err
+ }
+ user := c.Locals("user").(models.Account)
+
+ id, _ := c.ParamsInt("id", 0)
+
+ var key models.ApiKey
+ if err := database.C.Where("id = ? AND account_id = ?", id, user.ID).First(&key).Error; err != nil {
+ return fiber.NewError(fiber.StatusNotFound, err.Error())
+ }
+
+ return c.JSON(key)
+}
+
+func createBotKey(c *fiber.Ctx) error {
+ if err := exts.EnsureAuthenticated(c); err != nil {
+ return err
+ }
+ user := c.Locals("user").(models.Account)
+
+ var data struct {
+ Name string `json:"name" validate:"required"`
+ Description string `json:"description"`
+ Lifecycle *int64 `json:"lifecycle"`
+ Claims []string `json:"claims"`
+ }
+
+ if err := exts.BindAndValidate(c, &data); err != nil {
+ return err
+ }
+
+ key, err := services.NewApiKey(user, models.ApiKey{
+ Name: data.Name,
+ Description: data.Description,
+ Lifecycle: data.Lifecycle,
+ }, c.IP(), c.Get(fiber.HeaderUserAgent), data.Claims)
+ if err != nil {
+ return fiber.NewError(fiber.StatusBadRequest, err.Error())
+ }
+
+ return c.JSON(key)
+}
+
+func editBotKey(c *fiber.Ctx) error {
+ if err := exts.EnsureAuthenticated(c); err != nil {
+ return err
+ }
+ user := c.Locals("user").(models.Account)
+
+ var data struct {
+ Name string `json:"name" validate:"required"`
+ Description string `json:"description"`
+ Lifecycle *int64 `json:"lifecycle"`
+ }
+
+ if err := exts.BindAndValidate(c, &data); err != nil {
+ return err
+ }
+
+ id, _ := c.ParamsInt("id", 0)
+
+ var key models.ApiKey
+ if err := database.C.Where("id = ? AND account_id = ?", id, user.ID).First(&key).Error; err != nil {
+ return fiber.NewError(fiber.StatusNotFound, err.Error())
+ }
+
+ key.Name = data.Name
+ key.Description = data.Description
+ key.Lifecycle = data.Lifecycle
+
+ if err := database.C.Save(&key).Error; err != nil {
+ return fiber.NewError(fiber.StatusBadRequest, err.Error())
+ }
+
+ return c.JSON(key)
+}
+
+func rollBotKey(c *fiber.Ctx) error {
+ if err := exts.EnsureAuthenticated(c); err != nil {
+ return err
+ }
+ user := c.Locals("user").(models.Account)
+
+ id, _ := c.ParamsInt("id", 0)
+
+ var key models.ApiKey
+ if err := database.C.Where("id = ? AND account_id = ?", id, user.ID).First(&key).Error; err != nil {
+ return fiber.NewError(fiber.StatusNotFound, err.Error())
+ }
+
+ if key, err := services.RollApiKey(key); err != nil {
+ return fiber.NewError(fiber.StatusBadRequest, err.Error())
+ } else {
+ return c.JSON(key)
+ }
+}
+
+func revokeBotKey(c *fiber.Ctx) error {
+ if err := exts.EnsureAuthenticated(c); err != nil {
+ return err
+ }
+ user := c.Locals("user").(models.Account)
+
+ id, _ := c.ParamsInt("id", 0)
+
+ var key models.ApiKey
+ if err := database.C.Where("id = ? AND account_id = ?", id, user.ID).First(&key).Error; err != nil {
+ return fiber.NewError(fiber.StatusNotFound, err.Error())
+ }
+
+ if err := database.C.Delete(&key).Error; err != nil {
+ return fiber.NewError(fiber.StatusInternalServerError, err.Error())
+ }
+
+ return c.JSON(key)
+}
diff --git a/pkg/internal/server/api/index.go b/pkg/internal/server/api/index.go
index 5f5eb14..021f73c 100644
--- a/pkg/internal/server/api/index.go
+++ b/pkg/internal/server/api/index.go
@@ -100,6 +100,16 @@ func MapAPIs(app *fiber.App, baseURL string) {
developers := api.Group("/dev").Name("Developers API")
{
developers.Post("/notify", notifyUser)
+
+ keys := developers.Group("/keys").Name("Keys")
+ {
+ keys.Get("/", listBotKeys)
+ keys.Get("/:id", getBotKey)
+ keys.Post("/", createBotKey)
+ keys.Post("/:id/roll", rollBotKey)
+ keys.Put("/:id", editBotKey)
+ keys.Delete("/:id", revokeBotKey)
+ }
}
api.All("/*", func(c *fiber.Ctx) error {
diff --git a/pkg/internal/server/api/oauth_api.go b/pkg/internal/server/api/oauth_api.go
index 4f2ad72..97fc407 100755
--- a/pkg/internal/server/api/oauth_api.go
+++ b/pkg/internal/server/api/oauth_api.go
@@ -44,7 +44,7 @@ func tryAuthorizeThirdClient(c *fiber.Ctx) error {
"ticket": nil,
})
} else {
- ticket, err = services.RegenSession(ticket)
+ ticket, err = services.RotateTicket(ticket)
}
return c.JSON(fiber.Map{
diff --git a/pkg/internal/services/bot_token.go b/pkg/internal/services/bot_token.go
new file mode 100644
index 0000000..c07cdcc
--- /dev/null
+++ b/pkg/internal/services/bot_token.go
@@ -0,0 +1,53 @@
+package services
+
+import (
+ "git.solsynth.dev/hydrogen/passport/pkg/internal/database"
+ "git.solsynth.dev/hydrogen/passport/pkg/internal/models"
+ "github.com/google/uuid"
+ "github.com/samber/lo"
+ "time"
+)
+
