This repository has been archived on 2023-07-09. You can view files and clone it, but cannot push or open issues or pull requests.
sudoscientist-go-backend/packages/auth/auth.go

301 lines
9.3 KiB
Go
Raw Normal View History

2019-02-03 06:57:08 +00:00
package auth
import (
2020-01-20 18:40:05 +00:00
"bytes"
2019-02-03 06:57:08 +00:00
"database/sql"
"encoding/json"
2019-04-14 03:38:51 +00:00
"fmt"
2019-10-06 02:35:14 +00:00
"git.minhas.io/asara/sudoscientist-go-backend/packages/middleware"
2019-05-28 01:17:09 +00:00
"git.minhas.io/asara/sudoscientist-go-backend/packages/users"
2019-04-14 03:38:51 +00:00
"github.com/badoux/checkmail"
2019-02-03 06:57:08 +00:00
"github.com/dgrijalva/jwt-go"
"github.com/go-chi/chi"
"github.com/go-chi/jwtauth"
"github.com/go-chi/render"
"golang.org/x/crypto/bcrypt"
"net/http"
"os"
"strings"
2019-04-14 03:38:51 +00:00
"time"
2019-02-03 06:57:08 +00:00
)
var (
DB *sql.DB
TokenAuth *jwtauth.JWTAuth
EmailAuth *jwtauth.JWTAuth
PostalEnabled bool
PostalKey string
PostalAPI string
2020-01-20 18:40:05 +00:00
PostalEmail string
2019-02-03 06:57:08 +00:00
)
func Init() {
if postal_key, ok := os.LookupEnv("POSTAL_KEY"); ok {
if postal_api, ok := os.LookupEnv("POSTAL_API"); ok {
2020-01-20 18:40:05 +00:00
if email_src, ok := os.LookupEnv("POSTAL_SRC_EMAIL"); ok {
if email_auth, ok := os.LookupEnv("EMAIL_SECRET"); ok {
EmailAuth = jwtauth.New("HS256", []byte(os.Getenv(email_auth)), nil)
PostalKey = postal_key
PostalAPI = postal_api
PostalEmail = email_src
PostalEnabled = true
fmt.Println("Postal Enabled")
}
}
}
}
}
2020-01-20 18:40:05 +00:00
type ReturnMessage struct {
Message string `json:"msg"`
}
2019-04-14 03:38:51 +00:00
type SignUpCredentials struct {
Username string `json:"username", db:"username"`
Email string `json:"email", db:"email"`
Password string `json:"password", db:"password"`
}
type UserCredentials struct {
2019-02-03 06:57:08 +00:00
Username string `json:"username", db:"username"`
2019-02-07 04:46:30 +00:00
Password string `json:"password", db:"password"`
2019-02-03 06:57:08 +00:00
}
2019-04-14 03:38:51 +00:00
type Claims struct {
Username string `json:"username", db:"username"`
Admin string `json:"admin", db:"admin"`
Verified string `json:"verified", db:"verified"`
2019-04-14 03:38:51 +00:00
jwt.StandardClaims
}
2019-04-14 16:44:02 +00:00
type JWT struct {
JWT string `json:"jwt"`
2019-02-03 06:57:08 +00:00
}
2020-01-20 18:40:05 +00:00
type ComposedEmail struct {
To [1]string `json:"to"`
From string `json:"from"`
Subject string `json:"subject"`
Plain_body string `json:"plain_body"`
}
2019-02-03 06:57:08 +00:00
func Routes() *chi.Mux {
2019-04-14 16:44:02 +00:00
r := chi.NewRouter()
r.Post("/signin", signin)
r.Post("/register", register)
r.Group(func(r chi.Router) {
2019-10-06 02:35:14 +00:00
r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie))
2019-04-14 16:44:02 +00:00
r.Use(jwtauth.Authenticator)
r.Post("/refresh", refresh)
})
return r
2019-02-03 06:57:08 +00:00
}
2019-04-14 16:44:02 +00:00
func register(w http.ResponseWriter, r *http.Request) {
