sudoscientist-go-backend/packages/auth/auth.go

package auth

import (
	"database/sql"
	"encoding/json"
	"fmt"
	"git.minhas.io/asara/sudoscientist-go-backend/packages/middleware"
	"git.minhas.io/asara/sudoscientist-go-backend/packages/users"
	"github.com/badoux/checkmail"
	"github.com/dgrijalva/jwt-go"
	"github.com/go-chi/chi"
	"github.com/go-chi/jwtauth"
	"github.com/go-chi/render"
	"golang.org/x/crypto/bcrypt"
	"net/http"
	"os"
	"strings"
	"time"
)

var (
	DB            *sql.DB
	TokenAuth     *jwtauth.JWTAuth
	PostalEnabled bool
	PostalKey     string
	PostalAPI     string
)

func Init() {
	if postal_key, ok := os.LookupEnv("POSTAL_KEY"); ok {
		PostalKey = postal_key
		if postal_api, ok := os.LookupEnv("POSTAL_API"); ok {
			PostalAPI = postal_api
			PostalEnabled = true
		}
	}
}

type ReturnError struct {
	Message string `json:"error"`
}

type SignUpCredentials struct {
	Username string `json:"username", db:"username"`
	Email    string `json:"email", db:"email"`
	Password string `json:"password", db:"password"`
}

type SignInCredentials struct {
	Username string `json:"username", db:"username"`
	Password string `json:"password", db:"password"`
}

type Claims struct {
	Username string `json:"username"`
	jwt.StandardClaims
}

type JWT struct {
	JWT string `json:"jwt"`
}

func Routes() *chi.Mux {
	r := chi.NewRouter()
	r.Post("/signin", signin)
	r.Post("/register", register)
	r.Group(func(r chi.Router) {
		r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie))
		r.Use(jwtauth.Authenticator)
		r.Post("/refresh", refresh)
	})
	return r
}

func register(w http.ResponseWriter, r *http.Request) {
	returnError := ReturnError{}
	creds := &SignUpCredentials{}
	err := json.NewDecoder(r.Body).Decode(creds)
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		fmt.Println(err)
		return
	}
	if creds.Username == "" {
		returnError.Message = "username is required"
		w.WriteHeader(http.StatusBadRequest)
		render.JSON(w, r, returnError)
		return
	}
	if creds.Password == "" {
		returnError.Message = "password is required"
		w.WriteHeader(http.StatusBadRequest)
		render.JSON(w, r, returnError)
		return
	}
	if creds.Email == "" {
		returnError.Message = "email is required"
		w.WriteHeader(http.StatusBadRequest)
		render.JSON(w, r, returnError)
		return
	}
	err = checkmail.ValidateFormat(creds.Email)
	if err != nil {
		returnError.Message = "email not valid"
		w.WriteHeader(http.StatusBadRequest)
		render.JSON(w, r, returnError)
		return
	}

	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(creds.Password), 10)
	s := `INSERT INTO users (username, email, password, admin)
          VALUES ($1, $2, $3, $4)`
	if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false); err != nil {
		w.WriteHeader(http.StatusInternalServerError)
		fmt.Println(err)
		return
	}
	users.CreateProfile(creds.Username, creds.Email)
	w.WriteHeader(http.StatusCreated)
	expirationTime := time.Now().Add(6 * time.Hour)
	claims := &Claims{
		Username: creds.Username,
		StandardClaims: jwt.StandardClaims{
			ExpiresAt: expirationTime.Unix(),
		},
	}
	_, tokenString, _ := TokenAuth.Encode(claims)
	token := setCookies(w, tokenString, expirationTime)
	w.WriteHeader(http.StatusOK)
	render.JSON(w, r, token)
}

func signin(w http.ResponseWriter, r *http.Request) {
	creds := &SignInCredentials{}
	err := json.NewDecoder(r.Body).Decode(creds)
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		return
	}
	result := DB.QueryRow("SELECT password FROM users WHERE username=$1", creds.Username)
	storedCreds := &SignInCredentials{}
	err = result.Scan(&storedCreds.Password)
	if err != nil {
		if err == sql.ErrNoRows {
			w.WriteHeader(http.StatusUnauthorized)
			return
		}
		w.WriteHeader(http.StatusInternalServerError)
		return
	}
	if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil {
		w.WriteHeader(http.StatusUnauthorized)
	}
	expirationTime := time.Now().Add(5 * time.Hour)
	claims := &Claims{
		Username: creds.Username,
		StandardClaims: jwt.StandardClaims{
			ExpiresAt: expirationTime.Unix(),
		},
	}
	_, tokenString, _ := TokenAuth.Encode(claims)
	token := setCookies(w, tokenString, expirationTime)
	w.WriteHeader(http.StatusOK)
	render.JSON(w, r, token)
}

func refresh(w http.ResponseWriter, r *http.Request) {
	_, claims, _ := jwtauth.FromContext(r.Context())
	w.WriteHeader(http.StatusOK)
	expirationTime := time.Now().Add(5 * time.Hour)
	newClaims := &Claims{
		Username: claims["username"].(string),
		StandardClaims: jwt.StandardClaims{
			ExpiresAt: expirationTime.Unix(),
		},
	}
	_, tokenString, _ := TokenAuth.Encode(newClaims)
	token := setCookies(w, tokenString, expirationTime)
	w.WriteHeader(http.StatusOK)
	render.JSON(w, r, token)
}

func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string {
	splitToken := strings.Split(jwt, ".")
	dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}
	http.SetCookie(w, &dataCookie)
	signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}
	http.SetCookie(w, &signatureCookie)
	return strings.Join(splitToken[:2], ".")
}
Base stuff from other project 2019-02-03 06:57:08 +00:00			`package auth`

