gpaste/api/middleware.go

package api

import (
	"context"
	"fmt"
	"net/http"
	"strings"
	"time"

	"git.t-juice.club/torjus/gpaste"
	"git.t-juice.club/torjus/gpaste/users"
	"github.com/go-chi/chi/v5/middleware"
	"go.uber.org/zap"
)

type authCtxKey int

const (
	authCtxUsername authCtxKey = iota
	authCtxAuthLevel
	authCtxClaims
)

func (s *HTTPServer) MiddlewareAccessLogger(next http.Handler) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
		t1 := time.Now()

		reqID := middleware.GetReqID(r.Context())

		// TODO: Maybe desugar in HTTPServer to avoid doing for all requests
		logger := s.AccessLogger.Desugar()

		defer func() {
			// DEBUG level
			if ce := logger.Check(zap.DebugLevel, r.Method); ce != nil {
				ct := r.Header.Get("Content-Type")
				ce.Write(
					zap.String("req_id", reqID),
					zap.String("path", r.URL.Path),
					zap.Int("status", ww.Status()),
					zap.String("remote_addr", r.RemoteAddr),
					zap.Int("bytes_written", ww.BytesWritten()),
					zap.Duration("processing_time", time.Since(t1)),
					zap.String("content_type", ct),
					zap.Any("headers", r.Header),
				)
			} else {
				// INFO level
				if ce := logger.Check(zap.InfoLevel, r.Method); ce != nil {
					ce.Write(
						zap.String("req_id", reqID),
						zap.String("path", r.URL.Path),
						zap.Int("status", ww.Status()),
						zap.String("remote_addr", r.RemoteAddr),
						zap.Int("bytes_written", ww.BytesWritten()),
						zap.Duration("processing_time", time.Since(t1)),
					)
				}
			}

			_ = logger.Sync()
		}()

		next.ServeHTTP(ww, r)
	}

	return http.HandlerFunc(fn)
}

func (s *HTTPServer) MiddlewareAuthentication(next http.Handler) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		reqID := middleware.GetReqID(r.Context())

		header := r.Header.Get("Authorization")
		if header == "" {
			s.Logger.Debugw("Request has no auth header.", "req_id", reqID)
			next.ServeHTTP(w, r)

			return
		}

		splitHeader := strings.Split(header, "Bearer ")
		if len(splitHeader) != 2 { // nolint: gomnd
			s.Logger.Debugw("Request has invalid token.", "req_id", reqID)
			next.ServeHTTP(w, r)

			return
		}

		token := splitHeader[1]

		claims, err := s.Auth.ValidateToken(token)
		if err != nil {
			s.Logger.Debugw("Request has invalid token.", "req_id", reqID)
			next.ServeHTTP(w, r)

			return
		}

		ctx := context.WithValue(r.Context(), authCtxUsername, claims.Subject)
		ctx = context.WithValue(ctx, authCtxAuthLevel, claims.Role)
		ctx = context.WithValue(ctx, authCtxClaims, claims)
		withCtx := r.WithContext(ctx)

		s.Logger.Debugw("Request is authenticated.", "req_id", reqID, "username", claims.Subject, "role", claims.Role)

		next.ServeHTTP(w, withCtx)
	}

	return http.HandlerFunc(fn)
}

func UsernameFromRequest(r *http.Request) (string, error) {
	rawUsername := r.Context().Value(authCtxUsername)
	if rawUsername == nil {
		return "", fmt.Errorf("no username")
	}

	username, ok := rawUsername.(string)
	if !ok {
		return "", fmt.Errorf("no username")
	}

	return username, nil
}

func RoleFromRequest(r *http.Request) (users.Role, error) {
	rawLevel := r.Context().Value(authCtxAuthLevel)
	if rawLevel == nil {
		return users.RoleUnset, fmt.Errorf("no username")
	}

	level, ok := rawLevel.(users.Role)
	if !ok {
		return users.RoleUnset, fmt.Errorf("no username")
	}

	return level, nil
}

func ClaimsFromRequest(r *http.Request) *gpaste.Claims {
	rawClaims := r.Context().Value(authCtxAuthLevel)
	if rawClaims == nil {
		return nil
	}

