auth-uploads #5
11 changed files with 596 additions and 581 deletions
32
.env.example
32
.env.example
|
|
@ -1,16 +1,16 @@
|
||||||
IMAGE_PATH=/tmp
|
IMAGE_PATH=/tmp
|
||||||
REDIRECT_URI=http://localhost:8081/api/auth/callback
|
REDIRECT_URI=http://localhost:8081/api/auth/callback
|
||||||
CLIENT_ID=
|
CLIENT_ID=
|
||||||
CLIENT_SECRET=
|
CLIENT_SECRET=
|
||||||
|
|
||||||
# can be either postgres or sqlite
|
# can be either postgres or sqlite
|
||||||
DATABASE_TYPE=
|
DATABASE_TYPE=
|
||||||
|
|
||||||
# database file, stereo.db by default.
|
# database file, stereo.db by default.
|
||||||
SQLITE_FILE=
|
SQLITE_FILE=
|
||||||
|
|
||||||
# postgres DSN, look at https://gorm.io/docs/connecting_to_the_database.html#PostgreSQL
|
# postgres DSN, look at https://gorm.io/docs/connecting_to_the_database.html#PostgreSQL
|
||||||
POSTGRES_DSN=
|
POSTGRES_DSN=
|
||||||
|
|
||||||
# Random secret. Recommended length is 64 characters at minimum.
|
# Random secret. Recommended length is 64 characters at minimum.
|
||||||
JWT_SECRET=
|
JWT_SECRET=
|
||||||
|
|
|
||||||
6
.gitignore
vendored
6
.gitignore
vendored
|
|
@ -1,4 +1,4 @@
|
||||||
.env
|
.env
|
||||||
tmp
|
tmp
|
||||||
*.db
|
*.db
|
||||||
imgs
|
imgs
|
||||||
11
README.md
11
README.md
|
|
@ -1,3 +1,8 @@
|
||||||
# stereo.cat backend
|
# stereo.cat backend
|
||||||
|
|
||||||
written in Go, uses Gin.
|
written in Go, uses Gin.
|
||||||
|
|
||||||
|
## database shit
|
||||||
|
|
||||||
|
Instead of using Discord oAuth as a database, we instead use it as a login source, only using it to source a username/id, avatar data and a secure login/registration flow.
|
||||||
|
We store these attributes alongside stereo.cat specific attributes in our own database. There is a trade-off however: this means that avatar & username data is not updated in real-time, only when the oauth flow is executed.
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
package api
|
package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"stereo.cat/backend/internal/api/routes"
|
"stereo.cat/backend/internal/api/routes"
|
||||||
"stereo.cat/backend/internal/types"
|
"stereo.cat/backend/internal/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Register(cfg *types.StereoConfig) {
|
func Register(cfg *types.StereoConfig) {
|
||||||
api := cfg.Router.Group("/api")
|
api := cfg.Router.Group("/api")
|
||||||
routes.RegisterFileRoutes(cfg, api)
|
routes.RegisterFileRoutes(cfg, api)
|
||||||
routes.RegisterAuthRoutes(cfg, api)
|
routes.RegisterAuthRoutes(cfg, api)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,41 +1,51 @@
|
||||||
package routes
|
package routes
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"stereo.cat/backend/internal/auth"
|
"stereo.cat/backend/internal/auth"
|
||||||
"stereo.cat/backend/internal/types"
|
"stereo.cat/backend/internal/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
func RegisterAuthRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
|
func RegisterAuthRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
|
||||||
api.GET("/auth/callback", func(c *gin.Context) {
|
api.GET("/auth/callback", func(c *gin.Context) {
|
||||||
code := c.Query("code")
|
code := c.Query("code")
|
||||||
|
|
||||||
t, err := cfg.Client.ExchangeCode(code)
|
t, err := cfg.Client.ExchangeCode(code)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
user, err := cfg.Client.GetUser(t)
|
user, err := cfg.Client.GetUser(t)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
jwt, err := auth.GenerateJWT(cfg.JWTSecret, user, uint64(time.Now().Add(time.Second*time.Duration(t.ExpiresIn)).Unix()))
|
jwt, err := auth.GenerateJWT(cfg.JWTSecret, user, uint64(time.Now().Add(time.Second*time.Duration(t.ExpiresIn)).Unix()))
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
c.String(http.StatusOK, jwt)
|
res := cfg.Database.FirstOrCreate(&user)
|
||||||
})
|
|
||||||
|
if res.Error != nil {
|
||||||
api.GET("/auth/me", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
panic(res.Error)
|
||||||
claims, _ := c.Get("claims")
|
}
|
||||||
c.JSON(http.StatusOK, claims)
|
|
||||||
})
|
// TODO: redirect to dashboard
|
