Compare commits
1 commit
dev
...
auth-uploa
| Author | SHA1 | Date | |
|---|---|---|---|
|
a3312ef6f8 |
6 changed files with 33 additions and 23 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
|||
.env
|
||||
tmp
|
||||
*.db
|
||||
imgs
|
||||
|
|
@ -1,8 +1,3 @@
|
|||
# stereo.cat backend
|
||||
|
||||
written in Go, uses Gin.
|
||||
|
||||
## database shit
|
||||
|
||||
Instead of using Discord oAuth as a database, we instead use it as a login source, only using it to source a username/id, avatar data and a secure login/registration flow.
|
||||
We store these attributes alongside stereo.cat specific attributes in our own database. There is a trade-off however: this means that avatar & username data is not updated in real-time, only when the oauth flow is executed.
|
||||
|
|
|
|||
|
|
@ -31,17 +31,7 @@ func RegisterAuthRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
|
|||
panic(err)
|
||||
}
|
||||
|
||||
res := cfg.Database.FirstOrCreate(&user)
|
||||
|
||||
if res.Error != nil {
|
||||
panic(res.Error)
|
||||
}
|
||||
|
||||
// TODO: redirect to dashboard
|
||||
c.JSON(http.StatusOK, gin.H{
|
||||
"jwt": jwt,
|
||||
"known": res.RowsAffected == 0,
|
||||
})
|
||||
c.String(http.StatusOK, jwt)
|
||||
})
|
||||
|
||||
api.GET("/auth/me", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
||||
|
|
|
|||
|
|
@ -4,22 +4,36 @@ import (
|
|||
"path/filepath"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
"stereo.cat/backend/internal/auth"
|
||||
"stereo.cat/backend/internal/types"
|
||||
)
|
||||
|
||||
func RegisterUploadRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
|
||||
api.POST("/upload", func(c *gin.Context) {
|
||||
api.POST("/upload", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
||||
claims := c.MustGet("claims").(jwt.MapClaims)
|
||||
user := claims["user"].(auth.User)
|
||||
|
||||
uid := user.ID
|
||||
|
||||
if uid == "" {
|
||||
c.JSON(401, gin.H{"error": "unauthorized"})
|
||||
return
|
||||
}
|
||||
|
||||
file, err := c.FormFile("file")
|
||||
if err != nil {
|
||||
c.JSON(400, gin.H{"error": "file is required"})
|
||||
return
|
||||
}
|
||||
|
||||
filePath := filepath.Join(cfg.ImagePath, file.Filename)
|
||||
filePath := filepath.Join(cfg.ImagePath, uid, file.Filename)
|
||||
if err := c.SaveUploadedFile(file, filePath); err != nil {
|
||||
c.JSON(500, gin.H{"error": "failed to save file"})
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(200, gin.H{"message": "file uploaded successfully"})
|
||||
})
|
||||
|
||||
api.GET("/:name", func(c *gin.Context) {
|
||||
|
|
|
|||
|
|
@ -11,9 +11,9 @@ import (
|
|||
)
|
||||
|
||||
func GenerateJWT(key string, user User, expiryTimestamp uint64) (string, error) {
|
||||
claims := jwt.MapClaims{
|
||||
"user": user,
|
||||
"exp": expiryTimestamp,
|
||||
claims := Claims{
|
||||
User: user,
|
||||
Exp: expiryTimestamp,
|
||||
}
|
||||
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,10 @@
|
|||
package auth
|
||||
|
||||
import "time"
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
type TokenResponse struct {
|
||||
AccessToken string `json:"access_token"`
|
||||
|
|
@ -28,3 +32,9 @@ type ExchangeCodeRequest struct {
|
|||
Code string `json:"code"`
|
||||
RedirectUri string `json:"redirect_uri"`
|
||||
}
|
||||
|
||||
type Claims struct {
|
||||
User User `json:"user"`
|
||||
Exp uint64 `json:"exp"`
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue