cic-dw/internal/admin/api.go

package admin

import (
	"net/http"

	"github.com/golang-jwt/jwt"
	"github.com/jackc/pgx/v4/pgxpool"
	"github.com/labstack/echo/v4"
	"github.com/nleof/goyesql"
	"github.com/rs/zerolog/log"
)

type api struct {
	db     *pgxpool.Pool
	q      goyesql.Queries
	jwtKey []byte
}

func InitAdminApi(e *echo.Echo, db *pgxpool.Pool, queries goyesql.Queries, jwtKey string) {
	api := newApi(db, queries, jwtKey)

	auth := e.Group(("/auth"))
	g := e.Group("/admin")

	auth.Use(api.dwCoreMiddleware)
	auth.POST("/login", sendLoginJwtCookie)
	auth.POST("/logout", sendLogoutCookie)

	g.Use(api.dwCoreMiddleware)
	g.Use(api.verifyAuthMiddleware)

	g.GET("/protected", handleProtectedResource)
}

func newApi(db *pgxpool.Pool, queries goyesql.Queries, jwtKey string) *api {
	return &api{
		db:     db,
		q:      queries,
		jwtKey: []byte(jwtKey),
	}
}

func (a *api) dwCoreMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
	return func(c echo.Context) error {
		c.Set("api", &api{
			db:     a.db,
			q:      a.q,
			jwtKey: a.jwtKey,
		})
		return next(c)
	}
}

func (a *api) verifyAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
	return func(c echo.Context) error {
		log.Info().Msgf("%v", c.Cookies())
		cookie, err := c.Cookie("_ge_auth")
		if err != nil {
			return c.String(http.StatusForbidden, "auth cookie missing")
		}

		claims := &jwtClaims{}

		token, err := jwt.ParseWithClaims(cookie.Value, claims, func(token *jwt.Token) (interface{}, error) {
			return a.jwtKey, nil
		})
		if err != nil {
			if err == jwt.ErrSignatureInvalid {
				return c.String(http.StatusUnauthorized, "jwt signature validation failed")
			}
			return c.String(http.StatusBadRequest, "jwt bad request")
		}
		if !token.Valid {
			return c.String(http.StatusUnauthorized, "jwt invalid")
		}

		return next(c)
	}
}