Refactor everything

This commit is contained in:
Andrew-71 2024-10-12 21:45:00 +03:00
parent b07f1b080a
commit cda8f0cc1b
11 changed files with 162 additions and 59 deletions

2
.gitignore vendored
View file

@ -1,3 +1,3 @@
pye pye
private.key private.key
data.db dev-data.db

View file

@ -1,5 +1,8 @@
build: build:
go build go build
run: serve:
go build && ./pye go build && ./pye serve
dev:
go build && ./pye serve --db dev-data.db

View file

@ -11,10 +11,14 @@ in a state that proves I am competent Go developer.
## Current functionality ## Current functionality
* Port `7102` ## `serve`
* `POST /register` - register a user with Basic Auth * `POST /register` - register a user with Basic Auth
* `POST /login` - get a JWT token by Basic Auth * `POST /login` - get a JWT token by Basic Auth
* `GET /pem` - get PEM-encoded public RS256 key * `GET /pem` - get PEM-encoded public RS256 key
* Data persistently stored in an SQLite database `data.db` * Data persistently stored in an SQLite database
(requires creation of empty db) * RS256 key loaded from a file or generated on startup if missing
* RS256 key loaded from `private.key` file or generated on startup if missing
## `verify`
* Verify JWT via public key in a PEM file

View file

@ -1,10 +1,12 @@
package main package auth
import ( import (
"log/slog" "log/slog"
"net/http" "net/http"
"net/mail" "net/mail"
"strings" "strings"
"git.a71.su/Andrew71/pye/storage"
) )
func validEmail(email string) bool { func validEmail(email string) bool {
@ -16,7 +18,7 @@ func validPass(pass string) bool {
return len(pass) >= 8 return len(pass) >= 8
} }
func Register(w http.ResponseWriter, r *http.Request) { func Register(w http.ResponseWriter, r *http.Request, data storage.Storage) {
email, password, ok := r.BasicAuth() email, password, ok := r.BasicAuth()
if ok { if ok {
@ -46,7 +48,7 @@ func Register(w http.ResponseWriter, r *http.Request) {
http.Error(w, "This API requires authorization", http.StatusUnauthorized) http.Error(w, "This API requires authorization", http.StatusUnauthorized)
} }
func Login(w http.ResponseWriter, r *http.Request) { func Login(w http.ResponseWriter, r *http.Request, data storage.Storage) {
email, password, ok := r.BasicAuth() email, password, ok := r.BasicAuth()
if ok { if ok {