||||||
}
|
c.JSON(http.StatusOK, gin.H{
|
||||||
|
"jwt": jwt,
|
||||||
|
"known": res.RowsAffected == 0,
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
api.GET("/auth/me", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
||||||
|
claims, _ := c.Get("claims")
|
||||||
|
c.JSON(http.StatusOK, claims)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,144 +1,144 @@
|
||||||
package routes
|
package routes
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/golang-jwt/jwt/v5"
|
"github.com/golang-jwt/jwt/v5"
|
||||||
"stereo.cat/backend/internal/auth"
|
"stereo.cat/backend/internal/auth"
|
||||||
"stereo.cat/backend/internal/types"
|
"stereo.cat/backend/internal/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
func RegisterFileRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
|
func RegisterFileRoutes(cfg *types.StereoConfig, api *gin.RouterGroup) {
|
||||||
api.POST("/upload", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
api.POST("/upload", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
||||||
claims := c.MustGet("claims").(jwt.MapClaims)
|
claims := c.MustGet("claims").(jwt.MapClaims)
|
||||||
user := claims["user"].(auth.User)
|
user := claims["user"].(auth.User)
|
||||||
|
|
||||||
uid := user.ID
|
uid := user.ID
|
||||||
if uid == "" {
|
if uid == "" {
|
||||||
c.JSON(401, gin.H{"error": "unauthorized"})
|
c.JSON(401, gin.H{"error": "unauthorized"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
file, err := c.FormFile("file")
|
file, err := c.FormFile("file")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.JSON(400, gin.H{"error": "file is required"})
|
c.JSON(400, gin.H{"error": "file is required"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
filePath := filepath.Join(cfg.ImagePath, uid, file.Filename)
|
filePath := filepath.Join(cfg.ImagePath, uid, file.Filename)
|
||||||
|
|
||||||
if err := os.MkdirAll(filepath.Dir(filePath), os.ModePerm); err != nil {
|
if err := os.MkdirAll(filepath.Dir(filePath), os.ModePerm); err != nil {
|
||||||
c.JSON(500, gin.H{"error": "failed to create directory"})
|
c.JSON(500, gin.H{"error": "failed to create directory"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := c.SaveUploadedFile(file, filePath); err != nil {
|
if err := c.SaveUploadedFile(file, filePath); err != nil {
|
||||||
c.JSON(500, gin.H{"error": "failed to save file"})
|
c.JSON(500, gin.H{"error": "failed to save file"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if file.Size <= 0 {
|
if file.Size <= 0 {
|
||||||
c.JSON(400, gin.H{"error": "file size must be greater than zero"})
|
c.JSON(400, gin.H{"error": "file size must be greater than zero"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
fileMeta := types.File{
|
fileMeta := types.File{
|
||||||
ID: uid + "_" + file.Filename,
|
ID: uid + "_" + file.Filename,
|
||||||
Path: filePath,
|
Path: filePath,
|
||||||
Owner: uid,
|
Owner: uid,
|
||||||
CreatedAt: time.Now(),
|
CreatedAt: time.Now(),
|
||||||
Size: file.Size,
|
Size: file.Size,
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := cfg.Database.Create(&fileMeta).Error; err != nil {
|
if err := cfg.Database.Create(&fileMeta).Error; err != nil {
|
||||||
c.JSON(500, gin.H{"error": "failed to save file metadata"})
|
c.JSON(500, gin.H{"error": "failed to save file metadata"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
c.JSON(200, gin.H{"message": "file uploaded successfully", "file_id": fileMeta.ID})
|
c.JSON(200, gin.H{"message": "file uploaded successfully", "file_id": fileMeta.ID})
|
||||||
})
|
})
|
||||||
|
|
||||||
api.DELETE("/delete", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
api.DELETE("/delete", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
||||||
claims := c.MustGet("claims").(jwt.MapClaims)
|
claims := c.MustGet("claims").(jwt.MapClaims)
|
||||||
user := claims["user"].(auth.User)
|
user := claims["user"].(auth.User)
|
||||||
|
|
||||||
uid := user.ID
|
uid := user.ID
|
||||||
if uid == "" {
|
if uid == "" {
|
||||||
c.JSON(401, gin.H{"error": "unauthorized"})
|
c.JSON(401, gin.H{"error": "unauthorized"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var response struct {
