Add role to users

Add authlevel to middleware
Add auth middleware
2022-01-20 01:19:32 +01:00 · 2022-01-20 01:11:40 +01:00 · 2022-01-20 01:04:44 +01:00
8 changed files with 116 additions and 17 deletions
--- a/auth.go
+++ b/auth.go
@@ -8,6 +8,14 @@ import (
 	"github.com/google/uuid"
 )
 type AuthLevel int
 const (
 	AuthLevelUnset AuthLevel = iota
 	AuthLevelUser
 	AuthLevelAdmin
 )
 type AuthService struct {
 	users      UserStore
 	hmacSecret []byte
@@ -45,17 +53,17 @@ func (as *AuthService) Login(username, password string) (string, error) {
 	return signed, nil
 }
-func (as *AuthService) ValidateToken(rawToken string) error {
+func (as *AuthService) ValidateToken(rawToken string) (*jwt.StandardClaims, error) {
 	claims := &jwt.StandardClaims{}
 	token, err := jwt.ParseWithClaims(rawToken, claims, func(t *jwt.Token) (interface{}, error) {
 		return as.hmacSecret, nil
 	})
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if !token.Valid {
-		return fmt.Errorf("invalid token")
+		return nil, fmt.Errorf("invalid token")
 	}
-	return nil
+	return claims, nil
 }
--- a/auth_test.go
+++ b/auth_test.go
@@ -28,11 +28,11 @@ func TestAuth(t *testing.T) {
 			t.Fatalf("Error creating token: %s", err)
 		}
-		if err := as.ValidateToken(token); err != nil {
+		if _, err := as.ValidateToken(token); err != nil {
 			t.Fatalf("Error validating token: %s", err)
 		}
 		invalidToken := `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDMyMjk3NjMsImp0aSI6ImUzNDk5NWI1LThiZmMtNDQyNy1iZDgxLWFmNmQ3OTRiYzM0YiIsImlhdCI6MTY0MjYyNDk2MywibmJmIjoxNjQyNjI0OTYzLCJzdWIiOiJYdE5Hemt5ZSJ9.VM6dkwSLaBv8cStkWRVVv9ADjdUrHGHrlB7GB7Ly7n8`
-		if err := as.ValidateToken(invalidToken); err == nil {
+		if _, err := as.ValidateToken(invalidToken); err == nil {
 			t.Fatalf("Invalid token passed validation")
 		}
 	})
--- a/gpaste-server.toml
+++ b/gpaste-server.toml
@@ -1,4 +1,4 @@
-LogLevel = "INFO"
+LogLevel = "DEBUG"
 URL = "http://paste.example.org"
 ListenAddr = ":8080"
--- a/http.go
+++ b/http.go
@@ -42,6 +42,7 @@ func NewHTTPServer(cfg *ServerConfig) *HTTPServer {
 	r.Use(middleware.RealIP)
 	r.Use(middleware.RequestID)
 	r.Use(srv.MiddlewareAccessLogger)
 	r.Use(srv.MiddlewareAuthentication)
 	r.Get("/", srv.HandlerIndex)
 	r.Post("/api/file", srv.HandlerAPIFilePost)
 	r.Get("/api/file/{id}", srv.HandlerAPIFileGet)
--- a/http_test.go
+++ b/http_test.go
@@ -137,7 +137,7 @@ func TestHandlers(t *testing.T) {
 			t.Fatalf("Error decoding response: %s", err)
 		}
-		if err := hs.Auth.ValidateToken(responseData.Token); err != nil {
+		if _, err := hs.Auth.ValidateToken(responseData.Token); err != nil {
 			t.Fatalf("Unable to validate received token: %s", err)
 		}
 	})
--- a/middleware.go
+++ b/middleware.go
@@ -1,12 +1,22 @@
 package gpaste
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"strings"
 	"time"
 	"github.com/go-chi/chi/v5/middleware"
 )
 type authCtxKey int
 const (
 	authCtxUsername authCtxKey = iota
 	authCtxAuthLevel
 )
 func (s *HTTPServer) MiddlewareAccessLogger(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		ww := middleware.NewWrapResponseWriter(w, r.ProtoMajor)
@@ -28,3 +38,64 @@ func (s *HTTPServer) MiddlewareAccessLogger(next http.Handler) http.Handler {
 	}
 	return http.HandlerFunc(fn)
 }
 func (s *HTTPServer) MiddlewareAuthentication(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		reqID := middleware.GetReqID(r.Context())
 		header := r.Header.Get("Authorization")
 		if header == "" {
 			s.Logger.Debugw("Request has no auth header.", "req_id", reqID)
 			next.ServeHTTP(w, r)
 			return
 		}
 		splitHeader := strings.Split(header, "Bearer ")
 		if len(splitHeader) != 2 {
