First merge from develop to main (WIP) #7
@@ -32,10 +32,10 @@ func (self *Client) GetClientByClientId(clientId string) (*Client, error) {
|
||||
return &client, nil
|
||||
}
|
||||
|
||||
func (self *Client) GetDecryptedSecret() (string, error) {
|
||||
func (self *Client) GetDecryptedSecret() ([]byte, error) {
|
||||
secretKey := viper.GetString("secrets.client_secret_key")
|
||||
secret, err := cryptography.AESCBCDecrypt(self.ClientSecret, []byte(secretKey))
|
||||
return string(secret), err
|
||||
return secret, err
|
||||
}
|
||||
|
||||
type ClientParams struct {
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"nixcn-cms/pkgs/authtoken"
|
||||
"nixcn-cms/utils"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func JWTAuth(required bool) gin.HandlerFunc {
|
||||
func JWTAuth() gin.HandlerFunc {
|
||||
|
||||
return func(c *gin.Context) {
|
||||
auth := c.GetHeader("Authorization")
|
||||
@@ -15,11 +16,7 @@ func JWTAuth(required bool) gin.HandlerFunc {
|
||||
authtoken := new(authtoken.Token)
|
||||
uid, err := authtoken.HeaderVerify(auth)
|
||||
if err != nil {
|
||||
utils.HttpAbort(c, 401, "", "unauthorized")
|
||||
return
|
||||
}
|
||||
|
||||
if required == true && uid == "" {
|
||||
fmt.Println(err)
|
||||
utils.HttpAbort(c, 401, "", "unauthorized")
|
||||
return
|
||||
}
|
||||
|
||||
@@ -288,6 +288,7 @@ func (self *Token) HeaderVerify(header string) (string, error) {
|
||||
)
|
||||
|
||||
if err != nil || !token.Valid {
|
||||
fmt.Println(err)
|
||||
return "", errors.New("invalid or expired token")
|
||||
}
|
||||
|
||||
|
||||
65
service/auth/exchange.go
Normal file
65
service/auth/exchange.go
Normal file
@@ -0,0 +1,65 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"nixcn-cms/data"
|
||||
"nixcn-cms/pkgs/authcode"
|
||||
"nixcn-cms/utils"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
func Exchange(c *gin.Context) {
|
||||
var exchangeReq struct {
|
||||
ClientId string `json:"client_id"`
|
||||
RedirectUri string `json:"redirect_uri"`
|
||||
State string `json:"state"`
|
||||
}
|
||||
|
||||
err := c.BindJSON(exchangeReq)
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 400, "", "invalid request")
|
||||
return
|
||||
}
|
||||
|
||||
userIdOrig, ok := c.Get("user_id")
|
||||
if !ok {
|
||||
utils.HttpResponse(c, 401, "", "unauthorized")
|
||||
return
|
||||
}
|
||||
|
||||
userId, err := uuid.Parse(userIdOrig.(string))
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 500, "", "failed to parse uuid")
|
||||
return
|
||||
}
|
||||
|
||||
userData := new(data.User)
|
||||
user, err := userData.GetByUserId(userId)
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 500, "", "failed to get user id")
|
||||
return
|
||||
}
|
||||
|
||||
code, err := authcode.NewAuthCode(exchangeReq.ClientId, user.Email)
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 500, "", "code gen failed")
|
||||
return
|
||||
}
|
||||
|
||||
url, err := url.Parse(exchangeReq.RedirectUri)
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 400, "", "invalid redirect uri")
|
||||
return
|
||||
}
|
||||
query := url.Query()
|
||||
query.Set("code", code)
|
||||
url.RawQuery = query.Encode()
|
||||
|
||||
exchangeResp := struct {
|
||||
RedirectUri string `json:"redirect_uri"`
|
||||
}{url.String()}
|
||||
|
||||
utils.HttpResponse(c, 200, "", "success", exchangeResp)
|
||||
}
|
||||
@@ -7,8 +7,9 @@ import (
|
||||
)
|
||||
|
||||
func Handler(r *gin.RouterGroup) {
|
||||
r.GET("/redirect", middleware.JWTAuth(false), Redirect)
|
||||
r.GET("/redirect", Redirect)
|
||||
r.POST("/magic", middleware.ApiVersionCheck(), Magic)
|
||||
r.POST("/token", middleware.ApiVersionCheck(), Token)
|
||||
r.POST("/refresh", middleware.ApiVersionCheck(), Refresh)
|
||||
r.POST("/exchange", middleware.ApiVersionCheck(), middleware.JWTAuth(), Exchange)
|
||||
}
|
||||
|
||||
@@ -31,43 +31,6 @@ func Redirect(c *gin.Context) {
|
||||
}
|
||||
|
||||
code := c.Query("code")
|
||||
if code == "" {
|
||||
userIdOrig, ok := c.Get("user_id")
|
||||
if !ok || userIdOrig == "" {
|
||||
utils.HttpResponse(c, 401, "", "unauthorized")
|
||||
return
|
||||
}
|
||||
|
||||
userId, err := uuid.Parse(userIdOrig.(string))
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 500, "", "failed to parse uuid")
|
||||
return
|
||||
}
|
||||
|
||||
userData := new(data.User)
|
||||
user, err := userData.GetByUserId(userId)
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 500, "", "failed to get user id")
|
||||
return
|
||||
}
|
||||
|
||||
code, err := authcode.NewAuthCode(clientId, user.Email)
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 500, "", "code gen failed")
|
||||
return
|
||||
}
|
||||
|
||||
url, err := url.Parse(redirectUri)
|
||||
if err != nil {
|
||||
utils.HttpResponse(c, 400, "", "invalid redirect uri")
|
||||
return
|
||||
}
|
||||
query := url.Query()
|
||||
query.Set("code", code)
|
||||
url.RawQuery = query.Encode()
|
||||
|
||||
c.Redirect(302, url.String())
|
||||
}
|
||||
|
||||
// Verify email token
|
||||
authCode, ok := authcode.VerifyAuthCode(code)
|
||||
|
||||
@@ -7,7 +7,7 @@ import (
|
||||
)
|
||||
|
||||
func Handler(r *gin.RouterGroup) {
|
||||
r.Use(middleware.JWTAuth(true), middleware.Permission(10))
|
||||
r.Use(middleware.JWTAuth(), middleware.Permission(10))
|
||||
r.GET("/info", Info)
|
||||
r.GET("/checkin", Checkin)
|
||||
r.GET("/checkin/query", CheckinQuery)
|
||||
|
||||
@@ -7,7 +7,7 @@ import (
|
||||
)
|
||||
|
||||
func Handler(r *gin.RouterGroup) {
|
||||
r.Use(middleware.JWTAuth(true), middleware.Permission(5))
|
||||
r.Use(middleware.JWTAuth(), middleware.Permission(5))
|
||||
r.GET("/info", Info)
|
||||
r.PATCH("/update", Update)
|
||||
r.GET("/list", middleware.Permission(20), List)
|
||||
|
||||
Reference in New Issue
Block a user