2024-01-10 14:48:03 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2024-01-14 17:28:04 +00:00
|
|
|
"auth-server/logic"
|
2024-01-10 14:48:03 +00:00
|
|
|
"context"
|
|
|
|
"github.com/go-oauth2/oauth2/v4/errors"
|
|
|
|
"github.com/go-oauth2/oauth2/v4/manage"
|
|
|
|
"github.com/go-oauth2/oauth2/v4/server"
|
|
|
|
"github.com/go-oauth2/oauth2/v4/store"
|
2024-01-14 17:28:04 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/rpcclient"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/util"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/wallet"
|
|
|
|
"strconv"
|
2024-01-13 19:16:40 +00:00
|
|
|
|
2024-01-10 14:48:03 +00:00
|
|
|
"log"
|
|
|
|
"log/slog"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
func main() {
|
|
|
|
config, err := logic.LoadConfig("./config.json")
|
2024-01-13 19:36:23 +00:00
|
|
|
if err != nil {
|
2024-01-14 17:28:04 +00:00
|
|
|
log.Fatalf("Error while reading config: %s", err)
|
|
|
|
return
|
2024-01-14 14:48:25 +00:00
|
|
|
}
|
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
slog.Info("ContractCheckSum: " + config.ContractCheckSum)
|
|
|
|
slog.Info("AuthServerPort: " + strconv.Itoa(config.AuthServerPort))
|
|
|
|
slog.Info("WalletFile: " + config.WalletFile)
|
2024-01-14 14:48:25 +00:00
|
|
|
|
2024-01-10 14:48:03 +00:00
|
|
|
manager := manage.NewDefaultManager()
|
|
|
|
manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg)
|
|
|
|
|
2024-01-13 19:16:40 +00:00
|
|
|
// contract integration
|
2024-01-14 17:28:04 +00:00
|
|
|
fileWallet, _ := wallet.NewWalletFromFile(config.WalletFile)
|
2024-01-13 19:16:40 +00:00
|
|
|
defer fileWallet.Close()
|
|
|
|
|
|
|
|
rpcClient, _ := rpcclient.New(context.Background(), "url", rpcclient.Options{})
|
|
|
|
rpcActor, _ := actor.NewSimple(rpcClient, fileWallet.Accounts[0])
|
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
// smart contract check sum
|
|
|
|
var contractHash util.Uint160
|
|
|
|
|
|
|
|
// using blockchain storage
|
|
|
|
blockchainStorage := logic.NewBlockchainStorage(rpcActor, contractHash)
|
2024-01-10 14:48:03 +00:00
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
// using default in memory token storage
|
|
|
|
manager.MustTokenStorage(store.NewMemoryTokenStore())
|
2024-01-10 14:48:03 +00:00
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
manager.MapClientStorage(blockchainStorage)
|
2024-01-10 14:48:03 +00:00
|
|
|
|
|
|
|
srv := server.NewDefaultServer(manager)
|
|
|
|
srv.SetAllowGetAccessRequest(true)
|
|
|
|
srv.SetClientInfoHandler(server.ClientFormHandler)
|
|
|
|
manager.SetRefreshTokenCfg(manage.DefaultRefreshTokenCfg)
|
|
|
|
|
|
|
|
srv.SetInternalErrorHandler(func(err error) (re *errors.Response) {
|
|
|
|
log.Println("Internal Error:", err.Error())
|
|
|
|
return
|
|
|
|
})
|
|
|
|
|
|
|
|
srv.SetResponseErrorHandler(func(re *errors.Response) {
|
|
|
|
log.Println("Response Error:", re.Error.Error())
|
|
|
|
})
|
|
|
|
|
2024-01-10 17:03:10 +00:00
|
|
|
http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) {
|
2024-01-14 14:48:25 +00:00
|
|
|
id := r.Header.Get("client_id")
|
2024-01-14 17:28:04 +00:00
|
|
|
secret := r.Header.Get("client_secret")
|
|
|
|
|
|
|
|
_, err := blockchainStorage.CheckPassword(id, logic.HashSecret(secret))
|
2024-01-14 14:48:25 +00:00
|
|
|
if err != nil {
|
2024-01-14 17:28:04 +00:00
|
|
|
msg := "Credentials verification failed"
|
|
|
|
slog.Warn(msg + " for client with id: " + id)
|
|
|
|
w.WriteHeader(http.StatusForbidden)
|
|
|
|
w.Write([]byte(msg))
|
2024-01-14 14:48:25 +00:00
|
|
|
}
|
2024-01-14 17:28:04 +00:00
|
|
|
|
|
|
|
srv.HandleTokenRequest(w, r) // verifying secret
|
2024-01-10 14:48:03 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
http.HandleFunc("/register", func(writer http.ResponseWriter, request *http.Request) {
|
|
|
|
id := request.Header.Get("client_id")
|
|
|
|
secret := request.Header.Get("client_secret")
|
|
|
|
|
|
|
|
// check whether client exists
|
2024-01-14 17:28:04 +00:00
