Initial commit

actions/auth.go

@@ -0,0 +1,199 @@
+package actions
+
+import (
+	"bufio"
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"syscall"
+	"time"
+
+	"git.t-juice.club/microfilm/auth"
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/jedib0t/go-pretty/v6/table"
+	"github.com/urfave/cli/v2"
+	"golang.org/x/term"
+)
+
+func Login(cCtx *cli.Context) error {
+	username, password, err := getCreds()
+	if err != nil {
+		return err
+	}
+
+	ctx, cancel := context.WithTimeout(cCtx.Context, 15*time.Second)
+	defer cancel()
+
+	body := jsonToReader(&auth.TokenRequest{
+		Password: password,
+	})
+
+	url := fmt.Sprintf("http://localhost:8085/auth/%s/token", username)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, body)
+	if err != nil {
+		return err
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		if resp.StatusCode == http.StatusUnauthorized {
+			return fmt.Errorf("Invalid username/password.")
+		}
+
+		var errData auth.ErrorResponse
+		decoder := json.NewDecoder(resp.Body)
+		if err := decoder.Decode(&errData); err != nil {
+			return fmt.Errorf("unable to decode error: %w", err)
+		}
+
+		return fmt.Errorf("error %d when authenticating: %s", errData.Status, errData.Message)
+	}
+
+	var responseData auth.TokenResponse
+
+	decoder := json.NewDecoder(resp.Body)
+	if err := decoder.Decode(&responseData); err != nil {
+		return err
+	}
+
+	if err := SaveToken(responseData.Token); err != nil {
+		return err
+	}
+
+	if cCtx.Bool("claims") {
+		claims, err := ClaimsFromToken(responseData.Token)
+		if err != nil {
+			return err
+		}
+		printClaims(claims)
+
+	}
+
+	return nil
+}
+
+func getCreds() (string, string, error) {
+	reader := bufio.NewReader(os.Stdin)
+
+	fmt.Print("Enter Username: ")
+	username, err := reader.ReadString('\n')
+	if err != nil {
+		return "", "", err
+	}
+
+	fmt.Print("Enter Password: ")
+	bytePassword, err := term.ReadPassword(int(syscall.Stdin))
+	if err != nil {
+		return "", "", err
+	}
+
+	password := string(bytePassword)
+	fmt.Printf("\n")
+	return strings.TrimSpace(username), strings.TrimSpace(password), nil
+}
+
+func jsonToReader(data any) io.Reader {
+	var buf bytes.Buffer
+	encoder := json.NewEncoder(&buf)
+	if err := encoder.Encode(data); err != nil {
+		panic(err)
+	}
+
+	return &buf
+}
+
+func SaveToken(token string) error {
+	configBaseDir, err := os.UserCacheDir()
+	if err != nil {
+		return err
+	}
+	configDir := filepath.Join(configBaseDir, "microfilm")
+	if err := os.MkdirAll(configDir, os.ModePerm); err != nil {
+		return err
+	}
+
+	configFilePath := filepath.Join(configDir, "token.json")
+
+	f, err := os.Create(configFilePath)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	encoder := json.NewEncoder(f)
+	if err := encoder.Encode(token); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func LoadToken() (string, error) {
+	configBaseDir, err := os.UserCacheDir()
+	if err != nil {
+		return "", err
+	}
+	configFilePath := filepath.Join(configBaseDir, "microfilm", "token.json")
+
+	f, err := os.Open(configFilePath)
+	if err != nil {
+		return "", err
+	}
+	defer f.Close()
+
+	var token string
+	decoder := json.NewDecoder(f)
+	if err := decoder.Decode(&token); err != nil {
+		return "", err
+	}
+
+	return token, nil
+}
+
+func ClaimsFromToken(tokenString string) (*auth.MicrofilmClaims, error) {
+	parser := jwt.NewParser()
+	token, _, err := parser.ParseUnverified(tokenString, &auth.MicrofilmClaims{})
+	if err != nil {
+		return nil, err
+	}
+
+	claims := token.Claims.(*auth.MicrofilmClaims)
+	return claims, nil
+}
+
+func claimsToMap(claims *auth.MicrofilmClaims) map[string]string {
+	m := make(map[string]string)
+
+	m["role"] = claims.Role
+	m["sub"] = claims.Subject
+	m["aud"] = strings.Join(claims.Audience, ",")
+	m["jti"] = claims.ID
+	m["iat"] = claims.IssuedAt.String()
+	m["nbf"] = claims.NotBefore.String()
+	m["exp"] = claims.ExpiresAt.String()
+	m["iss"] = claims.Issuer
+
+	return m
+}
+
+func printClaims(claims *auth.MicrofilmClaims) {
+	tw := table.NewWriter()
+
+	tw.AppendHeader(table.Row{"Field", "Value"})
+	for k, v := range claimsToMap(claims) {
+		tw.AppendRow(table.Row{k, v})
+	}
+
+	fmt.Println(tw.Render())
+}

actions/user.go

@@ -0,0 +1,67 @@
+package actions
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	"git.t-juice.club/microfilm/users"
+	"github.com/urfave/cli/v2"
+)
+
+func UserCreate(c *cli.Context) error {
+	token, err := LoadToken()
+	if err != nil {
+		return fmt.Errorf("Unable to load token: %w", err)
+	}
+
+	username, password, err := getCreds()
+	if err != nil {
+		return err
+	}
+
+	ctx, cancel := context.WithTimeout(c.Context, 5*time.Second)
+	defer cancel()
+
+	body := jsonToReader(&users.CreateUserRequest{
+		Username: username,
+		Password: password,
+	})
+
+	url := "http://localhost:8085/user/"
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, body)
+	if err != nil {
+		return err
+	}
+
+	req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		var errData users.ErrorResponse
+		decoder := json.NewDecoder(resp.Body)
+		if err := decoder.Decode(&errData); err != nil {
+			return fmt.Errorf("unable to decode error: %w", err)
+		}
+
+		return fmt.Errorf("error %d when authenticating: %s", errData.Status, errData.Message)
+	}
+
+	var responseData users.CreateUserResponse
+
+	decoder := json.NewDecoder(resp.Body)
+	if err := decoder.Decode(&responseData); err != nil {
+		return err
+	}
+
+	fmt.Printf("Created user with id %s", responseData.User.ID)
+
+	return nil
+}