+func NewApiKey(user models.Account, key models.ApiKey, ip, ua string, claims []string) (models.ApiKey, error) {
+ var expiredAt *time.Time
+ if key.Lifecycle != nil {
+ expiredAt = lo.ToPtr(time.Now().Add(time.Duration(*key.Lifecycle) * time.Second))
+ }
+
+ key.Ticket = models.AuthTicket{
+ IpAddress: ip,
+ UserAgent: ua,
+ RequireMFA: false,
+ RequireAuthenticate: false,
+ Claims: claims,
+ Audiences: []string{InternalTokenAudience},
+ GrantToken: lo.ToPtr(uuid.NewString()),
+ AccessToken: lo.ToPtr(uuid.NewString()),
+ RefreshToken: lo.ToPtr(uuid.NewString()),
+ AvailableAt: lo.ToPtr(time.Now()),
+ ExpiredAt: expiredAt,
+ Account: user,
+ AccountID: user.ID,
+ }
+
+ if err := database.C.Save(&key).Error; err != nil {
+ return key, err
+ }
+ return key, nil
+}
+
+func RollApiKey(key models.ApiKey) (models.ApiKey, error) {
+ var ticket models.AuthTicket
+ if err := database.C.Where("ticket_id = ?", key.TicketID).First(&ticket).Error; err != nil {
+ return key, err
+ }
+
+ ticket, err := RotateTicket(ticket)
+ if err != nil {
+ return key, err
+ } else {
+ key.Ticket = ticket
+ }
+
+ return key, nil
+}
diff --git a/pkg/internal/services/encryptor.go b/pkg/internal/services/encrypt.go
similarity index 100%
rename from pkg/internal/services/encryptor.go
rename to pkg/internal/services/encrypt.go
diff --git a/pkg/internal/services/mfa.go b/pkg/internal/services/mfa.go
deleted file mode 100644
index 8126f9b..0000000
--- a/pkg/internal/services/mfa.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package services
-
-import (
- "git.solsynth.dev/hydrogen/passport/pkg/internal/models"
- "github.com/nicksnyder/go-i18n/v2/i18n"
-)
-
-func GetFactorName(w models.AuthFactorType, localizer *i18n.Localizer) string {
- unknown, _ := localizer.LocalizeMessage(&i18n.Message{ID: "unknown"})
- mfaEmail, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaFactorEmail"})
-
- switch w {
- case models.EmailPasswordFactor:
- return mfaEmail
- default:
- return unknown
- }
-}
diff --git a/pkg/internal/services/ticker_maintainer.go b/pkg/internal/services/ticker_maintainer.go
deleted file mode 100644
index c44ae45..0000000
--- a/pkg/internal/services/ticker_maintainer.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package services
-
-import (
- "time"
-
- "git.solsynth.dev/hydrogen/passport/pkg/internal/database"
- "git.solsynth.dev/hydrogen/passport/pkg/internal/models"
- "github.com/rs/zerolog/log"
-)
-
-func DoAutoSignoff() {
- duration := 7 * 24 * time.Hour
- deadline := time.Now().Add(-duration)
-
- log.Debug().Time("before", deadline).Msg("Now signing off tickets...")
-
- if tx := database.C.
- Where("last_grant_at < ?", deadline).
- Delete(&models.AuthTicket{}); tx.Error != nil {
- log.Error().Err(tx.Error).Msg("An error occurred when running auto sign off...")
- } else {
- log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
- }
-}
diff --git a/pkg/internal/services/ticket.go b/pkg/internal/services/ticket.go
index 681320e..5ad2a32 100644
--- a/pkg/internal/services/ticket.go
+++ b/pkg/internal/services/ticket.go
@@ -2,6 +2,7 @@ package services
import (
"fmt"
+ "github.com/rs/zerolog/log"
"time"
"github.com/google/uuid"
@@ -146,10 +147,25 @@ func ActiveTicketWithMFA(ticket models.AuthTicket, factor models.AuthFactor, cod
return ticket, nil
}
-func RegenSession(ticket models.AuthTicket) (models.AuthTicket, error) {
+func RotateTicket(ticket models.AuthTicket) (models.AuthTicket, error) {
ticket.GrantToken = lo.ToPtr(uuid.NewString())
ticket.AccessToken = lo.ToPtr(uuid.NewString())
ticket.RefreshToken = lo.ToPtr(uuid.NewString())
err := database.C.Save(&ticket).Error
return ticket, err
}
+
+func DoAutoSignoff() {
+ duration := 7 * 24 * time.Hour
+ deadline := time.Now().Add(-duration)
+
+ log.Debug().Time("before", deadline).Msg("Now signing off tickets...")
+
+ if tx := database.C.
+ Where("last_grant_at < ?", deadline).
+ Delete(&models.AuthTicket{}); tx.Error != nil {
+ log.Error().Err(tx.Error).Msg("An error occurred when running auto sign off...")
+ } else {
+ log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
+ }
+}
diff --git a/pkg/internal/services/ticket_token.go b/pkg/internal/services/ticket_token.go
index d22ac36..9603d2f 100644
--- a/pkg/internal/services/ticket_token.go
+++ b/pkg/internal/services/ticket_token.go
@@ -113,7 +113,7 @@ func RefreshToken(token string) (atk, rtk string, err error) {
return
}
- if ticket, err = RegenSession(ticket); err != nil {
+ if ticket, err = RotateTicket(ticket); err != nil {
return
} else {
return GetToken(ticket)