Enable auth endpoint

Signed-off-by: Nikolai Rodionov <iam@allanger.xyz>
2026-04-28 13:36:12 +02:00
parent fa78e2a787
commit 69cdecb5b6
6 changed files with 72 additions and 6 deletions
--- a/api/v1/accounts_auth.go
+++ b/api/v1/accounts_auth.go
@@ -0,0 +1,17 @@
+package v1
+
+import (
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
+	accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
+)
+
+func NewAccountAuthRPCImpl(ctrl *controllers.AccountController) *AccountsAuthServer {
+	return &AccountsAuthServer{
+		ctrl: ctrl,
+	}
+}
+
+type AccountsAuthServer struct {
+	accounts.UnimplementedAccountsAuthServiceServer
+	ctrl *controllers.AccountController
+}
--- a/api/v1/accounts_no_auth.go
+++ b/api/v1/accounts_no_auth.go
@@ -14,7 +14,7 @@ import (
 	"google.golang.org/protobuf/types/known/emptypb"
 )

-func NewAccountRPCImpl(ctrl *controllers.AccountController) *AccountsNoAuthServer {
+func NewAccountNoAuthRPCImpl(ctrl *controllers.AccountController) *AccountsNoAuthServer {
 	return &AccountsNoAuthServer{
 		ctrl: ctrl,
 	}
--- a/go.mod
+++ b/go.mod
@@ -137,7 +137,7 @@ require (
 )

 require (
-	gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260427171725-b565d3fa2b01
+	gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260428111006-efa5c57e6a14
 	github.com/golang/protobuf v1.5.4
 	golang.org/x/net v0.49.0 // indirect
 	golang.org/x/sys v0.40.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -3,8 +3,8 @@ dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
 dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
-gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260427171725-b565d3fa2b01 h1:iaBLJRS0A6QykeBgIj170itknvQ4Zc5LSe+6hmsRL7g=
-gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260427171725-b565d3fa2b01/go.mod h1:AgOh1lkPHyRgBf3/s1btKcAqke/33LbKYarTD13qeAg=
+gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260428111006-efa5c57e6a14 h1:PwOWag8dum67a1w/QIP7NlSGPL/Z7rZDHAwjRJjyk3U=
+gitea.badhouseplants.net/softplayer/softplayer-go-proto v0.0.0-20260428111006-efa5c57e6a14/go.mod h1:AgOh1lkPHyRgBf3/s1btKcAqke/33LbKYarTD13qeAg=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
--- a/internal/interceptors/authjwt.go
+++ b/internal/interceptors/authjwt.go
@@ -0,0 +1,43 @@
+package interceptors
+
+import (
+	"context"
+	"strings"
+
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+type JWTVerifier struct {
+	secret    []byte
+	serverCtx context.Context
+}
+
+func NewJWTVerifier(ctx context.Context, secret []byte) *JWTVerifier {
+	return &JWTVerifier{
+		serverCtx: ctx,
+		secret:    secret,
+	}
+}
+
+// This is an interceptors that should verify that a user is authorized
+func (v *JWTVerifier) JWTAuthInterceptor(
+	ctx context.Context,
+	req interface{},
+	info *grpc.UnaryServerInfo,
+	handler grpc.UnaryHandler,
+) (interface{}, error) {
+	log := logger.FromContext(v.serverCtx).WithValues("method", info.FullMethod)
+	if !strings.Contains(info.FullMethod, "NoAuth") {
+		log.Info("Checking the JWT token")
+		return nil, status.Error(codes.Unauthenticated, "Use is not authorized")
+		// Get the token from the metadata
+		// Validate the token
+		// Get the user id from the token
+	} else {
+		log.Info("Auth is not required for this request")
+	}
+	return handler(ctx, req)
+}
--- a/main.go
+++ b/main.go
@@ -10,6 +10,7 @@ import (

 	v1 "gitea.badhouseplants.net/softplayer/softplayer-backend/api/v1"
 	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/interceptors"
 	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger"
 	accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
 	"github.com/alecthomas/kong"
@@ -152,9 +153,13 @@ func server(ctx context.Context, params Serve) error {
 	if err != nil {
 		return err
 	}
+
+	jwtVerifier := interceptors.NewJWTVerifier(ctx, []byte(params.JWTSecret))
+
 	grpcServer := grpc.NewServer(
-		grpc.UnaryInterceptor(
+		grpc.ChainUnaryInterceptor(
 			grpc_zap.UnaryServerInterceptor(logger.SetupLogger("info")),
+			jwtVerifier.JWTAuthInterceptor,
 		),
 		grpc.StreamInterceptor(grpc_zap.StreamServerInterceptor(logger.SetupLogger("info"))),
 	)
@@ -175,7 +180,8 @@ func server(ctx context.Context, params Serve) error {
 		JWTSecret:       []byte(params.JWTSecret),
 		Redis:           rdb,
 	}
-	accounts.RegisterAccountsNoAuthServiceServer(grpcServer, v1.NewAccountRPCImpl(accountCtrl))
+	accounts.RegisterAccountsNoAuthServiceServer(grpcServer, v1.NewAccountNoAuthRPCImpl(accountCtrl))
+	accounts.RegisterAccountsAuthServiceServer(grpcServer, v1.NewAccountAuthRPCImpl(accountCtrl))

 	if err := grpcServer.Serve(lis); err != nil {
 		return err