add working signup + login
This commit is contained in:
parent
bc85b7c340
commit
d8cb8c8fa8
27 changed files with 600 additions and 39 deletions
|
@ -24,3 +24,7 @@ body {
|
||||||
flex-direction: column;
|
flex-direction: column;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.hidden {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
|
@ -30,7 +30,7 @@ func run(c *cli.Context) error {
|
||||||
return errors.Wrap(err, "creating postgres database")
|
return errors.Wrap(err, "creating postgres database")
|
||||||
}
|
}
|
||||||
|
|
||||||
a, err := app.NewApp(cfg, db)
|
a, err := app.NewApp(c.Context, cfg, db)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "creating app")
|
return errors.Wrap(err, "creating app")
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,7 +39,7 @@ func run(c *cli.Context) error {
|
||||||
return errors.Wrap(err, "creating postgres database")
|
return errors.Wrap(err, "creating postgres database")
|
||||||
}
|
}
|
||||||
|
|
||||||
a, err := app.NewApp(cfg, db)
|
a, err := app.NewApp(c.Context, cfg, db)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "creating app")
|
return errors.Wrap(err, "creating app")
|
||||||
}
|
}
|
||||||
|
|
8
config.example.toml
Normal file
8
config.example.toml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
[core]
|
||||||
|
postgres = "postgresql://mercury:password@localhost/mercury"
|
||||||
|
dev = true
|
||||||
|
secret_key = "" # generate with `openssl rand -base64 48`
|
||||||
|
|
||||||
|
[web]
|
||||||
|
domain = "http://mercury.local"
|
||||||
|
port = 8000
|
|
@ -16,4 +16,5 @@ type WebConfig struct {
|
||||||
type CoreConfig struct {
|
type CoreConfig struct {
|
||||||
Postgres string `toml:"postgres"`
|
Postgres string `toml:"postgres"`
|
||||||
Dev bool `toml:"dev"`
|
Dev bool `toml:"dev"`
|
||||||
|
SecretKey string `toml:"secret_key"`
|
||||||
}
|
}
|
||||||
|
|
1
go.mod
1
go.mod
|
@ -9,6 +9,7 @@ require (
|
||||||
github.com/georgysavva/scany/v2 v2.0.0
|
github.com/georgysavva/scany/v2 v2.0.0
|
||||||
github.com/go-chi/chi/v5 v5.0.8
|
github.com/go-chi/chi/v5 v5.0.8
|
||||||
github.com/go-chi/render v1.0.2
|
github.com/go-chi/render v1.0.2
|
||||||
|
github.com/golang-jwt/jwt/v4 v4.5.0
|
||||||
github.com/jackc/pgx/v5 v5.0.0
|
github.com/jackc/pgx/v5 v5.0.0
|
||||||
github.com/keegancsmith/sqlf v1.1.1
|
github.com/keegancsmith/sqlf v1.1.1
|
||||||
github.com/oklog/ulid/v2 v2.1.0
|
github.com/oklog/ulid/v2 v2.1.0
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -138,6 +138,8 @@ github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
|
||||||
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
|
||||||
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
|
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
|
||||||
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
|
||||||
|
github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
|
||||||
|
github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
|
||||||
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
|
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
|
||||||
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
|
||||||
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
|
||||||
|
|
30
internal/concurrent/value.go
Normal file
30
internal/concurrent/value.go
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
package concurrent
|
||||||
|
|
||||||
|
import "sync"
|
||||||
|
|
||||||
|
// Value is a struct providing concurrent access to another type.
|
||||||
|
// Note: T should be a concrete type, not a pointer.