|
var response struct {
|
||||||
FileID string `json:"file_id" binding:"required"`
|
FileID string `json:"file_id" binding:"required"`
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := c.ShouldBindJSON(&response); err != nil {
|
if err := c.ShouldBindJSON(&response); err != nil {
|
||||||
c.JSON(400, gin.H{"error": "file_id is required"})
|
c.JSON(400, gin.H{"error": "file_id is required"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
resfID := response.FileID
|
resfID := response.FileID
|
||||||
if resfID == "" {
|
if resfID == "" {
|
||||||
c.JSON(400, gin.H{"error": "file_id cannot be empty"})
|
c.JSON(400, gin.H{"error": "file_id cannot be empty"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
parts := strings.SplitN(resfID, "_", 2)
|
parts := strings.SplitN(resfID, "_", 2)
|
||||||
if len(parts) != 2 {
|
if len(parts) != 2 {
|
||||||
c.JSON(400, gin.H{"error": "invalid file_id format"})
|
c.JSON(400, gin.H{"error": "invalid file_id format"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
fileID, filename := parts[0], parts[1]
|
fileID, filename := parts[0], parts[1]
|
||||||
if fileID != uid {
|
if fileID != uid {
|
||||||
c.JSON(403, gin.H{"error": "you can only delete your own files"})
|
c.JSON(403, gin.H{"error": "you can only delete your own files"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
filePath := filepath.Join(cfg.ImagePath, uid, filename)
|
filePath := filepath.Join(cfg.ImagePath, uid, filename)
|
||||||
if err := os.Remove(filePath); err != nil {
|
if err := os.Remove(filePath); err != nil {
|
||||||
c.JSON(500, gin.H{"error": "failed to delete file"})
|
c.JSON(500, gin.H{"error": "failed to delete file"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := cfg.Database.Where("id = ?", resfID).Delete(&types.File{}).Error; err != nil {
|
if err := cfg.Database.Where("id = ?", resfID).Delete(&types.File{}).Error; err != nil {
|
||||||
c.JSON(500, gin.H{"error": "failed to delete file metadata"})
|
c.JSON(500, gin.H{"error": "failed to delete file metadata"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
c.JSON(200, gin.H{"message": "file deleted successfully"})
|
c.JSON(200, gin.H{"message": "file deleted successfully"})
|
||||||
})
|
})
|
||||||
|
|
||||||
api.GET("/:name", func(c *gin.Context) {
|
api.GET("/:name", func(c *gin.Context) {
|
||||||
name := c.Param("name")
|
name := c.Param("name")
|
||||||
parts := strings.SplitN(name, "_", 2)
|
parts := strings.SplitN(name, "_", 2)
|
||||||
if len(parts) != 2 {
|
if len(parts) != 2 {
|
||||||
c.JSON(400, gin.H{"error": "invalid file name"})
|
c.JSON(400, gin.H{"error": "invalid file name"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
uid, filename := parts[0], parts[1]
|
uid, filename := parts[0], parts[1]
|
||||||
path := filepath.Join(cfg.ImagePath, uid, filename)
|
path := filepath.Join(cfg.ImagePath, uid, filename)
|
||||||
if _, err := os.Stat(path); err != nil {
|
if _, err := os.Stat(path); err != nil {
|
||||||
c.JSON(404, gin.H{"error": "file not found"})
|
c.JSON(404, gin.H{"error": "file not found"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
c.File(path)
|
c.File(path)
|
||||||
})
|
})
|
||||||
|
|
||||||
api.GET("/list", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
api.GET("/list", auth.JwtMiddleware(cfg.JWTSecret), func(c *gin.Context) {
|
||||||
claims := c.MustGet("claims").(jwt.MapClaims)
|
claims := c.MustGet("claims").(jwt.MapClaims)
|
||||||
user := claims["user"].(auth.User)
|
user := claims["user"].(auth.User)
|
||||||
|
|
||||||
var files []types.File
|
var files []types.File
|
||||||
if err := cfg.Database.Where("owner = ?", user.ID).Find(&files).Error; err != nil {
|
if err := cfg.Database.Where("owner = ?", user.ID).Find(&files).Error; err != nil {
|
||||||
c.JSON(500, gin.H{"error": "failed to retrieve files"})
|
c.JSON(500, gin.H{"error": "failed to retrieve files"})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
c.JSON(200, files)
|
c.JSON(200, files)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,117 +1,117 @@
|
||||||
package client
|
package client
