initial commit

2026-05-07 16:10:28 -05:00 · 2024-09-02 13:38:46 -05:00 · 2024-09-02 13:38:46 -05:00 · 35fa88b45b
commit 35fa88b45b
17 changed files with 630 additions and 0 deletions
--- a/cmd/middleware/auth.go
+++ b/cmd/middleware/auth.go
@ -0,0 +1,155 @@
+package middleware
+
+import (
+	"context"
+	"errors"
+	"gitlab.com/developerdurp/stdmodels"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/MicahParks/keyfunc"
+	"github.com/golang-jwt/jwt/v4"
+	"gitlab.com/developerdurp/logger"
+)
+
+func InitAuthMiddleware(allowedGroups []string, jwks string) *AuthConfig {
+	return &AuthConfig{
+		allowedGroups: allowedGroups,
+		jwks:          jwks,
+	}
+}
+
+type AuthConfig struct {
+	allowedGroups []string
+	jwks          string
+}
+
+type StandardMessage struct {
+	Message string `json:"message" example:"message"`
+}
+
+func (cfg *AuthConfig) AuthMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+		var groups []string
+
+		tokenString, err := getToken(w)
+		if err != nil {
+			resp := stdmodels.NewFailureResponse(
+				err.Error(),
+				http.StatusUnauthorized,
+				[]string{},
+			)
+			resp.SendReponse(w)
+		}
+
+		token, err := cfg.validateToken(tokenString)
+		if err != nil {
+			resp := stdmodels.NewFailureResponse(
+				"Failed to Validate Token",
+				http.StatusUnauthorized,
+				[]string{err.Error()},
+			)
+			resp.SendReponse(w)
+		}
+
+		claims, ok := token.Claims.(jwt.MapClaims)
+		if !ok {
+			resp := stdmodels.NewFailureResponse(
+				"Invalid Authorization token claim",
+				http.StatusUnauthorized,
+				[]string{},
+			)
+			resp.SendReponse(w)
+			return
+		}
+
+		groupsClaim, ok := claims["groups"].([]interface{})
+		if !ok {
+			resp := stdmodels.NewFailureResponse(
+				"Missing or invalid groups in the token",
+				http.StatusUnauthorized,
+				[]string{},
+			)
+			resp.SendReponse(w)
+			return
+		}
+
+		for _, group := range groupsClaim {
+			if groupName, ok := group.(string); ok {
+				groups = append(groups, groupName)
+			}
+		}
+
+		isAllowed := false
+		for _, allowedGroup := range cfg.allowedGroups {
+			for _, group := range groups {
+				if group == allowedGroup {
+					isAllowed = true
+					break
+				}
+			}
+			if isAllowed {
+				break
+			}
+		}
+
+		if !isAllowed {
+			resp := stdmodels.NewFailureResponse(
+				"Unauthorized to use this endpoint",
+				http.StatusUnauthorized,
+				[]string{},
+			)
+			resp.SendReponse(w)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}
+
+func (cfg *AuthConfig) validateToken(tokenString string) (*jwt.Token, error) {
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	options := keyfunc.Options{
+		Ctx: ctx,
+		RefreshErrorHandler: func(err error) {
+			logger.LogError("There was an error with the jwt.Keyfunc" + err.Error())
+		},
+		RefreshInterval:   time.Hour,
+		RefreshRateLimit:  time.Minute * 5,
+		RefreshTimeout:    time.Second * 10,
+		RefreshUnknownKID: true,
+	}
+
+	jwks, err := keyfunc.Get(cfg.jwks, options)
+	defer jwks.EndBackground()
+	if err != nil {
+		return nil, errors.New("Failed to get JWKS")
+	}
+
+	token, err := jwt.Parse(tokenString, jwks.Keyfunc)
+	if err != nil {
+		return nil, errors.New("Failed to Parse JWT")
+	}
+
+	if !token.Valid {
+		return nil, errors.New("Invalid Token")
+	}
+
+	return token, nil
+}
+
+func getToken(w http.ResponseWriter) (string, error) {
+	tokenString := w.Header().Get("Authorization")
+
+	if tokenString == "" {
+		return "", errors.New("No Token Detected")
+	}
+
