package main import ( "auth-server/logic" "context" "strconv" "github.com/go-oauth2/oauth2/v4/errors" "github.com/go-oauth2/oauth2/v4/manage" "github.com/go-oauth2/oauth2/v4/server" "github.com/go-oauth2/oauth2/v4/store" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/rpcclient" "github.com/nspcc-dev/neo-go/pkg/rpcclient/actor" "github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neo-go/pkg/wallet" "log" "log/slog" "net/http" ) func main() { config, err := logic.LoadConfig("./config.json") if err != nil { log.Fatalf("Error while reading config: %s", err) return } slog.Info("ContractCheckSum: " + config.ContractCheckSum) slog.Info("AuthServerPort: " + strconv.Itoa(config.AuthServerPort)) slog.Info("WalletFile: " + config.WalletFile) manager := manage.NewDefaultManager() manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg) // contract integration fileWallet, _ := wallet.NewWalletFromFile(config.WalletFile) acc := fileWallet.Accounts[0] // FIXME: account password should be in the config: FIXED // FIXME: Idk which password and url we should use if err := acc.Decrypt(config.AccountSecret, keys.NEP2ScryptParams()); err != nil { log.Fatal("Wallet decryption failed") } defer fileWallet.Close() // FIXME: endpoint url should be in the config FIXED // FIXME: Idk which password and url we should use // In idea we need an rpc-server(?) rpcClient, _ := rpcclient.New(context.Background(), config.EndpointUrl, rpcclient.Options{}) rpcActor, _ := actor.NewSimple(rpcClient, fileWallet.Accounts[0]) // smart contract check sum var contractHash, _ = util.Uint160DecodeStringLE(config.ContractCheckSum) // using blockchain storage blockchainStorage := logic.NewBlockchainStorage(rpcActor, contractHash) // using default in memory token storage manager.MustTokenStorage(store.NewMemoryTokenStore()) manager.MapClientStorage(blockchainStorage) srv := server.NewDefaultServer(manager) srv.SetAllowGetAccessRequest(true) srv.SetClientInfoHandler(server.ClientFormHandler) manager.SetRefreshTokenCfg(manage.DefaultRefreshTokenCfg) srv.SetInternalErrorHandler(func(err error) (re *errors.Response) { log.Println("Internal Error:", err.Error()) return }) srv.SetResponseErrorHandler(func(re *errors.Response) { log.Println("Response Error:", re.Error.Error()) }) http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) { id := r.URL.Query().Get("client_id") secret := r.URL.Query().Get("client_secret") _, err := blockchainStorage.CheckPassword(id, logic.HashSecret(secret)) if err != nil { msg := "Credentials verification failed" slog.Warn(msg + " for client with id: " + id) w.WriteHeader(http.StatusForbidden) w.Write([]byte(msg)) } srv.HandleTokenRequest(w, r) // verifying secret }) http.HandleFunc("/register", func(writer http.ResponseWriter, request *http.Request) { id := request.Header.Get("client_id") secret := request.Header.Get("client_secret") // check whether client exists _, err := blockchainStorage.GetByID(context.Background(), id) if err == nil { msg := "Client already exists with id: " + id slog.Warn(msg) writer.WriteHeader(http.StatusBadRequest) writer.Write([]byte(msg)) return } // add client's credentials to in memory storage err = logic.AddInMemoryClient(id, "", "", false) if err != nil { slog.Error("Fault during setting client credentials", err) writer.WriteHeader(http.StatusInternalServerError) return } // add client's credentials to blockchain err = blockchainStorage.Set(&logic.StorageClientInfo{ Id: id, Secret: logic.HashSecret(secret), // hash with sha256 }) if err != nil { slog.Error("Failed to register user with id: "+id, err) writer.WriteHeader(http.StatusInternalServerError) return } writer.WriteHeader(http.StatusOK) }) // for tests, can access only with valid token (when logged in) http.HandleFunc("/protected", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("Hello, I'm protected")) }, srv)) // can access only with valid token (when logged in), deletes client http.HandleFunc("/delete", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) { id := r.Header.Get("client_id") errorMessage := "Fault during deleting client" err := blockchainStorage.Delete(id) if err != nil { slog.Error(errorMessage+" (caused by blockchain) with id: "+id, err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte(errorMessage)) } logic.DeleteInMemoryClient(id) }, srv)) // can access only with valid token (when logged in), deletes client and creates new one with another secret http.HandleFunc("/reset-secret", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) { id := r.Header.Get("client_id") secret := r.Header.Get("new_client_secret") errorMessage := "Fault during secret reset" err := blockchainStorage.Delete(id) if err != nil { slog.Error(errorMessage+" for client with id: "+id, err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte(errorMessage)) } // add client with new credentials to in memory storage err = logic.AddInMemoryClient(id, "", "", false) if err != nil { slog.Error(errorMessage+" (caused by in memory storage) for client with id: "+id, err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte(errorMessage)) return } // add client with new credentials to blockchain err = blockchainStorage.Set(&logic.StorageClientInfo{ Id: id, Secret: logic.HashSecret(secret), // hash with sha256 }) if err != nil { slog.Error(errorMessage+" (caused by blockchain storage) for client with id: "+id, err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte(errorMessage)) return } }, srv)) log.Fatal(http.ListenAndServe(":"+strconv.Itoa(config.AuthServerPort), nil)) }