2022-12-30 06:51:51 +00:00
|
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
// Copyright © 2022 Roberto Hidalgo <nidito@un.rob.mx>
|
|
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
|
2023-01-04 04:21:49 +00:00
|
|
|
"git.rob.mx/nidito/puerta/internal/constants"
|
|
|
|
|
"git.rob.mx/nidito/puerta/internal/errors"
|
|
|
|
|
"git.rob.mx/nidito/puerta/internal/user"
|
2022-12-30 06:51:51 +00:00
|
|
|
"github.com/alexedwards/scs/v2"
|
|
|
|
|
"github.com/go-webauthn/webauthn/webauthn"
|
|
|
|
|
"github.com/julienschmidt/httprouter"
|
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
|
"github.com/upper/db/v4"
|
|
|
|
|
)
|
|
|
|
|
|
2023-01-04 04:21:49 +00:00
|
|
|
var _db db.Session
|
|
|
|
|
var _wan *webauthn.WebAuthn
|
|
|
|
|
var _sess *scs.SessionManager
|
2022-12-30 06:51:51 +00:00
|
|
|
|
2023-01-04 04:51:35 +00:00
|
|
|
func Route(wan *webauthn.WebAuthn, db db.Session, router http.Handler) http.Handler {
|
2023-01-04 04:21:49 +00:00
|
|
|
_db = db
|
|
|
|
|
_wan = wan
|
2023-01-04 04:51:35 +00:00
|
|
|
_sess = scs.New()
|
|
|
|
|
_sess.Lifetime = 5 * time.Minute
|
2023-01-04 04:21:49 +00:00
|
|
|
return _sess.LoadAndSave(router)
|
2022-12-30 06:51:51 +00:00
|
|
|
}
|
|
|
|
|
|
2023-01-04 04:21:49 +00:00
|
|
|
func requestAuth(w http.ResponseWriter, status int) {
|
2022-12-30 06:51:51 +00:00
|
|
|
http.Error(w, http.StatusText(status), status)
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-04 04:21:49 +00:00
|
|
|
func LoginHandler(w http.ResponseWriter, req *http.Request, ps httprouter.Params) {
|
2023-06-16 16:00:16 +00:00
|
|
|
|
2022-12-30 06:51:51 +00:00
|
|
|
err := req.ParseForm()
|
|
|
|
|
if err != nil {
|
|
|
|
|
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
username := req.FormValue("user")
|
|
|
|
|
password := req.FormValue("password")
|
|
|
|
|
|
2023-01-04 04:21:49 +00:00
|
|
|
user := &user.User{}
|
2023-01-04 04:51:35 +00:00
|
|
|
if err := _db.Get(user, db.Cond{"handle": username}); err != nil {
|
2023-01-04 04:21:49 +00:00
|
|
|
err := &errors.InvalidCredentials{Status: http.StatusForbidden, Reason: fmt.Sprintf("User not found for name: %s (%s)", username, err)}
|
2022-12-30 06:51:51 +00:00
|
|
|
err.Log()
|
|
|
|
|
http.Error(w, err.Error(), err.Code())
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := user.Login(password); err != nil {
|
|
|
|
|
code := http.StatusBadRequest
|
|
|
|
|
status := http.StatusText(code)
|
2023-10-02 05:21:28 +00:00
|
|
|
if invalidCreds, ok := err.(*errors.InvalidCredentials); ok {
|
|
|
|
|
code = invalidCreds.Code()
|
|
|
|
|
status = invalidCreds.Error()
|
|
|
|
|
invalidCreds.Log()
|
2023-06-16 16:00:16 +00:00
|
|
|
} else {
|
|
|
|
|
logrus.Errorf("could not login %s: %s", username, err.Error())
|
2022-12-30 06:51:51 +00:00
|
|
|
}
|
|
|
|
|
http.Error(w, status, code)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-04 04:21:49 +00:00
|
|
|
sess, err := NewSession(user, _db.Collection("session"))
|
2022-12-30 06:51:51 +00:00
|
|
|
if err != nil {
|
2023-06-16 16:00:16 +00:00
|
|
|
err = fmt.Errorf("Could not create a session: %s", err)
|
|
|
|
|
logrus.Error(err)
|
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
2022-12-30 06:51:51 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-04 04:21:49 +00:00
|
|
|
w.Header().Add("Set-Cookie", fmt.Sprintf("%s=%s; Max-Age=%d; Path=/;", constants.ContextCookieName, sess.Token, user.TTL.Seconds()))
|
2022-12-30 06:51:51 +00:00
|
|
|
|
|
|
|
|
logrus.Infof("Created session for %s", user.Name)
|
|
|
|
|
|
|
|
|
|
if req.FormValue("async") == "true" {
|
|
|
|
|
w.Write([]byte(user.Greeting))
|
|
|
|
|
} else {
|
|
|
|
|
http.Redirect(w, req, "/", http.StatusSeeOther)
|
|
|
|
|
}
|
|
|
|
|
}
|