+	tokenString = strings.TrimPrefix(tokenString, "Bearer ")
+	return tokenString, nil
+}
--- a/cmd/middleware/go.mod
+++ b/cmd/middleware/go.mod
@ -0,0 +1,25 @@
+module gitlab.com/developerdurp/durpify/middleware
+
+go 1.23.0
+
+require (
+	github.com/MicahParks/keyfunc v1.9.0
+	github.com/charmbracelet/log v0.4.0
+	github.com/golang-jwt/jwt/v4 v4.5.0
+	gitlab.com/developerdurp/logger v1.0.0
+	gitlab.com/developerdurp/stdmodels v1.0.2
+)
+
+require (
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/charmbracelet/lipgloss v0.10.0 // indirect
+	github.com/go-logfmt/logfmt v0.6.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/mattn/go-isatty v0.0.18 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
+	github.com/muesli/termenv v0.15.2 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/sys v0.13.0 // indirect
+)
--- a/cmd/middleware/go.sum
+++ b/cmd/middleware/go.sum
@ -0,0 +1,45 @@
+github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o=
+github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
+github.com/charmbracelet/lipgloss v0.10.0 h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s=
+github.com/charmbracelet/lipgloss v0.10.0/go.mod h1:Wig9DSfvANsxqkRsqj6x87irdy123SR4dOXlKa91ciE=
+github.com/charmbracelet/log v0.4.0 h1:G9bQAcx8rWA2T3pWvx7YtPTPwgqpk7D68BX21IRW8ZM=
+github.com/charmbracelet/log v0.4.0/go.mod h1:63bXt/djrizTec0l11H20t8FDSvA4CRZJ1KH22MdptM=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4=
+github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
+github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
+github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98=
+github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
+github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
+github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
+github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
+github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
+github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+gitlab.com/developerdurp/logger v1.0.0 h1:wozbKR26RVoFVaUgJV2x8WsZHLWOJBqaSCSTpK7crfk=
+gitlab.com/developerdurp/logger v1.0.0/go.mod h1:x6gZvBeEq8oQUXeQoLY2m78mYJjvb5KE+7Vb5AcS8oo=
+gitlab.com/developerdurp/stdmodels v1.0.2 h1:yXaX6MM37Y9uJccy33trezbao/2TzlCxwVQexwbyFJU=
+gitlab.com/developerdurp/stdmodels v1.0.2/go.mod h1:RRLS9Wek0YYMy3Wz0pWhfYyYcu52vr06KPFVxQ6g0OU=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/cmd/middleware/logging.go
+++ b/cmd/middleware/logging.go
@ -0,0 +1,33 @@
+package middleware
+
+import (
+	"github.com/charmbracelet/log"
+
+	"net/http"
+	"time"
+)
+
+type wrappedWriter struct {
+	http.ResponseWriter
+	statusCode int
+}
+
+func (w *wrappedWriter) WriteHeader(statusCode int) {
+	w.ResponseWriter.WriteHeader(statusCode)
+	w.statusCode = statusCode
+}
+
+func Logging(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		start := time.Now()
+
+		wrapped := &wrappedWriter{
+			ResponseWriter: w,
+			statusCode:     http.StatusOK,
+		}
+
+		next.ServeHTTP(wrapped, r)
+
+		log.Info("INFO", wrapped.statusCode, r.Method, r.URL.Path, time.Since(start))
+	})
+}
--- a/cmd/middleware/main.go
+++ b/cmd/middleware/main.go
@ -0,0 +1,16 @@
+package middleware
+
+import "net/http"
+
+type Middleware func(http.Handler) http.Handler
+
+func CreateStack(xs ...Middleware) Middleware {
+	return func(next http.Handler) http.Handler {
+		for i := len(xs) - 1; i >= 0; i-- {
+			x := xs[i]
+			next = x(next)
+		}
+
+		return next
+	}
+}