119 lines
3.0 KiB
Go
119 lines
3.0 KiB
Go
package rest
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
"github.com/pkg/errors"
|
|
"github.com/titpetric/factory/resputil"
|
|
|
|
"github.com/cortezaproject/corteza-server/pkg/auth"
|
|
"github.com/cortezaproject/corteza-server/pkg/payload"
|
|
"github.com/cortezaproject/corteza-server/pkg/payload/outgoing"
|
|
"github.com/cortezaproject/corteza-server/system/rest/request"
|
|
"github.com/cortezaproject/corteza-server/system/service"
|
|
"github.com/cortezaproject/corteza-server/system/types"
|
|
)
|
|
|
|
var _ = errors.Wrap
|
|
|
|
type (
|
|
Auth struct {
|
|
tokenEncoder auth.TokenEncoder
|
|
settings *types.Settings
|
|
authSvc service.AuthService
|
|
}
|
|
|
|
authServiceSettingsProvider interface {
|
|
Format() map[string]interface{}
|
|
}
|
|
|
|
exchangeResponse struct {
|
|
JWT string `json:"jwt"`
|
|
User *outgoing.User `json:"user"`
|
|
}
|
|
|
|
checkResponse struct {
|
|
JWT string `json:"jwt"`
|
|
User *outgoing.User `json:"user"`
|
|
}
|
|
)
|
|
|
|
func (Auth) New() *Auth {
|
|
return &Auth{
|
|
tokenEncoder: auth.DefaultJwtHandler,
|
|
settings: service.CurrentSettings,
|
|
authSvc: service.DefaultAuth,
|
|
}
|
|
}
|
|
|
|
func (ctrl *Auth) Check(ctx context.Context, r *request.AuthCheck) (interface{}, error) {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
if identity := auth.GetIdentityFromContext(ctx); identity != nil && identity.Valid() {
|
|
if user, err := service.DefaultUser.With(ctx).FindByID(identity.Identity()); err == nil {
|
|
svc := ctrl.authSvc.With(ctx)
|
|
|
|
if err = svc.LoadRoleMemberships(user); err != nil {
|
|
resputil.JSON(w, err)
|
|
return
|
|
} else {
|
|
resputil.JSON(w, checkResponse{
|
|
JWT: ctrl.tokenEncoder.Encode(user),
|
|
User: payload.User(user),
|
|
})
|
|
}
|
|
|
|
return
|
|
}
|
|
}
|
|
|
|
resputil.JSON(w, errors.New("not authenticated"))
|
|
}, nil
|
|
}
|
|
|
|
func (ctrl *Auth) Logout(ctx context.Context, r *request.AuthLogout) (interface{}, error) {
|
|
return true, nil
|
|
}
|
|
|
|
func (ctrl *Auth) Settings(ctx context.Context, r *request.AuthSettings) (interface{}, error) {
|
|
var (
|
|
int = ctrl.settings.Auth.Internal
|
|
ext = ctrl.settings.Auth.External
|
|
|
|
out = map[string]interface{}{
|
|
"internalEnabled": int.Enabled,
|
|
"internalPasswordResetEnabled": int.PasswordReset.Enabled,
|
|
"internalSignUpEmailConfirmationRequired": int.Signup.EmailConfirmationRequired,
|
|
"internalSignUpEnabled": int.Signup.Enabled,
|
|
|
|
"externalEnabled": ext.Enabled,
|
|
"externalProviders": ext.Providers.Valid(ctrl.settings),
|
|
}
|
|
)
|
|
|
|
if err := ctrl.authSvc.With(ctx).CanRegister(); err != nil {
|
|
// f["internalSignUpEnabled"] = false
|
|
out["signUpDisabled"] = err.Error()
|
|
}
|
|
|
|
return out, nil
|
|
}
|
|
|
|
func (ctrl *Auth) ExchangeAuthToken(ctx context.Context, r *request.AuthExchangeAuthToken) (interface{}, error) {
|
|
var svc = ctrl.authSvc.With(ctx)
|
|
|
|
user, err := svc.ValidateAuthRequestToken(r.Token)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if err = svc.LoadRoleMemberships(user); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &exchangeResponse{
|
|
JWT: ctrl.tokenEncoder.Encode(user),
|
|
User: payload.User(user),
|
|
}, nil
|
|
}
|