pronounsfu/backend/routes/auth/routes.go

package auth

import (
	"net/http"
	"os"

	"codeberg.org/u1f320/pronouns.cc/backend/db"
	"codeberg.org/u1f320/pronouns.cc/backend/log"
	"codeberg.org/u1f320/pronouns.cc/backend/server"
	"emperror.dev/errors"
	"github.com/go-chi/chi/v5"
	"github.com/go-chi/render"
	"github.com/rs/xid"
)

type Server struct {
	*server.Server

	RequireInvite bool
}

type userResponse struct {
	ID          xid.ID   `json:"id"`
	Username    string   `json:"username"`
	DisplayName *string  `json:"display_name"`
	Bio         *string  `json:"bio"`
	AvatarURLs  []string `json:"avatar_urls"`
	Links       []string `json:"links"`

	Discord         *string `json:"discord"`
	DiscordUsername *string `json:"discord_username"`
}

func dbUserToUserResponse(u db.User) *userResponse {
	return &userResponse{
		ID:              u.ID,
		Username:        u.Username,
		DisplayName:     u.DisplayName,
		Bio:             u.Bio,
		AvatarURLs:      u.AvatarURLs,
		Links:           u.Links,
		Discord:         u.Discord,
		DiscordUsername: u.DiscordUsername,
	}
}

func Mount(srv *server.Server, r chi.Router) {
	s := &Server{
		Server:        srv,
		RequireInvite: os.Getenv("REQUIRE_INVITE") == "true",
	}

	r.Route("/auth", func(r chi.Router) {
		// check if username is taken
		r.Get("/username", server.WrapHandler(s.usernameTaken))

		// generate csrf token, returns all supported OAuth provider URLs
		r.Post("/urls", server.WrapHandler(s.oauthURLs))

		r.Route("/discord", func(r chi.Router) {
			// takes code + state, validates it, returns token OR discord signup ticket
			r.Post("/callback", server.WrapHandler(s.discordCallback))
			// takes discord signup ticket to register account
			r.Post("/signup", nil)
		})
	})
}

type oauthURLsRequest struct {
	CallbackDomain string `json:"callback_domain"`
}

type oauthURLsResponse struct {
	Discord string `json:"discord"`
}

func (s *Server) oauthURLs(w http.ResponseWriter, r *http.Request) error {
	req, err := Decode[oauthURLsRequest](r)
	if err != nil {
		log.Error(err)

		return server.APIError{Code: server.ErrBadRequest}
	}

	// generate CSRF state
	state, err := s.setCSRFState(r.Context())
	if err != nil {
		return errors.Wrap(err, "setting CSRF state")
	}

	// copy Discord config and set redirect url
	discordCfg := discordOAuthConfig
	discordCfg.RedirectURL = req.CallbackDomain + "/login/discord"

	render.JSON(w, r, oauthURLsResponse{
		Discord: discordCfg.AuthCodeURL(state),
	})
	return nil
}

func (s *Server) usernameTaken(w http.ResponseWriter, r *http.Request) error {
	type Response struct {
		Valid bool `json:"valid"`
		Taken bool `json:"taken"`
	}

	name := r.FormValue("username")
	if name == "" {
		render.JSON(w, r, Response{
			Valid: false,
		})
		return nil
	}

	valid, taken, err := s.DB.UsernameTaken(r.Context(), name)
	if err != nil {
		return err
	}

	render.JSON(w, r, Response{
		Valid: valid,
		Taken: taken,
	})
	return nil
}
initial commit 2022-05-02 08:19:37 -07:00			`package auth`

			`import (`
			`"net/http"`
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback 2022-05-17 13:35:26 -07:00			`"os"`
initial commit 2022-05-02 08:19:37 -07:00
fix(api): return correct struct in /auth/discord/callback 2022-06-17 06:18:44 -07:00			`"codeberg.org/u1f320/pronouns.cc/backend/db"`
chore: update import url (sorry gitlab, codeberg is just better) 2022-05-14 07:52:08 -07:00			`"codeberg.org/u1f320/pronouns.cc/backend/log"`
			`"codeberg.org/u1f320/pronouns.cc/backend/server"`
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`"emperror.dev/errors"`
initial commit 2022-05-02 08:19:37 -07:00			`"github.com/go-chi/chi/v5"`
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`"github.com/go-chi/render"`
fix(api): return correct struct in /auth/discord/callback 2022-06-17 06:18:44 -07:00			`"github.com/rs/xid"`
initial commit 2022-05-02 08:19:37 -07:00			`)`