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"stereo.cat/backend/internal/auth"
|
"stereo.cat/backend/internal/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Client struct {
|
type Client struct {
|
||||||
RedirectUri string
|
RedirectUri string
|
||||||
ClientSecret string
|
ClientSecret string
|
||||||
ClientId string
|
ClientId string
|
||||||
}
|
}
|
||||||
|
|
||||||
const api = "https://discord.com/api/v10"
|
const api = "https://discord.com/api/v10"
|
||||||
|
|
||||||
func New(redirectUri, clientId, clientSecret string) Client {
|
func New(redirectUri, clientId, clientSecret string) Client {
|
||||||
return Client{
|
return Client{
|
||||||
RedirectUri: redirectUri,
|
RedirectUri: redirectUri,
|
||||||
ClientId: clientId,
|
ClientId: clientId,
|
||||||
ClientSecret: clientSecret,
|
ClientSecret: clientSecret,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c Client) GetUser(t auth.TokenResponse) (auth.User, error) {
|
func (c Client) GetUser(t auth.TokenResponse) (auth.User, error) {
|
||||||
user := auth.User{
|
user := auth.User{
|
||||||
Blacklisted: false,
|
Blacklisted: false,
|
||||||
CreatedAt: time.Now(),
|
CreatedAt: time.Now(),
|
||||||
}
|
}
|
||||||
|
|
||||||
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/%s", api, "users/@me"), nil)
|
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/%s", api, "users/@me"), nil)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return user, nil
|
return user, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
req.Header.Add("Content-Type", "application/json")
|
req.Header.Add("Content-Type", "application/json")
|
||||||
req.Header.Add("Authorization", "Bearer "+t.AccessToken)
|
req.Header.Add("Authorization", "Bearer "+t.AccessToken)
|
||||||
|
|
||||||
resp, err := http.DefaultClient.Do(req)
|
resp, err := http.DefaultClient.Do(req)
|
||||||
|
|
||||||
if resp.StatusCode != http.StatusOK {
|
if resp.StatusCode != http.StatusOK {
|
||||||
bodyBytes, err := io.ReadAll(resp.Body)
|
bodyBytes, err := io.ReadAll(resp.Body)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return user, err
|
return user, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return user, errors.New(string(bodyBytes))
|
return user, errors.New(string(bodyBytes))
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return user, err
|
return user, err
|
||||||
}
|
}
|
||||||
|
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
err = json.NewDecoder(resp.Body).Decode(&user)
|
err = json.NewDecoder(resp.Body).Decode(&user)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return user, err
|
return user, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return user, nil
|
return user, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c Client) ExchangeCode(code string) (auth.TokenResponse, error) {
|
func (c Client) ExchangeCode(code string) (auth.TokenResponse, error) {
|
||||||
var tokenResponse auth.TokenResponse
|
var tokenResponse auth.TokenResponse
|
||||||
|
|
||||||
requestBody := url.Values{
|
requestBody := url.Values{
|
||||||
"grant_type": {"authorization_code"},
|
"grant_type": {"authorization_code"},
|
||||||
"code": {code},
|
"code": {code},
|
||||||
"redirect_uri": {c.RedirectUri},
|
"redirect_uri": {c.RedirectUri},
|
||||||
}
|
}
|
||||||
|
|
||||||
req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/%s", api, "/oauth2/token"), strings.NewReader(requestBody.Encode()))
|
req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/%s", api, "/oauth2/token"), strings.NewReader(requestBody.Encode()))
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return tokenResponse, err
|
return tokenResponse, err
|
||||||
}
|
}
|
||||||
|
|
||||||
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||||
req.SetBasicAuth(c.ClientId, c.ClientSecret)
|
req.SetBasicAuth(c.ClientId, c.ClientSecret)
|
||||||
|
|
||||||
resp, err := http.DefaultClient.Do(req)
|
resp, err := http.DefaultClient.Do(req)
|
||||||
|
|
||||||
if resp.StatusCode != http.StatusOK {
|
if resp.StatusCode != http.StatusOK {
|
||||||
bodyBytes, err := io.ReadAll(resp.Body)
|
