feat(GIST-18): implement authentication in backend (#5)

* chore(GIST-18): add goth for authentication

* feat(GIST-18): add tokens,users,users_auth & users_token tables to migrations

* feat(GIST-18): add handlers for social auth github and gmail

* wip(GIST-18): added registration + login on github and google

* wip(GIST-18): added local auth

* wip(GIST-18): added auth middleware in front of gists domain

* docs(GIST-18): added docs for users

Author: Courtcircuits

auth/auth_identity_model.go

@@ -0,0 +1,79 @@
+package auth
+
+import (
+	"database/sql"
+	"errors"
+
+	"github.com/gistapp/api/storage"
+	"github.com/gistapp/api/user"
+	"github.com/gofiber/fiber/v2/log"
+)
+
+type AuthIdentitySQL struct {
+	ID         sql.NullInt32
+	Data       sql.NullString
+	Type       sql.NullString
+	ProviderID sql.NullString
+	OwnerID    sql.NullString
+}
+
+type AuthIdentity struct {
+	ID         string `json:"id"`
+	Data       string `json:"data"`
+	Owner      string `json:"owner"`
+	Type       string `json:"type"`
+	ProviderID string `json:"provider_id"`
+}
+
+type JWTClaim struct {
+	Pub   string `json:"pub"`
+	Email string `json:"email"`
+}
+
+type AuthIdentityAndUser struct {
+	AuthIdentity AuthIdentity
+	User         user.User
+}
+
+type AuthIdentityModel interface {
+	Save() (*AuthIdentity, error)
+}
+
+func (ai *AuthIdentitySQL) Save() (*AuthIdentity, error) {
+	row, err := storage.Database.Query("INSERT INTO auth_identity(data, type, owner_id, provider_id) VALUES ($1, $2, $3, $4) RETURNING auth_id, data, owner_id, type, provider_id", ai.Data.String, ai.Type.String, ai.OwnerID.String, ai.ProviderID.String)
+	if err != nil {
+		log.Error(err)
+		return nil, errors.New("couldn't create auth identity")
+	}
+	var authIdentity AuthIdentity
+	row.Next()
+	err = row.Scan(&authIdentity.ID, &authIdentity.Data, &authIdentity.Owner, &authIdentity.Type, &authIdentity.ProviderID)
+	if err != nil {
+		log.Error(err)
+		return nil, errors.New("couldn't find auth identity")
+	}
+	return &authIdentity, nil
+}
+
+func (ai *AuthIdentitySQL) GetWithUser(provider_id string) (*AuthIdentityAndUser, error) {
+	query := "SELECT a.auth_id, a.data, a.owner_id, a.type, a.provider_id, u.user_id, u.email, u.name, u.picture FROM auth_identity a JOIN users u ON a.owner_id = u.user_id WHERE a.provider_id = $1"
+
+	row, err := storage.Database.Query(query, provider_id)
+
+	if err != nil {
+		log.Error(err)
+		return nil, errors.New("couldn't get auth identity")
+	}
+
+	row.Next()
+	var authIdentity AuthIdentityAndUser
+	err = row.Scan(&authIdentity.AuthIdentity.ID, &authIdentity.AuthIdentity.Data, &authIdentity.AuthIdentity.Owner, &authIdentity.AuthIdentity.Type, &authIdentity.AuthIdentity.ProviderID, &authIdentity.User.ID, &authIdentity.User.Email, &authIdentity.User.Name, &authIdentity.User.Picture)
+
+	if err != nil {
+		log.Error(err)
+		return nil, errors.New("couldn't find auth identity")
+	}
+
+	return &authIdentity, nil
+
+}

