basic frontend implementation of new token system
This commit is contained in:
@ -3,12 +3,13 @@ package api
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"openmediacenter/apiGo/database/settings"
|
||||
)
|
||||
|
||||
const (
|
||||
VideoNode = "video"
|
||||
TagNode = "tag"
|
||||
SettingsNode = "setting"
|
||||
TagNode = "tags"
|
||||
SettingsNode = "settings"
|
||||
ActorNode = "actor"
|
||||
TVShowNode = "tv"
|
||||
LoginNode = "login"
|
||||
@ -32,34 +33,44 @@ const (
|
||||
|
||||
func AddHandler(action string, apiNode string, perm uint8, handler func(ctx Context)) {
|
||||
http.Handle(fmt.Sprintf("/api/%s/%s", apiNode, action), http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
|
||||
tokenheader := request.Header.Get("Token")
|
||||
|
||||
id := -1
|
||||
permid := PermUnauthorized
|
||||
|
||||
// check token if token provided
|
||||
if tokenheader != "" {
|
||||
id, permid = TokenValid(request.Header.Get("Token"))
|
||||
}
|
||||
|
||||
ctx := &apicontext{writer: writer, responseWritten: false, request: request, userid: id, permid: permid}
|
||||
|
||||
// check if rights are sufficient to perform the action
|
||||
if permid <= perm {
|
||||
handler(ctx)
|
||||
|
||||
if !ctx.responseWritten {
|
||||
// none of the response functions called so send default response
|
||||
ctx.Error("Unknown server Error occured")
|
||||
writer.WriteHeader(501)
|
||||
}
|
||||
srvPwd := settings.GetPassword()
|
||||
if srvPwd == nil {
|
||||
// no password set
|
||||
ctx := &apicontext{writer: writer, responseWritten: false, request: request, userid: -1, permid: PermUnauthorized}
|
||||
callHandler(ctx, handler, writer)
|
||||
} else {
|
||||
ctx.Error("insufficient permissions")
|
||||
writer.WriteHeader(501)
|
||||
tokenheader := request.Header.Get("Token")
|
||||
|
||||
id := -1
|
||||
permid := PermUnauthorized
|
||||
|
||||
// check token if token provided
|
||||
if tokenheader != "" {
|
||||
id, permid = TokenValid(request.Header.Get("Token"))
|
||||
}
|
||||
|
||||
ctx := &apicontext{writer: writer, responseWritten: false, request: request, userid: id, permid: permid}
|
||||
|
||||
// check if rights are sufficient to perform the action
|
||||
if permid <= perm {
|
||||
callHandler(ctx, handler, writer)
|
||||
} else {
|
||||
ctx.Error("insufficient permissions")
|
||||
}
|
||||
}
|
||||
}))
|
||||
}
|
||||
|
||||
func callHandler(ctx *apicontext, handler func(ctx Context), writer http.ResponseWriter) {
|
||||
handler(ctx)
|
||||
|
||||
if !ctx.responseWritten {
|
||||
// none of the response functions called so send default response
|
||||
ctx.Error("Unknown server Error occured")
|
||||
writer.WriteHeader(501)
|
||||
}
|
||||
}
|
||||
|
||||
func ServerInit() {
|
||||
// initialize auth service and add corresponding auth routes
|
||||
InitOAuth()
|
||||
|
||||
@ -48,7 +48,6 @@ func TokenValid(token string) (int, uint8) {
|
||||
func InitOAuth() {
|
||||
AddHandler("login", LoginNode, PermUnauthorized, func(ctx Context) {
|
||||
var t struct {
|
||||
Username string
|
||||
Password string
|
||||
}
|
||||
|
||||
@ -57,28 +56,27 @@ func InitOAuth() {
|
||||
}
|
||||
|
||||
// empty check
|
||||
if t.Password == "" || t.Username == "" {
|
||||
ctx.Error("empty username or password")
|
||||
if t.Password == "" {
|
||||
ctx.Error("empty password")
|
||||
return
|
||||
}
|
||||
|
||||
// generate Argon2 Hash of passed pwd
|
||||
pwd := HashPassword(t.Password)
|
||||
HashPassword(t.Password)
|
||||
// todo use hashed password
|
||||
|
||||
var id uint
|
||||
var name string
|
||||
var rightid uint8
|
||||
var password string
|
||||
|
||||
err := database.QueryRow("SELECT userId,userName,rightId FROM User WHERE userName=? AND password=?", t.Username, *pwd).Scan(&id, &name, &rightid)
|
||||
if err != nil {
|
||||
err := database.QueryRow("SELECT password FROM settings WHERE 1").Scan(&password)
|
||||
if err != nil || t.Password != password {
|
||||
ctx.Error("unauthorized")
|
||||
return
|
||||
}
|
||||
|
||||
expires := time.Now().Add(time.Hour * TokenExpireHours).Unix()
|
||||
claims := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{
|
||||
Issuer: strconv.Itoa(int(id)),
|
||||
Subject: strconv.Itoa(int(rightid)),
|
||||
Issuer: strconv.Itoa(int(0)),
|
||||
Subject: strconv.Itoa(int(PermUser)),
|
||||
ExpiresAt: expires,
|
||||
})
|
||||
|
||||
@ -90,18 +88,12 @@ func InitOAuth() {
|
||||
}
|
||||
|
||||
type ResponseType struct {
|
||||
Token Token
|
||||
Username string
|
||||
UserPerm uint8
|
||||
Token Token
|
||||
}
|
||||
|
||||
ctx.Json(ResponseType{
|
||||
Token: Token{
|
||||
Token: token,
|
||||
ExpiresAt: expires,
|
||||
},
|
||||
Username: t.Username,
|
||||
UserPerm: rightid,
|
||||
ctx.Json(Token{
|
||||
Token: token,
|
||||
ExpiresAt: expires,
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user