 			s.Logger.Debugw("Request has invalid token.", "req_id", reqID)
 			next.ServeHTTP(w, r)
 			return
 		}
 		token := splitHeader[1]
 		claims, err := s.Auth.ValidateToken(token)
 		if err != nil {
 			s.Logger.Debugw("Request has invalid token.", "req_id", reqID)
 			next.ServeHTTP(w, r)
 			return
 		}
 		ctx := context.WithValue(r.Context(), authCtxUsername, claims.Subject)
 		ctx = context.WithValue(ctx, authCtxAuthLevel, AuthLevelUser)
 		withCtx := r.WithContext(ctx)
 		s.Logger.Debugw("Request is authenticated.", "req_id", reqID, "username", claims.Subject)
 		next.ServeHTTP(w, withCtx)
 	}
 	return http.HandlerFunc(fn)
 }
 func UsernameFromRequest(r *http.Request) (string, error) {
 	rawUsername := r.Context().Value(authCtxUsername)
 	if rawUsername == nil {
 		return "", fmt.Errorf("no username")
 	}
 	username, ok := rawUsername.(string)
 	if !ok {
 		return "", fmt.Errorf("no username")
 	}
 	return username, nil
 }
 func AuthLevelFromRequest(r *http.Request) (AuthLevel, error) {
 	rawLevel := r.Context().Value(authCtxAuthLevel)
 	if rawLevel == nil {
 		return AuthLevelUnset, fmt.Errorf("no username")
 	}
 	level, ok := rawLevel.(AuthLevel)
 	if !ok {
 		return AuthLevelUnset, fmt.Errorf("no username")
 	}
 	return level, nil
 }
--- a/user.go
+++ b/user.go
@@ -2,9 +2,18 @@ package gpaste
 import "golang.org/x/crypto/bcrypt"
 type Role string
 const (
 	RoleUnset Role = ""
 	RoleUser  Role = "user"
 	RoleAdmin Role = "admin"
 )
 type User struct {
 	Username       string `json:"username"`
 	HashedPassword []byte `json:"hashed_password"`
 	Roles          []Role `json:"roles"`
 }
 type UserStore interface {
--- a/userstore_test.go
+++ b/userstore_test.go
@@ -4,6 +4,7 @@ import (
 	"testing"
 	"git.t-juice.club/torjus/gpaste"
 	"github.com/google/go-cmp/cmp"
 )
 func RunUserStoreTest(newFunc func() (func(), gpaste.UserStore), t *testing.T) {
@@ -11,31 +12,40 @@ func RunUserStoreTest(newFunc func() (func(), gpaste.UserStore), t *testing.T) {
 		cleanup, s := newFunc()
 		t.Cleanup(cleanup)
-		userMap := make(map[string]string)
+		userMap := make(map[string]*gpaste.User)
 		passwordMap := make(map[string]string)
 		for i := 0; i < 10; i++ {
-			userMap[randomString(8)] = randomString(16)
+			username := randomString(8)
-		}
+			password := randomString(16)
-
+			passwordMap[username] = password
 		for k, v := range userMap {
 			user := &gpaste.User{
-				Username: k,
+				Username: username,
 				Roles:    []gpaste.Role{gpaste.RoleAdmin},
 			}
-			if err := user.SetPassword(v); err != nil {
+			if err := user.SetPassword(password); err != nil {
 				t.Fatalf("Error setting password: %s", err)
 			}
 			userMap[username] = user
 		}
 		for _, user := range userMap {
 			if err := s.Store(user); err != nil {
 				t.Fatalf("Error storing user: %s", err)
 			}
 		}
-		for k, v := range userMap {
+		for k := range userMap {
 			user, err := s.Get(k)
 			if err != nil {
 				t.Errorf("Error getting user: %s", err)
 			}
-			if err := user.ValidatePassword(v); err != nil {
+			if err := user.ValidatePassword(passwordMap[user.Username]); err != nil {
 				t.Errorf("Error verifying password: %s", err)
 			}
 			if !cmp.Equal(user, userMap[k]) {
 				t.Errorf("User mismatch: %s", cmp.Diff(user, userMap[k]))
 			}
 		}
 	})
 }
Author	SHA1	Message	Date
Torjus Håkestad	ce5584ba7e	Add role to users All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2022-01-20 01:19:32 +01:00
Torjus Håkestad	790cc43949	Add authlevel to middleware All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2022-01-20 01:11:40 +01:00
Torjus Håkestad	a8a64d118c	Add auth middleware All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details	2022-01-20 01:04:44 +01:00