init gateway-service

2026-03-26 12:40:21 +00:00 · 2023-09-27 17:19:25 +01:00
parent b725dae0f9
commit 4aa5cd6dfc
29 changed files with 6871 additions and 0 deletions
--- a/services/gateway-service/internal/api/handlers/auth.go
+++ b/services/gateway-service/internal/api/handlers/auth.go
@@ -0,0 +1,59 @@
+package handlers
+
+import (
+	"crypto/rsa"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/middleware/keyauth"
+
+	"github.com/hexolan/panels/gateway-service/internal"
+)
+
+var AuthMiddleware fiber.Handler
+
+type TokenClaims struct {
+	jwt.RegisteredClaims
+}
+
+type tokenValidator struct {
+	pubKey *rsa.PublicKey
+}
+
+func NewAuthMiddleware(cfg internal.Config) {
+	tokenValidator := tokenValidator{pubKey: cfg.JWTPubKey}
+	AuthMiddleware = keyauth.New(keyauth.Config{
+		AuthScheme: "Bearer",
+		Validator: tokenValidator.ValidateToken,
+	})
+}
+
+func GetTokenClaims(c *fiber.Ctx) (TokenClaims, error) {
+	var tokenClaims TokenClaims
+	tokenClaims, ok := c.Locals("tokenClaims").(TokenClaims)
+	if !ok {
+		return TokenClaims{}, fiber.NewError(fiber.StatusUnauthorized, "unable to access token claims")
+	}
+	return tokenClaims, nil
+}
+
+func (tv tokenValidator) validateToken(token *jwt.Token) (interface{}, error) {
+	// Ensure token is signed with RSA
+	if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
+		return nil, keyauth.ErrMissingOrMalformedAPIKey
+	}
+
+	// Validate token with public key
+	return tv.pubKey, nil
+}
+
+func (tv tokenValidator) ValidateToken(c *fiber.Ctx, userToken string) (bool, error) {
+	claims := TokenClaims{}
+	_, err := jwt.ParseWithClaims(userToken, &claims, tv.validateToken)
+	if err != nil {
+		return false, err
+	}
+
+	c.Locals("tokenClaims", claims)
+	return true, nil
+}
--- a/services/gateway-service/internal/api/handlers/error.go
+++ b/services/gateway-service/internal/api/handlers/error.go
@@ -0,0 +1,55 @@
+package handlers
+
+import (
+	"errors"
+
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/log"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+func ErrorHandler(c *fiber.Ctx, err error) error {
+    c.Set(fiber.HeaderContentType, fiber.MIMEApplicationJSONCharsetUTF8)
+    code := fiber.StatusInternalServerError
+	msg := err.Error()
+
+    // Retrieval of codes from fiber.Errors
+    var e *fiber.Error
+    if errors.As(err, &e) {
+        code = e.Code
+    } else {
+		// Retrival of codes from gRPC errors.
+		status, ok := status.FromError(err)
+		if ok {
+			msg = status.Message()
+
+			switch status.Code() {
+			case codes.NotFound:
+				code = fiber.StatusNotFound
+			case codes.InvalidArgument:
+				code = fiber.StatusUnprocessableEntity
+			case codes.AlreadyExists:
+				code = fiber.StatusConflict
+			case codes.PermissionDenied:
+				code = fiber.StatusForbidden
+			case codes.Unauthenticated:
+				code = fiber.StatusUnauthorized
+			case codes.Internal:
+				code = fiber.StatusInternalServerError
+			case codes.Unavailable:
+				code = fiber.StatusBadGateway
+				msg = "Service unavaliable for request."
+			default:
+				code = fiber.StatusInternalServerError
+				msg = "Something went wrong."
+				log.Error(err)
+			}
+		} else {
+			msg = "Something unexpected went wrong."
+			log.Error(err)
+		}
+	}
+
+    return c.Status(code).JSON(fiber.Map{"status": "failure", "msg": msg})
+}