lotus/api/auth.go

package api

import (
	"errors"
	"github.com/1f349/mjwt"
	"github.com/1f349/mjwt/auth"
	"github.com/1f349/violet/utils"
	"github.com/julienschmidt/httprouter"
	"net/http"
)

var ErrInvalidToken = errors.New("invalid token")

type AuthClaims mjwt.BaseTypeClaims[auth.AccessTokenClaims]

type AuthCallback func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims)

// AuthChecker validates the bearer token against a mjwt.Verifier and returns an
// error message or continues to the next handler
type AuthChecker struct {
	Verify mjwt.Verifier
}

// Middleware is a httprouter.Handle layer to authenticate requests
func (a *AuthChecker) Middleware(cb AuthCallback) httprouter.Handle {
	return func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {
		// Get bearer token
		bearer := utils.GetBearer(req)
		if bearer == "" {
			apiError(rw, http.StatusForbidden, "Missing bearer token")
			return
		}

		b, err := a.Check(bearer)
		switch {
		case errors.Is(err, ErrInvalidToken):
			apiError(rw, http.StatusForbidden, "Invalid token")
			return
		case err != nil:
			apiError(rw, http.StatusForbidden, "Unknown error")
			return
		}

		cb(rw, req, params, b)
	}
}

// Check takes a token and validates whether it is verified
func (a *AuthChecker) Check(token string) (AuthClaims, error) {
	// Read claims from mjwt
	_, b, err := mjwt.ExtractClaims[auth.AccessTokenClaims](a.Verify, token)
	if err != nil {
		return AuthClaims{}, ErrInvalidToken
	}

	return AuthClaims(b), nil
}
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`package api`

			`import (`
Try websockets 2023-09-11 17:23:44 +01:00			`"errors"`
Support new mail:inbox perm 2023-11-19 23:36:45 +00:00			`"github.com/1f349/mjwt"`
			`"github.com/1f349/mjwt/auth"`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`"github.com/1f349/violet/utils"`
			`"github.com/julienschmidt/httprouter"`
			`"net/http"`
			`)`

Why bother checking the audience claim 2023-11-20 07:37:25 +00:00			`var ErrInvalidToken = errors.New("invalid token")`
Try websockets 2023-09-11 17:23:44 +01:00
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`type AuthClaims mjwt.BaseTypeClaims[auth.AccessTokenClaims]`

			`type AuthCallback func(rw http.ResponseWriter, req *http.Request, params httprouter.Params, b AuthClaims)`

Try websockets 2023-09-11 17:23:44 +01:00			`// AuthChecker validates the bearer token against a mjwt.Verifier and returns an`
			`// error message or continues to the next handler`
			`type AuthChecker struct {`
			`Verify mjwt.Verifier`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`}`

Try websockets 2023-09-11 17:23:44 +01:00			`// Middleware is a httprouter.Handle layer to authenticate requests`
			`func (a *AuthChecker) Middleware(cb AuthCallback) httprouter.Handle {`
			`return func(rw http.ResponseWriter, req *http.Request, params httprouter.Params) {`
			`// Get bearer token`
			`bearer := utils.GetBearer(req)`
			`if bearer == "" {`
			`apiError(rw, http.StatusForbidden, "Missing bearer token")`
			`return`
			`}`

			`b, err := a.Check(bearer)`
			`switch {`
			`case errors.Is(err, ErrInvalidToken):`
			`apiError(rw, http.StatusForbidden, "Invalid token")`
			`return`
			`case err != nil:`
			`apiError(rw, http.StatusForbidden, "Unknown error")`
			`return`
			`}`

			`cb(rw, req, params, b)`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`}`
Try websockets 2023-09-11 17:23:44 +01:00			`}`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00
Why bother checking the audience claim 2023-11-20 07:37:25 +00:00			`// Check takes a token and validates whether it is verified`
Try websockets 2023-09-11 17:23:44 +01:00			`func (a *AuthChecker) Check(token string) (AuthClaims, error) {`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`// Read claims from mjwt`
Try websockets 2023-09-11 17:23:44 +01:00			`_, b, err := mjwt.ExtractClaims[auth.AccessTokenClaims](a.Verify, token)`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`if err != nil {`
Try websockets 2023-09-11 17:23:44 +01:00			`return AuthClaims{}, ErrInvalidToken`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`}`

Try websockets 2023-09-11 17:23:44 +01:00			`return AuthClaims(b), nil`
Start coding postfix config reader 2023-08-21 00:26:22 +01:00			`}`