Compare commits
No commits in common. "dev" and "authentication" have entirely different histories.
dev
...
authentica
4 changed files with 21 additions and 55 deletions
|
|
@ -1,8 +1,3 @@
|
||||||
# stereo.cat backend
|
# stereo.cat backend
|
||||||
|
|
||||||
written in Go, uses Gin.
|
written in Go, uses Gin.
|
||||||
|
|
||||||
## database shit
|
|
||||||
|
|
||||||
Instead of using Discord oAuth as a database, we instead use it as a login source, only using it to source a username/id, avatar data and a secure login/registration flow.
|
|
||||||
We store these attributes alongside stereo.cat specific attributes in our own database. There is a trade-off however: this means that avatar & username data is not updated in real-time, only when the oauth flow is executed.
|
|
||||||
|
|
|
||||||
|
|
@ -31,17 +31,7 @@ func RegisterAuthRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
res := cfg.Database.FirstOrCreate(&user)
|
c.String(http.StatusOK, jwt)
|
||||||
|
|
||||||
if res.Error != nil {
|
|
||||||
panic(res.Error)
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: redirect to dashboard
|
|
||||||
c.JSON(http.StatusOK, gin.H{
|
|
||||||
"jwt": jwt,
|
|
||||||
"known": res.RowsAffected == 0,
|
|
||||||
})
|
|
||||||
})
|
})
|
||||||
|
|
||||||
api.GET("/auth/me", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
api.GET("/auth/me", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,6 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
|
||||||
|
|
||||||
"stereo.cat/backend/internal/auth"
|
"stereo.cat/backend/internal/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -30,9 +28,8 @@ func New(redirectUri, clientId, clientSecret string) Client {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c Client) GetUser(t auth.TokenResponse) (auth.User, error) {
|
func (c Client) GetUser(t auth.TokenResponse) (auth.User, error) {
|
||||||
user := auth.User{
|
user := auth.User {
|
||||||
Blacklisted: false,
|
Blacklisted: false,
|
||||||
CreatedAt: time.Now(),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/%s", api, "users/@me"), nil)
|
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/%s", api, "users/@me"), nil)
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
@ -29,35 +28,20 @@ func JwtMiddleware(secret string) gin.HandlerFunc {
|
||||||
return func(c *gin.Context) {
|
return func(c *gin.Context) {
|
||||||
jwtSplit := strings.Split(c.GetHeader("Authorization"), " ")
|
jwtSplit := strings.Split(c.GetHeader("Authorization"), " ")
|
||||||
|
|
||||||
if len(jwtSplit) < 2 || jwtSplit[0] != "Bearer" {
|
if jwtSplit[0] != "Bearer" {
|
||||||
invalidAuth(c)
|
invalidAuth(c)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
claims, err := ValidateJWT(jwtSplit[1], secret)
|
claims, err := ValidateJWT(jwtSplit[1], secret)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
invalidAuth(c)
|
invalidAuth(c)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if userClaims, ok := claims["user"].(map[string]interface{}); ok {
|
|
||||||
userJSON, err := json.Marshal(userClaims) // Convert map to JSON
|
|
||||||
if err != nil {
|
|
||||||
invalidAuth(c)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
var user User
|
|
||||||
err = json.Unmarshal(userJSON, &user)
|
|
||||||
if err != nil {
|
|
||||||
invalidAuth(c)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
claims["user"] = user
|
|
||||||
}
|
|
||||||
|
|
||||||
c.Set("claims", claims)
|
c.Set("claims", claims)
|
||||||
|
|
||||||
c.Next()
|
c.Next()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue