Token authorization is ready for MVP
All checks were successful
ci/woodpecker/push/build Pipeline was successful
All checks were successful
ci/woodpecker/push/build Pipeline was successful
Signed-off-by: Nikolai Rodionov <iam@allanger.xyz>
This commit is contained in:
@@ -48,16 +48,23 @@ func (a *AccountsServer) RefreshToken(ctx context.Context, in *empty.Empty) (*em
|
||||
return nil, status.Error(codes.Unauthenticated, "Invalid session")
|
||||
}
|
||||
|
||||
accessToken, _, err := a.authorizationCtrl.GenerateToken(session.UserID, controllers.TokenTypeAccess)
|
||||
accessToken, _, err := a.authorizationCtrl.GenerateToken(&controllers.JWTData{
|
||||
UserID: claims.UserID,
|
||||
TokenType: controllers.TokenTypeAccess,
|
||||
TokenAud: controllers.TokenAudWeb,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
||||
}
|
||||
|
||||
refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(session.UserID, controllers.TokenTypeRefresh)
|
||||
refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(&controllers.JWTData{
|
||||
UserID: claims.UserID,
|
||||
TokenType: controllers.TokenTypeRefresh,
|
||||
TokenAud: controllers.TokenAudWeb,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
||||
}
|
||||
|
||||
newSession := &controllers.Session{UserID: session.UserID}
|
||||
|
||||
if err := a.authorizationCtrl.SaveSession(ctx, tokenID, newSession); err != nil {
|
||||
|
||||
@@ -34,12 +34,20 @@ func (a *PublicAccountService) SignIn(ctx context.Context, in *accounts.SignInRe
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't create a user")
|
||||
}
|
||||
accessToken, _, err := a.authorizationCtrl.GenerateToken(id, controllers.TokenTypeAccess)
|
||||
accessToken, _, err := a.authorizationCtrl.GenerateToken(&controllers.JWTData{
|
||||
UserID: id,
|
||||
TokenType: controllers.TokenTypeAccess,
|
||||
TokenAud: controllers.TokenAudWeb,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
||||
}
|
||||
|
||||
refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(id, controllers.TokenTypeRefresh)
|
||||
refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(&controllers.JWTData{
|
||||
UserID: id,
|
||||
TokenType: controllers.TokenTypeRefresh,
|
||||
TokenAud: controllers.TokenAudWeb,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
||||
}
|
||||
@@ -70,12 +78,20 @@ func (a *PublicAccountService) SignUp(ctx context.Context, in *accounts.SignUpRe
|
||||
return nil, status.Error(codes.Aborted, "Couldn't create a user")
|
||||
}
|
||||
|
||||
accessToken, _, err := a.authorizationCtrl.GenerateToken(id, controllers.TokenTypeAccess)
|
||||
accessToken, _, err := a.authorizationCtrl.GenerateToken(&controllers.JWTData{
|
||||
UserID: id,
|
||||
TokenType: controllers.TokenTypeAccess,
|
||||
TokenAud: controllers.TokenAudWeb,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
||||
}
|
||||
|
||||
refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(id, controllers.TokenTypeRefresh)
|
||||
refreshToken, tokenID, err := a.authorizationCtrl.GenerateToken(&controllers.JWTData{
|
||||
UserID: id,
|
||||
TokenType: controllers.TokenTypeRefresh,
|
||||
TokenAud: controllers.TokenAudWeb,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
||||
}
|
||||
|
||||
64
api/v1/public_tokens.go
Normal file
64
api/v1/public_tokens.go
Normal file
@@ -0,0 +1,64 @@
|
||||
package v1
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
|
||||
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
|
||||
tokens "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/tokens/v1"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/metadata"
|
||||
"google.golang.org/grpc/status"
|
||||
"google.golang.org/protobuf/types/known/emptypb"
|
||||
)
|
||||
|
||||
// var _ tokens.PublicTokensServiceServer = (*PublicTokensServer)(nil)
|
||||
|
||||
type PublicTokensServer struct {
|
||||
tokens.UnimplementedPublicTokensServiceServer
|
||||
tokenCtrl *controllers.TokenController
|
||||
authorizationCtrl *controllers.AuthController
|
||||
}
|
||||
|
||||
func NewPublicTokensServer(
|
||||
tokenCtrl *controllers.TokenController,
|
||||
authorizationCtrl *controllers.AuthController,
|
||||
) *PublicTokensServer {
|
||||
return &PublicTokensServer{
|
||||
tokenCtrl: tokenCtrl,
|
||||
authorizationCtrl: authorizationCtrl,
|
||||
}
|
||||
}
|
||||
|
||||
func (srv *PublicTokensServer) AuthenticateWithToken(ctx context.Context, in *tokens.AuthenticateWithTokenRequest) (*emptypb.Empty, error) {
|
||||
tokenAuthRes, err := srv.tokenCtrl.AuthenticateWithToken(ctx, in.TokenValue.Token)
|
||||
if err != nil {
|
||||
if errors.Is(err, controllers.ErrBadToken) {
|
||||
return nil, status.Error(codes.Unauthenticated, "Token is not valid")
|
||||
}
|
||||
if errors.Is(err, controllers.ErrServerError) {
|
||||
return nil, status.Error(codes.Internal, "Something is broken on our side")
|
||||
}
|
||||
return nil, status.Error(codes.Aborted, "Couldn't list tokens")
|
||||
}
|
||||
|
||||
jwtData := &controllers.JWTData{
|
||||
UserID: tokenAuthRes.UserID,
|
||||
TokenType: controllers.TokenTypeAccess,
|
||||
TokenAud: controllers.TokenAudToken,
|
||||
Scope: tokenAuthRes.Scope,
|
||||
}
|
||||
accessToken, _, err := srv.authorizationCtrl.GenerateToken(jwtData)
|
||||
if err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
|
||||
}
|
||||
|
||||
header := metadata.New(map[string]string{
|
||||
"X-Access-Token": accessToken,
|
||||
})
|
||||
if err := grpc.SetHeader(ctx, header); err != nil {
|
||||
return nil, status.Error(codes.Aborted, "Couldn't set metadata")
|
||||
}
|
||||
return &emptypb.Empty{}, nil
|
||||
}
|
||||
@@ -3,7 +3,6 @@ package v1
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
|
||||
tokens "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/tokens/v1"
|
||||
@@ -261,18 +260,3 @@ func (srv *TokensServer) ListPermissions(in *emptypb.Empty, stream grpc.ServerSt
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (srv *TokensServer) AuthenticateWithToken(ctx context.Context, in *tokens.AuthenticateWithTokenRequest) (*emptypb.Empty, error) {
|
||||
scopes, err := srv.tokenCtrl.AuthenticateWithToken(ctx, in.TokenValue.Token)
|
||||
if err != nil {
|
||||
if errors.Is(err, controllers.ErrBadToken) {
|
||||
return nil, status.Error(codes.Unauthenticated, "Token is not valid")
|
||||
}
|
||||
if errors.Is(err, controllers.ErrServerError) {
|
||||
return nil, status.Error(codes.Internal, "Something is broken on our side")
|
||||
}
|
||||
return nil, status.Error(codes.Aborted, "Couldn't list tokens")
|
||||
}
|
||||
fmt.Println(scopes)
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user