FreakU
/
pronounsfu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
pronounsfu/backend/routes/auth/routes.go

217 lines
6.8 KiB
Go
Raw Normal View History

initial commit
2022-05-02 08:19:37 -07:00
package auth
import (
"net/http"
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback
2022-05-17 13:35:26 -07:00
"os"
initial commit
2022-05-02 08:19:37 -07:00
fix(api): return correct struct in /auth/discord/callback
2022-06-17 06:18:44 -07:00
"codeberg.org/u1f320/pronouns.cc/backend/db"
chore: update import url (sorry gitlab, codeberg is just better)
2022-05-14 07:52:08 -07:00
"codeberg.org/u1f320/pronouns.cc/backend/log"
"codeberg.org/u1f320/pronouns.cc/backend/server"
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
"emperror.dev/errors"
initial commit
2022-05-02 08:19:37 -07:00
"github.com/go-chi/chi/v5"
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
"github.com/go-chi/render"
fix(api): return correct struct in /auth/discord/callback
2022-06-17 06:18:44 -07:00
"github.com/rs/xid"
initial commit
2022-05-02 08:19:37 -07:00
)
type Server struct {
*server.Server
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback
2022-05-17 13:35:26 -07:00
RequireInvite bool
feat(backend): start on fediverse auth support
2023-03-16 03:43:25 -07:00
BaseURL string
feat: add captcha when signing up (closes #53)
2023-04-24 07:51:55 -07:00
hcaptchaSitekey string
hcaptchaSecret string
initial commit
2022-05-02 08:19:37 -07:00
}
fix(api): return correct struct in /auth/discord/callback
2022-06-17 06:18:44 -07:00
type userResponse struct {
feat(backend): always return empty arrays instead of null
2023-03-11 16:31:31 -08:00
ID xid.ID `json:"id"`
Username string `json:"name"`
DisplayName *string `json:"display_name"`
Bio *string `json:"bio"`
feat: hashes in avatar file names (closes #19)
2023-03-12 18:04:09 -07:00
Avatar *string `json:"avatar"`
feat(backend): always return empty arrays instead of null
2023-03-11 16:31:31 -08:00
Links []string `json:"links"`
Names []db.FieldEntry `json:"names"`
Pronouns []db.PronounEntry `json:"pronouns"`
Fields []db.Field `json:"fields"`
fix(api): return correct struct in /auth/discord/callback
2022-06-17 06:18:44 -07:00
Discord *string `json:"discord"`
DiscordUsername *string `json:"discord_username"`
feat: allow linking fediverse account to existing user
2023-03-18 07:19:53 -07:00
feat: add tumblr oauth
2023-04-17 18:49:37 -07:00
Tumblr *string `json:"tumblr"`
TumblrUsername *string `json:"tumblr_username"`
feat: add google oauth
2023-04-18 13:52:58 -07:00
Google *string `json:"google"`
GoogleUsername *string `json:"google_username"`
feat: allow linking fediverse account to existing user
2023-03-18 07:19:53 -07:00
Fediverse *string `json:"fediverse"`
FediverseUsername *string `json:"fediverse_username"`
FediverseInstance *string `json:"fediverse_instance"`
fix(api): return correct struct in /auth/discord/callback
2022-06-17 06:18:44 -07:00
}
feat(backend): always return empty arrays instead of null
2023-03-11 16:31:31 -08:00
func dbUserToUserResponse(u db.User, fields []db.Field) *userResponse {
fix(api): return correct struct in /auth/discord/callback
2022-06-17 06:18:44 -07:00
return &userResponse{
feat: allow linking fediverse account to existing user
2023-03-18 07:19:53 -07:00
ID: u.ID,
Username: u.Username,
DisplayName: u.DisplayName,
Bio: u.Bio,
Avatar: u.Avatar,
Links: db.NotNull(u.Links),
Names: db.NotNull(u.Names),
Pronouns: db.NotNull(u.Pronouns),
Fields: db.NotNull(fields),
Discord: u.Discord,
DiscordUsername: u.DiscordUsername,
feat: add tumblr oauth
2023-04-17 18:49:37 -07:00
Tumblr: u.Tumblr,
TumblrUsername: u.TumblrUsername,
feat: add google oauth
2023-04-18 13:52:58 -07:00
Google: u.Google,
GoogleUsername: u.GoogleUsername,
feat: allow linking fediverse account to existing user
2023-03-18 07:19:53 -07:00
Fediverse: u.Fediverse,
FediverseUsername: u.FediverseUsername,
FediverseInstance: u.FediverseInstance,
fix(api): return correct struct in /auth/discord/callback
2022-06-17 06:18:44 -07:00
}
}
initial commit
2022-05-02 08:19:37 -07:00
func Mount(srv *server.Server, r chi.Router) {
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback
2022-05-17 13:35:26 -07:00
s := &Server{
feat: add captcha when signing up (closes #53)
2023-04-24 07:51:55 -07:00
Server: srv,
RequireInvite: os.Getenv("REQUIRE_INVITE") == "true",
BaseURL: os.Getenv("BASE_URL"),
hcaptchaSitekey: os.Getenv("HCAPTCHA_SITEKEY"),
hcaptchaSecret: os.Getenv("HCAPTCHA_SECRET"),
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback
2022-05-17 13:35:26 -07:00
}
initial commit
2022-05-02 08:19:37 -07:00
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
r.Route("/auth", func(r chi.Router) {
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback
2022-05-17 13:35:26 -07:00
// check if username is taken
r.Get("/username", server.WrapHandler(s.usernameTaken))
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
// generate csrf token, returns all supported OAuth provider URLs
feat: discord login works!