|
|
|
_, err := blockchainStorage.GetByID(context.Background(), id)
|
2024-01-10 14:48:03 +00:00
|
|
|
if err == nil {
|
2024-01-14 17:28:04 +00:00
|
|
|
msg := "Client already exists with id: " + id
|
|
|
|
slog.Warn(msg)
|
2024-01-10 14:48:03 +00:00
|
|
|
writer.WriteHeader(http.StatusBadRequest)
|
2024-01-14 17:28:04 +00:00
|
|
|
writer.Write([]byte(msg))
|
2024-01-10 14:48:03 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
// add client's credentials to in memory storage
|
|
|
|
err = logic.AddInMemoryClient(id, "", "", false)
|
2024-01-10 14:48:03 +00:00
|
|
|
if err != nil {
|
2024-01-14 17:28:04 +00:00
|
|
|
slog.Error("Fault during setting client credentials", err)
|
2024-01-10 14:48:03 +00:00
|
|
|
writer.WriteHeader(http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
// add client's credentials to blockchain
|
|
|
|
err = blockchainStorage.Set(&logic.StorageClientInfo{
|
|
|
|
Id: id,
|
|
|
|
Secret: logic.HashSecret(secret), // hash with sha256
|
|
|
|
})
|
|
|
|
|
2024-01-14 14:48:25 +00:00
|
|
|
if err != nil {
|
2024-01-14 17:28:04 +00:00
|
|
|
slog.Error("Failed to register user with id: "+id, err)
|
|
|
|
writer.WriteHeader(http.StatusInternalServerError)
|
2024-01-14 14:48:25 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-10 14:48:03 +00:00
|
|
|
writer.WriteHeader(http.StatusOK)
|
|
|
|
})
|
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
// for tests, can access only with valid token (when logged in)
|
|
|
|
http.HandleFunc("/protected", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) {
|
2024-01-10 14:48:03 +00:00
|
|
|
w.Write([]byte("Hello, I'm protected"))
|
|
|
|
}, srv))
|
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
// can access only with valid token (when logged in), deletes client
|
|
|
|
http.HandleFunc("/delete", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
id := r.Header.Get("client_id")
|
|
|
|
|
|
|
|
err := blockchainStorage.Delete(id)
|
|
|
|
if err != nil {
|
|
|
|
msg := "Fault during deleting client with id: " + id
|
|
|
|
slog.Error(msg, err)
|
|
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
|
|
w.Write([]byte(msg))
|
|
|
|
}
|
|
|
|
|
|
|
|
}, srv))
|
|
|
|
|
|
|
|
// can access only with valid token (when logged in), deletes client and creates new one with another secret
|
|
|
|
http.HandleFunc("/reset-secret", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
id := r.Header.Get("client_id")
|
|
|
|
secret := r.Header.Get("new_client_secret")
|
|
|
|
errorMessage := "Fault during secret reset"
|
|
|
|
|
|
|
|
err := blockchainStorage.Delete(id)
|
|
|
|
if err != nil {
|
|
|
|
slog.Error(errorMessage+" for client with id: "+id, err)
|
|
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
|
|
w.Write([]byte(errorMessage))
|
|
|
|
}
|
2024-01-10 14:48:03 +00:00
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
// add client with new credentials to in memory storage
|
|
|
|
err = logic.AddInMemoryClient(id, "", "", false)
|
2024-01-10 14:48:03 +00:00
|
|
|
if err != nil {
|
2024-01-14 17:28:04 +00:00
|
|
|
slog.Error(errorMessage+" (caused by in memory storage) for client with id: "+id, err)
|
|
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
|
|
w.Write([]byte(errorMessage))
|
2024-01-10 14:48:03 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-01-14 17:28:04 +00:00
|
|
|
// add client with new credentials to blockchain
|
|
|
|
err = blockchainStorage.Set(&logic.StorageClientInfo{
|
|
|
|
Id: id,
|
|
|
|
Secret: logic.HashSecret(secret), // hash with sha256
|
|
|
|
})
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
slog.Error(errorMessage+" (caused by blockchain storage) for client with id: "+id, err)
|
|
|
|
w.WriteHeader(http.StatusInternalServerError)
|
|
|
|
w.Write([]byte(errorMessage))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}, srv))
|
|
|
|
|
|
|
|
log.Fatal(http.ListenAndServe(":"+strconv.Itoa(config.AuthServerPort), nil))
|
2024-01-10 14:48:03 +00:00
|
|
|
}
|