	claims, ok := rawClaims.(*gpaste.Claims)
	if !ok {
		return nil
	}

	return claims
}
Add api package 2022-01-20 02:44:33 +00:00			`package api`
Add some middleware 2022-01-19 02:23:54 +00:00
			`import (`
Add auth middleware 2022-01-20 00:04:44 +00:00			`"context"`
			`"fmt"`
Add some middleware 2022-01-19 02:23:54 +00:00			`"net/http"`
Add auth middleware 2022-01-20 00:04:44 +00:00			`"strings"`
Add some middleware 2022-01-19 02:23:54 +00:00			`"time"`

Add api package 2022-01-20 02:44:33 +00:00			`"git.t-juice.club/torjus/gpaste"`
Add client package 2022-01-20 16:50:56 +00:00			`"git.t-juice.club/torjus/gpaste/users"`
Add some middleware 2022-01-19 02:23:54 +00:00			`"github.com/go-chi/chi/v5/middleware"`
Change access logger 2022-01-24 21:53:46 +00:00			`"go.uber.org/zap"`
Add some middleware 2022-01-19 02:23:54 +00:00			`)`

Add auth middleware 2022-01-20 00:04:44 +00:00			`type authCtxKey int`

			`const (`
			`authCtxUsername authCtxKey = iota`
Add authlevel to middleware 2022-01-20 00:11:40 +00:00			`authCtxAuthLevel`
Add custom claims 2022-01-20 12:33:11 +00:00			`authCtxClaims`
Add auth middleware 2022-01-20 00:04:44 +00:00			`)`

Add some middleware 2022-01-19 02:23:54 +00:00			`func (s *HTTPServer) MiddlewareAccessLogger(next http.Handler) http.Handler {`
			`fn := func(w http.ResponseWriter, r *http.Request) {`
			`ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)`
			`t1 := time.Now()`

			`reqID := middleware.GetReqID(r.Context())`

Change access logger 2022-01-24 21:53:46 +00:00			`// TODO: Maybe desugar in HTTPServer to avoid doing for all requests`
			`logger := s.AccessLogger.Desugar()`

Add some middleware 2022-01-19 02:23:54 +00:00			`defer func() {`
Change access logger 2022-01-24 21:53:46 +00:00			`// DEBUG level`
			`if ce := logger.Check(zap.DebugLevel, r.Method); ce != nil {`
			`ct := r.Header.Get("Content-Type")`
			`ce.Write(`
			`zap.String("req_id", reqID),`
			`zap.String("path", r.URL.Path),`
			`zap.Int("status", ww.Status()),`
			`zap.String("remote_addr", r.RemoteAddr),`
			`zap.Int("bytes_written", ww.BytesWritten()),`
			`zap.Duration("processing_time", time.Since(t1)),`
			`zap.String("content_type", ct),`
			`zap.Any("headers", r.Header),`
			`)`
			`} else {`
			`// INFO level`
			`if ce := logger.Check(zap.InfoLevel, r.Method); ce != nil {`
			`ce.Write(`
			`zap.String("req_id", reqID),`
			`zap.String("path", r.URL.Path),`
			`zap.Int("status", ww.Status()),`
			`zap.String("remote_addr", r.RemoteAddr),`
			`zap.Int("bytes_written", ww.BytesWritten()),`
			`zap.Duration("processing_time", time.Since(t1)),`
			`)`
			`}`
			`}`

			`_ = logger.Sync()`
Add some middleware 2022-01-19 02:23:54 +00:00			`}()`

			`next.ServeHTTP(ww, r)`
			`}`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add some middleware 2022-01-19 02:23:54 +00:00			`return http.HandlerFunc(fn)`
			`}`
Add auth middleware 2022-01-20 00:04:44 +00:00
			`func (s *HTTPServer) MiddlewareAuthentication(next http.Handler) http.Handler {`
			`fn := func(w http.ResponseWriter, r *http.Request) {`
			`reqID := middleware.GetReqID(r.Context())`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add auth middleware 2022-01-20 00:04:44 +00:00			`header := r.Header.Get("Authorization")`
			`if header == "" {`
			`s.Logger.Debugw("Request has no auth header.", "req_id", reqID)`
			`next.ServeHTTP(w, r)`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add auth middleware 2022-01-20 00:04:44 +00:00			`return`
			`}`

