feat: rename jwt to session & introduce upload keys

2025-06-21 19:47:02 +02:00 · 2025-06-21 19:47:02 +02:00 · 3b02f4931e
commit 3b02f4931e
parent 3fc792fd53
7 changed files with 98 additions and 15 deletions
--- a/internal/api/routes/auth.go
+++ b/internal/api/routes/auth.go
@ -18,11 +18,16 @@
 package routes

 import (
+	"errors"
+	"fmt"
 	"net/http"
 	"time"

 	"github.com/gin-gonic/gin"
-	"stereo.cat/backend/internal/auth/token"
+	"github.com/golang-jwt/jwt/v5"
+	"stereo.cat/backend/internal/auth"
+	"stereo.cat/backend/internal/auth/session"
+	"stereo.cat/backend/internal/auth/ukey"
 	"stereo.cat/backend/internal/types"
 )

@ -42,7 +47,7 @@ func RegisterAuthRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
 			panic(err)
 		}

-		jwt, err := token.GenerateJWT(cfg.JWTSecret, user, uint64(time.Now().Add(time.Second*time.Duration(t.ExpiresIn)).Unix()))
+		jwt, err := session.GenerateSessionJWT(cfg.JWTSecret, user, uint64(time.Now().Add(time.Second*time.Duration(t.ExpiresIn)).Unix()))

 		if err != nil {
 			panic(err)
@ -64,8 +69,30 @@ func RegisterAuthRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
 		c.Redirect(http.StatusTemporaryRedirect, cfg.FrontendUri+"?jwt_set=true")
 	})

-	api.GET("/auth/me", token.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
-		claims, _ := c.Get("claims")
+	api.GET("/auth/me", session.SessionMiddleware(cfg.JWTSecret), func(c *gin.Context) {
+		claims := c.MustGet("claims")
 		c.JSON(http.StatusOK, claims)
 	})
+
+	// Generate an API key (automatically revokes previous api key too since a user can only have one api key bound to their db entry at a given time)
+	api.GET("/auth/key", session.SessionMiddleware(cfg.JWTSecret), func(c *gin.Context) {
+		claims := c.MustGet("claims").(jwt.MapClaims)
+
+		user, ok := claims["user"].(auth.User)
+		if !ok {
+			types.ErrorUserNotFound.Throw(c, errors.New(fmt.Sprintf("got data with type %T but wanted claims.User", claims["user"])))
+			return
+		}
+
+		key := ukey.GenerateUploadKey(cfg, &user, c)
+
+		if key == nil {
+			return
+		}
+
+		c.JSON(http.StatusOK, gin.H{
+			"success": true,
+			"key":     key,
+		})
+	})
 }
--- a/internal/api/routes/files.go
+++ b/internal/api/routes/files.go
@ -29,7 +29,7 @@ import (
 	"github.com/h2non/filetype"
 	"github.com/minio/minio-go/v7"
 	"stereo.cat/backend/internal/auth"
-	"stereo.cat/backend/internal/auth/token"
+	"stereo.cat/backend/internal/auth/session"
 	"stereo.cat/backend/internal/types"
 )

@ -38,7 +38,7 @@ func intoReader(buf []byte) io.Reader {
 }

 func RegisterFileRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
-	api.POST("/upload", token.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
+	api.POST("/upload", session.SessionMiddleware(cfg.JWTSecret), func(c *gin.Context) {
 		claims := c.MustGet("claims").(jwt.MapClaims)
 		user := claims["user"].(auth.User)

@ -106,7 +106,7 @@ func RegisterFileRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
 		c.JSON(200, gin.H{"message": "file uploaded successfully", "id": fileMeta.ID.String()})
 	})

-	api.DELETE("/:id", token.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
+	api.DELETE("/:id", session.SessionMiddleware(cfg.JWTSecret), func(c *gin.Context) {
 		claims := c.MustGet("claims").(jwt.MapClaims)
 		user := claims["user"].(auth.User)

@ -175,7 +175,7 @@ func RegisterFileRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
 		c.DataFromReader(200, file.Size, file.Mime, object, nil)
 	})

-	api.GET("/list", token.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
+	api.GET("/list", session.SessionMiddleware(cfg.JWTSecret), func(c *gin.Context) {
 		claims := c.MustGet("claims").(jwt.MapClaims)
 		user := claims["user"].(auth.User)