View file

@ -1,4 +1,4 @@
package main package auth
import ( import (
"crypto/rand" "crypto/rand"
@ -11,12 +11,12 @@ import (
"os" "os"
"time" "time"
"git.a71.su/Andrew71/pye/config"
"git.a71.su/Andrew71/pye/storage" "git.a71.su/Andrew71/pye/storage"
"github.com/golang-jwt/jwt/v5" "github.com/golang-jwt/jwt/v5"
) )
var ( var (
KeyFile = "private.key"
key *rsa.PrivateKey key *rsa.PrivateKey
) )
@ -24,7 +24,7 @@ var (
// If the file does not exist, it generates a new key (and saves it) // If the file does not exist, it generates a new key (and saves it)
func MustLoadKey() { func MustLoadKey() {
// If the key doesn't exist, create it // If the key doesn't exist, create it
if _, err := os.Stat(KeyFile); errors.Is(err, os.ErrNotExist) { if _, err := os.Stat(config.Cfg.KeyFile); errors.Is(err, os.ErrNotExist) {
key, err = rsa.GenerateKey(rand.Reader, 4096) key, err = rsa.GenerateKey(rand.Reader, 4096)
if err != nil { if err != nil {
slog.Error("error generating key", "error", err) slog.Error("error generating key", "error", err)
@ -34,7 +34,7 @@ func MustLoadKey() {
// Save key to disk // Save key to disk
km := x509.MarshalPKCS1PrivateKey(key) km := x509.MarshalPKCS1PrivateKey(key)
block := pem.Block{Bytes: km, Type: "RSA PRIVATE KEY"} block := pem.Block{Bytes: km, Type: "RSA PRIVATE KEY"}
f, err := os.OpenFile(KeyFile, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644) f, err := os.OpenFile(config.Cfg.KeyFile, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
if err != nil { if err != nil {
slog.Error("error opening/creating file", "error", err) slog.Error("error opening/creating file", "error", err)
os.Exit(1) os.Exit(1)
@ -44,9 +44,9 @@ func MustLoadKey() {
slog.Error("error closing file", "error", err) slog.Error("error closing file", "error", err)
os.Exit(1) os.Exit(1)
} }
slog.Info("generated new key") slog.Info("generated new key", "file", config.Cfg.KeyFile)
} else { } else {
km, err := os.ReadFile(KeyFile) km, err := os.ReadFile(config.Cfg.KeyFile)
if err != nil { if err != nil {
slog.Error("error reading key", "error", err) slog.Error("error reading key", "error", err)
os.Exit(1) os.Exit(1)
@ -56,7 +56,7 @@ func MustLoadKey() {
slog.Error("error parsing key", "error", err) slog.Error("error parsing key", "error", err)
os.Exit(1) os.Exit(1)
} }
slog.Info("loaded private key") slog.Info("loaded private key", "file", config.Cfg.KeyFile)
} }
} }
@ -64,19 +64,19 @@ func init() {
MustLoadKey() MustLoadKey()
} }
// publicKey returns our public key as PEM block // PublicKey returns our public key as PEM block over http
func publicKey(w http.ResponseWriter, r *http.Request) { func PublicKey(w http.ResponseWriter, r *http.Request) {
key_marshalled := x509.MarshalPKCS1PublicKey(&key.PublicKey) key_marshalled := x509.MarshalPKCS1PublicKey(&key.PublicKey)
block := pem.Block{Bytes: key_marshalled, Type: "RSA PUBLIC KEY"} block := pem.Block{Bytes: key_marshalled, Type: "RSA PUBLIC KEY"}
pem.Encode(w, &block) pem.Encode(w, &block)
} }
func CreateJWT(usr storage.User) (string, error) { func CreateJWT(user storage.User) (string, error) {
t := jwt.NewWithClaims(jwt.SigningMethodRS256, t := jwt.NewWithClaims(jwt.SigningMethodRS256,
jwt.MapClaims{ jwt.MapClaims{
"iss": "pye", "iss": "pye",
"uid": usr.Uuid, "uid": user.Uuid,
"sub": usr.Email, "sub": user.Email,
"iat": time.Now().Unix(), "iat": time.Now().Unix(),
"exp": time.Now().Add(time.Hour * 24 * 7).Unix(), "exp": time.Now().Add(time.Hour * 24 * 7).Unix(),
}) })
@ -90,8 +90,8 @@ func CreateJWT(usr storage.User) (string, error) {
// VerifyToken receives a JWT and PEM-encoded public key, // VerifyToken receives a JWT and PEM-encoded public key,
// then returns whether the token is valid // then returns whether the token is valid
func VerifyJWT(token string, publicKey []byte) bool { func VerifyJWT(token string, publicKey []byte) (*jwt.Token, error) {
_, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) { t, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) {
key, err := jwt.ParseRSAPublicKeyFromPEM(publicKey) key, err := jwt.ParseRSAPublicKeyFromPEM(publicKey)
if err != nil { if err != nil {
return nil, err return nil, err
@ -101,6 +101,5 @@ func VerifyJWT(token string, publicKey []byte) bool {
} }
return key, nil return key, nil
}) })
slog.Info("Error check", "err", err) return t, err
return err == nil
} }

51
cmd/main.go Normal file
View file

@ -0,0 +1,51 @@
package cmd
import (
"flag"
"fmt"
"os"
"git.a71.su/Andrew71/pye/cmd/serve"
"git.a71.su/Andrew71/pye/cmd/verify"
"git.a71.su/Andrew71/pye/config"
)
func Run() {
// configFlag := flag.String("config", "", "override config file")
// flag.Parse()
// if *configFlag != "" {
// config.Load()
// }
serveCmd := flag.NewFlagSet("serve", flag.ExitOnError)
servePort := serveCmd.Int("port", 0, "override port")
serveDb := serveCmd.String("db", "", "override sqlite database")
verifyCmd := flag.NewFlagSet("verify", flag.ExitOnError)
if len(os.Args) < 2 {
fmt.Println("expected 'serve' or 'verify' subcommands")
os.Exit(0)
}
switch os.Args[1] {
case "serve":
serveCmd.Parse(os.Args[2:])
if *servePort != 0 {
config.Cfg.Port = *servePort
}
if *serveDb != "" {
config.Cfg.SQLiteFile = *serveDb
}
serve.Serve()
case "verify":
verifyCmd.Parse(os.Args[2:])
if len(os.Args) != 4 {
fmt.Println("Usage: <jwt> <pem file>")
}
verify.Verify(os.Args[2], os.Args[3])
default:
fmt.Println("expected 'serve' or 'verify' subcommands")
os.Exit(0)
}
}

