README.md

@@ -1,8 +1,3 @@
 # stereo.cat backend  
   
 written in Go, uses Gin.
-
-## database shit  
-  
-Instead of using Discord oAuth as a database, we instead use it as a login source, only using it to source a username/id, avatar data and a secure login/registration flow.  
-We store these attributes alongside stereo.cat specific attributes in our own database. There is a trade-off however: this means that avatar & username data is not updated in real-time, only when the oauth flow is executed.

internal/api/routes/auth.go

@@ -31,21 +31,11 @@ func RegisterAuthRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
 			panic(err)
 		}
 
-		res := cfg.Database.FirstOrCreate(&user)
+		c.String(http.StatusOK, jwt)
-
-		if res.Error != nil {
-			panic(res.Error)
-		}
-
-		// TODO: redirect to dashboard
-		c.JSON(http.StatusOK, gin.H{
-			"jwt":   jwt,
-			"known": res.RowsAffected == 0,
-		})
 	})
 
 	api.GET("/auth/me", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
-		claims, _ := c.Get("claims")
+        claims, _ := c.Get("claims")
 		c.JSON(http.StatusOK, claims)
 	})
 }

internal/auth/client/client.go

@@ -8,8 +8,6 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
-	"time"
-
 	"stereo.cat/backend/internal/auth"
 )
 
@@ -30,10 +28,9 @@ func New(redirectUri, clientId, clientSecret string) Client {
 }
 
 func (c Client) GetUser(t auth.TokenResponse) (auth.User, error) {
-	user := auth.User{
+    user := auth.User {
-		Blacklisted: false,
+        Blacklisted: false,
-		CreatedAt:   time.Now(),
+    }
-	}
 
 	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/%s", api, "users/@me"), nil)
 

internal/auth/jwt.go

@@ -1,7 +1,6 @@
 package auth
 
 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
@@ -21,45 +20,30 @@ func GenerateJWT(key string, user User, expiryTimestamp uint64) (string, error)
 }
 
 func invalidAuth(c *gin.Context) {
-	c.String(http.StatusUnauthorized, "Unauthorized.")
+    c.String(http.StatusUnauthorized, "Unauthorized.")
-	c.Abort()
+    c.Abort()
 }
 
 func JwtMiddleware(secret string) gin.HandlerFunc {
-	return func(c *gin.Context) {
+    return func(c *gin.Context) {
-		jwtSplit := strings.Split(c.GetHeader("Authorization"), " ")
+        jwtSplit := strings.Split(c.GetHeader("Authorization"), " ")
 
-		if len(jwtSplit) < 2 || jwtSplit[0] != "Bearer" {
+        if jwtSplit[0] != "Bearer" {
-			invalidAuth(c)
+            invalidAuth(c)
-			return
+            return
-		}
+        }
 
-		claims, err := ValidateJWT(jwtSplit[1], secret)
+        claims, err := ValidateJWT(jwtSplit[1], secret)
-		if err != nil {
-			invalidAuth(c)
-			return
-		}
 
-		if userClaims, ok := claims["user"].(map[string]interface{}); ok {
+        if err != nil {
-			userJSON, err := json.Marshal(userClaims) // Convert map to JSON
+            invalidAuth(c)
-			if err != nil {
+            return
-				invalidAuth(c)
+        }
-				return
-			}
 
-			var user User
+        c.Set("claims", claims)
-			err = json.Unmarshal(userJSON, &user)
-			if err != nil {
-				invalidAuth(c)
-				return
-			}
 
-			claims["user"] = user
+        c.Next()
-		}
+    }
-
-		c.Set("claims", claims)
-		c.Next()
-	}
 }
 
 func ValidateJWT(jwtString, key string) (jwt.MapClaims, error) {