package main import ( "auth-server/logic" "context" "net/url" "os" "strconv" "github.com/go-oauth2/oauth2/v4/errors" "github.com/go-oauth2/oauth2/v4/manage" "github.com/go-oauth2/oauth2/v4/server" "github.com/go-oauth2/oauth2/v4/store" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/rpcclient" "github.com/nspcc-dev/neo-go/pkg/rpcclient/actor" "github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neo-go/pkg/wallet" "log" "log/slog" "net/http" ) func main() { config, err := logic.LoadConfig("./config.json") if err != nil { log.Fatalf("Error while reading config: %s", err) return } slog.Info("ContractCheckSum: " + config.ContractCheckSum) slog.Info("AuthServerPort: " + strconv.Itoa(config.AuthServerPort)) slog.Info("WalletFile: " + config.WalletFile) slog.Info("EndpointUrl: " + config.EndpointUrl) slog.Info("AccountSecret: " + config.AccountSecret) manager := manage.NewDefaultManager() manager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg) // contract integration fileWallet, err := wallet.NewWalletFromFile(config.WalletFile) if err != nil { log.Fatalln("Wallet loading failed.", err) } acc := fileWallet.Accounts[0] if err := acc.Decrypt(config.AccountSecret, keys.NEP2ScryptParams()); err != nil { log.Fatal("Wallet decryption failed") } defer fileWallet.Close() // In idea we need an rpc-server(?) rpcClient, _ := rpcclient.New(context.Background(), config.EndpointUrl, rpcclient.Options{}) rpcActor, _ := actor.NewSimple(rpcClient, fileWallet.Accounts[0]) // smart contract check sum var contractHash, _ = util.Uint160DecodeStringLE(config.ContractCheckSum) // using blockchain storage blockchainStorage := logic.NewBlockchainStorage(rpcActor, contractHash) // using default in memory token storage manager.MustTokenStorage(store.NewMemoryTokenStore()) manager.MapClientStorage(blockchainStorage) srv := server.NewDefaultServer(manager) srv.SetAllowGetAccessRequest(true) srv.SetClientInfoHandler(server.ClientFormHandler) manager.SetRefreshTokenCfg(manage.DefaultRefreshTokenCfg) srv.SetInternalErrorHandler(func(err error) (re *errors.Response) { log.Println("Internal Error:", err.Error()) return }) srv.SetResponseErrorHandler(func(re *errors.Response) { log.Println("Response Error:", re.Error.Error()) }) http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) { id := r.URL.Query().Get("client_id") secret := r.URL.Query().Get("client_secret") secret_hash := logic.HashSecret(secret) _, err := blockchainStorage.CheckPassword(id, secret_hash) if err != nil { msg := "Credentials verification failed" slog.Warn(msg + " for client with id: " + id) w.WriteHeader(http.StatusForbidden) w.Write([]byte(msg)) } r.Form = make(url.Values) r.Form.Add("client_id", id) r.Form.Add("client_secret", secret_hash) r.Form.Add("grant_type", r.URL.Query().Get("grant_type")) r.Form.Add("scope", r.URL.Query().Get("scope")) srv.HandleTokenRequest(w, r) // verifying secret }) http.HandleFunc("/register", func(writer http.ResponseWriter, request *http.Request) { id := request.Header.Get("client_id") secret := request.Header.Get("client_secret") // check whether client exists _, err := blockchainStorage.GetByID(context.Background(), id) if err == nil { msg := "Client already exists with id: " + id slog.Warn(msg) writer.WriteHeader(http.StatusBadRequest) writer.Write([]byte(msg)) return } /* redundant // add client's credentials to in memory storage err = logic.AddInMemoryClient(id, "", "", false) if err != nil { slog.Error("Fault during setting client credentials", err) writer.WriteHeader(http.StatusInternalServerError) return } */ // add client's credentials to blockchain err = blockchainStorage.Set(&logic.StorageClientInfo{ Id: id, Secret: logic.HashSecret(secret), // hash with sha256 }) if err != nil { slog.Error("Failed to register user with id: "+id, err) writer.WriteHeader(http.StatusInternalServerError) return } writer.WriteHeader(http.StatusOK) }) // for tests, can access only with valid token (when logged in) http.HandleFunc("/protected", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) { w.Write([]byte("Hello, I'm protected")) }, srv)) // can access only with valid token (when logged in), deletes client http.HandleFunc("/delete", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) { id := r.Header.Get("client_id") errorMessage := "Fault during deleting client" // check whether client exists _, err := blockchainStorage.GetByID(context.Background(), id) if err != nil { msg := "Client not found with id: " + id slog.Warn(msg) w.WriteHeader(http.StatusBadRequest) w.Write([]byte(msg)) return } err = blockchainStorage.Delete(id) if err != nil { slog.Error(errorMessage+" (caused by blockchain) with id: "+id, err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte(errorMessage)) } /* redundant logic.DeleteInMemoryClient(id) */ }, srv)) // can access only with valid token (when logged in), deletes client and creates new one with another secret http.HandleFunc("/reset-secret", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) { id := r.Header.Get("client_id") secret := r.Header.Get("new_client_secret") errorMessage := "Fault during secret reset" // check whether client exists _, err := blockchainStorage.GetByID(context.Background(), id) if err != nil { msg := "Client not found with id: " + id slog.Warn(msg) w.WriteHeader(http.StatusBadRequest) w.Write([]byte(msg)) return } err = blockchainStorage.Delete(id) if err != nil { slog.Error(errorMessage+" for client with id: "+id, err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte(errorMessage)) } /* redundant logic.DeleteInMemoryClient(id) */ /* // add client with new credentials to in memory storage err = logic.AddInMemoryClient(id, "", "", false) if err != nil { slog.Error(errorMessage+" (caused by in memory storage) for client with id: "+id, err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte(errorMessage)) return } */ // add client with new credentials to blockchain err = blockchainStorage.Set(&logic.StorageClientInfo{ Id: id, Secret: logic.HashSecret(secret), // hash with sha256 }) if err != nil { slog.Error(errorMessage+" (caused by blockchain storage) for client with id: "+id, err) w.WriteHeader(http.StatusInternalServerError) w.Write([]byte(errorMessage)) return } }, srv)) http.HandleFunc("/login.html", func(w http.ResponseWriter, r *http.Request) { outputHTML(w, r, "static/login.html") }) http.HandleFunc("/register.html", func(w http.ResponseWriter, r *http.Request) { outputHTML(w, r, "static/register.html") }) log.Fatal(http.ListenAndServe(":"+strconv.Itoa(config.AuthServerPort), nil)) } func outputHTML(w http.ResponseWriter, req *http.Request, filename string) { file, err := os.Open(filename) if err != nil { http.Error(w, err.Error(), 500) return } defer file.Close() fi, _ := file.Stat() http.ServeContent(w, req, file.Name(), fi.ModTime(), file) }