feat(backend): handle JWT validation manually

author: nsfisis <nsfisis@gmail.com> 2024-07-28 16:00:22 +0900
committer: nsfisis <nsfisis@gmail.com> 2024-07-28 16:01:01 +0900
commit: c953b0496ef205ddda0defd70f376623bf13db61 (patch)
tree: 80ddd24c45612dc1971ddb0b268440bfd2efc067 /backend
parent: d85cf0be57dd4394c588c340fbfa8483d981da02 (diff)
download: iosdc-japan-2024-albatross-c953b0496ef205ddda0defd70f376623bf13db61.tar.gz
iosdc-japan-2024-albatross-c953b0496ef205ddda0defd70f376623bf13db61.tar.zst
iosdc-japan-2024-albatross-c953b0496ef205ddda0defd70f376623bf13db61.zip
5 files changed, 40 insertions, 18 deletions
diff --git a/backend/api/handlers.go b/backend/api/handlers.go
index 57aaabb..ee0a97a 100644
--- a/backend/api/handlers.go
+++ b/backend/api/handlers.go
@@ -3,6 +3,7 @@ package api
 import (
 	"context"
 	"net/http"
+	"strings"
 
 	"github.com/labstack/echo/v4"
 
@@ -60,3 +61,27 @@ func _assertJwtPayloadIsCompatibleWithJWTClaims() {
 	p.IsAdmin = c.IsAdmin
 	_ = p
 }
+
+func NewJWTMiddleware() StrictMiddlewareFunc {
+	return func(handler StrictHandlerFunc, operationID string) StrictHandlerFunc {
+		if operationID == "PostApiLogin" {
+			return handler
+		} else {
+			return func(c echo.Context, request interface{}) (response interface{}, err error) {
+				authorization := c.Request().Header.Get("Authorization")
+				const prefix = "Bearer "
+				if !strings.HasPrefix(authorization, prefix) {
+					return nil, echo.NewHTTPError(http.StatusUnauthorized)
+				}
+				token := authorization[len(prefix):]
+
+				claims, err := auth.ParseJWT(token)
+				if err != nil {
+					return nil, echo.NewHTTPError(http.StatusUnauthorized)
+				}
+				c.SetRequest(c.Request().WithContext(context.WithValue(c.Request().Context(), "user", claims)))
+				return handler(c, request)
+			}
+		}
+	}
+}
diff --git a/backend/auth/jwt.go b/backend/auth/jwt.go
index 1b153fe..c750531 100644
--- a/backend/auth/jwt.go
+++ b/backend/auth/jwt.go
@@ -1,11 +1,10 @@
 package auth
 
 import (
+	"errors"
 	"time"
 
 	"github.com/golang-jwt/jwt/v5"
-	echojwt "github.com/labstack/echo-jwt/v4"
-	"github.com/labstack/echo/v4"
 
 	"github.com/nsfisis/iosdc-2024-albatross-backend/db"
 )
@@ -38,17 +37,16 @@ func NewJWT(user *db.User) (string, error) {
 	return token.SignedString([]byte("TODO"))
 }
 
-func NewJWTMiddleware() echo.MiddlewareFunc {
-	return echojwt.WithConfig(echojwt.Config{
-		NewClaimsFunc: func(c echo.Context) jwt.Claims {
-			return new(JWTClaims)
-		},
-		SigningKey: []byte("TODO"),
+func ParseJWT(token string) (*JWTClaims, error) {
+	claims := new(JWTClaims)
+	t, err := jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (interface{}, error) {
+		return []byte("TODO"), nil
 	})
-}
-
-func GetJWTClaimsFromEchoContext(c echo.Context) *JWTClaims {
-	user := c.Get("user").(*jwt.Token)
-	claims := user.Claims.(*JWTClaims)
-	return claims
+	if err != nil {
+		return nil, err
+	}
+	if !t.Valid {
+		return nil, errors.New("invalid token")
+	}
+	return claims, nil
 }
diff --git a/backend/go.mod b/backend/go.mod
index 8e3e387..e19bfc3 100644
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -7,7 +7,6 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/gorilla/websocket v1.5.3
 	github.com/jackc/pgx/v5 v5.5.5
-	github.com/labstack/echo-jwt/v4 v4.2.0
 	github.com/labstack/echo/v4 v4.12.0
 	github.com/oapi-codegen/echo-middleware v1.0.2
 	github.com/oapi-codegen/oapi-codegen/v2 v2.3.0
diff --git a/backend/go.sum b/backend/go.sum
index 6973c16..c4c4e16 100644
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -71,8 +71,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/labstack/echo-jwt/v4 v4.2.0 h1:odSISV9JgcSCuhgQSV/6Io3i7nUmfM/QkBeR5GVJj5c=
-github.com/labstack/echo-jwt/v4 v4.2.0/go.mod h1:MA2RqdXdEn4/uEglx0HcUOgQSyBaTh5JcaHIan3biwU=
 github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0=
 github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM=
 github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0=
diff --git a/backend/main.go b/backend/main.go
index fa5c079..1ea1fd1 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -148,7 +148,9 @@ func main() {
 		apiGroup := e.Group("/api")
 		apiGroup.Use(oapimiddleware.OapiRequestValidator(openApiSpec))
 		apiHandler := api.NewHandler(queries)
-		api.RegisterHandlers(apiGroup, api.NewStrictHandler(apiHandler, nil))
+		api.RegisterHandlers(apiGroup, api.NewStrictHandler(apiHandler, []api.StrictMiddlewareFunc{
+			api.NewJWTMiddleware(),
+		}))
 	}
 
 	e.GET("/sock/golf/:gameId/watch", func(c echo.Context) error {
author	nsfisis <nsfisis@gmail.com>	2024-07-28 16:00:22 +0900
committer	nsfisis <nsfisis@gmail.com>	2024-07-28 16:01:01 +0900
commit	c953b0496ef205ddda0defd70f376623bf13db61 (patch)
tree	80ddd24c45612dc1971ddb0b268440bfd2efc067 /backend
parent	d85cf0be57dd4394c588c340fbfa8483d981da02 (diff)
download	iosdc-japan-2024-albatross-c953b0496ef205ddda0defd70f376623bf13db61.tar.gz iosdc-japan-2024-albatross-c953b0496ef205ddda0defd70f376623bf13db61.tar.zst iosdc-japan-2024-albatross-c953b0496ef205ddda0defd70f376623bf13db61.zip