32
cmd/serve/main.go Normal file
View file

@ -0,0 +1,32 @@
package serve
import (
"log/slog"
"net/http"
"strconv"
"git.a71.su/Andrew71/pye/auth"
"git.a71.su/Andrew71/pye/config"
"git.a71.su/Andrew71/pye/storage"
"git.a71.su/Andrew71/pye/storage/sqlite"
)
var data storage.Storage
func Serve() {
data = sqlite.MustLoadSQLite(config.Cfg.SQLiteFile)
router := http.NewServeMux()
router.HandleFunc("GET /pem", auth.PublicKey)
router.HandleFunc("POST /register", func(w http.ResponseWriter, r *http.Request) { auth.Register(w, r, data) })
router.HandleFunc("POST /login", func(w http.ResponseWriter, r *http.Request) { auth.Login(w, r, data) })
// Note: likely temporary, possibly to be replaced by a fake "frontend"
router.HandleFunc("GET /register", func(w http.ResponseWriter, r *http.Request) { auth.Register(w, r, data) })
router.HandleFunc("GET /login", func(w http.ResponseWriter, r *http.Request) { auth.Login(w, r, data) })
slog.Info("🪐 pye started", "port", config.Cfg.Port)
http.ListenAndServe(":"+strconv.Itoa(config.Cfg.Port), router)
}

17
cmd/verify/main.go Normal file
View file

@ -0,0 +1,17 @@
package verify
import (
"log/slog"
"os"
"git.a71.su/Andrew71/pye/auth"
)
func Verify(token, filename string) {
key, err := os.ReadFile(filename)
if err != nil {
slog.Error("error reading file", "error", err, "file", filename)
}
t, err := auth.VerifyJWT(token, key)
slog.Info("result", "token", t, "error", err, "ok", err == nil)
}

20
config/config.go Normal file
View file

@ -0,0 +1,20 @@
package config
type Config struct {
Port int `json:"port"`
KeyFile string `json:"key-file"`
SQLiteFile string `json:"sqlite-file"`
}
var DefaultConfig = Config{
Port: 7102,
KeyFile: "private.key",
SQLiteFile: "data.db",
}
var Cfg = MustLoadConfig()
// TODO: Implement
func MustLoadConfig() Config {
return DefaultConfig
}

25
main.go
View file

@ -1,28 +1,7 @@
package main package main
import ( import "git.a71.su/Andrew71/pye/cmd"
"fmt"
"net/http"
"git.a71.su/Andrew71/pye/storage"
"git.a71.su/Andrew71/pye/storage/sqlite"
)
var data storage.Storage = sqlite.MustLoadSQLite()
func main() { func main() {
fmt.Println("=== Working on port 7102 ===") cmd.Run()
router := http.NewServeMux()
router.HandleFunc("GET /pem", publicKey)
router.HandleFunc("POST /register", Register)
router.HandleFunc("POST /login", Login)
// Note: likely temporary, possibly to be replaced by a fake "frontend"
router.HandleFunc("GET /login", Login)
router.HandleFunc("GET /register", Register)
http.ListenAndServe(":7102", router)
} }

View file

@ -18,10 +18,6 @@ const create string = `
PRIMARY KEY("uuid") PRIMARY KEY("uuid")
);` );`
var (
DataFile = "data.db"
)
type SQLiteStorage struct { type SQLiteStorage struct {
db *sql.DB db *sql.DB
} }
@ -61,13 +57,13 @@ func (s SQLiteStorage) EmailExists(email string) bool {
return ok return ok
} }
func MustLoadSQLite() SQLiteStorage { func MustLoadSQLite(dataFile string) SQLiteStorage {
// I *think* we need some file, even if only empty // I *think* we need some file, even if only empty
if _, err := os.Stat(DataFile); errors.Is(err, os.ErrNotExist) { if _, err := os.Stat(dataFile); errors.Is(err, os.ErrNotExist) {
slog.Error("sqlite3 database file required", "file", DataFile) slog.Error("sqlite3 database file required", "file", dataFile)
os.Exit(1) os.Exit(1)
} }
db, err := sql.Open("sqlite3", DataFile) db, err := sql.Open("sqlite3", dataFile)
if err != nil { if err != nil {
slog.Error("error opening database", "error", err) slog.Error("error opening database", "error", err)
os.Exit(1) os.Exit(1)
@ -78,6 +74,6 @@ func MustLoadSQLite() SQLiteStorage {
slog.Info("error initialising database table", "error", err) slog.Info("error initialising database table", "error", err)
os.Exit(1) os.Exit(1)
} }
slog.Info("loaded database") slog.Info("loaded database", "file", dataFile)
return SQLiteStorage{db} return SQLiteStorage{db}
} }