Basic login.

2026-01-18 06:40:29 +00:00 · 2023-08-01 23:19:14 +02:00
parent 79af3538bc
commit 8261a31679
12 changed files with 567 additions and 110 deletions
--- a/api/auth.go
+++ b/api/auth.go
@@ -0,0 +1,131 @@
+package api
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"github.com/go-chi/jwtauth/v5"
+	"log"
+	"net/http"
+	"os"
+	"time"
+)
+
+var (
+	jwtAuth *jwtauth.JWTAuth
+)
+
+// GetJWTAuth returns the JWT authorizer.
+func GetJWTAuth() *jwtauth.JWTAuth {
+	return jwtAuth
+}
+
+// InitJWT initializes JWT authentication.
+func InitJWT() {
+	generateRSAKeys()
+	jwtAuth = jwtauth.New("RS256", loadRSAPrivateKey(), loadRSAPublicKey())
+}
+
+func Login(w http.ResponseWriter, r *http.Request) {
+	req := struct {
+		Username string `json:"username"`
+		Password string `json:"password"`
+	}{}
+
+	if err := decodeJSON(w, r, &req); err != nil {
+		return
+	}
+
+	// TODO
+	t, tokenString, _ := jwtAuth.Encode(map[string]interface{}{"username": req.Username})
+	encodeJSON(w, struct {
+		AccessToken string    `json:"access_token"`
+		ExpiresAt   time.Time `json:"expires_at"`
+	}{
+		tokenString,
+		t.Expiration(),
+	})
+}
+
+func generateRSAKeys() {
+	err := os.Mkdir("secrets", 0755)
+
+	if os.IsExist(err) {
+		return
+	} else if err != nil {
+		log.Fatalf("Error creating secrets directory: %v", err)
+	}
+
+	key, err := rsa.GenerateKey(rand.Reader, 4096)
+
+	if err != nil {
+		log.Fatalf("Error generating RSA key: %v", err)
+	}
+
+	pub := key.Public()
+	keyPEM := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: x509.MarshalPKCS1PrivateKey(key),
+		},
+	)
+	pubPEM := pem.EncodeToMemory(
+		&pem.Block{
+			Type:  "RSA PUBLIC KEY",
+			Bytes: x509.MarshalPKCS1PublicKey(pub.(*rsa.PublicKey)),
+		},
+	)
+
+	if err := os.WriteFile("secrets/jwt.rsa", keyPEM, 0700); err != nil {
+		log.Fatalf("Error writing private RSA key: %v", err)
+	}
+
+	if err := os.WriteFile("secrets/jwt.rsa.pub", pubPEM, 0755); err != nil {
+		log.Fatalf("Error writing public RSA key: %v", err)
+	}
+}
+
+func loadRSAPublicKey() *rsa.PublicKey {
+	data, err := os.ReadFile("secrets/jwt.rsa.pub")
+
+	if err != nil {
+		log.Fatalf("Error loading RSA key: %v", err)
+	}
+
+	block, _ := pem.Decode(data)
+
+	if block == nil {
+		log.Fatalf("Error decoding RSA key: %v", err)
+	}
+
+	key, err := x509.ParsePKCS1PublicKey(block.Bytes)
+
+	if err != nil {
+		log.Fatalf("Error parsing RSA key: %v", err)
+	}
+
+	return key
+}
+
+func loadRSAPrivateKey() *rsa.PrivateKey {
+	data, err := os.ReadFile("secrets/jwt.rsa")
+
+	if err != nil {
+		log.Fatalf("Error loading RSA key: %v", err)
+	}
+
+	block, _ := pem.Decode(data)
+
+	if block == nil {
+		log.Fatalf("Error decoding RSA key: %v", err)
+	}
+
+	key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+
+	if err != nil {
+		log.Fatalf("Error parsing RSA key: %v", err)
+	}
+
+	return key
+}
--- a/api/debug.go
+++ b/api/debug.go
@@ -7,7 +7,7 @@ import (
 	"net/http"
 )

-func DebugHandler(w http.ResponseWriter, r *http.Request) {
+func Debug(w http.ResponseWriter, r *http.Request) {
 	_, claims, err := jwtauth.FromContext(r.Context())

 	if err != nil {
--- a/api/util.go
+++ b/api/util.go
@@ -0,0 +1,42 @@
+package api
+
+import (
+	"encoding/json"
+	"io"
+	"log"
+	"net/http"
+	"syscall"
+)
+
+type apiError struct {
+	Validation map[string]string `json:"validation"`
+	Err        []error           `json:"error"`
+}
+
+func decodeJSON(w http.ResponseWriter, r *http.Request, req any) error {
+	body, err := io.ReadAll(r.Body)
+
+	if err != nil {
+		return err
+	}
+
+	if err := json.Unmarshal(body, &req); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func encodeJSON(w http.ResponseWriter, resp any) {
+	respBody, err := json.Marshal(resp)
+
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		log.Printf("Error marshalling response: %v", err)
+		return
+	}
+
+	if _, err := w.Write(respBody); err != nil && err != syscall.EPIPE {
+		log.Printf("Error sending response: %v", err)
+	}
+}