softplayer/softplayer-backend
5
0
Fork 0
Code Pull Requests 2 Packages Releases Activity

Start adding token auth
All checks were successful
ci/woodpecker/push/build Pipeline was successful
Details

Browse Source 
Signed-off-by: Nikolai Rodionov <iam@allanger.xyz>
This commit is contained in:
Nikolai Rodionov
2026-05-14 19:54:55 +02:00
parent c5af2c7544
commit efe9042bdc
6 changed files with 149 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
api/v1/tokens.go
View File

@@ -3,6 +3,7 @@ package v1
import (
"context"
"errors"
"fmt"
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
tokens "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/tokens/v1"
@@ -78,6 +79,13 @@ func (srv *TokensServer) ForceTokenExpiration(ctx context.Context, in *tokens.Fo
return nil, status.Error(codes.Aborted, "Context is invalid")
}
if err := srv.tokenCtrl.VerifyTokenOwner(ctx, claims.UserID, in.TokenUuid.Uuid); err != nil {
if errors.Is(err, controllers.ErrServerError) {
return nil, status.Error(codes.Internal, "Something is broken on our side")
}
return nil, status.Error(codes.Aborted, "User is now allowed to manipulate this token")
}
if err := srv.tokenCtrl.ForceExpiration(ctx, in.TokenUuid.GetUuid()); err != nil {
if errors.Is(err, controllers.ErrServerError) {
return nil, status.Error(codes.Internal, "Something is broken on our side")
@@ -96,6 +104,12 @@ func (srv *TokensServer) GetToken(ctx context.Context, in *tokens.GetTokenReques
if claims.UserID == "" {
return nil, status.Error(codes.Aborted, "Context is invalid")
}
if err := srv.tokenCtrl.VerifyTokenOwner(ctx, claims.UserID, in.TokenUuid.Uuid); err != nil {
if errors.Is(err, controllers.ErrServerError) {
return nil, status.Error(codes.Internal, "Something is broken on our side")
}
return nil, status.Error(codes.Aborted, "User is now allowed to manipulate this token")
}
token, err := srv.tokenCtrl.Get(ctx, in.TokenUuid.Uuid, claims.UserID)
if err != nil {
@@ -168,6 +182,12 @@ func (srv *TokensServer) RegenerateToken(ctx context.Context, in *tokens.Regener
if claims.UserID == "" {
return nil, status.Error(codes.Aborted, "Context is invalid")
}
if err := srv.tokenCtrl.VerifyTokenOwner(ctx, claims.UserID, in.TokenUuid.Uuid); err != nil {
if errors.Is(err, controllers.ErrServerError) {
return nil, status.Error(codes.Internal, "Something is broken on our side")
}
return nil, status.Error(codes.Aborted, "User is now allowed to manipulate this token")
}
tokenVal, err := srv.tokenCtrl.Regenerate(ctx, in.TokenUuid.GetUuid())
if err != nil {
@@ -193,6 +213,12 @@ func (srv *TokensServer) UpdateToken(ctx context.Context, in *tokens.UpdateToken
return nil, status.Error(codes.Aborted, "Context is invalid")
}
if err := srv.tokenCtrl.VerifyTokenOwner(ctx, claims.UserID, in.TokenUuid.Uuid); err != nil {
if errors.Is(err, controllers.ErrServerError) {
return nil, status.Error(codes.Internal, "Something is broken on our side")
}
return nil, status.Error(codes.Aborted, "User is now allowed to manipulate this token")
}
if in.TokenPermissions == nil {
return nil, status.Error(codes.InvalidArgument, "Permissions must be set")
}
@@ -235,3 +261,18 @@ func (srv *TokensServer) ListPermissions(in *emptypb.Empty, stream grpc.ServerSt
}
return nil
}
func (srv *TokensServer) AuthenticateWithToken(ctx context.Context, in *tokens.AuthenticateWithTokenRequest) (*emptypb.Empty, error) {
scopes, err := srv.tokenCtrl.AuthenticateWithToken(ctx, in.TokenValue.Token)
if err != nil {
if errors.Is(err, controllers.ErrBadToken) {
return nil, status.Error(codes.Unauthenticated, "Token is not valid")
}
if errors.Is(err, controllers.ErrServerError) {
return nil, status.Error(codes.Internal, "Something is broken on our side")
}
return nil, status.Error(codes.Aborted, "Couldn't list tokens")
}
fmt.Println(scopes)
return nil, nil
}