Add exchange api endpoint, fix jwt authtoken var type error

Signed-off-by: Asai Neko <sugar@sne.moe>

data/client.go

@@ -32,10 +32,10 @@ func (self *Client) GetClientByClientId(clientId string) (*Client, error) {
 	return &client, nil
 }
 
-func (self *Client) GetDecryptedSecret() (string, error) {
+func (self *Client) GetDecryptedSecret() ([]byte, error) {
 	secretKey := viper.GetString("secrets.client_secret_key")
 	secret, err := cryptography.AESCBCDecrypt(self.ClientSecret, []byte(secretKey))
-	return string(secret), err
+	return secret, err
 }
 
 type ClientParams struct {

middleware/jwt.go

@@ -1,13 +1,14 @@
 package middleware
 
 import (
+	"fmt"
 	"nixcn-cms/pkgs/authtoken"
 	"nixcn-cms/utils"
 
 	"github.com/gin-gonic/gin"
 )
 
-func JWTAuth(required bool) gin.HandlerFunc {
+func JWTAuth() gin.HandlerFunc {
 
 	return func(c *gin.Context) {
 		auth := c.GetHeader("Authorization")
@@ -15,11 +16,7 @@ func JWTAuth(required bool) gin.HandlerFunc {
 		authtoken := new(authtoken.Token)
 		uid, err := authtoken.HeaderVerify(auth)
 		if err != nil {
-			utils.HttpAbort(c, 401, "", "unauthorized")
+			fmt.Println(err)
-			return
-		}
-
-		if required == true && uid == "" {
 			utils.HttpAbort(c, 401, "", "unauthorized")
 			return
 		}

pkgs/authtoken/authtoken.go

@@ -288,6 +288,7 @@ func (self *Token) HeaderVerify(header string) (string, error) {
 	)
 
 	if err != nil || !token.Valid {
+		fmt.Println(err)
 		return "", errors.New("invalid or expired token")
 	}
 

service/auth/exchange.go

@@ -0,0 +1,65 @@
+package auth
+
+import (
+	"net/url"
+	"nixcn-cms/data"
+	"nixcn-cms/pkgs/authcode"
+	"nixcn-cms/utils"
+
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+func Exchange(c *gin.Context) {
+	var exchangeReq struct {
+		ClientId    string `json:"client_id"`
+		RedirectUri string `json:"redirect_uri"`
+		State       string `json:"state"`
+	}
+
+	err := c.BindJSON(exchangeReq)
+	if err != nil {
+		utils.HttpResponse(c, 400, "", "invalid request")
+		return
+	}
+
+	userIdOrig, ok := c.Get("user_id")
+	if !ok {
+		utils.HttpResponse(c, 401, "", "unauthorized")
+		return
+	}
+
+	userId, err := uuid.Parse(userIdOrig.(string))
+	if err != nil {
+		utils.HttpResponse(c, 500, "", "failed to parse uuid")
+		return
+	}
+
+	userData := new(data.User)
+	user, err := userData.GetByUserId(userId)
+	if err != nil {
+		utils.HttpResponse(c, 500, "", "failed to get user id")
+		return
+	}
+
+	code, err := authcode.NewAuthCode(exchangeReq.ClientId, user.Email)
+	if err != nil {
+		utils.HttpResponse(c, 500, "", "code gen failed")
+		return
+	}
+
+	url, err := url.Parse(exchangeReq.RedirectUri)
+	if err != nil {
+		utils.HttpResponse(c, 400, "", "invalid redirect uri")
+		return
+	}
+	query := url.Query()
+	query.Set("code", code)
+	url.RawQuery = query.Encode()
+
+	exchangeResp := struct {
+		RedirectUri string `json:"redirect_uri"`
+	}{url.String()}
+
+	utils.HttpResponse(c, 200, "", "success", exchangeResp)
+}

service/auth/handler.go

@@ -7,8 +7,9 @@ import (
 )
 
 func Handler(r *gin.RouterGroup) {
-	r.GET("/redirect", middleware.JWTAuth(false), Redirect)
+	r.GET("/redirect", Redirect)
 	r.POST("/magic", middleware.ApiVersionCheck(), Magic)
 	r.POST("/token", middleware.ApiVersionCheck(), Token)
 	r.POST("/refresh", middleware.ApiVersionCheck(), Refresh)
+	r.POST("/exchange", middleware.ApiVersionCheck(), middleware.JWTAuth(), Exchange)
 }

service/auth/redirect.go

@@ -31,43 +31,6 @@ func Redirect(c *gin.Context) {
 	}
 
 	code := c.Query("code")
-	if code == "" {
-		userIdOrig, ok := c.Get("user_id")
-		if !ok || userIdOrig == "" {
-			utils.HttpResponse(c, 401, "", "unauthorized")
-			return
-		}
-
-		userId, err := uuid.Parse(userIdOrig.(string))
-		if err != nil {
-			utils.HttpResponse(c, 500, "", "failed to parse uuid")
-			return
-		}
-
-		userData := new(data.User)
-		user, err := userData.GetByUserId(userId)
-		if err != nil {
-			utils.HttpResponse(c, 500, "", "failed to get user id")
-			return
-		}
-
-		code, err := authcode.NewAuthCode(clientId, user.Email)
-		if err != nil {
-			utils.HttpResponse(c, 500, "", "code gen failed")
-			return
-		}
-
-		url, err := url.Parse(redirectUri)
-		if err != nil {
-			utils.HttpResponse(c, 400, "", "invalid redirect uri")
-			return
-		}
-		query := url.Query()
-		query.Set("code", code)
-		url.RawQuery = query.Encode()
-
-		c.Redirect(302, url.String())
-	}
 
 	// Verify email token
 	authCode, ok := authcode.VerifyAuthCode(code)

service/event/handler.go

@@ -7,7 +7,7 @@ import (
 )
 
 func Handler(r *gin.RouterGroup) {
-	r.Use(middleware.JWTAuth(true), middleware.Permission(10))
+	r.Use(middleware.JWTAuth(), middleware.Permission(10))
 	r.GET("/info", Info)
 	r.GET("/checkin", Checkin)
 	r.GET("/checkin/query", CheckinQuery)

service/user/handler.go

@@ -7,7 +7,7 @@ import (
 )
 
 func Handler(r *gin.RouterGroup) {
-	r.Use(middleware.JWTAuth(true), middleware.Permission(5))
+	r.Use(middleware.JWTAuth(), middleware.Permission(5))
 	r.GET("/info", Info)
 	r.PATCH("/update", Update)
 	r.GET("/list", middleware.Permission(20), List)