|
||||||
|
type Value[T any] struct {
|
||||||
|
val T
|
||||||
|
mu sync.RWMutex
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewValue[T any](value T) *Value[T] {
|
||||||
|
return &Value[T]{
|
||||||
|
val: value,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *Value[T]) Get() T {
|
||||||
|
v.mu.RLock()
|
||||||
|
val := v.val
|
||||||
|
v.mu.RUnlock()
|
||||||
|
|
||||||
|
return val
|
||||||
|
}
|
||||||
|
|
||||||
|
func (v *Value[T]) Set(new T) {
|
||||||
|
v.mu.Lock()
|
||||||
|
v.val = new
|
||||||
|
v.mu.Unlock()
|
||||||
|
}
|
|
@ -5,6 +5,10 @@ import "github.com/oklog/ulid/v2"
|
||||||
type Config struct {
|
type Config struct {
|
||||||
Name string
|
Name string
|
||||||
AdminID *ulid.ULID
|
AdminID *ulid.ULID
|
||||||
|
InternalApplication *ulid.ULID
|
||||||
|
|
||||||
|
// ID is always 1
|
||||||
|
ID int
|
||||||
}
|
}
|
||||||
|
|
||||||
var DefaultConfig = Config{
|
var DefaultConfig = Config{
|
||||||
|
|
|
@ -38,7 +38,31 @@ create table posts (
|
||||||
visibility post_visibility not null
|
visibility post_visibility not null
|
||||||
);
|
);
|
||||||
|
|
||||||
|
create table applications (
|
||||||
|
id text primary key,
|
||||||
|
name text not null
|
||||||
|
);
|
||||||
|
|
||||||
|
create table tokens (
|
||||||
|
id text primary key,
|
||||||
|
app_id text not null references applications (id) on delete cascade,
|
||||||
|
user_id text not null references accounts (id) on delete cascade,
|
||||||
|
scopes text[] not null default array[]::text[],
|
||||||
|
expires timestamptz not null
|
||||||
|
);
|
||||||
|
|
||||||
|
create table config (
|
||||||
|
id int primary key not null default 1,
|
||||||
|
name text not null, -- instance name
|
||||||
|
admin_id text references blogs (id) on delete set null, -- admin contact
|
||||||
|
internal_application text references applications (id) on delete set null,
|
||||||
|
constraint singleton check (id = 1) -- only one config table entry
|
||||||
|
);
|
||||||
|
|
||||||
-- +migrate Down
|
-- +migrate Down
|
||||||
|
drop table config;
|
||||||
|
drop table tokens;
|
||||||
|
drop table applications;
|
||||||
drop table accounts;
|
drop table accounts;
|
||||||
drop table blogs;
|
drop table blogs;
|
||||||
drop table posts;
|
drop table posts;
|
||||||
|
|
|
@ -37,8 +37,13 @@ func (s *AccountStore) ByID(ctx context.Context, id ulid.ULID) (a database.Accou
|
||||||
}
|
}
|
||||||
|
|
||||||
// ByUsername gets an account by its username.
|
// ByUsername gets an account by its username.
|
||||||
func (s *AccountStore) ByUsername(ctx context.Context, username string, host *string) (a database.Account, err error) {
|
func (s *AccountStore) ByUsername(ctx context.Context, username, domain string) (a database.Account, err error) {
|
||||||
q := sqlf.Sprintf("SELECT * FROM accounts WHERE username = %s AND host = %v", username, host)
|
q := sqlf.Sprintf("SELECT * FROM accounts WHERE username = %s", username)
|
||||||
|
if domain == "" {
|
||||||
|
q = sqlf.Sprintf("%v AND domain IS NULL", q)
|
||||||
|
} else {
|
||||||
|
q = sqlf.Sprintf("%v AND domain = %s", q, domain)
|
||||||
|
}
|
||||||
|
|
||||||
a, err = Get[database.Account](ctx, s.q, q)
|
a, err = Get[database.Account](ctx, s.q, q)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -64,7 +69,7 @@ func (s *AccountStore) CreateLocal(
|
||||||
}
|
}
|
||||||
|
|
||||||
q := sqlf.Sprintf(
|
q := sqlf.Sprintf(
|
||||||
"INSERT INTO accounts (id, username, host, email, password) VALUES (%s, %v, NULL, %v, %v) RETURNING *",
|
"INSERT INTO accounts (id, username, domain, email, password) VALUES (%s, %v, NULL, %v, %v) RETURNING *",
|
||||||
makeULID(), username, email, hash)
|
makeULID(), username, email, hash)
|
||||||
|
|
||||||
a, err = Get[database.Account](ctx, s.q, q)
|
a, err = Get[database.Account](ctx, s.q, q)
|
||||||
|
|
51
internal/database/sql/config.go
Normal file
51
internal/database/sql/config.go
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
package sql
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
|
||||||
|
"emperror.dev/errors"
|
||||||
|
"git.sleepycat.moe/sam/mercury/internal/database"
|
||||||
|
"github.com/keegancsmith/sqlf"
|
||||||
|
)
|
||||||
|
|
||||||
|
// ConfigStore is the interface to configs in the database.
|
||||||
|
type ConfigStore struct {
|
||||||
|
q Querier
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewConfigStore creates a new ConfigStore instance.