bodyBytes, err := io.ReadAll(resp.Body)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return tokenResponse, err
|
return tokenResponse, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return tokenResponse, errors.New(string(bodyBytes))
|
return tokenResponse, errors.New(string(bodyBytes))
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return tokenResponse, err
|
return tokenResponse, err
|
||||||
}
|
}
|
||||||
|
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
err = json.NewDecoder(resp.Body).Decode(&tokenResponse)
|
err = json.NewDecoder(resp.Body).Decode(&tokenResponse)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return tokenResponse, err
|
return tokenResponse, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return tokenResponse, nil
|
return tokenResponse, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,83 +1,83 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/golang-jwt/jwt/v5"
|
"github.com/golang-jwt/jwt/v5"
|
||||||
)
|
)
|
||||||
|
|
||||||
func GenerateJWT(key string, user User, expiryTimestamp uint64) (string, error) {
|
func GenerateJWT(key string, user User, expiryTimestamp uint64) (string, error) {
|
||||||
claims := Claims{
|
claims := Claims{
|
||||||
User: user,
|
User: user,
|
||||||
Exp: expiryTimestamp,
|
Exp: expiryTimestamp,
|
||||||
}
|
}
|
||||||
|
|
||||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||||
return token.SignedString([]byte(key))
|
return token.SignedString([]byte(key))
|
||||||
}
|
}
|
||||||
|
|
||||||
func invalidAuth(c *gin.Context) {
|
func invalidAuth(c *gin.Context) {
|
||||||
c.String(http.StatusUnauthorized, "Unauthorized.")
|
c.String(http.StatusUnauthorized, "Unauthorized.")
|
||||||
c.Abort()
|
c.Abort()
|
||||||
}
|
}
|
||||||
|
|
||||||
func JwtMiddleware(secret string) gin.HandlerFunc {
|
func JwtMiddleware(secret string) gin.HandlerFunc {
|
||||||
return func(c *gin.Context) {
|
return func(c *gin.Context) {
|
||||||
jwtSplit := strings.Split(c.GetHeader("Authorization"), " ")
|
jwtSplit := strings.Split(c.GetHeader("Authorization"), " ")
|
||||||
|
|
||||||
if len(jwtSplit) < 2 || jwtSplit[0] != "Bearer" {
|
if len(jwtSplit) < 2 || jwtSplit[0] != "Bearer" {
|
||||||
invalidAuth(c)
|
invalidAuth(c)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
claims, err := ValidateJWT(jwtSplit[1], secret)
|
claims, err := ValidateJWT(jwtSplit[1], secret)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
invalidAuth(c)
|
invalidAuth(c)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if userClaims, ok := claims["user"].(map[string]interface{}); ok {
|
if userClaims, ok := claims["user"].(map[string]interface{}); ok {
|
||||||
userJSON, err := json.Marshal(userClaims) // Convert map to JSON
|
userJSON, err := json.Marshal(userClaims) // Convert map to JSON
|
||||||
if err != nil {
|
if err != nil {
|
||||||
invalidAuth(c)
|
invalidAuth(c)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var user User
|
var user User
|
||||||
err = json.Unmarshal(userJSON, &user)
|
err = json.Unmarshal(userJSON, &user)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
invalidAuth(c)
|
invalidAuth(c)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
claims["user"] = user
|
claims["user"] = user
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Set("claims", claims)
|
c.Set("claims", claims)
|
||||||
c.Next()
|
c.Next()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func ValidateJWT(jwtString, key string) (jwt.MapClaims, error) {
|
func ValidateJWT(jwtString, key string) (jwt.MapClaims, error) {
|
||||||
token, err := jwt.Parse(jwtString, func(token *jwt.Token) (any, error) {
|
token, err := jwt.Parse(jwtString, func(token *jwt.Token) (any, error) {
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||||
return nil, fmt.Errorf("Invalid signing method!")
|
return nil, fmt.Errorf("Invalid signing method!")
|
||||||
}
|
}
|
||||||
|
|
||||||
return []byte(key), nil
|
return []byte(key), nil
|
||||||
})
|
})
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
||||||
return claims, nil
|
return claims, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil, fmt.Errorf("Invalid token!")
