cic-dw/internal/admin/api.go

package admin

import (
	"net/http"

	"github.com/golang-jwt/jwt"
	"github.com/grassrootseconomics/cic-go/meta"
	"github.com/jackc/pgx/v4/pgxpool"
	"github.com/labstack/echo/v4"
	"github.com/nleof/goyesql"
)

type api struct {
	db     *pgxpool.Pool
	q      goyesql.Queries
	m      *meta.CicMeta
	jwtKey []byte
}

func InitAdminApi(e *echo.Echo, db *pgxpool.Pool, queries goyesql.Queries, metaClient *meta.CicMeta, jwtKey string) {
	api := newApi(db, queries, metaClient, jwtKey)

	auth := e.Group(("/auth"))
	g := e.Group("/admin")

	auth.Use(api.dwCoreMiddleware)
	auth.POST("/login", sendLoginJwtCookie)
	auth.POST("/logout", sendLogoutCookie)

	g.Use(api.dwCoreMiddleware)
	g.Use(api.verifyAuthMiddleware)

	g.GET("/check", isLoggedIn)
	g.GET("/meta-proxy/:address", handleMetaProxy)
	g.GET("/pin-status", handlePinStatus)
	g.GET("/phone-2-address/:phone", handlePhone2Address)
	g.GET("/address-2-phone/:address", handleAddress2Phone)
}

func newApi(db *pgxpool.Pool, queries goyesql.Queries, metaClient *meta.CicMeta, jwtKey string) *api {
	return &api{
		db:     db,
		q:      queries,
		m:      metaClient,
		jwtKey: []byte(jwtKey),
	}
}

func (a *api) dwCoreMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
	return func(c echo.Context) error {
		c.Set("api", &api{
			db:     a.db,
			q:      a.q,
			m:      a.m,
			jwtKey: a.jwtKey,
		})
		return next(c)
	}
}

func (a *api) verifyAuthMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
	return func(c echo.Context) error {
		cookie, err := c.Cookie("_ge_auth")
		if err != nil {
			return c.String(http.StatusForbidden, "auth cookie missing")
		}

		claims := &jwtClaims{}

		token, err := jwt.ParseWithClaims(cookie.Value, claims, func(token *jwt.Token) (interface{}, error) {
			return a.jwtKey, nil
		})
		if err != nil {
			return c.String(http.StatusUnauthorized, "jwt validation failed")
		}
		if !token.Valid {
			return c.String(http.StatusUnauthorized, "jwt invalid")
		}

		return next(c)
	}
}