articles-api/service/auth/auth.go

105 lines
2.2 KiB
Go
Raw Normal View History

package auth
import (
"crypto/sha512"
"encoding/hex"
"log"
2019-05-02 18:55:36 +00:00
"net/http"
"strconv"
"strings"
"time"
"git.xdrm.io/go/aicra"
"git.xdrm.io/go/aicra/api"
)
// Service manages the url shortener
type Service struct{}
// New returns a bare service
func New() (*Service, error) {
2019-05-02 18:50:58 +00:00
log.Printf("[auth] creating service")
log.Printf("[auth] service created")
return &Service{}, nil
}
// Wire to the aicra server
func (svc *Service) Wire(server *aicra.Server) {
2019-05-02 18:50:58 +00:00
log.Printf("[auth] service wired")
2019-05-02 18:55:36 +00:00
server.HandleFunc(http.MethodPost, "/token", svc.generateToken)
}
// generateToken generates a token valid for 5 mintes
func (svc *Service) generateToken(req api.Request, res *api.Response) {
// 1. extract input
role, err := req.Param.GetString("role")
if err != nil {
2019-05-01 16:54:36 +00:00
res.SetError(api.ErrorInvalidParam(), "role", err.Error())
return
}
// 2. generate token
hasher := sha512.New()
defer hasher.Reset()
hasher.Write([]byte(strconv.FormatInt(time.Now().Unix(), 5)))
token := hex.EncodeToString(hasher.Sum(nil))
// 3. store token
model := NewModel(token, role, 5*time.Minute)
2019-05-02 18:50:58 +00:00
if model.Create() != nil {
2019-05-01 16:54:36 +00:00
res.SetError(api.ErrorFailure())
return
}
// 4. return data
2019-05-02 18:50:58 +00:00
log.Printf("[auth] new token")
res.Data["token"] = token
2019-05-01 16:54:36 +00:00
res.SetError(api.ErrorSuccess())
}
// CheckToken returns whether a token is valid
func (svc *Service) CheckToken(handler api.HandlerFunc) api.HandlerFunc {
return func(req api.Request, res *api.Response) {
// success if no scope [['admin']]
if req.Scope == nil || len(req.Scope) < 1 {
handler(req, res)
return
}
headerToken := req.Request.Header.Get("Authorization")
// fail if invalid header
if len(headerToken) != 128 || strings.ContainsAny(headerToken, "$-_") {
2019-05-02 18:50:58 +00:00
res.SetError(api.ErrorToken())
return
}
model := NewModel(headerToken, "", 0)
2019-05-02 18:50:58 +00:00
if model.Search() != nil {
res.SetError(api.ErrorToken())
return
}
// fail if the role of the token does not match any scope
for _, scope := range req.Scope {
if scope == nil || len(scope) != 1 {
continue
}
// success
2019-05-02 18:50:58 +00:00
if scope[0] == model.role {
handler(req, res)
return
}
}
// failure
2019-05-01 16:54:36 +00:00
res.SetError(api.ErrorPermission())
return
}
}