memos/server/basic_auth.go

package server

import (
	"fmt"
	"memos/api"
	"memos/common"
	"net/http"
	"strconv"

	"github.com/gorilla/sessions"
	"github.com/labstack/echo-contrib/session"
	"github.com/labstack/echo/v4"
)

var (
	userIDContextKey = "user-id"
)

func getUserIDContextKey() string {
	return userIDContextKey
}

func setUserSession(c echo.Context, user *api.User) error {
	sess, _ := session.Get("session", c)
	sess.Options = &sessions.Options{
		Path:     "/",
		MaxAge:   1000 * 3600 * 24 * 30,
		HttpOnly: true,
	}
	sess.Values[userIDContextKey] = user.ID
	err := sess.Save(c.Request(), c.Response())
	if err != nil {
		return fmt.Errorf("failed to set session, err: %w", err)
	}

	return nil
}

func removeUserSession(c echo.Context) error {
	sess, _ := session.Get("session", c)
	sess.Options = &sessions.Options{
		Path:     "/",
		MaxAge:   0,
		HttpOnly: true,
	}
	sess.Values[userIDContextKey] = nil
	err := sess.Save(c.Request(), c.Response())
	if err != nil {
		return fmt.Errorf("failed to set session, err: %w", err)
	}

	return nil
}

// Use session to store user.id.
func BasicAuthMiddleware(us api.UserService, next echo.HandlerFunc) echo.HandlerFunc {
	return func(c echo.Context) error {
		// Skips auth
		if common.HasPrefixes(c.Path(), "/api/auth", "/api/ping") {
			return next(c)
		}

		sess, err := session.Get("session", c)
		if err != nil {
			return echo.NewHTTPError(http.StatusUnauthorized, "Missing session").SetInternal(err)
		}

		userIDValue := sess.Values[userIDContextKey]
		if userIDValue == nil {
			return echo.NewHTTPError(http.StatusUnauthorized, "Missing userID in session")
		}

		userID, err := strconv.Atoi(fmt.Sprintf("%v", userIDValue))
		if err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to malformatted user id in the session.").SetInternal(err)
		}

		// Even if there is no error, we still need to make sure the user still exists.
		userFind := &api.UserFind{
			ID: &userID,
		}
		user, err := us.FindUser(userFind)
		if err != nil {
			return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user by ID: %d", userID)).SetInternal(err)
		}
		if user == nil {
			return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Not found user ID: %d", userID))
		}

		// Stores userID into context.
		c.Set(getUserIDContextKey(), userID)

		return next(c)
	}
}
refactor: backend 2022-02-03 10:32:03 +03:00			`package server`

			`import (`
			`"fmt"`
			`"memos/api"`
			`"memos/common"`
			`"net/http"`
			`"strconv"`

			`"github.com/gorilla/sessions"`
			`"github.com/labstack/echo-contrib/session"`
			`"github.com/labstack/echo/v4"`
			`)`

			`var (`
chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`userIDContextKey = "user-id"`
refactor: backend 2022-02-03 10:32:03 +03:00			`)`

chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`func getUserIDContextKey() string {`
			`return userIDContextKey`
refactor: backend 2022-02-03 10:32:03 +03:00			`}`

fix: get&set session 2022-02-03 19:56:44 +03:00			`func setUserSession(c echo.Context, user *api.User) error {`
fix: get session handler 2022-02-05 12:04:23 +03:00			`sess, _ := session.Get("session", c)`
refactor: backend 2022-02-03 10:32:03 +03:00			`sess.Options = &sessions.Options{`
			`Path: "/",`
			`MaxAge: 1000 * 3600 * 24 * 30,`
			`HttpOnly: true,`
			`}`
chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`sess.Values[userIDContextKey] = user.ID`
fix: get session handler 2022-02-05 12:04:23 +03:00			`err := sess.Save(c.Request(), c.Response())`
fix: get&set session 2022-02-03 19:56:44 +03:00			`if err != nil {`
fix: resource api 2022-02-04 13:54:24 +03:00			`return fmt.Errorf("failed to set session, err: %w", err)`
fix: get&set session 2022-02-03 19:56:44 +03:00			`}`

