iridium/neko
2
2
Fork 0
mirror of https://github.com/m1k1o/neko.git synced 2024-07-24 14:40:50 +12:00
Code Issues Packages Projects Releases Wiki Activity

add API JWT auth.

Browse Source
This commit is contained in:
Miroslav Šedivý 2020-10-31 10:48:24 +01:00
parent 31bd61e2d3
commit 71d39a5c74
5 changed files with 73 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
internal/api/member/handler.go
View File

@ -23,10 +23,19 @@ func New(
} }
} }
func (h *MemberHandler) Router() *chi.Mux { func (h *MemberHandler) Router(
usersOnly func(chi.Router, func(chi.Router)),
adminsOnly func(chi.Router, func(chi.Router)),
) *chi.Mux {
r := chi.NewRouter() r := chi.NewRouter()
// TODO usersOnly(r, func(r chi.Router) {
})
adminsOnly(r, func(r chi.Router) {
})
return r return r
} }

19
internal/api/room/handler.go
View File

@ -29,17 +29,20 @@ func New(
} }
} }
func (h *RoomHandler) Router() *chi.Mux { func (h *RoomHandler) Router(
usersOnly func(chi.Router, func(chi.Router)),
adminsOnly func(chi.Router, func(chi.Router)),
) *chi.Mux {
r := chi.NewRouter() r := chi.NewRouter()
r.Route("/screen", func(r chi.Router) { usersOnly(r, func(r chi.Router) {
r.Get("/", h.ScreenConfiguration) r.Get("/screen", h.ScreenConfiguration)
r.Post("/", h.ScreenConfigurationChange)
r.Get("/configurations", h.ScreenConfigurationsList)
}) })
// TODO adminsOnly(r, func(r chi.Router) {
r.Post("/screen", h.ScreenConfigurationChange)
r.Get("/screen/configurations", h.ScreenConfigurationsList)
})
return r return r
} }

42
internal/api/router.go
View File

@ -2,10 +2,12 @@ package api
import ( import (
"github.com/go-chi/chi" "github.com/go-chi/chi"
"github.com/go-chi/jwtauth"
"demodesk/neko/internal/api/member" "demodesk/neko/internal/api/member"
"demodesk/neko/internal/api/room" "demodesk/neko/internal/api/room"
"demodesk/neko/internal/types" "demodesk/neko/internal/types"
"demodesk/neko/internal/types/config"
) )
type API struct { type API struct {
@ -15,13 +17,18 @@ type API struct {
websocket types.WebSocketHandler websocket types.WebSocketHandler
} }
var AdminToken *jwtauth.JWTAuth
var UserToken *jwtauth.JWTAuth
func New( func New(
sessions types.SessionManager, sessions types.SessionManager,
remote types.RemoteManager, remote types.RemoteManager,
broadcast types.BroadcastManager, broadcast types.BroadcastManager,
websocket types.WebSocketHandler, websocket types.WebSocketHandler,
conf *config.Server,
) *API { ) *API {
// Init AdminToken = jwtauth.New("HS256", []byte(conf.AdminToken), nil)
UserToken = jwtauth.New("HS256", []byte(conf.UserToken), nil)
return &API{ return &API{
sessions: sessions, sessions: sessions,
@ -31,12 +38,35 @@ func New(
} }
} }
func (a *API) Mount(router *chi.Mux) { func (a *API) Mount(r *chi.Mux) {
// all member routes
memberHandler := member.New(a.sessions, a.websocket) memberHandler := member.New(a.sessions, a.websocket)
router.Mount("/member", memberHandler.Router()) r.Mount("/member", memberHandler.Router(UsersOnly, AdminsOnly))
// get room routes
roomHandler := room.New(a.sessions, a.remote, a.broadcast, a.websocket) roomHandler := room.New(a.sessions, a.remote, a.broadcast, a.websocket)
router.Mount("/room", roomHandler.Router()) r.Mount("/room", roomHandler.Router(UsersOnly, AdminsOnly))
}
func UsersOnly(r chi.Router, protectedRoutes func(r chi.Router)) {
r.Group(func(r chi.Router) {
// Verify JWT tokens
r.Use(jwtauth.Verifier(UserToken))
r.Use(jwtauth.Verifier(AdminToken))
// Handle valid / invalid tokens.
r.Use(jwtauth.Authenticator)
protectedRoutes(r)
})
}
func AdminsOnly(r chi.Router, protectedRoutes func(r chi.Router)) {
r.Group(func(r chi.Router) {
// Verify JWT token
r.Use(jwtauth.Verifier(AdminToken))
// Handle valid / invalid tokens.
r.Use(jwtauth.Authenticator)
protectedRoutes(r)
})
} }

2
internal/http/http.go
View File

@ -39,7 +39,7 @@ func New(
router.Use(Logger) // Log API request calls using custom logger function router.Use(Logger) // Log API request calls using custom logger function
// Mount REST API // Mount REST API
apiManager := api.New(sessions, remote, broadcast, webSocketHandler) apiManager := api.New(sessions, remote, broadcast, webSocketHandler, conf)
apiManager.Mount(router) apiManager.Mount(router)
router.Get("/ws", func(w http.ResponseWriter, r *http.Request) { router.Get("/ws", func(w http.ResponseWriter, r *http.Request) {

14
internal/types/config/server.go
View File

@ -10,6 +10,8 @@ type Server struct {
Key string Key string
Bind string Bind string
Static string Static string
UserToken string
AdminToken string
} }
func (Server) Init(cmd *cobra.Command) error { func (Server) Init(cmd *cobra.Command) error {
@ -33,6 +35,16 @@ func (Server) Init(cmd *cobra.Command) error {
return err return err
} }
cmd.PersistentFlags().String("user_token", "user_secret", "JWT token for users")
if err := viper.BindPFlag("user_token", cmd.PersistentFlags().Lookup("user_token")); err != nil {
return err
}
cmd.PersistentFlags().String("admin_token", "admin_secret", "JWT token for admins")
if err := viper.BindPFlag("admin_token", cmd.PersistentFlags().Lookup("admin_token")); err != nil {
return err
}
return nil return nil
} }
@ -41,4 +53,6 @@ func (s *Server) Set() {
s.Key = viper.GetString("key") s.Key = viper.GetString("key")
s.Bind = viper.GetString("bind") s.Bind = viper.GetString("bind")
s.Static = viper.GetString("static") s.Static = viper.GetString("static")
s.UserToken = viper.GetString("user_token")
s.AdminToken = viper.GetString("admin_token")
} }