|
||||||
|
func NewConfigStore(q Querier) *ConfigStore {
|
||||||
|
return &ConfigStore{q: q}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *ConfigStore) initConfig(ctx context.Context) error {
|
||||||
|
q := sqlf.Sprintf(`INSERT INTO config
|
||||||
|
(id, name)
|
||||||
|
VALUES (1, %s)
|
||||||
|
ON CONFLICT (id) DO NOTHING`, database.DefaultConfig.Name)
|
||||||
|
|
||||||
|
err := Exec(ctx, s.q, q)
|
||||||
|
return errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *ConfigStore) Get(ctx context.Context) (database.Config, error) {
|
||||||
|
q := sqlf.Sprintf("SELECT * FROM config WHERE id = 1")
|
||||||
|
|
||||||
|
return Get[database.Config](ctx, s.q, q)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *ConfigStore) Set(ctx context.Context, cur, new database.Config) (database.Config, error) {
|
||||||
|
q := sqlf.Sprintf("UPDATE config SET")
|
||||||
|
if cur.Name != new.Name {
|
||||||
|
q = sqlf.Sprintf("%v name = %v,", q, new.Name)
|
||||||
|
}
|
||||||
|
if cur.AdminID != new.AdminID {
|
||||||
|
q = sqlf.Sprintf("%v admin_id = %v,", q, new.AdminID)
|
||||||
|
}
|
||||||
|
if cur.InternalApplication != new.InternalApplication {
|
||||||
|
q = sqlf.Sprintf("%v internal_application = %v,", q, new.InternalApplication)
|
||||||
|
}
|
||||||
|
q = sqlf.Sprintf("%v id = %v WHERE id = %v RETURNING *", q, cur.ID, cur.ID)
|
||||||
|
|
||||||
|
return Get[database.Config](ctx, s.q, q)
|
||||||
|
}
|
|
@ -5,6 +5,7 @@ import (
|
||||||
"context"
|
"context"
|
||||||
|
|
||||||
"emperror.dev/errors"
|
"emperror.dev/errors"
|
||||||
|
"git.sleepycat.moe/sam/mercury/internal/database"
|
||||||
"github.com/jackc/pgx/v5/pgxpool"
|
"github.com/jackc/pgx/v5/pgxpool"
|
||||||
"github.com/oklog/ulid/v2"
|
"github.com/oklog/ulid/v2"
|
||||||
)
|
)
|
||||||
|
@ -24,9 +25,55 @@ func NewBase(ctx context.Context, connString string) (*Base, error) {
|
||||||
base := &Base{
|
base := &Base{
|
||||||
pool: pool,
|
pool: pool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// create configuration
|
||||||
|
if err := base.initSingletons(ctx); err != nil {
|
||||||
|
return nil, errors.Wrap(err, "initializing configuration")
|
||||||
|
}
|
||||||
|
|
||||||
return base, nil
|
return base, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (base *Base) initSingletons(ctx context.Context) error {
|
||||||
|
err := NewConfigStore(base.pool).initConfig(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "initializing configuration")
|
||||||
|
}
|
||||||
|
|
||||||
|
cfg, err := NewConfigStore(base.pool).Get(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "getting configuration")
|
||||||
|
}
|
||||||
|
|
||||||
|
if cfg.InternalApplication == nil {
|
||||||
|
tx, err := base.BeginTx(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "creating transaction")
|
||||||
|
}
|
||||||
|
defer tx.Rollback(ctx)
|
||||||
|
|
||||||
|
app, err := NewTokenStore(tx).CreateApplication(ctx, database.InternalApplicationName)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "creating internal application")
|
||||||
|
}
|
||||||
|
|
||||||
|
newCfg := cfg
|
||||||
|
newCfg.InternalApplication = &app.ID
|
||||||
|
|
||||||
|
cfg, err = NewConfigStore(tx).Set(ctx, cfg, newCfg)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "updating configuration")
|
||||||
|
}
|
||||||
|
|
||||||
|
err = tx.Commit(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrap(err, "committing transaction")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// Acquire acquires a connection from the database pool.
|
// Acquire acquires a connection from the database pool.
|
||||||
// It is the caller's responsibility to call the Release method.
|
// It is the caller's responsibility to call the Release method.
|
||||||
func (base *Base) Acquire(ctx context.Context) (ReleaseableQuerier, error) {
|
func (base *Base) Acquire(ctx context.Context) (ReleaseableQuerier, error) {
|
||||||
|
|
|
@ -48,3 +48,8 @@ func Get[T any](ctx context.Context, querier Querier, query *sqlf.Query) (T, err
|
||||||
}
|
}
|
||||||
return dst, nil
|
return dst, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Exec(ctx context.Context, querier Querier, query *sqlf.Query) error {
|
||||||
|
_, err := querier.Exec(ctx, query.Query(sqlf.PostgresBindVar), query.Args()...)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
52
internal/database/sql/token.go
Normal file
52
internal/database/sql/token.go
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
package sql
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"emperror.dev/errors"
|
||||||
|
"git.sleepycat.moe/sam/mercury/internal/database"
|
||||||
|
"github.com/keegancsmith/sqlf"
|
||||||
|
"github.com/oklog/ulid/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
// TokenStore is the interface to tokens in the database.
