Basic internal auth implementation

Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
2026-05-05 22:56:56 +02:00
parent 4d73dbfd44
commit f15608e0ab
18 changed files with 242 additions and 146 deletions
--- a/api/v1/accounts_auth.go
+++ b/api/v1/accounts_auth.go
@@ -1,17 +1,8 @@
 package v1

 import (
-	"context"
-
 	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
-	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger"
 	accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
-	"github.com/golang/protobuf/ptypes/empty"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/metadata"
-	"google.golang.org/grpc/status"
-	"google.golang.org/protobuf/types/known/emptypb"
 )

 func NewAccountAuthRPCImpl(ctrl *controllers.AccountController) *AccountsAuthServer {
@@ -24,36 +15,3 @@ type AccountsAuthServer struct {
 	accounts.UnimplementedAccountsAuthServiceServer
 	ctrl *controllers.AccountController
 }
-
-func (a *AccountsAuthServer) RefreshToken(ctx context.Context, in *empty.Empty) (*empty.Empty, error) {
-	tokenID := ctx.Value("token_id").(string)
-	userID := ctx.Value("user_id").(string)
-	log := logger.FromContext(ctx)
-	uuid, err := a.ctrl.ValidateRefreshToken(ctx, tokenID, userID)
-	if err != nil {
-		return nil, status.Error(codes.Unauthenticated, "refresh token is invalid")
-	}
-	accessToken, err := a.ctrl.GenerateAccessToken(uuid)
-	if err != nil {
-		log.Error(err, "Couldn't generate an access token")
-		return nil, status.Error(codes.Aborted, "Couldn't generate Access Token")
-	}
-
-	refreshToken, err := a.ctrl.GenerateRefreshToken(ctx, uuid)
-	if err != nil {
-		log.Error(err, "Couldn't generate a refresh token")
-		return nil, status.Error(codes.Aborted, "Couldn't generate Access Token")
-	}
-
-	header := metadata.Pairs(
-		"access-token", accessToken,
-		"refreshToken", refreshToken,
-	)
-
-	if err := grpc.SetHeader(ctx, header); err != nil {
-		log.Error(err, "Couldn't set headers")
-		return nil, status.Error(codes.Unknown, "Couldn't set headers")
-	}
-
-	return &emptypb.Empty{}, nil
-}
--- a/api/v1/accounts_no_auth.go
+++ b/api/v1/accounts_no_auth.go
@@ -4,11 +4,12 @@ import (
 	"context"

 	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/controllers"
+	"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/tools/logger"
 	accounts "gitea.badhouseplants.net/softplayer/softplayer-go-proto/pkg/accounts/v1"
-	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/golang/protobuf/ptypes/empty"
-	"golang.org/x/oauth2"
+	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/emptypb"
 )
@@ -25,49 +26,88 @@ type AccountsNoAuthServer struct {
 }

 func (a *AccountsNoAuthServer) SignIn(ctx context.Context, in *accounts.SignInRequest) (*empty.Empty, error) {
-	provider, err := oidc.NewProvider(ctx, "https://authentik.badhouseplants.net")
+	id, err := a.ctrl.Login(ctx, in.GetEmail(), in.GetPassword())
 	if err != nil {
-		return nil, err
+		return nil, status.Error(codes.Aborted, "Couldn't create a user")
 	}
-
-	// Configure an OpenID Connect aware OAuth2 client.
-	oauth2Config := oauth2.Config{
-		ClientID:     "softplayer-localhost",
-		ClientSecret: "pRpe3scGUE2jNH6t5rqI9R4OROeQHs4eO6ku957mYjDumKhQGX8QJcO0BMJ2FG4sUpvFrqccEqWgc3wKMp94tC8LyvTnkPF0Tg0CaldAEHuoQQdNKAzXVxwrHE6kNyBC",
-		RedirectURL:  "http://localhost:8080/#/auth/callback",
-
-		// Discovery returns the OAuth2 endpoints.
-		Endpoint: provider.Endpoint(),
-
-		// "openid" is a required scope for OpenID Connect flows.
-		Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
-	}
-	verifier := provider.Verifier(&oidc.Config{ClientID: "softplayer-localhost"})
-
-	oauth2Token, err := oauth2Config.Exchange(ctx, in.Code)
+	accessToken, err := a.ctrl.GenerateAccessToken(id)
 	if err != nil {
-		return nil, err
+		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
 	}