			`return nil`
refactor: backend 2022-02-03 10:32:03 +03:00			`}`

fix: get&set session 2022-02-03 19:56:44 +03:00			`func removeUserSession(c echo.Context) error {`
fix: get session handler 2022-02-05 12:04:23 +03:00			`sess, _ := session.Get("session", c)`
refactor: backend 2022-02-03 10:32:03 +03:00			`sess.Options = &sessions.Options{`
			`Path: "/",`
			`MaxAge: 0,`
			`HttpOnly: true,`
			`}`
chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`sess.Values[userIDContextKey] = nil`
fix: get session handler 2022-02-05 12:04:23 +03:00			`err := sess.Save(c.Request(), c.Response())`
fix: get&set session 2022-02-03 19:56:44 +03:00			`if err != nil {`
fix: resource api 2022-02-04 13:54:24 +03:00			`return fmt.Errorf("failed to set session, err: %w", err)`
fix: get&set session 2022-02-03 19:56:44 +03:00			`}`

			`return nil`
refactor: backend 2022-02-03 10:32:03 +03:00			`}`

fix: get session handler 2022-02-05 12:04:23 +03:00			`// Use session to store user.id.`
fix: resource api 2022-02-04 13:54:24 +03:00			`func BasicAuthMiddleware(us api.UserService, next echo.HandlerFunc) echo.HandlerFunc {`
refactor: backend 2022-02-03 10:32:03 +03:00			`return func(c echo.Context) error {`
fix: get&set session 2022-02-03 19:56:44 +03:00			`// Skips auth`
update: db initialization 2022-05-01 06:06:29 +03:00			`if common.HasPrefixes(c.Path(), "/api/auth", "/api/ping") {`
refactor: backend 2022-02-03 10:32:03 +03:00			`return next(c)`
			`}`

			`sess, err := session.Get("session", c)`
			`if err != nil {`
fix: resource api 2022-02-04 13:54:24 +03:00			`return echo.NewHTTPError(http.StatusUnauthorized, "Missing session").SetInternal(err)`
refactor: backend 2022-02-03 10:32:03 +03:00			`}`
fix: get&set session 2022-02-03 19:56:44 +03:00
chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`userIDValue := sess.Values[userIDContextKey]`
			`if userIDValue == nil {`
			`return echo.NewHTTPError(http.StatusUnauthorized, "Missing userID in session")`
fix: get&set session 2022-02-03 19:56:44 +03:00			`}`

chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`userID, err := strconv.Atoi(fmt.Sprintf("%v", userIDValue))`
refactor: backend 2022-02-03 10:32:03 +03:00			`if err != nil {`
feat: open api for get memos 2022-02-05 19:25:41 +03:00			`return echo.NewHTTPError(http.StatusInternalServerError, "Failed to malformatted user id in the session.").SetInternal(err)`
refactor: backend 2022-02-03 10:32:03 +03:00			`}`

			`// Even if there is no error, we still need to make sure the user still exists.`
feat: open api for get memos 2022-02-05 19:25:41 +03:00			`userFind := &api.UserFind{`
chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`ID: &userID,`
refactor: backend 2022-02-03 10:32:03 +03:00			`}`
feat: open api for get memos 2022-02-05 19:25:41 +03:00			`user, err := us.FindUser(userFind)`
refactor: backend 2022-02-03 10:32:03 +03:00			`if err != nil {`
chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`return echo.NewHTTPError(http.StatusInternalServerError, fmt.Sprintf("Failed to find user by ID: %d", userID)).SetInternal(err)`
refactor: backend 2022-02-03 10:32:03 +03:00			`}`
			`if user == nil {`
chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`return echo.NewHTTPError(http.StatusUnauthorized, fmt.Sprintf("Not found user ID: %d", userID))`
refactor: backend 2022-02-03 10:32:03 +03:00			`}`

chore: typo `Id` to `ID` 2022-05-02 21:05:43 +03:00			`// Stores userID into context.`
			`c.Set(getUserIDContextKey(), userID)`
feat: open api for get memos 2022-02-05 19:25:41 +03:00
refactor: backend 2022-02-03 10:32:03 +03:00			`return next(c)`
			`}`
			`}`