hackathon/api/auth.go

87 lines
2.3 KiB
Go

package api
import (
"context"
"errors"
"log"
codequestpb "github.com/hhhapz/codequest/api/v1"
"github.com/hhhapz/codequest/models"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
type AuthService struct {
codequestpb.UnsafeAuthServiceServer
oauthStore OAuthStore
userStore UserStore
}
const (
forwardedHostKey = "x-forwarded-host"
uiHost = "playcode.quest"
)
func (as *AuthService) AuthFuncOverride(ctx context.Context, method string) (context.Context, error) {
switch method {
case "DeleteToken":
return BearerAuth(ctx, as.userStore)
}
return ctx, nil
}
func (as *AuthService) OAuthCode(ctx context.Context, req *codequestpb.OAuthCodeRequest) (*codequestpb.OAuthCodeResponse, error) {
md := RequestMetadata(ctx)
host := md.Get(forwardedHostKey)
if host != uiHost && inProd {
return nil, status.Errorf(codes.InvalidArgument, "invalid host: %v", host)
}
page := as.oauthStore.Create(host)
return &codequestpb.OAuthCodeResponse{
RedirectURI: page,
}, nil
}
func (as *AuthService) Token(ctx context.Context, req *codequestpb.TokenRequest) (*codequestpb.Token, error) {
token, _, err := as.oauthStore.Validate(ctx, req.State, req.Code)
if err != nil {
if errors.As(err, &models.UserError{}) {
return nil, status.Errorf(codes.InvalidArgument, err.Error())
}
log.Printf("could not perform token exchange: %v", err)
return nil, status.Errorf(codes.Internal, "could not sign in")
}
tk, err := as.userStore.ConsumeToken(ctx, token)
if err != nil {
if errors.As(err, &models.UserError{}) {
return nil, status.Errorf(codes.InvalidArgument, "could not authorize: %v", err)
}
log.Printf("could not authorize request: %v", err)
return nil, status.Errorf(codes.Internal, "could not authorize: internal error")
}
return &codequestpb.Token{
Token: tk.Token,
}, nil
}
func (as *AuthService) DeleteToken(ctx context.Context, req *codequestpb.DeleteTokenRequest) (*codequestpb.DeleteTokenResponse, error) {
u := User(ctx)
var err error
if req.All {
_, err = as.userStore.RevokeUserTokens(ctx, u)
} else {
err = as.userStore.RevokeToken(ctx, Token(ctx))
}
if err != nil {
log.Printf("could not revoke token: %v", err)
return nil, status.Errorf(codes.Internal, "could not revoke token")
}
return &codequestpb.DeleteTokenResponse{}, nil
}