			`splitHeader := strings.Split(header, "Bearer ")`
Add aggressive linting 2022-01-24 19:25:52 +00:00			`if len(splitHeader) != 2 { // nolint: gomnd`
Add auth middleware 2022-01-20 00:04:44 +00:00			`s.Logger.Debugw("Request has invalid token.", "req_id", reqID)`
			`next.ServeHTTP(w, r)`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add auth middleware 2022-01-20 00:04:44 +00:00			`return`
			`}`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add auth middleware 2022-01-20 00:04:44 +00:00			`token := splitHeader[1]`

			`claims, err := s.Auth.ValidateToken(token)`
			`if err != nil {`
			`s.Logger.Debugw("Request has invalid token.", "req_id", reqID)`
			`next.ServeHTTP(w, r)`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add auth middleware 2022-01-20 00:04:44 +00:00			`return`
			`}`

			`ctx := context.WithValue(r.Context(), authCtxUsername, claims.Subject)`
Add custom claims 2022-01-20 12:33:11 +00:00			`ctx = context.WithValue(ctx, authCtxAuthLevel, claims.Role)`
			`ctx = context.WithValue(ctx, authCtxClaims, claims)`
Add auth middleware 2022-01-20 00:04:44 +00:00			`withCtx := r.WithContext(ctx)`
Add aggressive linting 2022-01-24 19:25:52 +00:00
use client for user create action 2022-01-20 22:31:09 +00:00			`s.Logger.Debugw("Request is authenticated.", "req_id", reqID, "username", claims.Subject, "role", claims.Role)`
Add auth middleware 2022-01-20 00:04:44 +00:00
			`next.ServeHTTP(w, withCtx)`
			`}`

			`return http.HandlerFunc(fn)`
			`}`

			`func UsernameFromRequest(r *http.Request) (string, error) {`
			`rawUsername := r.Context().Value(authCtxUsername)`
			`if rawUsername == nil {`
			`return "", fmt.Errorf("no username")`
			`}`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add auth middleware 2022-01-20 00:04:44 +00:00			`username, ok := rawUsername.(string)`
			`if !ok {`
			`return "", fmt.Errorf("no username")`
			`}`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add auth middleware 2022-01-20 00:04:44 +00:00			`return username, nil`
			`}`
Add authlevel to middleware 2022-01-20 00:11:40 +00:00
Add client package 2022-01-20 16:50:56 +00:00			`func RoleFromRequest(r *http.Request) (users.Role, error) {`
Add authlevel to middleware 2022-01-20 00:11:40 +00:00			`rawLevel := r.Context().Value(authCtxAuthLevel)`
			`if rawLevel == nil {`
Add client package 2022-01-20 16:50:56 +00:00			`return users.RoleUnset, fmt.Errorf("no username")`
Add authlevel to middleware 2022-01-20 00:11:40 +00:00			`}`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add client package 2022-01-20 16:50:56 +00:00			`level, ok := rawLevel.(users.Role)`
Add authlevel to middleware 2022-01-20 00:11:40 +00:00			`if !ok {`
Add client package 2022-01-20 16:50:56 +00:00			`return users.RoleUnset, fmt.Errorf("no username")`
Add authlevel to middleware 2022-01-20 00:11:40 +00:00			`}`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add authlevel to middleware 2022-01-20 00:11:40 +00:00			`return level, nil`
			`}`
Add custom claims 2022-01-20 12:33:11 +00:00
			`func ClaimsFromRequest(r http.Request) gpaste.Claims {`
			`rawClaims := r.Context().Value(authCtxAuthLevel)`
			`if rawClaims == nil {`
			`return nil`
			`}`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add custom claims 2022-01-20 12:33:11 +00:00			`claims, ok := rawClaims.(*gpaste.Claims)`
			`if !ok {`
			`return nil`
			`}`
Add aggressive linting 2022-01-24 19:25:52 +00:00
Add custom claims 2022-01-20 12:33:11 +00:00			`return claims`
			`}`