2020-01-20 18:40:05 +00:00
returnMessage := ReturnMessage{}
2019-04-14 03:38:51 +00:00
creds := &SignUpCredentials{}
2019-02-03 06:57:08 +00:00
err := json.NewDecoder(r.Body).Decode(creds)
if err != nil {
2019-04-14 03:38:51 +00:00
fmt.Println(err)
w.WriteHeader(http.StatusInternalServerError)
2020-01-20 18:40:05 +00:00
returnMessage.Message = "unexpected error. please contact the administrator"
render.JSON(w, r, returnMessage)
2019-04-14 03:38:51 +00:00
return
}
if creds.Username == "" {
2020-01-20 18:40:05 +00:00
returnMessage.Message = "username is required"
2019-04-14 03:38:51 +00:00
w.WriteHeader(http.StatusBadRequest)
2020-01-20 18:40:05 +00:00
render.JSON(w, r, returnMessage)
2019-02-03 06:57:08 +00:00
return
}
2019-04-14 03:38:51 +00:00
if creds.Password == "" {
2020-01-20 18:40:05 +00:00
returnMessage.Message = "password is required"
2019-04-14 03:38:51 +00:00
w.WriteHeader(http.StatusBadRequest)
2020-01-20 18:40:05 +00:00
render.JSON(w, r, returnMessage)
2019-04-14 03:38:51 +00:00
return
}
if creds.Email == "" {
2020-01-20 18:40:05 +00:00
returnMessage.Message = "email is required"
2019-04-14 03:38:51 +00:00
w.WriteHeader(http.StatusBadRequest)
2020-01-20 18:40:05 +00:00
render.JSON(w, r, returnMessage)
2019-04-14 03:38:51 +00:00
return
}
err = checkmail.ValidateFormat(creds.Email)
if err != nil {
2020-01-20 18:40:05 +00:00
returnMessage.Message = "email not valid"
2019-04-14 03:38:51 +00:00
w.WriteHeader(http.StatusBadRequest)
2020-01-20 18:40:05 +00:00
render.JSON(w, r, returnMessage)
2019-04-14 03:38:51 +00:00
return
}
2019-02-03 06:57:08 +00:00
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(creds.Password), 10)
s := `INSERT INTO users (username, email, password, admin, verified)
VALUES ($1, $2, $3, $4, $5)`
if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false, false); err != nil {
fmt.Println(err)
2020-01-20 18:40:05 +00:00
returnMessage.Message = "unexpected error. please contact the administrator"
2019-02-03 06:57:08 +00:00
w.WriteHeader(http.StatusInternalServerError)
2020-01-20 18:40:05 +00:00
render.JSON(w, r, returnMessage)
2019-02-03 06:57:08 +00:00
return
}
2019-04-14 03:38:51 +00:00
users.CreateProfile(creds.Username, creds.Email)
expirationTime := time.Now().Add(24 * time.Hour)
2019-04-14 03:38:51 +00:00
claims := &Claims{
Username: creds.Username,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
}
if PostalEnabled {
_, emailToken, _ := EmailAuth.Encode(claims)
2020-01-20 18:40:05 +00:00
returnMessage, ok := sendEmailToken(w, emailToken, creds.Username, creds.Email)
if !ok {
w.WriteHeader(http.StatusInternalServerError)
render.JSON(w, r, returnMessage)
return
}
w.WriteHeader(http.StatusCreated)
2020-01-20 18:40:05 +00:00
render.JSON(w, r, returnMessage)
return
}
2019-04-14 03:38:51 +00:00
_, tokenString, _ := TokenAuth.Encode(claims)
setCookies(w, tokenString, expirationTime)
w.WriteHeader(http.StatusCreated)
2020-01-20 18:40:05 +00:00
returnMessage.Message = "User created! Welcome to the site!"
