Add basic authentication

server/http.go

@@ -10,23 +10,44 @@ import (
 )
 
 type HTTPServer struct {
-	store store.FileStore
+	store          store.FileStore
+	serverGRPCCert []byte
+	grpcEndpoint   string
 
 	http.Server
 }
 
-func NewHTTPSever(store store.FileStore) *HTTPServer {
+type MetadataResponse struct {
+	GRPCEndpoint string `json:"grpc_endpoint"`
+}
+
+func NewHTTPSever(store store.FileStore, certBytes []byte, grpcEndpoint string) *HTTPServer {
 	srv := &HTTPServer{
-		store: store,
+		store:          store,
+		serverGRPCCert: certBytes,
+		grpcEndpoint:   grpcEndpoint,
 	}
 
 	r := chi.NewRouter()
+	r.Get("/server.pem", srv.ServerCertHandler)
+	r.Get("/metadata", srv.MetadataHandler)
 	r.Get("/files/{id}", srv.FileHandler)
 
 	srv.Handler = r
 	return srv
 }
 
+func (s *HTTPServer) ServerCertHandler(w http.ResponseWriter, r *http.Request) {
+	w.Write(s.serverGRPCCert)
+}
+func (s *HTTPServer) MetadataHandler(w http.ResponseWriter, r *http.Request) {
+	md := &MetadataResponse{
+		GRPCEndpoint: s.grpcEndpoint,
+	}
+	encoder := json.NewEncoder(w)
+	encoder.Encode(md)
+}
+
 func (s *HTTPServer) FileHandler(w http.ResponseWriter, r *http.Request) {
 	id := chi.URLParam(r, "id")
 	f, err := s.store.GetFile(id)

server/userservice.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	"gitea.benny.dog/torjus/ezshare/certs"
 	"gitea.benny.dog/torjus/ezshare/pb"
 	"gitea.benny.dog/torjus/ezshare/store"
 	"github.com/google/uuid"
@@ -13,17 +14,18 @@ import (
 )
 
 type GRPCUserServiceServer struct {
-	store store.UserStore
+	store       store.UserStore
+	certService *certs.CertService
 	pb.UnimplementedUserServiceServer
 }
 
-func NewGRPCUserServiceServer(store store.UserStore) *GRPCUserServiceServer {
-	return &GRPCUserServiceServer{store: store}
+func NewGRPCUserServiceServer(store store.UserStore, certSvc *certs.CertService) *GRPCUserServiceServer {
+	return &GRPCUserServiceServer{store: store, certService: certSvc}
 }
 func (s *GRPCUserServiceServer) Register(ctx context.Context, req *pb.RegisterUserRequest) (*pb.RegisterUserResponse, error) {
 	// Check if user already exists
 	if _, err := s.store.GetUserByUsername(req.Username); err != store.ErrNoSuchItem {
-		return nil, fmt.Errorf("user already exists")
+		return nil, status.Error(codes.AlreadyExists, "user already exists")
 	}
 
 	pw, err := hashPassword(req.Password)
@@ -45,8 +47,30 @@ func (s *GRPCUserServiceServer) Register(ctx context.Context, req *pb.RegisterUs
 	return &pb.RegisterUserResponse{Id: user.Id, Token: ""}, nil
 }
 
-func (s *GRPCUserServiceServer) Login(_ context.Context, _ *pb.LoginUserRequest) (*pb.LoginUserResponse, error) {
-	return nil, status.Error(codes.Unimplemented, "not yet implemented")
+func (s *GRPCUserServiceServer) Login(_ context.Context, req *pb.LoginUserRequest) (*pb.LoginUserResponse, error) {
+	user, err := s.store.GetUserByUsername(req.Username)
+	if err != nil {
+		if err == store.ErrNoSuchItem {
+			return nil, status.Error(codes.NotFound, "no such user")
+		}
+		return nil, status.Error(codes.Internal, "error getting user from store")
+	}
+
+	if err := bcrypt.CompareHashAndPassword(user.HashedPassword, []byte(req.Password)); err != nil {
+		return nil, status.Error(codes.Unauthenticated, "wrong username and or password")
+	}
+
+	cert, key, err := s.certService.NewClient(user.Id)
+	if err != nil {
+		return nil, status.Error(codes.Internal, "unable to generate client certificate")
+	}
+
+	resp := &pb.LoginUserResponse{
+		ClientCert: cert,
+		ClientKey:  key,
+	}
+
+	return resp, nil
 }
 
 func (s *GRPCUserServiceServer) List(_ context.Context, _ *pb.ListUsersRequest) (*pb.ListUsersResponse, error) {