appview/state/middleware.go at 0b3a5ce6baa884597da3c1927a75fe76659433c2 · tangled.org/core

tangled.org / core
this repo has no description
core / appview / state / middleware.go
at 0b3a5ce6baa884597da3c1927a75fe76659433c2 4.6 kB view raw
  1package state
  2
  3import (
  4	"context"
  5	"log"
  6	"net/http"
  7	"strings"
  8	"time"
  9
 10	comatproto "github.com/bluesky-social/indigo/api/atproto"
 11	"github.com/bluesky-social/indigo/atproto/identity"
 12	"github.com/bluesky-social/indigo/xrpc"
 13	"github.com/go-chi/chi/v5"
 14	"github.com/sotangled/tangled/appview"
 15	"github.com/sotangled/tangled/appview/auth"
 16)
 17
 18type Middleware func(http.Handler) http.Handler
 19
 20func AuthMiddleware(s *State) Middleware {
 21	return func(next http.Handler) http.Handler {
 22		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 23			session, _ := s.auth.Store.Get(r, appview.SessionName)
 24			authorized, ok := session.Values[appview.SessionAuthenticated].(bool)
 25			if !ok || !authorized {
 26				log.Printf("not logged in, redirecting")
 27				http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
 28				return
 29			}
 30
 31			// refresh if nearing expiry
 32			// TODO: dedup with /login
 33			expiryStr := session.Values[appview.SessionExpiry].(string)
 34			expiry, err := time.Parse(time.RFC3339, expiryStr)
 35			if err != nil {
 36				log.Println("invalid expiry time", err)
 37				http.Redirect(w, r, "/login", http.StatusTemporaryRedirect)
 38				return
 39			}
 40			pdsUrl := session.Values[appview.SessionPds].(string)
 41			did := session.Values[appview.SessionDid].(string)
 42			refreshJwt := session.Values[appview.SessionRefreshJwt].(string)
 43
 44			if time.Now().After(expiry) {
 45				log.Println("token expired, refreshing ...")
 46
 47				client := xrpc.Client{
 48					Host: pdsUrl,
 49					Auth: &xrpc.AuthInfo{
 50						Did:        did,
 51						AccessJwt:  refreshJwt,
 52						RefreshJwt: refreshJwt,
 53					},
 54				}
 55				atSession, err := comatproto.ServerRefreshSession(r.Context(), &client)
 56				if err != nil {
 57					log.Println(err)
 58					return
 59				}
 60
 61				sessionish := auth.RefreshSessionWrapper{atSession}
 62
 63				err = s.auth.StoreSession(r, w, &sessionish, pdsUrl)
 64				if err != nil {
 65					log.Printf("failed to store session for did: %s\n: %s", atSession.Did, err)
 66					return
 67				}
 68
 69				log.Println("successfully refreshed token")
 70			}
 71
 72			next.ServeHTTP(w, r)
 73		})
 74	}
 75}
 76
 77func RoleMiddleware(s *State, group string) Middleware {
 78	return func(next http.Handler) http.Handler {
 79		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 80			// requires auth also
 81			actor := s.auth.GetUser(r)
 82			if actor == nil {
 83				// we need a logged in user
 84				log.Printf("not logged in, redirecting")
 85				http.Error(w, "Forbiden", http.StatusUnauthorized)
 86				return
 87			}
 88			domain := chi.URLParam(r, "domain")
 89			if domain == "" {
 90				http.Error(w, "malformed url", http.StatusBadRequest)
 91				return
 92			}
 93
 94			ok, err := s.enforcer.E.HasGroupingPolicy(actor.Did, group, domain)
 95			if err != nil || !ok {
 96				// we need a logged in user
 97				log.Printf("%s does not have perms of a %s in domain %s", actor.Did, group, domain)
 98				http.Error(w, "Forbiden", http.StatusUnauthorized)
 99				return
100			}
101
102			next.ServeHTTP(w, r)
103		})
104	}
105}
106
107func StripLeadingAt(next http.Handler) http.Handler {
108	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
109		path := req.URL.Path
110		if strings.HasPrefix(path, "/@") {
111			req.URL.Path = "/" + strings.TrimPrefix(path, "/@")
112		}
113		next.ServeHTTP(w, req)
114	})
115}
116
117func ResolveIdent(s *State) Middleware {
118	return func(next http.Handler) http.Handler {
119		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
120			start := time.Now()
121			didOrHandle := chi.URLParam(req, "user")
122
123			log.Println(didOrHandle)
124			id, err := s.resolver.ResolveIdent(req.Context(), didOrHandle)
125			if err != nil {
126				// invalid did or handle
127				log.Println("failed to resolve did/handle")
128				w.WriteHeader(http.StatusNotFound)
129				return
130			}
131
132			ctx := context.WithValue(req.Context(), "resolvedId", *id)
133
134			elapsed := time.Since(start)
135			log.Println("Execution time:", elapsed)
136			next.ServeHTTP(w, req.WithContext(ctx))
137		})
138	}
139}
140
141func ResolveRepoKnot(s *State) Middleware {
142	return func(next http.Handler) http.Handler {
143		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
144			repoName := chi.URLParam(req, "repo")
145			id, ok := req.Context().Value("resolvedId").(identity.Identity)
146			if !ok {
147				log.Println("malformed middleware")
148				w.WriteHeader(http.StatusInternalServerError)
149				return
150			}
151
152			repo, err := s.db.GetRepo(id.DID.String(), repoName)
153			if err != nil {
154				// invalid did or handle
155				log.Println("failed to resolve repo")
156				w.WriteHeader(http.StatusNotFound)
157				return
158			}
159
160			ctx := context.WithValue(req.Context(), "knot", repo.Knot)
161			next.ServeHTTP(w, req.WithContext(ctx))
162		})
163	}
164}