2022-05-12 07:41:32 -07:00
r.Post("/urls", server.WrapHandler(s.oauthURLs))
feat(backend): start on fediverse auth support
2023-03-16 03:43:25 -07:00
r.Get("/urls/fediverse", server.WrapHandler(s.getFediverseURL))
initial commit
2022-05-02 08:19:37 -07:00
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
r.Route("/discord", func(r chi.Router) {
// takes code + state, validates it, returns token OR discord signup ticket
feat: discord login works!
2022-05-12 07:41:32 -07:00
r.Post("/callback", server.WrapHandler(s.discordCallback))
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
// takes discord signup ticket to register account
feat: get signup via discord working
2022-11-17 17:17:27 -08:00
r.Post("/signup", server.WrapHandler(s.discordSignup))
feat(backend): start on fediverse auth support
2023-03-16 03:43:25 -07:00
// takes discord signup ticket to link to existing account
feat: allow linking discord account to existing user
2023-03-18 08:33:12 -07:00
r.With(server.MustAuth).Post("/add-provider", server.WrapHandler(s.discordLink))
feat: allow unlinking auth providers
2023-03-18 08:54:31 -07:00
// removes discord link from existing account
r.With(server.MustAuth).Post("/remove-provider", server.WrapHandler(s.discordUnlink))
feat(backend): start on fediverse auth support
2023-03-16 03:43:25 -07:00
})
feat: add tumblr oauth
2023-04-17 18:49:37 -07:00
r.Route("/tumblr", func(r chi.Router) {
r.Post("/callback", server.WrapHandler(s.tumblrCallback))
r.Post("/signup", server.WrapHandler(s.tumblrSignup))
r.With(server.MustAuth).Post("/add-provider", server.WrapHandler(s.tumblrLink))
r.With(server.MustAuth).Post("/remove-provider", server.WrapHandler(s.tumblrUnlink))
})
feat: add google oauth
2023-04-18 13:52:58 -07:00
r.Route("/google", func(r chi.Router) {
r.Post("/callback", server.WrapHandler(s.googleCallback))
r.Post("/signup", server.WrapHandler(s.googleSignup))
r.With(server.MustAuth).Post("/add-provider", server.WrapHandler(s.googleLink))
r.With(server.MustAuth).Post("/remove-provider", server.WrapHandler(s.googleUnlink))
})
feat(backend): start on fediverse auth support
2023-03-16 03:43:25 -07:00
r.Route("/mastodon", func(r chi.Router) {
feat: sign up/log in with mastodon
2023-03-16 07:50:39 -07:00
r.Post("/callback", server.WrapHandler(s.mastodonCallback))
r.Post("/signup", server.WrapHandler(s.mastodonSignup))
feat: allow linking fediverse account to existing user
2023-03-18 07:19:53 -07:00
r.With(server.MustAuth).Post("/add-provider", server.WrapHandler(s.mastodonLink))
feat: allow unlinking auth providers
2023-03-18 08:54:31 -07:00
r.With(server.MustAuth).Post("/remove-provider", server.WrapHandler(s.mastodonUnlink))
initial commit
2022-05-02 08:19:37 -07:00
})
feat: add invites to backend
2022-11-18 06:27:52 -08:00
feat: misskey oauth (fixes #26)
2023-03-24 19:27:40 -07:00
r.Route("/misskey", func(r chi.Router) {
r.Post("/callback", server.WrapHandler(s.misskeyCallback))
r.Post("/signup", server.WrapHandler(s.misskeySignup))
r.With(server.MustAuth).Post("/add-provider", server.WrapHandler(s.misskeyLink))
})
feat: add invites to backend
2022-11-18 06:27:52 -08:00
// invite routes
r.With(server.MustAuth).Get("/invites", server.WrapHandler(s.getInvites))
r.With(server.MustAuth).Post("/invites", server.WrapHandler(s.createInvite))
