Skip to content

Commit

Permalink
Broken Version
Browse files Browse the repository at this point in the history
  • Loading branch information
Alder Whiteford authored and Alder Whiteford committed May 20, 2024
1 parent 682256a commit 52e67e5
Show file tree
Hide file tree
Showing 33 changed files with 6,912 additions and 244 deletions.
19 changes: 16 additions & 3 deletions backend/auth/jwt.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package auth

import (
"errors"
"fmt"
"time"

Expand Down Expand Up @@ -39,6 +40,7 @@ type JWTType string
const (
AccessToken JWTType = "access"
RefreshToken JWTType = "refresh"
CSRFToken JWTType = "csrf"
)

type Token struct {
Expand All @@ -63,8 +65,10 @@ type JWTClientInterface interface {
type JWTClient struct {
RefreshExp time.Duration
AccessExp time.Duration
CSRFExp time.Duration
RefreshKey *m.Secret[string]
AccessKey *m.Secret[string]
CSRFKey *m.Secret[string]
SigningMethod jwt.SigningMethod
}

Expand All @@ -74,13 +78,14 @@ func NewJWTClient(authSettings config.AuthSettings, signingMethod jwt.SigningMet
AccessExp: constants.ACCESS_TOKEN_EXPIRY,
RefreshKey: authSettings.RefreshKey,
AccessKey: authSettings.AccessKey,
CSRFKey: authSettings.CSRFKey,
SigningMethod: signingMethod,
}
}

func (j *JWTClient) GenerateTokenPair(accessClaims, refreshClaims Claims) (*Token, error) {
accessToken, err := j.GenerateToken(accessClaims, AccessToken)
if err != nil {
if err != nil{
return nil, err
}

Expand All @@ -89,6 +94,10 @@ func (j *JWTClient) GenerateTokenPair(accessClaims, refreshClaims Claims) (*Toke
return nil, err
}

if accessToken == nil || refreshToken == nil {
return nil, errors.New("failed to generate token pair")
}

return &Token{
AccessToken: accessToken,
RefreshToken: refreshToken,
Expand Down Expand Up @@ -228,6 +237,8 @@ func (j *JWTClient) getExpiry(tokenType JWTType) time.Duration {
return j.AccessExp
case RefreshToken:
return j.RefreshExp
case CSRFToken:
return j.CSRFExp
}

return 0
Expand Down Expand Up @@ -302,10 +313,12 @@ func GenerateRefreshCookie(value string) *fiber.Cookie {
}

func SetResponseTokens(c *fiber.Ctx, tokens *Token) error {
if tokens == nil {
return errors.New("tokens are nil")
}
// Set the tokens in the response
// should also blacklist the old refresh and access tokens

c.Set("Authorization", fmt.Sprintf("Bearer %s", tokens.AccessToken))
c.Set("Authorization", fmt.Sprintf("Bearer %s", &tokens.AccessToken))
c.Cookie(&fiber.Cookie{
Name: "refresh_token",
Value: string(tokens.RefreshToken),
Expand Down
8 changes: 8 additions & 0 deletions backend/config/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,13 @@ import (
type AuthSettings struct {
AccessKey *m.Secret[string]
RefreshKey *m.Secret[string]
CSRFKey *m.Secret[string]
}

type intermediateAuthSettings struct {
AccessKey string `yaml:"accesskey"`
RefreshKey string `yaml:"refreshkey"`
CSRFKey string `yaml:"csrfkey"`