			`import (`
			`"database/sql"`
			`"encoding/json"`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`"fmt"`
Wrap up split cookie auth 2019-10-06 02:35:14 +00:00			`"git.minhas.io/asara/sudoscientist-go-backend/packages/middleware"`
Fix path to repo, add cors for testing 2019-05-28 01:17:09 +00:00			`"git.minhas.io/asara/sudoscientist-go-backend/packages/users"`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`"github.com/badoux/checkmail"`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`"github.com/dgrijalva/jwt-go"`
			`"github.com/go-chi/chi"`
			`"github.com/go-chi/jwtauth"`
			`"github.com/go-chi/render"`
			`"golang.org/x/crypto/bcrypt"`
			`"net/http"`
go fmt, add some basic tests for postal api info 2020-01-19 02:46:46 +00:00			`"os"`
Implement split tokens that work with curl 2019-10-06 00:21:48 +00:00			`"strings"`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`"time"`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`)`

			`var (`
go fmt, add some basic tests for postal api info 2020-01-19 02:46:46 +00:00			`DB *sql.DB`
			`TokenAuth *jwtauth.JWTAuth`
			`PostalEnabled bool`
			`PostalKey string`
			`PostalAPI string`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`)`

go fmt, add some basic tests for postal api info 2020-01-19 02:46:46 +00:00			`func Init() {`
			`if postal_key, ok := os.LookupEnv("POSTAL_KEY"); ok {`
			`PostalKey = postal_key`
			`if postal_api, ok := os.LookupEnv("POSTAL_API"); ok {`
			`PostalAPI = postal_api`
			`PostalEnabled = true`
			`}`
			`}`
			`}`

Add return success codes, wrap up createBlogPost 2019-04-20 21:17:20 +00:00			`type ReturnError struct {`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			Message string `json:"error"`
			`}`

			`type SignUpCredentials struct {`
			Username string `json:"username", db:"username"`
			Email string `json:"email", db:"email"`
			Password string `json:"password", db:"password"`
			`}`

			`type SignInCredentials struct {`
Base stuff from other project 2019-02-03 06:57:08 +00:00			Username string `json:"username", db:"username"`
Get basic user profiles set up 2019-02-07 04:46:30 +00:00			Password string `json:"password", db:"password"`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`}`

Why do double the work eh? 2019-04-14 03:38:51 +00:00			`type Claims struct {`
			Username string `json:"username"`
			`jwt.StandardClaims`
			`}`

Add refresh 2019-04-14 16:44:02 +00:00			`type JWT struct {`
Implement split tokens that work with curl 2019-10-06 00:21:48 +00:00			JWT string `json:"jwt"`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`}`

			`func Routes() *chi.Mux {`
Add refresh 2019-04-14 16:44:02 +00:00			`r := chi.NewRouter()`
			`r.Post("/signin", signin)`
			`r.Post("/register", register)`
			`r.Group(func(r chi.Router) {`
Wrap up split cookie auth 2019-10-06 02:35:14 +00:00			`r.Use(jwtauth.Verify(TokenAuth, auth_middleware.TokenFromSplitCookie))`
Add refresh 2019-04-14 16:44:02 +00:00			`r.Use(jwtauth.Authenticator)`
			`r.Post("/refresh", refresh)`
			`})`
			`return r`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`}`

Add refresh 2019-04-14 16:44:02 +00:00			`func register(w http.ResponseWriter, r *http.Request) {`
Add return success codes, wrap up createBlogPost 2019-04-20 21:17:20 +00:00			`returnError := ReturnError{}`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`creds := &SignUpCredentials{}`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`err := json.NewDecoder(r.Body).Decode(creds)`
			`if err != nil {`
			`w.WriteHeader(http.StatusBadRequest)`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`fmt.Println(err)`
			`return`
			`}`
			`if creds.Username == "" {`
			`returnError.Message = "username is required"`
			`w.WriteHeader(http.StatusBadRequest)`
			`render.JSON(w, r, returnError)`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`return`
			`}`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`if creds.Password == "" {`
			`returnError.Message = "password is required"`
			`w.WriteHeader(http.StatusBadRequest)`
			`render.JSON(w, r, returnError)`
			`return`
			`}`
			`if creds.Email == "" {`
			`returnError.Message = "email is required"`
			`w.WriteHeader(http.StatusBadRequest)`
			`render.JSON(w, r, returnError)`
			`return`
			`}`
			`err = checkmail.ValidateFormat(creds.Email)`
			`if err != nil {`
			`returnError.Message = "email not valid"`
			`w.WriteHeader(http.StatusBadRequest)`
			`render.JSON(w, r, returnError)`
			`return`
			`}`