feat: add token IDs, store tokens in db for early invalidation
2022-12-31 15:34:38 -08:00
// tokens
r.With(server.MustAuth).Get("/tokens", server.WrapHandler(s.getTokens))
r.With(server.MustAuth).Post("/tokens", server.WrapHandler(s.createToken))
feat(backend): change DELETE /auth/tokens to invalidate *all* tokens
2023-03-30 07:05:10 -07:00
r.With(server.MustAuth).Delete("/tokens", server.WrapHandler(s.deleteToken))
feat: cancel user deletion
2023-03-14 08:16:07 -07:00
// cancel user delete
// uses a special token, so handled in the function itself
r.Get("/cancel-delete", server.WrapHandler(s.cancelDelete))
feat(backend): add force delete endpoint
2023-03-20 07:04:32 -07:00
// force user delete
// uses a special token (same as above)
r.Get("/force-delete", server.WrapHandler(s.forceDelete))
initial commit
2022-05-02 08:19:37 -07:00
})
}
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
type oauthURLsRequest struct {
feat: discord login works!
2022-05-12 07:41:32 -07:00
CallbackDomain string `json:"callback_domain"`
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
}
type oauthURLsResponse struct {
feat: only show auth providers if they're enabled
2023-04-18 14:31:57 -07:00
Discord string `json:"discord,omitempty"`
Tumblr string `json:"tumblr,omitempty"`
Google string `json:"google,omitempty"`
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
}
func (s *Server) oauthURLs(w http.ResponseWriter, r *http.Request) error {
req, err := Decode[oauthURLsRequest](r)
if err != nil {
feat: discord login works!
2022-05-12 07:41:32 -07:00
log.Error(err)
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
return server.APIError{Code: server.ErrBadRequest}
}
// generate CSRF state
state, err := s.setCSRFState(r.Context())
if err != nil {
return errors.Wrap(err, "setting CSRF state")
}
feat: only show auth providers if they're enabled
2023-04-18 14:31:57 -07:00
var resp oauthURLsResponse
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
feat: only show auth providers if they're enabled
2023-04-18 14:31:57 -07:00
if discordOAuthConfig.ClientID != "" {
discordCfg := discordOAuthConfig
discordCfg.RedirectURL = req.CallbackDomain + "/auth/login/discord"
resp.Discord = discordCfg.AuthCodeURL(state) + "&prompt=none"
}
if tumblrOAuthConfig.ClientID != "" {
tumblrCfg := tumblrOAuthConfig
tumblrCfg.RedirectURL = req.CallbackDomain + "/auth/login/tumblr"
resp.Tumblr = tumblrCfg.AuthCodeURL(state)
}
if googleOAuthConfig.ClientID != "" {
googleCfg := googleOAuthConfig
googleCfg.RedirectURL = req.CallbackDomain + "/auth/login/google"
resp.Google = googleCfg.AuthCodeURL(state)
}
render.JSON(w, r, resp)
add frontend template + GET /users/{userRef} route
2022-05-04 07:27:16 -07:00
return nil
}
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback
2022-05-17 13:35:26 -07:00
func (s *Server) usernameTaken(w http.ResponseWriter, r *http.Request) error {
type Response struct {
Valid bool `json:"valid"`
Taken bool `json:"taken"`
}
name := r.FormValue("username")
if name == "" {
render.JSON(w, r, Response{
Valid: false,
})
return nil
}
valid, taken, err := s.DB.UsernameTaken(r.Context(), name)
if err != nil {
return err
}
render.JSON(w, r, Response{
Valid: valid,
Taken: taken,
})
return nil
}