-	// Extract the ID Token from OAuth2 token.
-	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
-	if !ok {
-		return nil, status.Error(codes.Unauthenticated, "Couldn't parse oauth token")
-	}
-
-	// Parse and verify ID Token payload.
-	idToken, err := verifier.Verify(ctx, rawIDToken)
+	refreshToken, err := a.ctrl.GenerateRefreshToken(ctx, id)
 	if err != nil {
-		return nil, status.Error(codes.Unauthenticated, "Couldn't verify oauth token")
+		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
 	}

-	// Extract custom claims
-	var claims struct {
-		Email    string `json:"email"`
-		Verified bool   `json:"email_verified"`
-	}
-	if err := idToken.Claims(&claims); err != nil {
-		// handle error
+	header := metadata.New(map[string]string{
+		"X-Access-Token":  accessToken,
+		"X-Refresh-Token": refreshToken,
+	})
+	if err := grpc.SetHeader(ctx, header); err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't set metadata")
 	}
 	return &emptypb.Empty{}, nil
 }
+
+// Create a new account in Softplayer
+func (a *AccountsNoAuthServer) SignUp(ctx context.Context, in *accounts.SignUpRequest) (*empty.Empty, error) {
+	data := &controllers.AccountData{
+		Password: in.GetPassword(),
+		Email:    in.GetEmail(),
+	}
+	id, err := a.ctrl.Create(ctx, data)
+	if err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't create a user")
+	}
+
+	accessToken, err := a.ctrl.GenerateAccessToken(id)
+	if err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
+	}
+
+	refreshToken, err := a.ctrl.GenerateRefreshToken(ctx, id)
+	if err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't generate an access token")
+	}
+
+	header := metadata.New(map[string]string{
+		"X-Access-Token":  accessToken,
+		"X-Refresh-Token": refreshToken,
+	})
+	if err := grpc.SetHeader(ctx, header); err != nil {
+		return nil, status.Error(codes.Aborted, "Couldn't set metadata")
+	}
+	return &emptypb.Empty{}, nil
+}
+
+func (a *AccountsAuthServer) RefreshToken(ctx context.Context, in *empty.Empty) (*empty.Empty, error) {
+	log := logger.FromContext(ctx)
+	uuid, err := a.ctrl.ValidateRefreshToken(ctx, tokenID, userID)
+	if err != nil {
+		return nil, status.Error(codes.Unauthenticated, "refresh token is invalid")
+	}
+	accessToken, err := a.ctrl.GenerateAccessToken(uuid)
+	if err != nil {
+		log.Error(err, "Couldn't generate an access token")
+		return nil, status.Error(codes.Aborted, "Couldn't generate Access Token")
+	}
+
+	refreshToken, err := a.ctrl.GenerateRefreshToken(ctx, uuid)
+	if err != nil {
+		log.Error(err, "Couldn't generate a refresh token")
+		return nil, status.Error(codes.Aborted, "Couldn't generate Access Token")
+	}
+
+	header := metadata.Pairs(
+		"access-token", accessToken,
+		"refreshToken", refreshToken,
+	)
+
+	if err := grpc.SetHeader(ctx, header); err != nil {
+		log.Error(err, "Couldn't set headers")
+		return nil, status.Error(codes.Unknown, "Couldn't set headers")
+	}
+
+	return &emptypb.Empty{}, nil
+}