Check failure on line 18 in backend/config/auth.go

View workflow job for this annotation

GitHub Actions / Lint

File is not `goimports`-ed (goimports)
}

func (int *intermediateAuthSettings) into() (*AuthSettings, error) {
Expand All @@ -27,8 +29,14 @@ func (int *intermediateAuthSettings) into() (*AuthSettings, error) {
return nil, errors.New("failed to create secret from refresh key")
}

csrfToken, err := m.NewSecret(int.CSRFKey)
if err != nil {
return nil, errors.New("failed to create secret from csrf key")
}

return &AuthSettings{
AccessKey: accessToken,
RefreshKey: refreshToken,
CSRFKey: csrfToken,
}, nil
}
4 changes: 2 additions & 2 deletions backend/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ type Settings struct {
PineconeSettings PineconeSettings
OpenAISettings OpenAISettings
ResendSettings ResendSettings
GoogleClientSettings *GoogleClientSettings
OutlookClientSettings *OutlookClientSettings
GoogleClientSettings *OAuthConfig
OutlookClientSettings *OAuthConfig
}

type intermediateSettings struct {
Expand Down
61 changes: 32 additions & 29 deletions backend/config/calendar.go → backend/config/oauth.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,33 +7,25 @@ import (
m "github.com/garrettladley/mattress"
)

type CalendarSettings struct {
GoogleClientSettings *GoogleClientSettings
OutlookClientSettings *OutlookClientSettings
}

type GoogleClientSettings struct {
ClientID *m.Secret[string]
type OAuthConfig struct {
BaseURL string
ClientID *m.Secret[string]
ClientSecret *m.Secret[string]
ResponseType string
Scopes []string
Scopes string
RedirectURI string
IncludeGrantedScopes string
ResponseType string
ResponseMode string
AccessType string
IncludeGrantedScopes string
Prompt string
}

type OutlookClientSettings struct {
ClientID string
ResponseType string
Scopes string
RedirectURI string
Tenant string
ResponseMode string
Prompt string
type OAuthSettings struct {
GoogleOAuthSettings *OAuthConfig
OutlookOAuthSettings *OAuthConfig
}

func readGoogleOAuthSettings() (*GoogleClientSettings, error) {
func readGoogleOAuthSettings() (*OAuthConfig, error) {
clientID := os.Getenv("GOOGLE_OAUTH_CLIENT_ID")
if clientID == "" {
return nil, errors.New("GOOGLE_OAUTH_CLIENT_ID is not set")
Expand All @@ -54,36 +46,47 @@ func readGoogleOAuthSettings() (*GoogleClientSettings, error) {
return nil, errors.New("failed to create secret from client secret")
}

return &GoogleClientSettings{
return &OAuthConfig{
BaseURL: "https://accounts.google.com/o/oauth2/v2",
ClientID: secretClientID,
ClientSecret: secretClientSecret,
Scopes: []string{
"https://www.googleapis.com/auth/calendar.events",
"https://www.googleapis.com/auth/calendar.readonly",
},
Scopes: "https://www.googleapis.com/auth/calendar.events https://www.googleapis.com/auth/calendar.readonly",
ResponseType: "code",
RedirectURI: "http://localhost:3000",
IncludeGrantedScopes: "true",
AccessType: "offline",
Prompt: "consent",
}, nil
}

func readOutlookOAuthSettings() (*OutlookClientSettings, error) {
func readOutlookOAuthSettings() (*OAuthConfig, error) {
clientID := os.Getenv("OUTLOOK_OAUTH_CLIENT_ID")
if clientID == "" {
return nil, errors.New("OUTLOOK_OAUTH_CLIENT_ID is not set")
}

secretClientID, err := m.NewSecret(clientID)
if err != nil {
return nil, errors.New("failed to create secret from client ID")
}

clientSecret := os.Getenv("OUTLOOK_OAUTH_CLIENT_SECRET")
if clientSecret == "" {
return nil, errors.New("OUTLOOK_OAUTH_CLIENT_SECRET is not set")
}

return &OutlookClientSettings{
ClientID: clientID,
secretClientSecret, err := m.NewSecret(clientSecret)
if err != nil {
return nil, errors.New("failed to create secret from client secret")
}

return &OAuthConfig{
BaseURL: "https://login.microsoftonline.com/common/oauth2/v2.0",
ClientID: secretClientID,
ClientSecret: secretClientSecret,
Scopes: "offline_access user.read mail.read",
ResponseType: "code",
RedirectURI: "http://localhost:3000",
Scopes: "offline_access user.read mail.read",
Tenant: "common",
ResponseMode: "query",
Prompt: "consent",
}, nil
Expand Down
6 changes: 6 additions & 0 deletions backend/config/production.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,11 @@ func readProd(v *viper.Viper) (*Settings, error) {
return nil, errors.New("failed to create secret from refresh token")
}

authCSRFKey, err := m.NewSecret(os.Getenv(fmt.Sprintf("%sCSRF_TOKEN", authSecretPrefix)))
if err != nil {
return nil, errors.New("failed to create secret from csrf token")
}

pineconeSettings, err := readPineconeSettings()
if err != nil {
return nil, fmt.Errorf("failed to read Pinecone settings: %w", err)
Expand Down Expand Up @@ -127,6 +132,7 @@ func readProd(v *viper.Viper) (*Settings, error) {
Auth: AuthSettings{
AccessKey: authAccessKey,
RefreshKey: authRefreshKey,
CSRFKey: authCSRFKey,
},
PineconeSettings: *pineconeSettings,
OpenAISettings: *openAISettings,
Expand Down
1 change: 1 addition & 0 deletions backend/constants/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import "time"
const (
ACCESS_TOKEN_EXPIRY time.Duration = time.Minute * 24 * 30 // temporary TODO: change to 60 minutes
REFRESH_TOKEN_EXPIRY time.Duration = time.Minute * 24 * 30
CSRF_TOKEN_EXPIRY time.Duration = time.Minute * 5
)

var SPECIAL_CHARACTERS = []rune{' ', '!', '"', '#', '$', '%', '&', '\'', '(', ')', '*', '+', ',', '-', '.', '/', ':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '^', '_', '`', '{', '|', '}', '~'} // see https://owasp.org/www-community/password-special-characters
66 changes: 0 additions & 66 deletions backend/entities/calendar/base/controller.go

This file was deleted.

13 changes: 0 additions & 13 deletions backend/entities/calendar/base/routes.go

This file was deleted.

5 changes: 0 additions & 5 deletions backend/entities/models/calendar.go

This file was deleted.

21 changes: 21 additions & 0 deletions backend/entities/models/oauth.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
package models

import "github.com/google/uuid"

type GrantType string

const (
AuthorizationCode ContactType = "authorization_code"

Check failure on line 8 in backend/entities/models/oauth.go

View workflow job for this annotation

GitHub Actions / Lint

File is not `goimports`-ed (goimports)
RefreshToken ContactType = "refresh_token"
)

type OAuthTokenRequestBody struct {
Code string `json:"code" validate:"omitempty"`
State string `json:"state" validate:"omitempty"`
}

type OAuthToken struct {
UserID uuid.UUID `json:"user_id" validate:"required,uuid4"`
RefreshToken string `json:"refresh_token" validate:"max=255"`
CSRFToken string `json:"csrf_token" validate:"max=255"`
}
1 change: 1 addition & 0 deletions backend/entities/models/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,7 @@ type User struct {
GraduationCycle GraduationCycle `json:"graduation_cycle" validate:"required,max=255,oneof=december may"`
GraduationYear int16 `json:"graduation_year" validate:"required"`
IsVerified bool `json:"is_verified"`
CalendarToken string `json:"calendar_token" validate:"omitempty,max=255"`

Check failure on line 161 in backend/entities/models/user.go

View workflow job for this annotation

GitHub Actions / Lint

File is not `goimports`-ed (goimports)

Tag []Tag `gorm:"many2many:user_tags;" json:"-" validate:"-"`
Admin []Club `gorm:"many2many:user_club_admins;" json:"-" validate:"-"`
Expand Down
Loading

0 comments on commit 52e67e5

Please sign in to comment.