|
return nil, fmt.Errorf("Invalid token!")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,40 +1,40 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/golang-jwt/jwt/v5"
|
"github.com/golang-jwt/jwt/v5"
|
||||||
)
|
)
|
||||||
|
|
||||||
type TokenResponse struct {
|
type TokenResponse struct {
|
||||||
AccessToken string `json:"access_token"`
|
AccessToken string `json:"access_token"`
|
||||||
TokenType string `json:"token_type"`
|
TokenType string `json:"token_type"`
|
||||||
ExpiresIn int64 `json:"expires_in"`
|
ExpiresIn int64 `json:"expires_in"`
|
||||||
RefreshToken string `json:"refresh_token"`
|
RefreshToken string `json:"refresh_token"`
|
||||||
Scope string `json:"scope"`
|
Scope string `json:"scope"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type User struct {
|
type User struct {
|
||||||
ID string `json:"id" gorm:"primaryKey"`
|
ID string `json:"id" gorm:"primaryKey"`
|
||||||
Username string `json:"username"`
|
Username string `json:"username"`
|
||||||
Blacklisted bool `json:"blacklisted"`
|
Blacklisted bool `json:"blacklisted"`
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
CreatedAt time.Time `json:"created_at"`
|
CreatedAt time.Time `json:"created_at"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type AvatarDecorationData struct {
|
type AvatarDecorationData struct {
|
||||||
Asset string
|
Asset string
|
||||||
SkuID string
|
SkuID string
|
||||||
}
|
}
|
||||||
|
|
||||||
type ExchangeCodeRequest struct {
|
type ExchangeCodeRequest struct {
|
||||||
GrantType string `json:"grant_type"`
|
GrantType string `json:"grant_type"`
|
||||||
Code string `json:"code"`
|
Code string `json:"code"`
|
||||||
RedirectUri string `json:"redirect_uri"`
|
RedirectUri string `json:"redirect_uri"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Claims struct {
|
type Claims struct {
|
||||||
User User `json:"user"`
|
User User `json:"user"`
|
||||||
Exp uint64 `json:"exp"`
|
Exp uint64 `json:"exp"`
|
||||||
jwt.RegisteredClaims
|
jwt.RegisteredClaims
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,31 +1,31 @@
|
||||||
package types
|
package types
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
"stereo.cat/backend/internal/auth/client"
|
"stereo.cat/backend/internal/auth/client"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Route struct {
|
type Route struct {
|
||||||
Path string
|
Path string
|
||||||
Method string
|
Method string
|
||||||
Exec func(cfg *StereoConfig) gin.HandlerFunc
|
Exec func(cfg *StereoConfig) gin.HandlerFunc
|
||||||
}
|
}
|
||||||
|
|
||||||
type StereoConfig struct {
|
type StereoConfig struct {
|
||||||
ImagePath string
|
ImagePath string
|
||||||
Router *gin.Engine
|
Router *gin.Engine
|
||||||
Client client.Client
|
Client client.Client
|
||||||
Database *gorm.DB
|
Database *gorm.DB
|
||||||
JWTSecret string
|
JWTSecret string
|
||||||
}
|
}
|
||||||
|
|
||||||
type File struct {
|
type File struct {
|
||||||
ID string `gorm:"primaryKey"`
|
ID string `gorm:"primaryKey"`
|
||||||
Path string `gorm:"not null;index"`
|
Path string `gorm:"not null;index"`
|
||||||
Owner string `gorm:"not null;index"`
|
Owner string `gorm:"not null;index"`
|
||||||
Size int64 `gorm:"not null;type:bigint"`
|
Size int64 `gorm:"not null;type:bigint"`
|
||||||
CreatedAt time.Time `gorm:"autoCreateTime"`
|
CreatedAt time.Time `gorm:"autoCreateTime"`
|
||||||
}
|
}
|
||||||
|
|
|
||||||
182
main.go
182
main.go
|
|
@ -1,91 +1,91 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/joho/godotenv"
|
"github.com/joho/godotenv"
|
||||||
"gorm.io/driver/postgres"
|
"gorm.io/driver/postgres"
|
||||||
"gorm.io/driver/sqlite"
|
"gorm.io/driver/sqlite"
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