|
||||||
|
type TokenStore struct {
|
||||||
|
q Querier
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewTokenStore creates a new TokenStore instance.
|
||||||
|
func NewTokenStore(q Querier) *TokenStore {
|
||||||
|
return &TokenStore{q: q}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *TokenStore) Get(ctx context.Context, id ulid.ULID) (database.Token, error) {
|
||||||
|
q := sqlf.Sprintf("SELECT * FROM tokens WHERE id = %s", id)
|
||||||
|
|
||||||
|
t, err := Get[database.Token](ctx, s.q, q)
|
||||||
|
return t, errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *TokenStore) GetApplication(ctx context.Context, id ulid.ULID) (database.Application, error) {
|
||||||
|
q := sqlf.Sprintf("SELECT * FROM applications WHERE id = %s", id)
|
||||||
|
|
||||||
|
app, err := Get[database.Application](ctx, s.q, q)
|
||||||
|
return app, errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *TokenStore) Create(ctx context.Context, userID, appID ulid.ULID, scopes []string, expires time.Time) (database.Token, error) {
|
||||||
|
q := sqlf.Sprintf(`INSERT INTO tokens
|
||||||
|
(id, user_id, app_id, scopes, expires)
|
||||||
|
values (%s, %s, %s, %v, %v)
|
||||||
|
RETURNING *`, makeULID(), userID, appID, scopes, expires)
|
||||||
|
|
||||||
|
t, err := Get[database.Token](ctx, s.q, q)
|
||||||
|
return t, errors.Wrap(err, "executing query")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s *TokenStore) CreateApplication(ctx context.Context, name string) (database.Application, error) {
|
||||||
|
q := sqlf.Sprintf("INSERT INTO applications (id, name) VALUES (%s, %s) RETURNING *", makeULID(), name)
|
||||||
|
|
||||||
|
app, err := Get[database.Application](ctx, s.q, q)
|
||||||
|
return app, errors.Wrap(err, "executing query")
|
||||||
|
}
|
45
internal/database/token.go
Normal file
45
internal/database/token.go
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
package database
|
||||||
|
|
||||||
|
import (
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
|
"github.com/oklog/ulid/v2"
|
||||||
|
)
|
||||||
|
|
||||||
|
const InternalApplicationName = "mercury_internal"
|
||||||
|
const TokenCookieName = "mercury_token"
|
||||||
|
|
||||||
|
type Application struct {
|
||||||
|
ID ulid.ULID
|
||||||
|
Name string
|
||||||
|
}
|
||||||
|
|
||||||
|
type Token struct {
|
||||||
|
ID ulid.ULID
|
||||||
|
AppID ulid.ULID
|
||||||
|
UserID ulid.ULID
|
||||||
|
Scopes []string
|
||||||
|
Expires time.Time
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t Token) ToClaims() TokenClaims {
|
||||||
|
createdAt := ulid.Time(t.ID.Time())
|
||||||
|
|
||||||
|
return TokenClaims{
|
||||||
|
TokenID: t.ID,
|
||||||
|
UserID: t.UserID,
|
||||||
|
RegisteredClaims: jwt.RegisteredClaims{
|
||||||
|
Issuer: "mercury",
|
||||||
|
ExpiresAt: jwt.NewNumericDate(t.Expires),
|
||||||
|
IssuedAt: jwt.NewNumericDate(createdAt),
|
||||||
|
NotBefore: jwt.NewNumericDate(createdAt),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type TokenClaims struct {
|
||||||
|
TokenID ulid.ULID `json:"jti"`
|
||||||
|
UserID ulid.ULID `json:"sub"`
|
||||||
|
jwt.RegisteredClaims
|
||||||
|
}
|
|
@ -1,8 +1,13 @@
|
||||||
package app
|
package app
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/base64"
|
||||||
|
|
||||||
"emperror.dev/errors"
|
"emperror.dev/errors"
|
||||||
"git.sleepycat.moe/sam/mercury/config"
|
"git.sleepycat.moe/sam/mercury/config"
|
||||||
|
"git.sleepycat.moe/sam/mercury/internal/concurrent"
|
||||||
|
"git.sleepycat.moe/sam/mercury/internal/database"
|
||||||
"git.sleepycat.moe/sam/mercury/internal/database/sql"
|
"git.sleepycat.moe/sam/mercury/internal/database/sql"
|
||||||
"git.sleepycat.moe/sam/mercury/web/templates"
|
