crimson-quirks/crimson-vault
1
0
Fork 0
mirror of https://github.com/hazemKrimi/crimson-vault.git synced 2026-05-01 18:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

wip: session auth middleware

Browse Source
This commit is contained in:
Hazem Krimi
2025-06-05 06:26:11 +01:00
parent af8323cdb0
commit 627633ea29
10 changed files with 96 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/api.go
+6 -2
View File
@@ -6,6 +6,8 @@ import (
"github.com/go-playground/validator/v10"
"github.com/labstack/echo/v4"
"github.com/labstack/echo/v4/middleware"
"github.com/labstack/echo-contrib/session"
"github.com/gorilla/sessions"
"github.com/hazemKrimi/crimson-vault/internal/lib"
"github.com/hazemKrimi/crimson-vault/internal/models"
@@ -32,10 +34,12 @@ func (api *API) Initialize() {
api.instance = ech
api.db = db
api.ClientRoutes()
api.UserRoutes()
// TODO: Change and store the secret separately when finilizing v1.
api.instance.Use(session.Middleware(sessions.NewCookieStore([]byte("SECRET"))))
api.instance.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"*"},
}))
api.ClientRoutes()
api.UserRoutes()
api.instance.Logger.Fatal(api.instance.Start(fmt.Sprintf(":%d", lib.DEFAULT_PORT)))
}
internal/api/client.go
+6 -6
View File
@@ -46,7 +46,7 @@ func (api *API) GetClientHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to get a Client!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error getting Client!")
@@ -54,7 +54,7 @@ func (api *API) GetClientHandler(context echo.Context) error {
var client types.Client
if err := api.db.GetClient(id, &client); err != nil {
if err := api.db.GetClient(uint32(id), &client); err != nil {
return context.String(http.StatusNotFound, "Client not found!")
}
@@ -69,7 +69,7 @@ func (api *API) UpdateClientHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to update a Client!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error updating Client!")
@@ -88,7 +88,7 @@ func (api *API) UpdateClientHandler(context echo.Context) error {
var client types.Client
if err := api.db.UpdateClient(id, body, &client); err != nil {
if err := api.db.UpdateClient(uint32(id), body, &client); err != nil {
return context.String(http.StatusNotFound, "Client not found!")
}
@@ -103,7 +103,7 @@ func (api *API) DeleteClientHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to delete a Client!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error deleting Client!")
@@ -111,7 +111,7 @@ func (api *API) DeleteClientHandler(context echo.Context) error {
var client types.Client
if err := api.db.DeleteClient(id); err != nil {
if err := api.db.DeleteClient(uint32(id)); err != nil {
return context.String(http.StatusNotFound, "Client not found!")
}
internal/api/middleware.go
+21
View File
@@ -0,0 +1,21 @@
package api
import (
"net/http"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
)
func SessionMiddleware(next echo.HandlerFunc) echo.HandlerFunc {
return func(context echo.Context) error {
sess, err := session.Get("session", context)
if sess == nil || err != nil {
return context.String(http.StatusBadRequest, "User not authenticated!")
}
context.Set("id", sess.Values["id"])
return next(context)
}
}
internal/api/user.go
+26 -12
View File
@@ -10,7 +10,9 @@ import (
"strconv"
"strings"
"github.com/hazemKrimi/crimson-vault/internal/lib"
"github.com/hazemKrimi/crimson-vault/internal/types"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
)
@@ -27,6 +29,18 @@ func (api *API) CreateUserHandler(context echo.Context) error {
}
user := api.db.CreateUser(body)
sess, err := session.Get("session", context)
if err != nil {
api.db.DeleteUser(user.ID)
return context.String(http.StatusInternalServerError, "Unexpected error saving User session!")
}
lib.ConstructSession(sess, user)
if err := sess.Save(context.Request(), context.Response()); err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error saving User session!")
}
log.Println(fmt.Sprintf("User created with ID %d.", user.ID))
return context.JSON(http.StatusOK, user)
@@ -50,7 +64,7 @@ func (api *API) GetUserHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to get a User!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error getting User!")
@@ -58,7 +72,7 @@ func (api *API) GetUserHandler(context echo.Context) error {
var user types.User
if err := api.db.GetUser(id, &user); err != nil {
if err := api.db.GetUser(uint32(id), &user); err != nil {
return context.String(http.StatusNotFound, "User not found!")
}
@@ -73,7 +87,7 @@ func (api *API) UpdateUserHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to update a User!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error updating User!")
@@ -92,7 +106,7 @@ func (api *API) UpdateUserHandler(context echo.Context) error {
var user types.User
if err := api.db.UpdateUser(id, body, &user); err != nil {
if err := api.db.UpdateUser(uint32(id), body, &user); err != nil {
return context.String(http.StatusNotFound, "User not found!")
}
@@ -107,7 +121,7 @@ func (api *API) UpdateUserSecurityDetailsHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to create security details for a User!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error while creating security details for User!")
@@ -126,7 +140,7 @@ func (api *API) UpdateUserSecurityDetailsHandler(context echo.Context) error {
var user types.User
if err := api.db.UpdateUserSecurityDetails(id, body, &user); err != nil {
if err := api.db.UpdateUserSecurityDetails(uint32(id), body, &user); err != nil {
return context.String(http.StatusNotFound, "User not found!")