"stereo.cat/backend/internal/api"
|
"stereo.cat/backend/internal/api"
|
||||||
"stereo.cat/backend/internal/auth"
|
"stereo.cat/backend/internal/auth"
|
||||||
"stereo.cat/backend/internal/auth/client"
|
"stereo.cat/backend/internal/auth/client"
|
||||||
"stereo.cat/backend/internal/types"
|
"stereo.cat/backend/internal/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
func getEnv(key, fallback string) string {
|
func getEnv(key, fallback string) string {
|
||||||
if value, ok := os.LookupEnv(key); ok {
|
if value, ok := os.LookupEnv(key); ok {
|
||||||
return value
|
return value
|
||||||
}
|
}
|
||||||
return fallback
|
return fallback
|
||||||
}
|
}
|
||||||
|
|
||||||
func requireEnv(key string) string {
|
func requireEnv(key string) string {
|
||||||
if value, ok := os.LookupEnv(key); ok {
|
if value, ok := os.LookupEnv(key); ok {
|
||||||
return value
|
return value
|
||||||
}
|
}
|
||||||
panic(errors.New(fmt.Sprintf("Environment variable %s is required but not specified. Exiting...", key)))
|
panic(errors.New(fmt.Sprintf("Environment variable %s is required but not specified. Exiting...", key)))
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
_ = godotenv.Load()
|
_ = godotenv.Load()
|
||||||
|
|
||||||
databaseType := getEnv("DATABASE_TYPE", "sqlite")
|
databaseType := getEnv("DATABASE_TYPE", "sqlite")
|
||||||
sqliteFile := getEnv("SQLITE_FILE", "stereo.db")
|
sqliteFile := getEnv("SQLITE_FILE", "stereo.db")
|
||||||
imagePath := getEnv("IMAGE_PATH", os.TempDir())
|
imagePath := getEnv("IMAGE_PATH", os.TempDir())
|
||||||
|
|
||||||
if _, err := os.Stat(imagePath); err != nil {
|
if _, err := os.Stat(imagePath); err != nil {
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
if err := os.MkdirAll(imagePath, os.ModePerm); err != nil {
|
if err := os.MkdirAll(imagePath, os.ModePerm); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
c := types.StereoConfig{
|
c := types.StereoConfig{
|
||||||
Router: gin.Default(),
|
Router: gin.Default(),
|
||||||
ImagePath: imagePath,
|
ImagePath: imagePath,
|
||||||
Client: client.New(
|
Client: client.New(
|
||||||
requireEnv("REDIRECT_URI"),
|
requireEnv("REDIRECT_URI"),
|
||||||
requireEnv("CLIENT_ID"),
|
requireEnv("CLIENT_ID"),
|
||||||
requireEnv("CLIENT_SECRET"),
|
requireEnv("CLIENT_SECRET"),
|
||||||
),
|
),
|
||||||
JWTSecret: requireEnv("JWT_SECRET"),
|
JWTSecret: requireEnv("JWT_SECRET"),
|
||||||
}
|
}
|
||||||
|
|
||||||
switch databaseType {
|
switch databaseType {
|
||||||
case "sqlite":
|
case "sqlite":
|
||||||
db, err := gorm.Open(sqlite.Open(sqliteFile), &gorm.Config{})
|
db, err := gorm.Open(sqlite.Open(sqliteFile), &gorm.Config{})
|
||||||
|
|
||||||
c.Database = db
|
c.Database = db
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
break
|
break
|
||||||
|
|
||||||
case "postgres":
|
case "postgres":
|
||||||
db, err := gorm.Open(postgres.Open(requireEnv("POSTGRES_DSN")), &gorm.Config{})
|
db, err := gorm.Open(postgres.Open(requireEnv("POSTGRES_DSN")), &gorm.Config{})
|
||||||
|
|
||||||
c.Database = db
|
c.Database = db
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
break
|
break
|
||||||
default:
|
default:
|
||||||
panic(errors.New("Invalid database type was specified."))
|
panic(errors.New("Invalid database type was specified."))
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Database.AutoMigrate(&auth.User{}, &types.File{})
|
c.Database.AutoMigrate(&auth.User{}, &types.File{})
|
||||||
|
|
||||||
api.Register(&c)
|
api.Register(&c)
|
||||||
fmt.Printf("Running on port %s\n", getEnv("PORT", "8080"))
|
fmt.Printf("Running on port %s\n", getEnv("PORT", "8080"))
|
||||||
c.Router.Run()
|
c.Router.Run()
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue