feat: migrated to authentication with cookies

ivinayakg · Mar 1, 2024 · 1242772 · 1242772
1 parent 0acb60d
commit 1242772
Show file tree

Hide file tree

Showing 22 changed files with 197 additions and 105 deletions.
diff --git a/api/constants/main.go b/api/constants/main.go
@@ -0,0 +1,6 @@
+package constants
+
+type env_type string
+
+const Dev env_type = "development"
+const Prod env_type = "prod"
diff --git a/api/controllers/url.go b/api/controllers/url.go
@@ -155,7 +155,7 @@ func ResolveURL(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	go func(r http.Request, url models.URL) {
+	go func(r *http.Request, url models.URL) {
 		userAgent := r.Header.Get("User-Agent")
 		ua := uasurfer.Parse(userAgent)
 
@@ -172,7 +172,7 @@ func ResolveURL(w http.ResponseWriter, r *http.Request) {
 		timestamp := time.Now().Unix()
 
 		helpers.Tracker.CaptureRedirectEvent(device, ip, os, referrer, urlId, timestamp)
-	}(*r, *url)
+	}(r, *url)
 
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 	http.Redirect(w, r, url.Destination, http.StatusMovedPermanently)

diff --git a/api/controllers/user.go b/api/controllers/user.go
@@ -97,21 +97,22 @@ func CallbackSignInWithGoogle(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	var token *string
+
 	if user != nil {
-		token, _ := utils.CreateJWT(user)
-		http.Redirect(w, r, fmt.Sprintf(os.Getenv("FRONTEND_AUTH_URL")+"%v", *token), http.StatusSeeOther)
-		return
+		token, _ = utils.CreateJWT(user)
 	} else {
 		user, err = models.CreateUser(googleProfile["email"].(string), googleProfile["name"].(string), googleProfile["picture"].(string))
 		if err != nil {
 			helpers.SendJSONError(w, http.StatusInternalServerError, "Internal Server Error")
 			return
 		}
-		token, _ := utils.CreateJWT(user)
-		http.Redirect(w, r, fmt.Sprintf(os.Getenv("FRONTEND_AUTH_URL")+"%v", *token), http.StatusSeeOther)
-		return
+		token, _ = utils.CreateJWT(user)
 	}
 
+	cookie := utils.CreateAuthCookie(*token)
+	http.SetCookie(w, cookie)
+	http.Redirect(w, r, os.Getenv("FRONTEND_URL"), http.StatusSeeOther)
 }
 
 func SelfUser(w http.ResponseWriter, r *http.Request) {

diff --git a/api/helpers/helpers.go b/api/helpers/helpers.go
@@ -9,6 +9,8 @@ import (
 	"time"
 )
 
+var ENV string
+
 type ErrorResponse struct {
 	Error string `json:"error"`
 }

diff --git a/api/helpers/urls.go b/api/helpers/urls.go
@@ -30,8 +30,7 @@ func RemoverDomainError(url string) bool {
 }
 
 func BuildUrl(url string) string {
-	env := os.Getenv("ENV")
-	if env == "development" {
+	if ENV == "development" {
 		return "http://" + os.Getenv("SHORTED_URL_DOMAIN") + url
 	}
 	return "https://" + os.Getenv("SHORTED_URL_DOMAIN") + url

diff --git a/api/main.go b/api/main.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/gorilla/mux"
+	"github.com/ivinayakg/shorte.live/api/constants"
 	"github.com/ivinayakg/shorte.live/api/controllers"
 	"github.com/ivinayakg/shorte.live/api/helpers"
 	"github.com/ivinayakg/shorte.live/api/middleware"
@@ -56,9 +57,10 @@ func main() {
 	}
 
 	PORT := os.Getenv("PORT")
+	helpers.ENV = os.Getenv("ENV")
 
 	go func() {
-		if os.Getenv("ENV") != "development" {
+		if os.Getenv("ENV") == string(constants.Prod) {
 			return
 		}
 		router := createRouter()

diff --git a/api/middleware/auth.go b/api/middleware/auth.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"strings"
 
+	"github.com/ivinayakg/shorte.live/api/constants"
 	"github.com/ivinayakg/shorte.live/api/helpers"
 	"github.com/ivinayakg/shorte.live/api/models"
 	"github.com/ivinayakg/shorte.live/api/utils"
@@ -19,14 +20,26 @@ const UserAuthKey userAuth = "User"
 
 func Authentication(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		tokenHeader := strings.Split(r.Header.Get("Authorization"), "Bearer ")
-		if len(tokenHeader) < 2 {
-			errMsg := "Authentication error!, Provide valid auth token"
+		var token string
+
+		cookie := utils.GetCookie(r)
+		if cookie != nil {
+			token = cookie.Value
+		} else if helpers.ENV != string(constants.Prod) {
+			tokenHeader := strings.Split(r.Header.Get("Authorization"), "Bearer ")
+			if len(tokenHeader) < 2 {
+				errMsg := "Authentication error!, Provide valid auth token"
+				helpers.SendJSONError(w, http.StatusForbidden, errMsg)
+				log.Println(errMsg)
+				return
+			}
+			token = tokenHeader[1]
+		} else {
+			errMsg := "Authentication error!, login first"
 			helpers.SendJSONError(w, http.StatusForbidden, errMsg)
 			log.Println(errMsg)
 			return
 		}
-		token := tokenHeader[1]
 
 		systemNotAvailable := helpers.SystemUnderMaintenance(false)
 		if systemNotAvailable {
@@ -54,7 +67,9 @@ func Authentication(next http.Handler) http.Handler {
 			return
 		}
 
-		user.Token = token
+		if helpers.ENV != string(constants.Prod) {
+			user.Token = token
+		}
 
 		c := context.WithValue(r.Context(), UserAuthKey, user)
 		next.ServeHTTP(w, r.WithContext(c))

diff --git a/api/sample.env b/api/sample.env
@@ -20,4 +20,5 @@ DB_CONFIG_COLLECTION_NAME="config"
 SHORTED_URL_DOMAIN="localhost:5100"
 FRONTEND_URL_MAINTENANCE="http://localhost:5173/maintenance"
 UI_NOT_FOUND_URL="http://localhost:5173/not-found/redirect"
-ENV="development"
+ENV="development"
+COOKIE_NAME="shorte-cookie"
diff --git a/api/tests/integration/main_test.go b/api/tests/integration/main_test.go
@@ -57,6 +57,7 @@ func setupTests() func() {
 	helpers.CreateDBInstance()
 	helpers.RedisSetup()
 	helpers.SetupTracker(time.Second*2, 5, 0)
+	helpers.ENV = "test"
 
 	go helpers.Tracker.StartFlush()
 

diff --git a/api/tests/integration/system_test.go b/api/tests/integration/system_test.go
@@ -14,15 +14,17 @@ import (
 func TestURLSystemAvailability(t *testing.T) {
 	req, err := http.NewRequest(http.MethodGet, ServerURL+"/system/available", nil)
 	if err != nil {
-		t.Fatal(err)
+		t.Log(err)
+		t.Fail()
 	}
 	testhelper.PutSystemUnderMaintenance(helpers.Redis, false)
 
 	// Send the request using the default HTTP client
 	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {
-		t.Fatal(err)
+		t.Log(err)
+		t.Fail()
 	}
 
 	body := map[string]interface{}{}
@@ -36,7 +38,8 @@ func TestURLSystemAvailability(t *testing.T) {
 func TestURLSystemAvailabilityFail(t *testing.T) {
 	req, err := http.NewRequest(http.MethodGet, ServerURL+"/system/available", nil)
 	if err != nil {
-		t.Fatal(err)
+		t.Log(err)
+		t.Fail()
 	}
 
 	testhelper.PutSystemUnderMaintenance(helpers.Redis, true)
@@ -45,7 +48,8 @@ func TestURLSystemAvailabilityFail(t *testing.T) {
 	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {
-		t.Fatal(err)
+		t.Log(err)
+		t.Fail()
 	}
 
 	body := map[string]interface{}{}
@@ -59,7 +63,8 @@ func TestURLSystemAvailabilityFail(t *testing.T) {
 func TestNotFound(t *testing.T) {
 	resp, err := RedirecthttpClient.Get(ServerURL + "/" + "something/random")
 	if err != nil {
-		t.Fatal(err)
+		t.Log(err)
+		t.Fail()
 	}
 
 	notFoundUrl := os.Getenv("UI_NOT_FOUND_URL")
@@ -71,7 +76,8 @@ func TestNotFound(t *testing.T) {
 func TestRedirectHome(t *testing.T) {
 	resp, err := RedirecthttpClient.Get(ServerURL + "/")
 	if err != nil {
-		t.Fatal(err)
+		t.Log(err)
+		t.Fail()
 	}
 
 	assert.Equal(t, resp.StatusCode, http.StatusSeeOther, "Excpected status code to be 303")

diff --git a/api/tests/integration/tracking_test.go b/api/tests/integration/tracking_test.go
@@ -16,7 +16,8 @@ import (
 func TestURLRedirectTracking(t *testing.T) {
 	resp, err := RedirecthttpClient.Get(ServerURL + "/" + URLFixture.Short)
 	if err != nil {
-		t.Fatal(err)
+		t.Log(err)
+		t.Fail()
 	}
 
 	destinationURL := URLFixture.Destination
@@ -29,7 +30,8 @@ func TestURLRedirectTracking(t *testing.T) {
 	for result == nil {
 		err := helpers.CurrentDb.RedirectEvent.FindOne(context.Background(), bson.M{"url_id": URLFixture.ID}).Decode(&result)
 		if err != nil && err != mongo.ErrNoDocuments {
-			t.Fatal(err)
+			t.Log(err)
+			t.Fail()
 		}
 		time.Sleep(time.Second * 2)
 	}