"git.sleepycat.moe/sam/mercury/web/templates"
|
||||||
"github.com/flosch/pongo2/v6"
|
"github.com/flosch/pongo2/v6"
|
||||||
|
@ -10,31 +15,54 @@ import (
|
||||||
"github.com/go-chi/chi/v5/middleware"
|
"github.com/go-chi/chi/v5/middleware"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
ErrSecretKeyEmpty = errors.Sentinel("core.secret_key cannot be empty")
|
||||||
|
)
|
||||||
|
|
||||||
type App struct {
|
type App struct {
|
||||||
Router chi.Router
|
Router chi.Router
|
||||||
|
|
||||||
Config config.Config
|
AppConfig config.Config
|
||||||
|
DBConfig *concurrent.Value[database.Config]
|
||||||
Database *sql.Base
|
Database *sql.Base
|
||||||
|
|
||||||
tmpl *pongo2.TemplateSet
|
tmpl *pongo2.TemplateSet
|
||||||
|
tokenKey []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewApp(cfg config.Config, db *sql.Base) (*App, error) {
|
func NewApp(ctx context.Context, cfg config.Config, db *sql.Base) (*App, error) {
|
||||||
app := &App{
|
app := &App{
|
||||||
Router: chi.NewRouter(),
|
Router: chi.NewRouter(),
|
||||||
Config: cfg,
|
AppConfig: cfg,
|
||||||
Database: db,
|
Database: db,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cfg.Core.SecretKey == "" {
|
||||||
|
return nil, ErrSecretKeyEmpty
|
||||||
|
}
|
||||||
|
tokenKey, err := base64.RawStdEncoding.DecodeString(cfg.Core.SecretKey)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "decoding core.secret_key")
|
||||||
|
}
|
||||||
|
app.tokenKey = tokenKey
|
||||||
|
|
||||||
tmpl, err := templates.New(cfg.Core.Dev)
|
tmpl, err := templates.New(cfg.Core.Dev)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "creating templates")
|
return nil, errors.Wrap(err, "creating templates")
|
||||||
}
|
}
|
||||||
app.tmpl = tmpl
|
app.tmpl = tmpl
|
||||||
|
|
||||||
|
if cfg.Core.Dev {
|
||||||
app.Router.Use(app.Logger)
|
app.Router.Use(app.Logger)
|
||||||
|
}
|
||||||
app.Router.Use(middleware.Recoverer)
|
app.Router.Use(middleware.Recoverer)
|
||||||
|
|
||||||
|
dbCfg, err := app.Config().Get(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return nil, errors.Wrap(err, "getting database config")
|
||||||
|
}
|
||||||
|
app.DBConfig = concurrent.NewValue(dbCfg)
|
||||||
|
|
||||||
return app, nil
|
return app, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -52,9 +80,23 @@ func (a *App) Blog(q ...sql.Querier) *sql.BlogStore {
|
||||||
return sql.NewBlogStore(q[0])
|
return sql.NewBlogStore(q[0])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *App) Config(q ...sql.Querier) *sql.ConfigStore {
|
||||||
|
if len(q) == 0 || q[0] == nil {
|
||||||
|
return sql.NewConfigStore(a.Database.PoolQuerier())
|
||||||
|
}
|
||||||
|
return sql.NewConfigStore(q[0])
|
||||||
|
}
|
||||||
|
|
||||||
func (a *App) Post(q ...sql.Querier) *sql.PostStore {
|
func (a *App) Post(q ...sql.Querier) *sql.PostStore {
|
||||||
if len(q) == 0 || q[0] == nil {
|
if len(q) == 0 || q[0] == nil {
|
||||||
return sql.NewPostStore(a.Database.PoolQuerier())
|
return sql.NewPostStore(a.Database.PoolQuerier())
|
||||||
}
|
}
|
||||||
return sql.NewPostStore(q[0])
|
return sql.NewPostStore(q[0])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *App) Token(q ...sql.Querier) *sql.TokenStore {
|
||||||
|
if len(q) == 0 || q[0] == nil {
|
||||||
|
return sql.NewTokenStore(a.Database.PoolQuerier())
|
||||||
|
}
|
||||||
|
return sql.NewTokenStore(q[0])
|
||||||
|
}
|
||||||
|
|
|
@ -29,7 +29,7 @@ func (a *App) Logger(next http.Handler) http.Handler {
|
||||||
}
|
}
|
||||||
|
|
||||||
// log end request
|
// log end request
|
||||||
log.Info().
|
log.Debug().
|
||||||
Timestamp().
|
Timestamp().
|
||||||
Str("remote_ip", r.RemoteAddr).
|
Str("remote_ip", r.RemoteAddr).
|
||||||
Str("url", r.URL.Path).
|
Str("url", r.URL.Path).
