add auth to /uploads

.gitignore

@@ -1,3 +1,4 @@
 .env
 tmp
 *.db
+imgs

README.md

@@ -1,8 +1,3 @@
 # stereo.cat backend  
   
 written in Go, uses Gin.
-
-## database shit  
-  
-Instead of using Discord oAuth as a database, we instead use it as a login source, only using it to source a username/id, avatar data and a secure login/registration flow.  
-We store these attributes alongside stereo.cat specific attributes in our own database. There is a trade-off however: this means that avatar & username data is not updated in real-time, only when the oauth flow is executed.

internal/api/routes/auth.go

@@ -31,17 +31,7 @@ func RegisterAuthRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
 			panic(err)
 		}
 
-		res := cfg.Database.FirstOrCreate(&user)
+		c.String(http.StatusOK, jwt)
-
-		if res.Error != nil {
-			panic(res.Error)
-		}
-
-		// TODO: redirect to dashboard
-		c.JSON(http.StatusOK, gin.H{
-			"jwt":   jwt,
-			"known": res.RowsAffected == 0,
-		})
 	})
 
 	api.GET("/auth/me", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {

internal/api/routes/upload.go

@@ -4,22 +4,36 @@ import (
 	"path/filepath"
 
 	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v5"
+	"stereo.cat/backend/internal/auth"
 	"stereo.cat/backend/internal/types"
 )
 
 func RegisterUploadRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
-	api.POST("/upload", func(c *gin.Context) {
+	api.POST("/upload", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
+		claims := c.MustGet("claims").(jwt.MapClaims)
+		user := claims["user"].(auth.User)
+
+		uid := user.ID
+
+		if uid == "" {
+			c.JSON(401, gin.H{"error": "unauthorized"})
+			return
+		}
+
 		file, err := c.FormFile("file")
 		if err != nil {
 			c.JSON(400, gin.H{"error": "file is required"})
 			return
 		}
 
-		filePath := filepath.Join(cfg.ImagePath, file.Filename)
+		filePath := filepath.Join(cfg.ImagePath, uid, file.Filename)
 		if err := c.SaveUploadedFile(file, filePath); err != nil {
 			c.JSON(500, gin.H{"error": "failed to save file"})
 			return
 		}
+
+		c.JSON(200, gin.H{"message": "file uploaded successfully"})
 	})
 
 	api.GET("/:name", func(c *gin.Context) {

internal/auth/jwt.go

@@ -11,9 +11,9 @@ import (
 )
 
 func GenerateJWT(key string, user User, expiryTimestamp uint64) (string, error) {
-	claims := jwt.MapClaims{
+	claims := Claims{
-		"user": user,
+		User: user,
-		"exp":  expiryTimestamp,
+		Exp:  expiryTimestamp,
 	}
 
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

internal/auth/types.go

@@ -1,6 +1,10 @@
 package auth
 
-import "time"
+import (
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+)
 
 type TokenResponse struct {
 	AccessToken  string `json:"access_token"`
@@ -28,3 +32,9 @@ type ExchangeCodeRequest struct {
 	Code        string `json:"code"`
 	RedirectUri string `json:"redirect_uri"`
 }
+
+type Claims struct {
+	User User   `json:"user"`
+	Exp  uint64 `json:"exp"`
+	jwt.RegisteredClaims
+}