			`type Server struct {`
			`*server.Server`
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback 2022-05-17 13:35:26 -07:00
			`RequireInvite bool`
initial commit 2022-05-02 08:19:37 -07:00			`}`

fix(api): return correct struct in /auth/discord/callback 2022-06-17 06:18:44 -07:00			`type userResponse struct {`
			ID xid.ID `json:"id"`
			Username string `json:"username"`
			DisplayName *string `json:"display_name"`
			Bio *string `json:"bio"`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			AvatarURLs []string `json:"avatar_urls"`
fix(api): return correct struct in /auth/discord/callback 2022-06-17 06:18:44 -07:00			Links []string `json:"links"`

			Discord *string `json:"discord"`
			DiscordUsername *string `json:"discord_username"`
			`}`

			`func dbUserToUserResponse(u db.User) *userResponse {`
			`return &userResponse{`
			`ID: u.ID,`
			`Username: u.Username,`
			`DisplayName: u.DisplayName,`
			`Bio: u.Bio,`
feat(backend): some member routes, half-broken avatar uploading 2022-09-20 03:55:00 -07:00			`AvatarURLs: u.AvatarURLs,`
fix(api): return correct struct in /auth/discord/callback 2022-06-17 06:18:44 -07:00			`Links: u.Links,`
			`Discord: u.Discord,`
			`DiscordUsername: u.DiscordUsername,`
			`}`
			`}`

initial commit 2022-05-02 08:19:37 -07:00			`func Mount(srv *server.Server, r chi.Router) {`
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback 2022-05-17 13:35:26 -07:00			`s := &Server{`
			`Server: srv,`
			`RequireInvite: os.Getenv("REQUIRE_INVITE") == "true",`
			`}`
initial commit 2022-05-02 08:19:37 -07:00
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`r.Route("/auth", func(r chi.Router) {`
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback 2022-05-17 13:35:26 -07:00			`// check if username is taken`
			`r.Get("/username", server.WrapHandler(s.usernameTaken))`

add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`// generate csrf token, returns all supported OAuth provider URLs`
feat: discord login works! 2022-05-12 07:41:32 -07:00			`r.Post("/urls", server.WrapHandler(s.oauthURLs))`
initial commit 2022-05-02 08:19:37 -07:00
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`r.Route("/discord", func(r chi.Router) {`
			`// takes code + state, validates it, returns token OR discord signup ticket`
feat: discord login works! 2022-05-12 07:41:32 -07:00			`r.Post("/callback", server.WrapHandler(s.discordCallback))`
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`// takes discord signup ticket to register account`
			`r.Post("/signup", nil)`
initial commit 2022-05-02 08:19:37 -07:00			`})`
			`})`
			`}`
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00
			`type oauthURLsRequest struct {`
feat: discord login works! 2022-05-12 07:41:32 -07:00			CallbackDomain string `json:"callback_domain"`
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`}`

			`type oauthURLsResponse struct {`
			Discord string `json:"discord"`
			`}`

			`func (s Server) oauthURLs(w http.ResponseWriter, r http.Request) error {`
			`req, err := Decode[oauthURLsRequest](r)`
			`if err != nil {`
feat: discord login works! 2022-05-12 07:41:32 -07:00			`log.Error(err)`

add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00			`return server.APIError{Code: server.ErrBadRequest}`
			`}`

			`// generate CSRF state`
			`state, err := s.setCSRFState(r.Context())`
			`if err != nil {`
			`return errors.Wrap(err, "setting CSRF state")`
			`}`

			`// copy Discord config and set redirect url`
			`discordCfg := discordOAuthConfig`
feat: discord login works! 2022-05-12 07:41:32 -07:00			`discordCfg.RedirectURL = req.CallbackDomain + "/login/discord"`
add frontend template + GET /users/{userRef} route 2022-05-04 07:27:16 -07:00
			`render.JSON(w, r, oauthURLsResponse{`
			`Discord: discordCfg.AuthCodeURL(state),`
			`})`
			`return nil`
			`}`
feat(api): add PATCH /users/@me/fields, finish POST /auth/discord/callback 2022-05-17 13:35:26 -07:00
			`func (s Server) usernameTaken(w http.ResponseWriter, r http.Request) error {`
			`type Response struct {`
			Valid bool `json:"valid"`
			Taken bool `json:"taken"`
			`}`

			`name := r.FormValue("username")`
			`if name == "" {`
			`render.JSON(w, r, Response{`
			`Valid: false,`
			`})`
			`return nil`
			`}`

			`valid, taken, err := s.DB.UsernameTaken(r.Context(), name)`
			`if err != nil {`
			`return err`
			`}`

			`render.JSON(w, r, Response{`
			`Valid: valid,`
			`Taken: taken,`
			`})`
			`return nil`
			`}`