Started API and loading jwt keys.

2026-01-18 06:40:29 +00:00 · 2023-07-19 17:29:15 +02:00
parent 7443478acc
commit 22467bc3b4
5 changed files with 138 additions and 22 deletions
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -2,11 +2,18 @@ package main

 import (
 	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
 	"embed"
+	"encoding/pem"
+	"fmt"
+	"github.com/Kugelschieber/migo/api"
 	"github.com/Kugelschieber/migo/db"
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/cors"
+	"github.com/go-chi/jwtauth/v5"
 	"log"
 	"net/http"
 	"os"
@@ -24,8 +31,84 @@ var (

 	//go:embed admin/dist/assets
 	assets embed.FS
+
+	jwtAuth *jwtauth.JWTAuth
 )

+func init() {
+	generateRSAKeys()
+
+	jwtAuth = jwtauth.New("RS256", pubKey, loadRSAPrivateKey())
+	_, tokenString, err := jwtAuth.Encode(map[string]interface{}{"test": 42})
+
+	if err != nil {
+		log.Fatalf("test: %v", err)
+	}
+
+	fmt.Println(tokenString)
+}
+
+func generateRSAKeys() {
+	err := os.Mkdir("secrets", 0755)
+
+	if os.IsExist(err) {
+		return
+	} else if err != nil {
+		log.Fatalf("Error creating secrets directory: %v", err)
+	}
+
+	filename := "jwt"
+	key, err := rsa.GenerateKey(rand.Reader, 4096)
+
+	if err != nil {
+		log.Fatalf("Error generating RSA key: %v", err)
+	}
+
+	pub := key.Public()
+	keyPEM := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(key),
+		},
+	)
+	pubPEM := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "RSA PUBLIC KEY",
+			Bytes: x509.MarshalPKCS1PublicKey(pub.(*rsa.PublicKey)),
+		},
+	)
+
+	if err := os.WriteFile("secrets/"+filename+".rsa", keyPEM, 0700); err != nil {
+		log.Fatalf("Error writing private RSA key: %v", err)
+	}
+
+	if err := os.WriteFile("secrets/"+filename+".rsa.pub", pubPEM, 0755); err != nil {
+		log.Fatalf("Error writing public RSA key: %v", err)
+	}
+}
+
+func loadRSAPrivateKey(path string) *rsa.PrivateKey {
+	data, err := os.ReadFile(path)
+
+	if err != nil {
+		log.Fatalf("Error loading RSA key '%s': %v", path, err)
+	}
+
+	block, _ := pem.Decode(data)
+
+	if block == nil {
+		log.Fatalf("Error decoding RSA key '%s': %v", path, err)
+	}
+
+	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+
+	if err != nil {
+		log.Fatalf("Error parsing RSA key '%s': %v", path, err)
+	}
+
+	return key
+}
+
 func main() {
 	if err := db.Init(); err != nil {
 		log.Fatalf("Error initializing database: %v", err)
@@ -43,6 +126,13 @@ func main() {
 		AllowCredentials: true,
 		MaxAge:           86400,
 	}))
+	router.Group(func(r chi.Router) {
+		r.Use(jwtauth.Verifier(jwtAuth))
+		r.Use(jwtauth.Authenticator)
+		r.Route("/api/v1", func(r chi.Router) {
+			r.Get("/debug", api.DebugHandler)
+		})
+	})
 	router.Handle("/admin", http.RedirectHandler("/admin/", http.StatusFound))
 	router.Route("/admin/", func(r chi.Router) {
 		if dev {
@@ -77,7 +167,7 @@ func main() {
 	})
 	router.Get("/", func(w http.ResponseWriter, r *http.Request) {
 		// TODO
-		w.Write([]byte("<h1>Hello World!</h1>"))
+		_, _ = w.Write([]byte("<h1>Hello World!</h1>"))
 	})
 	server := &http.Server{
 		Handler:      router,