Init commit

Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
2026-04-30 19:30:31 +02:00
commit 83ce16b16f
35 changed files with 2998 additions and 0 deletions
--- a/api/v1/accounts_auth.go
+++ b/api/v1/accounts_auth.go
@@ -0,0 +1,59 @@
+package v1
+
+import (
+	"context"
+
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger"
+	accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
+	"github.com/golang/protobuf/ptypes/empty"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/emptypb"
+)
+
+func NewAccountAuthRPCImpl(ctrl *controllers.AccountController) *AccountsAuthServer {
+	return &AccountsAuthServer{
+		ctrl: ctrl,
+	}
+}
+
+type AccountsAuthServer struct {
+	accounts.UnimplementedAccountsAuthServiceServer
+	ctrl *controllers.AccountController
+}
+
+func (a *AccountsAuthServer) RefreshToken(ctx context.Context, in *empty.Empty) (*empty.Empty, error) {
+	tokenID := ctx.Value("token_id").(string)
+	userID := ctx.Value("user_id").(string)
+	log := logger.FromContext(ctx)
+	uuid, err := a.ctrl.ValidateRefreshToken(ctx, tokenID, userID)
+	if err != nil {
+		return nil, status.Error(codes.Unauthenticated, "refresh token is invalid")
+	}
+	accessToken, err := a.ctrl.GenerateAccessToken(uuid)
+	if err != nil {
+		log.Error(err, "Couldn't generate an access token")
+		return nil, status.Error(codes.Aborted, "Couldn't generate Access Token")
+	}
+
+	refreshToken, err := a.ctrl.GenerateRefreshToken(ctx, uuid)
+	if err != nil {
+		log.Error(err, "Couldn't generate a refresh token")
+		return nil, status.Error(codes.Aborted, "Couldn't generate Access Token")
+	}
+
+	header := metadata.Pairs(
+		"access-token", accessToken,
+		"refreshToken", refreshToken,
+	)
+
+	if err := grpc.SetHeader(ctx, header); err != nil {
+		log.Error(err, "Couldn't set headers")
+		return nil, status.Error(codes.Unknown, "Couldn't set headers")
+	}
+
+	return &emptypb.Empty{}, nil
+}
--- a/api/v1/accounts_no_auth.go
+++ b/api/v1/accounts_no_auth.go
@@ -0,0 +1,73 @@
+package v1
+
+import (
+	"context"
+
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
+	accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/golang/protobuf/ptypes/empty"
+	"golang.org/x/oauth2"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/types/known/emptypb"
+)
+
+func NewAccountNoAuthRPCImpl(ctrl *controllers.AccountController) *AccountsNoAuthServer {
+	return &AccountsNoAuthServer{
+		ctrl: ctrl,
+	}
+}
+
+type AccountsNoAuthServer struct {
+	accounts.UnimplementedAccountsNoAuthServiceServer
+	ctrl *controllers.AccountController
+}
+
+func (a *AccountsNoAuthServer) SignIn(ctx context.Context, in *accounts.SignInRequest) (*empty.Empty, error) {
+	provider, err := oidc.NewProvider(ctx, "https://authentik.badhouseplants.net")
+	if err != nil {
+		return nil, err
+	}
+
+	// Configure an OpenID Connect aware OAuth2 client.
+	oauth2Config := oauth2.Config{
+		ClientID:     "softplayer-localhost",
+		ClientSecret: "pRpe3scGUE2jNH6t5rqI9R4OROeQHs4eO6ku957mYjDumKhQGX8QJcO0BMJ2FG4sUpvFrqccEqWgc3wKMp94tC8LyvTnkPF0Tg0CaldAEHuoQQdNKAzXVxwrHE6kNyBC",
+		RedirectURL:  "http://localhost:8080/#/auth/callback",
+
+		// Discovery returns the OAuth2 endpoints.
+		Endpoint: provider.Endpoint(),
+
+		// "openid" is a required scope for OpenID Connect flows.
+		Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
+	}
+	verifier := provider.Verifier(&oidc.Config{ClientID: "softplayer-localhost"})
+
+	oauth2Token, err := oauth2Config.Exchange(ctx, in.Code)
+	if err != nil {
+		return nil, err
+	}
+
+	// Extract the ID Token from OAuth2 token.
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+	if !ok {
+		return nil, status.Error(codes.Unauthenticated, "Couldn't parse oauth token")
+	}
+
+	// Parse and verify ID Token payload.
+	idToken, err := verifier.Verify(ctx, rawIDToken)
+	if err != nil {
+		return nil, status.Error(codes.Unauthenticated, "Couldn't verify oauth token")
+	}
+
+	// Extract custom claims
+	var claims struct {
+		Email    string `json:"email"`
+		Verified bool   `json:"email_verified"`
+	}
+	if err := idToken.Claims(&claims); err != nil {
+		// handle error
+	}
+	return &emptypb.Empty{}, nil
+}
--- a/api/v1/test_auth.go
+++ b/api/v1/test_auth.go
@@ -0,0 +1,22 @@
+package v1
+
+import (
+	"context"
+
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger"
+	test "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/test/v1"
+)
+
+func NewTestAuthRPCImpl() *TestAuthServer {
+	return &TestAuthServer{}
+}
+
+type TestAuthServer struct {
+	test.UnimplementedTestAuthServiceServer
+}
+
+func (t *TestAuthServer) Pong(ctx context.Context, in *test.PongRequest) (*test.PongResponse, error) {
+	log := logger.FromContext(ctx)
+	log.Info("Pong")
+	return &test.PongResponse{}, nil
+}
--- a/api/v1/test_no_auth.go
+++ b/api/v1/test_no_auth.go
@@ -0,0 +1,22 @@
+package v1
+
+import (
+	"context"
+
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger"
+	test "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/test/v1"
+)
+
+func NewTestNoAuthRPCImpl() *TestNoAuthServer {
+	return &TestNoAuthServer{}
+}
+
+type TestNoAuthServer struct {
+	test.UnimplementedTestNoAuthServiceServer
+}
+
+func (t *TestNoAuthServer) Ping(ctx context.Context, in *test.PingRequest) (*test.PingResponse, error) {
+	log := logger.FromContext(ctx)
+	log.Info("Ping")
+	return &test.PingResponse{}, nil
+}