pronounsfu/backend/server/auth.go

package server

import (
	"context"
	"net/http"
	"strings"

	"codeberg.org/u1f320/pronouns.cc/backend/server/auth"
	"github.com/go-chi/render"
)

// maybeAuth is a globally-used middleware.
func (s *Server) maybeAuth(next http.Handler) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		token := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")
		if token == "" {
			next.ServeHTTP(w, r)
			return
		}

		claims, err := s.Auth.Claims(token)
		if err != nil {
			render.Status(r, errCodeStatuses[ErrInvalidToken])
			render.JSON(w, r, APIError{
				Code:    ErrInvalidToken,
				Message: errCodeMessages[ErrInvalidToken],
			})
			return
		}

		ctx := context.WithValue(r.Context(), ctxKeyClaims, claims)

		next.ServeHTTP(w, r.WithContext(ctx))
	}

	return http.HandlerFunc(fn)
}

// MustAuth makes a valid token required
func MustAuth(next http.Handler) http.Handler {
	fn := func(w http.ResponseWriter, r *http.Request) {
		_, ok := ClaimsFromContext(r.Context())
		if !ok {
			render.Status(r, errCodeStatuses[ErrForbidden])
			render.JSON(w, r, APIError{
				Code:    ErrForbidden,
				Message: errCodeMessages[ErrForbidden],
			})
			return
		}

		next.ServeHTTP(w, r)
	}

	return http.HandlerFunc(fn)
}

// ClaimsFromContext returns the auth.Claims in the context, if any.
func ClaimsFromContext(ctx context.Context) (auth.Claims, bool) {
	v := ctx.Value(ctxKeyClaims)
	if v == nil {
		return auth.Claims{}, false
	}

	claims, ok := v.(auth.Claims)
	return claims, ok
}
initial commit 2022-05-02 08:19:37 -07:00			`package server`

			`import (`
			`"context"`
			`"net/http"`
fix(backend): optionally support "Bearer " prefix in auth header 2022-12-22 16:44:56 -08:00			`"strings"`
initial commit 2022-05-02 08:19:37 -07:00
chore: update import url (sorry gitlab, codeberg is just better) 2022-05-14 07:52:08 -07:00			`"codeberg.org/u1f320/pronouns.cc/backend/server/auth"`
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`"github.com/go-chi/render"`
initial commit 2022-05-02 08:19:37 -07:00			`)`

			`// maybeAuth is a globally-used middleware.`
			`func (s *Server) maybeAuth(next http.Handler) http.Handler {`
			`fn := func(w http.ResponseWriter, r *http.Request) {`
fix(backend): optionally support "Bearer " prefix in auth header 2022-12-22 16:44:56 -08:00			`token := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ")`
initial commit 2022-05-02 08:19:37 -07:00			`if token == "" {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

			`claims, err := s.Auth.Claims(token)`
			`if err != nil {`
oops 2 2022-05-14 12:57:44 -07:00			`render.Status(r, errCodeStatuses[ErrInvalidToken])`
fix: return error if Authorization header is supplied but is invalid 2022-05-14 12:55:44 -07:00			`render.JSON(w, r, APIError{`
oops 2 2022-05-14 12:57:44 -07:00			`Code: ErrInvalidToken,`
			`Message: errCodeMessages[ErrInvalidToken],`
fix: return error if Authorization header is supplied but is invalid 2022-05-14 12:55:44 -07:00			`})`
			`return`
initial commit 2022-05-02 08:19:37 -07:00			`}`

			`ctx := context.WithValue(r.Context(), ctxKeyClaims, claims)`

			`next.ServeHTTP(w, r.WithContext(ctx))`
			`}`

			`return http.HandlerFunc(fn)`
			`}`

			`// MustAuth makes a valid token required`
			`func MustAuth(next http.Handler) http.Handler {`
			`fn := func(w http.ResponseWriter, r *http.Request) {`
			`_, ok := ClaimsFromContext(r.Context())`
			`if !ok {`
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`render.Status(r, errCodeStatuses[ErrForbidden])`
			`render.JSON(w, r, APIError{`
			`Code: ErrForbidden,`
			`Message: errCodeMessages[ErrForbidden],`
			`})`
			`return`
initial commit 2022-05-02 08:19:37 -07:00			`}`

			`next.ServeHTTP(w, r)`
			`}`

			`return http.HandlerFunc(fn)`
			`}`

			`// ClaimsFromContext returns the auth.Claims in the context, if any.`
			`func ClaimsFromContext(ctx context.Context) (auth.Claims, bool) {`
			`v := ctx.Value(ctxKeyClaims)`
			`if v == nil {`
			`return auth.Claims{}, false`
			`}`

			`claims, ok := v.(auth.Claims)`
			`return claims, ok`
			`}`