From eff58d3c9e990f498e4e6b54b03d6049cd3dfdf9 Mon Sep 17 00:00:00 2001 From: Abhishek Shroff Date: Sat, 10 Aug 2024 21:13:42 +0530 Subject: [PATCH] [server] Improve login response, cleanup TODOs --- server/internal/api/routes/auth.go | 20 +++++++++++++----- server/internal/command/appcmd/user.go | 28 -------------------------- server/internal/core/app.go | 4 +--- server/internal/core/auth.go | 21 ++++++++----------- server/internal/core/filesystem.go | 4 ---- 5 files changed, 24 insertions(+), 53 deletions(-) diff --git a/server/internal/api/routes/auth.go b/server/internal/api/routes/auth.go index 92ab51b4..8798eba0 100644 --- a/server/internal/api/routes/auth.go +++ b/server/internal/api/routes/auth.go @@ -8,6 +8,11 @@ import ( "github.com/shroff/phylum/server/internal/core" ) +type loginResponse struct { + AccessToken string `json:"access_token"` + User userResponse `json:"user"` +} + func SetupAuthRoutes(r *gin.RouterGroup, a *core.App) { group := r.Group("/auth") group.POST("/login", createLoginRouteHandler(a)) @@ -24,16 +29,21 @@ func createLoginRouteHandler(a *core.App) func(c *gin.Context) { panic(errors.New(http.StatusBadRequest, "missing_password", "")) } - if token, err := a.CreateAccessToken(c.Request.Context(), username, password); err != nil { + if user, err := a.VerifyUserPassword(c.Request.Context(), username, password); err != nil { if errors.Is(err, core.ErrCredentialsInvalid) { panic(errors.New(http.StatusUnauthorized, "credentials_invalid", "")) } panic(err) } else { - c.JSON(200, gin.H{ - "access_token": token.ID, - "expires": token.Expires, - }) + if token, err := a.CreateAccessToken(c.Request.Context(), user.ID()); err != nil { + panic(err) + } else { + c.JSON(200, loginResponse{ + AccessToken: token, + User: responseFromUser(user), + }) + } } + } } diff --git a/server/internal/command/appcmd/user.go b/server/internal/command/appcmd/user.go index 2f4023fe..7605e08a 100644 --- a/server/internal/command/appcmd/user.go +++ b/server/internal/command/appcmd/user.go @@ -3,7 +3,6 @@ package appcmd import ( "context" "os" - "strings" "syscall" "github.com/google/uuid" @@ -22,7 +21,6 @@ func setupUserCommand() *cobra.Command { setupUserAddCommand(), setupUserChrootCommand(), setupUserListCommand(), - setupUserLoginCommand(), }...) return cmd } @@ -120,29 +118,3 @@ func setupUserListCommand() *cobra.Command { }, } } - -func setupUserLoginCommand() *cobra.Command { - return &cobra.Command{ - Use: "auth user", - Short: "Authenticate user", - Args: cobra.ExactArgs(1), - Run: func(cmd *cobra.Command, args []string) { - username := strings.TrimSpace(args[0]) - - os.Stdout.WriteString("Password: ") - bytes, err := term.ReadPassword(syscall.Stdin) - os.Stdout.WriteString("\n") - if err != nil { - logrus.Fatal(err) - } - password := string(bytes) - - accessToken, err := core.Default.CreateAccessToken(context.Background(), username, password) - if err != nil { - logrus.Fatal(err) - } - logrus.Info("Access Token: " + accessToken.ID) - logrus.Info(" Valid Until: " + accessToken.Expires.Time.String()) - }, - } -} diff --git a/server/internal/core/app.go b/server/internal/core/app.go index 28c02029..65e996c2 100644 --- a/server/internal/core/app.go +++ b/server/internal/core/app.go @@ -13,9 +13,7 @@ import ( const defaultUserName = "phylum" type App struct { - Debug bool - // TODO: Fix su should have access to all files - // but is currently subject to permissions which are baked in to ResourceByID and ResourceByPath + Debug bool Rootfs FileSystem db *db.DbHandler cs storage.Storage diff --git a/server/internal/core/auth.go b/server/internal/core/auth.go index 0e5fe50a..82b440ad 100644 --- a/server/internal/core/auth.go +++ b/server/internal/core/auth.go @@ -44,20 +44,15 @@ func (a App) VerifyUserPassword(ctx context.Context, username, password string) } } -// TODO: don't return db types -func (a App) CreateAccessToken(ctx context.Context, username, password string) (db.AccessToken, error) { - if user, err := a.VerifyUserPassword(ctx, username, password); err != nil { - return db.AccessToken{}, err +func (a App) CreateAccessToken(ctx context.Context, userID int32) (string, error) { + if token, err := a.db.InsertAccessToken(ctx, db.InsertAccessTokenParams{ + ID: GenerateRandomString(accessTokenLength), + Validity: accessTokenValiditiy, + UserID: userID, + }); err != nil { + return "", err } else { - if token, err := a.db.InsertAccessToken(ctx, db.InsertAccessTokenParams{ - ID: GenerateRandomString(accessTokenLength), - Validity: accessTokenValiditiy, - UserID: user.ID(), - }); err != nil { - return db.AccessToken{}, err - } else { - return token, nil - } + return token.ID, nil } } diff --git a/server/internal/core/filesystem.go b/server/internal/core/filesystem.go index 8c979aaa..8bab5e86 100644 --- a/server/internal/core/filesystem.go +++ b/server/internal/core/filesystem.go @@ -28,9 +28,7 @@ type FileSystem interface { UpdateName(r Resource, name string) error UpdateParent(r Resource, parent uuid.UUID) error UpdatePermissions(r Resource, userID int32, permission Permission) error - // TODO: don't return db types GetPermissionsLocal(r Resource) (map[int32]Permission, error) - // TODO: don't return db types GetPermissionsInherited(r Resource) (map[int32]Permission, error) } @@ -94,7 +92,6 @@ func (f filesystem) ResourceByPath(path string) (Resource, error) { } res, err := f.db.ResourceByPath(f.ctx, db.ResourceByPathParams{Root: f.root.ID(), Permission: f.root.Permission(), Search: segments, UserID: f.user}) - // TODO: Fix su should have access to all files if err == pgx.ErrNoRows || res.Permission == 0 { err = fs.ErrNotExist } @@ -118,7 +115,6 @@ func (f filesystem) ResourceByPath(path string) (Resource, error) { func (f filesystem) ResourceByID(id uuid.UUID) (Resource, error) { res, err := f.db.ResourceByID(f.ctx, db.ResourceByIDParams{Root: f.root.ID(), ResourceID: id, UserID: f.user}) // TODO: verify found - // TODO: Fix su should have access to all files if err == pgx.ErrNoRows || !res.Found || res.Permission == 0 { err = fs.ErrNotExist }