|
||||||
|
|
|
@ -14,6 +14,7 @@ func (app *App) Template(w http.ResponseWriter, r *http.Request, tmplName string
|
||||||
}
|
}
|
||||||
|
|
||||||
tctx := pongo2.Context{
|
tctx := pongo2.Context{
|
||||||
|
"config": app.DBConfig.Get(),
|
||||||
"flash_message": app.getFlash(w, r),
|
"flash_message": app.getFlash(w, r),
|
||||||
}
|
}
|
||||||
tctx.Update(ctx)
|
tctx.Update(ctx)
|
||||||
|
|
41
web/app/token.go
Normal file
41
web/app/token.go
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
package app
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"emperror.dev/errors"
|
||||||
|
"git.sleepycat.moe/sam/mercury/internal/database"
|
||||||
|
"github.com/golang-jwt/jwt/v4"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (app *App) TokenToJWT(token database.Token) (string, error) {
|
||||||
|
t := jwt.NewWithClaims(jwt.SigningMethodHS256, token.ToClaims())
|
||||||
|
|
||||||
|
return t.SignedString(app.tokenKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (app *App) ParseToken(ctx context.Context, token string) (t database.Token, err error) {
|
||||||
|
parsed, err := jwt.ParseWithClaims(token, &database.TokenClaims{}, func(t *jwt.Token) (interface{}, error) {
|
||||||
|
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||||
|
return nil, fmt.Errorf(`unexpected signing method "%v"`, t.Header["alg"])
|
||||||
|
}
|
||||||
|
|
||||||
|
return app.tokenKey, nil
|
||||||
|
})
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
return t, errors.Wrap(err, "parsing token")
|
||||||
|
}
|
||||||
|
|
||||||
|
c, ok := parsed.Claims.(*database.TokenClaims)
|
||||||
|
if !ok || !parsed.Valid {
|
||||||
|
return t, fmt.Errorf("unknown claims type %T", parsed.Claims)
|
||||||
|
}
|
||||||
|
|
||||||
|
t, err = app.Token().Get(ctx, c.TokenID)
|
||||||
|
if err != nil {
|
||||||
|
return t, errors.Wrap(err, "getting token from database")
|
||||||
|
}
|
||||||
|
return t, nil
|
||||||
|
}
|
|
@ -1,11 +1,92 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"math"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"git.sleepycat.moe/sam/mercury/internal/database"
|
||||||
"github.com/flosch/pongo2/v6"
|
"github.com/flosch/pongo2/v6"
|
||||||
|
"github.com/rs/zerolog/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (app *Auth) GetLogin(w http.ResponseWriter, r *http.Request) {
|
func (app *Auth) GetLogin(w http.ResponseWriter, r *http.Request) {
|
||||||
app.Template(w, r, "auth/login.tpl", pongo2.Context{})
|
app.Template(w, r, "auth/login.tpl", pongo2.Context{
|
||||||
|
"totp": false,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func (app *Auth) PostLogin(w http.ResponseWriter, r *http.Request) {
|
||||||
|
ctx := r.Context()
|
||||||
|
|
||||||
|
username := r.FormValue("username")
|
||||||
|
password := r.FormValue("password")
|
||||||
|
if username == "" {
|
||||||
|
app.Flash(w, "Username cannot be empty.")
|
||||||
|
app.Template(w, r, "auth/login.tpl", pongo2.Context{
|
||||||
|
"totp": false,
|
||||||
|
"flash_message": "Username cannot be empty.",
|
||||||
|
})
|
||||||
|
return
|
||||||
|
} else if password == "" {
|
||||||
|
app.Flash(w, "Password cannot be empty.")
|
||||||
|
app.Template(w, r, "auth/login.tpl", pongo2.Context{
|
||||||
|
"totp": false,
|
||||||
|
"flash_message": "Password cannot be empty.",
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
conn, err := app.Database.Acquire(ctx)
|
||||||
|
if err != nil {
|
||||||
|
log.Err(err).Msg("acquiring database connection")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer conn.Release()
|
||||||
|
|
||||||
|
acct, err := app.Account(conn).ByUsername(ctx, username, "")
|
||||||
|
if err != nil {
|
||||||
|
log.Err(err).Msg("finding account")
|
||||||
|
|
||||||
|
app.Flash(w, "Username or password is invalid.")
