4
0

restapi.go 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. package httpservers
  2. import (
  3. "context"
  4. "errors"
  5. "fmt"
  6. "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
  7. log "github.com/sirupsen/logrus"
  8. "google.golang.org/grpc"
  9. "google.golang.org/grpc/metadata"
  10. "google.golang.org/protobuf/encoding/protojson"
  11. "net/http"
  12. "github.com/golang-jwt/jwt/v4"
  13. gw "github.com/OliveTin/OliveTin/gen/grpc"
  14. config "github.com/OliveTin/OliveTin/internal/config"
  15. cors "github.com/OliveTin/OliveTin/internal/cors"
  16. )
  17. var (
  18. cfg *config.Config
  19. )
  20. func parseToken(cookieValue string) (*jwt.Token, error) {
  21. return jwt.Parse(cookieValue, func(token *jwt.Token) (interface{}, error) {
  22. // Don't forget to validate the alg is what you expect:
  23. if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
  24. return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
  25. }
  26. // hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
  27. return []byte(cfg.AuthJwtSecret), nil
  28. })
  29. }
  30. func getClaimsFromJwtToken(cookieValue string) (jwt.MapClaims, error) {
  31. token, err := parseToken(cookieValue)
  32. if err != nil {
  33. log.Errorf("jwt parse failure: %v", err)
  34. return nil, errors.New("jwt parse failure")
  35. }
  36. if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
  37. return claims, nil
  38. } else {
  39. return nil, errors.New("jwt token isn't valid")
  40. }
  41. }
  42. func lookupClaimValueOrDefault(claims jwt.MapClaims, key string, def string) string {
  43. if val, ok := claims[key]; ok {
  44. return fmt.Sprintf("%s", val)
  45. } else {
  46. return def
  47. }
  48. }
  49. func startRestAPIServer(globalConfig *config.Config) error {
  50. cfg = globalConfig
  51. log.WithFields(log.Fields{
  52. "address": cfg.ListenAddressGrpcActions,
  53. }).Info("Starting REST API")
  54. ctx := context.Background()
  55. ctx, cancel := context.WithCancel(ctx)
  56. defer cancel()
  57. // The JSONPb.EmitDefaults is necssary, so "empty" fields are returned in JSON.
  58. mux := runtime.NewServeMux(
  59. runtime.WithMetadata(func(ctx context.Context, request *http.Request) metadata.MD {
  60. cookie, err := request.Cookie(cfg.AuthJwtCookieName)
  61. if err != nil {
  62. log.Debugf("jwt cookie check %v name: %v", err, cfg.AuthJwtCookieName)
  63. return nil
  64. }
  65. claims, err := getClaimsFromJwtToken(cookie.Value)
  66. log.Debugf("jwt claims data: %+v", claims)
  67. if err != nil {
  68. log.Warnf("jwt claim error: %+v", err)
  69. return nil
  70. }
  71. username := lookupClaimValueOrDefault(claims, "name", "none")
  72. usergroup := lookupClaimValueOrDefault(claims, "group", "none")
  73. md := metadata.Pairs(
  74. "username", username,
  75. "usergroup", usergroup,
  76. )
  77. log.Debugf("jwt usable claims: %+v", md)
  78. return md
  79. }),
  80. runtime.WithMarshalerOption(runtime.MIMEWildcard, &runtime.HTTPBodyMarshaler{
  81. Marshaler: &runtime.JSONPb{
  82. MarshalOptions: protojson.MarshalOptions{
  83. UseProtoNames: true,
  84. EmitUnpopulated: true,
  85. },
  86. },
  87. }),
  88. )
  89. opts := []grpc.DialOption{grpc.WithInsecure()}
  90. err := gw.RegisterOliveTinApiHandlerFromEndpoint(ctx, mux, cfg.ListenAddressGrpcActions, opts)
  91. if err != nil {
  92. log.Errorf("Could not register REST API Handler %v", err)
  93. return err
  94. }
  95. return http.ListenAndServe(cfg.ListenAddressRestActions, cors.AllowCors(mux))
  96. }