render.JSON(w, r, returnMessage)
return
2019-02-03 06:57:08 +00:00
}
2019-02-08 04:43:26 +00:00
func signin(w http.ResponseWriter, r *http.Request) {
creds := &UserCredentials{}
2019-02-03 06:57:08 +00:00
err := json.NewDecoder(r.Body).Decode(creds)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return
}
verified, ok := checkPassword(w, *creds)
if !ok {
render.JSON(w, r, verified)
2019-02-03 06:57:08 +00:00
return
}
expirationTime := time.Now().Add(24 * time.Hour)
user_claims := &Claims{}
user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", creds.Username)
err = user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified)
2019-04-14 03:38:51 +00:00
claims := &Claims{
Username: user_claims.Username,
Admin: user_claims.Admin,
Verified: user_claims.Verified,
2019-04-14 03:38:51 +00:00
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
}
_, tokenString, _ := TokenAuth.Encode(claims)
token := setCookies(w, tokenString, expirationTime)
w.WriteHeader(http.StatusOK)
2019-04-14 16:44:02 +00:00
render.JSON(w, r, token)
}
func refresh(w http.ResponseWriter, r *http.Request) {
returnMessage := ReturnMessage{}
2019-04-14 16:44:02 +00:00
_, claims, _ := jwtauth.FromContext(r.Context())
w.WriteHeader(http.StatusOK)
expirationTime := time.Now().Add(5 * time.Hour)
user_claims := &Claims{}
user_claims_query := DB.QueryRow("SELECT username, admin, verified FROM users WHERE username=$1", claims["username"].(string))
err := user_claims_query.Scan(&user_claims.Username, &user_claims.Admin, &user_claims.Verified)
if err != nil {
fmt.Println(err)
returnMessage.Message = "unexpected error refreshing your token, please try again later"
w.WriteHeader(http.StatusInternalServerError)
render.JSON(w, r, returnMessage)
return
}
2019-04-14 17:29:15 +00:00
newClaims := &Claims{
Username: user_claims.Username,
Admin: user_claims.Admin,
Verified: user_claims.Verified,
2019-04-14 16:44:02 +00:00
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
},
}
_, tokenString, _ := TokenAuth.Encode(newClaims)
token := setCookies(w, tokenString, expirationTime)
w.WriteHeader(http.StatusOK)
2019-04-14 03:38:51 +00:00
render.JSON(w, r, token)
2019-02-03 06:57:08 +00:00
}
func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string {
splitToken := strings.Split(jwt, ".")
2019-10-06 02:50:48 +00:00
dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}
http.SetCookie(w, &dataCookie)
2019-10-06 02:50:48 +00:00
signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}
http.SetCookie(w, &signatureCookie)
return strings.Join(splitToken[:2], ".")
}
2020-01-20 18:40:05 +00:00
func sendEmailToken(w http.ResponseWriter, token string, name string, email string) (returnMessage ReturnMessage, ok bool) {
header := "Thanks for joining sudoscientist, " + name + "!"
body := "\n\nPlease click the following link to verify your email: "
link := os.Getenv("WEB_ADDR") + "/v1/api/auth/verify/" + token
email_array := [1]string{email}
composed_email := ComposedEmail{
To: email_array,
From: PostalEmail,
Subject: "sudoscientist: Please confirm your e-mail address",
Plain_body: header + body + link,
}
postal_req, err := json.Marshal(&composed_email)
if err != nil {
fmt.Println(err)
returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator"
ok = false
return returnMessage, ok
}
req, err := http.NewRequest("POST", fmt.Sprintf("%s/api/v1/send/message", PostalAPI), bytes.NewBuffer(postal_req))
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-Server-API-Key", PostalKey)
if err != nil {
fmt.Println(err)
returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator"
ok = false
return returnMessage, ok
}
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println(err)
returnMessage.Message = "unexpected error. your account may be in limbo. please contact the administrator"
ok = false
return returnMessage, ok
}
defer resp.Body.Close()
returnMessage.Message = "verification email sent"
ok = true
return returnMessage, ok
}
func checkPassword(w http.ResponseWriter, creds UserCredentials) (string, bool) {
returnMessage := ""
result := DB.QueryRow("SELECT password FROM users WHERE username=$1", creds.Username)
storedCreds := &UserCredentials{}
err := result.Scan(&storedCreds.Password)
if err != nil {
if err == sql.ErrNoRows {
w.WriteHeader(http.StatusUnauthorized)
returnMessage = "username or password incorrect"
return returnMessage, false
}
w.WriteHeader(http.StatusInternalServerError)
returnMessage = "something is broken, please contact the administrator"
return returnMessage, false
}
if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil {
w.WriteHeader(http.StatusUnauthorized)
returnMessage = "username or password incorrect"
return returnMessage, false
}
returnMessage = "user logged in"
return returnMessage, true
}