|
||||||
|
app.Template(w, r, "auth/login.tpl", pongo2.Context{
|
||||||
|
"totp": false,
|
||||||
|
"flash_message": "Username or password is invalid.",
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
passwordValid, _ := acct.PasswordValid(password)
|
||||||
|
|
||||||
|
if !passwordValid {
|
||||||
|
app.Template(w, r, "auth/login.tpl", pongo2.Context{
|
||||||
|
"totp": false,
|
||||||
|
"flash_message": "Username or password is invalid.",
|
||||||
|
})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: totp
|
||||||
|
|
||||||
|
// create a new token
|
||||||
|
token, err := app.Token(conn).Create(
|
||||||
|
ctx, acct.ID, *app.DBConfig.Get().InternalApplication, []string{"all"}, time.Now().Add(math.MaxInt64))
|
||||||
|
if err != nil {
|
||||||
|
log.Err(err).Msg("creating token")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ts, err := app.TokenToJWT(token)
|
||||||
|
if err != nil {
|
||||||
|
log.Err(err).Msg("signing token string")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
http.SetCookie(w, &http.Cookie{
|
||||||
|
Name: database.TokenCookieName,
|
||||||
|
Value: ts,
|
||||||
|
Path: "/",
|
||||||
|
Expires: token.Expires,
|
||||||
|
})
|
||||||
|
http.Redirect(w, r, "/web", http.StatusSeeOther)
|
||||||
}
|
}
|
||||||
|
|
67
web/auth/signup.go
Normal file
67
web/auth/signup.go
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
package auth
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"git.sleepycat.moe/sam/mercury/internal/database/sql"
|
||||||
|
"github.com/flosch/pongo2/v6"
|
||||||
|
"github.com/rs/zerolog/log"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (app *Auth) GetSignup(w http.ResponseWriter, r *http.Request) {
|
||||||
|
app.Template(w, r, "auth/signup.tpl", pongo2.Context{})
|
||||||
|
}
|
||||||
|
|
||||||
|
func (app *Auth) PostSignup(w http.ResponseWriter, r *http.Request) {
|
||||||
|
ctx := r.Context()
|
||||||
|
|
||||||
|
username := r.FormValue("username")
|
||||||
|
email := r.FormValue("email")
|
||||||
|
password := r.FormValue("password")
|
||||||
|
password2 := r.FormValue("repeat_password")
|
||||||
|
if username == "" {
|
||||||
|
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Username cannot be empty."})
|
||||||
|
return
|
||||||
|
} else if password == "" {
|
||||||
|
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Password cannot be empty."})
|
||||||
|
return
|
||||||
|
} else if password != password2 {
|
||||||
|
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Passwords don't match."})
|
||||||
|
return
|
||||||
|
} else if email == "" {
|
||||||
|
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Email address cannot be empty."})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
tx, err := app.Database.BeginTx(ctx)
|
||||||
|
if err != nil {
|
||||||
|
log.Err(err).Msg("acquiring database connection")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer tx.Rollback(ctx)
|
||||||
|
|
||||||
|
acct, err := app.Account(tx).CreateLocal(ctx, username, email, []byte(password))
|
||||||
|
if err != nil {
|
||||||
|
if err == sql.ErrUsernameTaken {
|
||||||
|
app.Template(w, r, "auth/signup.tpl", pongo2.Context{"flash_message": "Username is already taken."})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
log.Err(err).Msg("creating account")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
_, err = app.Blog(tx).Create(ctx, acct.ID, username)
|
||||||
|
if err != nil {
|
||||||
|
log.Err(err).Msg("creating blog")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
err = tx.Commit(ctx)
|
||||||
|
if err != nil {
|
||||||
|
log.Err(err).Msg("committing transaction")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
app.Flash(w, "Successfully created account!")