}
@@ -141,7 +155,7 @@ func (api *API) UpdateUserLogoHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to update logo for User!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error updating logo for User!")
@@ -149,7 +163,7 @@ func (api *API) UpdateUserLogoHandler(context echo.Context) error {
var user types.User
if err := api.db.GetUser(id, &user); err != nil {
if err := api.db.GetUser(uint32(id), &user); err != nil {
return context.String(http.StatusNotFound, "User not found!")
}
@@ -231,13 +245,13 @@ func (api *API) DeleteUserHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to delete a User!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
return context.String(http.StatusInternalServerError, "Unexpected error deleting User!")
}
if err := api.db.DeleteUser(id); err != nil {
if err := api.db.DeleteUser(uint32(id)); err != nil {
return context.String(http.StatusNotFound, "User not found!")
}
@@ -252,7 +266,7 @@ func (api *API) DeleteUserLogoHandler(context echo.Context) error {
return context.String(http.StatusBadRequest, "ID is required to delete logo of User!")
}
id, err := strconv.Atoi(idString)
id, err := strconv.ParseUint(idString, 10, 32)
if err != nil {
log.Println(fmt.Sprintf("Error deleting logo of User: %v.", err))
@@ -261,7 +275,7 @@ func (api *API) DeleteUserLogoHandler(context echo.Context) error {
var user types.User
if err := api.db.GetUser(id, &user); err != nil {
if err := api.db.GetUser(uint32(id), &user); err != nil {
return context.String(http.StatusNotFound, "User not found!")
}
internal/lib/constants.go
+1 -1
View File
@@ -1,4 +1,4 @@
package lib
const DEFAULT_PORT int = 6900
const DEFAULT_PORT uint32 = 6900
const DEFAULT_CONFIG_DIRECTORY string = ".local/state/crimson-vault"
internal/lib/utils.go
+12
View File
@@ -3,6 +3,9 @@ package lib
import (
"os"
"path/filepath"
"github.com/gorilla/sessions"
"github.com/hazemKrimi/crimson-vault/internal/types"
)
func GetConfigDirectory() (string, error) {
@@ -16,3 +19,12 @@ func GetConfigDirectory() (string, error) {
return config, nil
}
func ConstructSession(session *sessions.Session, user types.User) {
session.Options = &sessions.Options{
Path: "/",
MaxAge: 86400 * 7,
HttpOnly: true,
}
session.Values["id"] = user.ID
}
internal/models/client.go
+3 -3
View File
@@ -35,7 +35,7 @@ func (db *DB) GetClients() ([]types.Client, error) {
return clients, nil
}
func (db *DB) GetClient(id int, client *types.Client) error {
func (db *DB) GetClient(id uint32, client *types.Client) error {
result := db.instance.Where("id = ?", id).First(client, id)
if result.Error != nil {
@@ -45,7 +45,7 @@ func (db *DB) GetClient(id int, client *types.Client) error {
return nil
}
func (db *DB) UpdateClient(id int, body types.UpdateClientRequestBody, client *types.Client) error {
func (db *DB) UpdateClient(id uint32, body types.UpdateClientRequestBody, client *types.Client) error {
result := db.instance.Where("id = ?", id).First(client, id)
if result.Error != nil {
@@ -69,7 +69,7 @@ func (db *DB) UpdateClient(id int, body types.UpdateClientRequestBody, client *t
return nil
}
func (db *DB) DeleteClient(id int) error {
func (db *DB) DeleteClient(id uint32) error {
result := db.instance.Delete(&types.Client{}, id)
if result.Error != nil {
internal/models/user.go
+4 -4
View File
@@ -37,7 +37,7 @@ func (db *DB) GetUsers() ([]types.User, error) {
return users, nil
}
func (db *DB) GetUser(id int, user *types.User) error {
func (db *DB) GetUser(id uint32, user *types.User) error {
result := db.instance.Where("id = ?", id).First(user, id)
if result.Error != nil {
@@ -47,7 +47,7 @@ func (db *DB) GetUser(id int, user *types.User) error {
return nil
}
func (db *DB) UpdateUser(id int, body types.UpdateUserRequestBody, user *types.User) error {
func (db *DB) UpdateUser(id uint32, body types.UpdateUserRequestBody, user *types.User) error {
result := db.instance.Where("id = ?", id).First(user, id)
if result.Error != nil {
@@ -71,7 +71,7 @@ func (db *DB) UpdateUser(id int, body types.UpdateUserRequestBody, user *types.U
return nil
}
func (db *DB) UpdateUserSecurityDetails(id int, body types.UpdateUserSecurityDetailsBody, user *types.User) error {
func (db *DB) UpdateUserSecurityDetails(id uint32, body types.UpdateUserSecurityDetailsBody, user *types.User) error {
result := db.instance.Where("id = ?", id).First(user, id)
if result.Error != nil {
@@ -102,7 +102,7 @@ func (db *DB) UpdateUserLogo(path string, user *types.User) error {
return nil
}
func (db *DB) DeleteUser(id int) error {
func (db *DB) DeleteUser(id uint32) error {
result := db.instance.Delete(&types.User{}, id)
if result.Error != nil {