Base stuff from other project 2019-02-03 06:57:08 +00:00			`hashedPassword, err := bcrypt.GenerateFromPassword([]byte(creds.Password), 10)`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			s := `INSERT INTO users (username, email, password, admin)
			VALUES ($1, $2, $3, $4)`
			`if _, err = DB.Exec(s, creds.Username, creds.Email, string(hashedPassword), false); err != nil {`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`w.WriteHeader(http.StatusInternalServerError)`
			`fmt.Println(err)`
			`return`
			`}`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`users.CreateProfile(creds.Username, creds.Email)`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`w.WriteHeader(http.StatusCreated)`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`expirationTime := time.Now().Add(6 * time.Hour)`
			`claims := &Claims{`
			`Username: creds.Username,`
			`StandardClaims: jwt.StandardClaims{`
			`ExpiresAt: expirationTime.Unix(),`
			`},`
			`}`
			`_, tokenString, _ := TokenAuth.Encode(claims)`
Implement split tokens that work with curl 2019-10-06 00:21:48 +00:00			`token := setCookies(w, tokenString, expirationTime)`
			`w.WriteHeader(http.StatusOK)`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`render.JSON(w, r, token)`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`}`

Add test protected path 2019-02-08 04:43:26 +00:00			`func signin(w http.ResponseWriter, r *http.Request) {`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`creds := &SignInCredentials{}`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`err := json.NewDecoder(r.Body).Decode(creds)`
			`if err != nil {`
			`w.WriteHeader(http.StatusBadRequest)`
			`return`
			`}`
			`result := DB.QueryRow("SELECT password FROM users WHERE username=$1", creds.Username)`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`storedCreds := &SignInCredentials{}`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`err = result.Scan(&storedCreds.Password)`
			`if err != nil {`
			`if err == sql.ErrNoRows {`
			`w.WriteHeader(http.StatusUnauthorized)`
			`return`
			`}`
			`w.WriteHeader(http.StatusInternalServerError)`
			`return`
			`}`
			`if err = bcrypt.CompareHashAndPassword([]byte(storedCreds.Password), []byte(creds.Password)); err != nil {`
			`w.WriteHeader(http.StatusUnauthorized)`
			`}`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`expirationTime := time.Now().Add(5 * time.Hour)`
			`claims := &Claims{`
			`Username: creds.Username,`
			`StandardClaims: jwt.StandardClaims{`
			`ExpiresAt: expirationTime.Unix(),`
			`},`
			`}`
			`_, tokenString, _ := TokenAuth.Encode(claims)`
Implement split tokens that work with curl 2019-10-06 00:21:48 +00:00			`token := setCookies(w, tokenString, expirationTime)`
			`w.WriteHeader(http.StatusOK)`
Add refresh 2019-04-14 16:44:02 +00:00			`render.JSON(w, r, token)`
			`}`

			`func refresh(w http.ResponseWriter, r *http.Request) {`
			`_, claims, _ := jwtauth.FromContext(r.Context())`
			`w.WriteHeader(http.StatusOK)`
			`expirationTime := time.Now().Add(5 * time.Hour)`
Add proper updating of profiles 2019-04-14 17:29:15 +00:00			`newClaims := &Claims{`
Add refresh 2019-04-14 16:44:02 +00:00			`Username: claims["username"].(string),`
			`StandardClaims: jwt.StandardClaims{`
			`ExpiresAt: expirationTime.Unix(),`
			`},`
			`}`
			`_, tokenString, _ := TokenAuth.Encode(newClaims)`
Implement split tokens that work with curl 2019-10-06 00:21:48 +00:00			`token := setCookies(w, tokenString, expirationTime)`
			`w.WriteHeader(http.StatusOK)`
Why do double the work eh? 2019-04-14 03:38:51 +00:00			`render.JSON(w, r, token)`
Base stuff from other project 2019-02-03 06:57:08 +00:00			`}`
Implement split tokens that work with curl 2019-10-06 00:21:48 +00:00
			`func setCookies(w http.ResponseWriter, jwt string, expiration time.Time) string {`
			`splitToken := strings.Split(jwt, ".")`
make cookies secure 2019-10-06 02:50:48 +00:00			`dataCookie := http.Cookie{Name: "DataCookie", Value: strings.Join(splitToken[:2], "."), Expires: expiration, HttpOnly: false, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}`
Implement split tokens that work with curl 2019-10-06 00:21:48 +00:00			`http.SetCookie(w, &dataCookie)`
make cookies secure 2019-10-06 02:50:48 +00:00			`signatureCookie := http.Cookie{Name: "SignatureCookie", Value: splitToken[2], Expires: expiration, HttpOnly: true, Path: "/", Domain: ".sudoscientist.com", MaxAge: 360, Secure: true}`
Implement split tokens that work with curl 2019-10-06 00:21:48 +00:00			`http.SetCookie(w, &signatureCookie)`
			`return strings.Join(splitToken[:2], ".")`
			`}`