|
||||||
|
http.Redirect(w, r, "/auth/login", http.StatusSeeOther)
|
||||||
|
}
|
|
@ -34,7 +34,7 @@ func New(app *app.App) *Frontend {
|
||||||
App: app,
|
App: app,
|
||||||
}
|
}
|
||||||
|
|
||||||
if app.Config.Core.Dev {
|
if app.AppConfig.Core.Dev {
|
||||||
glue, err := vueglue.NewVueGlue(&vueglue.ViteConfig{
|
glue, err := vueglue.NewVueGlue(&vueglue.ViteConfig{
|
||||||
Environment: "development",
|
Environment: "development",
|
||||||
AssetsPath: "frontend",
|
AssetsPath: "frontend",
|
||||||
|
@ -100,7 +100,7 @@ func (app *Frontend) ServeFrontend(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (app *Frontend) ServeStaticAssets(w http.ResponseWriter, r *http.Request) {
|
func (app *Frontend) ServeStaticAssets(w http.ResponseWriter, r *http.Request) {
|
||||||
if app.Config.Core.Dev {
|
if app.AppConfig.Core.Dev {
|
||||||
// TODO: this is unsafe
|
// TODO: this is unsafe
|
||||||
path := filepath.Join("web/frontend/assets/", chi.URLParam(r, "*"))
|
path := filepath.Join("web/frontend/assets/", chi.URLParam(r, "*"))
|
||||||
http.ServeFile(w, r, path)
|
http.ServeFile(w, r, path)
|
||||||
|
|
|
@ -12,13 +12,19 @@ func Routes(app *app.App) {
|
||||||
app.Router.Route("/auth", func(r chi.Router) {
|
app.Router.Route("/auth", func(r chi.Router) {
|
||||||
auth := auth.New(app)
|
auth := auth.New(app)
|
||||||
r.Get("/login", auth.GetLogin)
|
r.Get("/login", auth.GetLogin)
|
||||||
|
r.Post("/login", auth.PostLogin)
|
||||||
|
|
||||||
|
r.Get("/sign_up", auth.GetSignup)
|
||||||
|
r.Post("/sign_up", auth.PostSignup)
|
||||||
})
|
})
|
||||||
|
|
||||||
// web app handlers
|
// web app handlers
|
||||||
// also assets
|
// also assets
|
||||||
|
app.Router.Group(func(r chi.Router) {
|
||||||
frontend := frontend.New(app)
|
frontend := frontend.New(app)
|
||||||
app.Router.HandleFunc(frontend.AssetsPath(), frontend.ServeAssets)
|
r.HandleFunc(frontend.AssetsPath(), frontend.ServeAssets)
|
||||||
app.Router.HandleFunc("/static/*", frontend.ServeStaticAssets)
|
r.HandleFunc("/static/*", frontend.ServeStaticAssets)
|
||||||
app.Router.HandleFunc("/web", frontend.ServeFrontend)
|
r.HandleFunc("/web", frontend.ServeFrontend)
|
||||||
app.Router.HandleFunc("/web/*", frontend.ServeFrontend)
|
r.HandleFunc("/web/*", frontend.ServeFrontend)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,13 @@
|
||||||
{% extends 'base.tpl' %}
|
{% extends 'base.tpl' %}
|
||||||
{% block title %}
|
{% block title %}
|
||||||
Log in
|
Log in • {{ config.Name }}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<div class="auth">
|
<div class="auth">
|
||||||
|
{% if flash_message %}
|
||||||
|
<p>{{ flash_message }}</p>
|
||||||
|
{% endif %}
|
||||||
|
{% if not totp %}
|
||||||
<form method="post">
|
<form method="post">
|
||||||
<p>
|
<p>
|
||||||
<label for="username">Username</label>
|
<label for="username">Username</label>
|
||||||
|
@ -15,5 +19,15 @@
|
||||||
</p>
|
</p>
|
||||||
<input type="submit" value="Log in" />
|
<input type="submit" value="Log in" />
|
||||||
</form>
|
</form>
|
||||||
|
{% else %}
|
||||||
|
<form method="post">
|
||||||
|
<p>
|
||||||
|
<label for="totp_code">Two-factor authentication code</label>
|
||||||
|
<input type="text" name="totp_code" />
|
||||||
|
</p>
|
||||||
|
<input type="text" name="totp_ticket" value="{{ totp_ticket }}" disabled />
|
||||||
|
<input type="submit" value="Log in" />
|
||||||
|
</form>
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
30
web/templates/auth/signup.tpl
Normal file
30
web/templates/auth/signup.tpl
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{% extends 'base.tpl' %}
|
||||||
|
{% block title %}
|
||||||
|
Sign up • {{ config.Name }}
|
||||||
|
{% endblock %}
|
||||||
|
{% block content %}
|
||||||
|
<div class="auth">
|
||||||
|
{% if flash_message %}
|
||||||
|
<p>{{ flash_message }}</p>
|
||||||
|
{% endif %}
|
||||||
|
<form method="post">
|
||||||
|
<p>
|
||||||
|
<label for="username">Username</label>
|
||||||
|
<input type="text" name="username" />
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<label for="username">Email</label>
|
||||||
|
<input type="email" name="email" />
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<label for="username">Password</label>
|
||||||
|
<input type="password" name="password" />
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<label for="username">Repeat password</label>
|
||||||
|
<input type="password" name="repeat_password" />
|
||||||
|
</p>
|
||||||
|
<input type="submit" value="Sign up" />
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
|
@ -4,7 +4,7 @@
|
||||||
<meta charset="UTF-8">
|
<meta charset="UTF-8">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
<link rel="stylesheet" type="text/css" href="/static/css/style.css" />
|
<link rel="stylesheet" type="text/css" href="/static/css/style.css" />
|
||||||
<title>{% block title %}Mercury{% endblock %}</title>
|
<title>{% block title %}{{ config.Name }}{% endblock %}</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
{% block content %}
|
{% block content %}
|
||||||
|
|
Loading…
Reference in a new issue