auth/controller.go

@@ -0,0 +1,66 @@
+package auth
+
+import (
+	"github.com/gofiber/fiber/v2"
+)
+
+type AuthControllerImpl struct{}
+
+type AuthLocalValidator struct {
+	Email string `json:"email"`
+}
+
+type AuthLocalVerificationValidator struct {
+	Token string `json:"token"`
+	Email string `json:"email"`
+}
+
+func (a *AuthControllerImpl) Callback() fiber.Handler {
+	return func(c *fiber.Ctx) error {
+		return AuthService.Callback(c)
+	}
+}
+
+func (a *AuthControllerImpl) Authenticate() fiber.Handler {
+	return func(c *fiber.Ctx) error {
+		return AuthService.Authenticate(c)
+	}
+}
+
+func (a *AuthControllerImpl) LocalAuth() fiber.Handler {
+	return func(c *fiber.Ctx) error {
+		e := new(AuthLocalValidator)
+		if err := c.BodyParser(e); err != nil {
+			return c.Status(400).SendString("Request must be valid JSON with field email as text")
+		}
+
+		if err := AuthService.LocalAuth(e.Email); err != nil {
+			return c.Status(400).SendString(err.Error())
+		}
+
+		return c.JSON(fiber.Map{"message": "Check your email for the token"})
+	}
+}
+
+func (a *AuthControllerImpl) VerifyAuthToken() fiber.Handler {
+	return func(c *fiber.Ctx) error {
+		e := new(AuthLocalVerificationValidator)
+
+		if err := c.BodyParser(e); err != nil {
+			return c.Status(400).SendString("Request must be valid JSON with fields token and email as text")
+		}
+
+		token := e.Token
+		email := e.Email
+
+		jwt_token, err := AuthService.VerifyLocalAuthToken(token, email)
+
+		if err != nil {
+			return c.Status(400).SendString(err.Error())
+		}
+
+		return c.JSON(fiber.Map{"token": jwt_token})
+	}
+}
+
+var AuthController AuthControllerImpl = AuthControllerImpl{}

auth/router.go

@@ -0,0 +1,14 @@
+package auth
+
+import "github.com/gofiber/fiber/v2"
+
+type AuthRouter struct {
+	Controller AuthControllerImpl
+}
+
+func (r *AuthRouter) SubscribeRoutes(app *fiber.Router) {
+	(*app).Get("/auth/callback/:provider", r.Controller.Callback())
+	(*app).Get("/auth/:provider", r.Controller.Authenticate())
+	(*app).Post("/auth/local/begin", r.Controller.LocalAuth())
+	(*app).Post("/auth/local/verify", r.Controller.VerifyAuthToken())
+}

auth/service.go

@@ -0,0 +1,190 @@
+package auth
+
+import (
+	"database/sql"
+	"encoding/json"
+	"errors"
+	"strings"
+
+	"github.com/gistapp/api/user"
+	"github.com/gistapp/api/utils"
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/log"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/providers/github"
+	"github.com/markbates/goth/providers/google"
+	"github.com/shareed2k/goth_fiber"
+)
+
+type AuthServiceImpl struct{}
+
+func (a *AuthServiceImpl) Authenticate(c *fiber.Ctx) error {
+	if user, err := goth_fiber.CompleteUserAuth(c); err == nil {
+		log.Info(user)
+		return nil
+	} else {
+		return goth_fiber.BeginAuthHandler(c)
+	}
+}
+
+// generates a token and sends it to the user by email
+func (a *AuthServiceImpl) LocalAuth(email string) error {
+	token_val := utils.GenToken(6)
+	token_model := TokenSQL{
+		Keyword: sql.NullString{String: email, Valid: true},
+		Value:   sql.NullString{String: token_val, Valid: true},
+		Type:    sql.NullString{String: string(LocalAuth), Valid: true},
+	}
+
+	_, err := token_model.Save()
+
+	if err != nil {
+		return err
+	}
+
+	err = utils.SendEmail("Gistapp: Local Auth", "Your token is: "+token_val, email)
+
+	return err
+}
+
+// verifies the token and finishes the registration
+func (a *AuthServiceImpl) VerifyLocalAuthToken(token string, email string) (string, error) {
+	token_model := TokenSQL{
+		Value:   sql.NullString{String: token, Valid: true},
+		Keyword: sql.NullString{String: email, Valid: true},
+		Type:    sql.NullString{String: string(LocalAuth), Valid: true},
+	}
+	token_data, err := token_model.Get()
+	if err != nil {
+		return "", err
+	}
+	err = token_data.Delete()
+	if err != nil {
+		return "", errors.New("couldn't invalidate token")
+	}
+
+	//now we finish users registration
+	goth_user := goth.User{
+		UserID:    email,
+		Name:      strings.Split(email, "@")[0],
+		Email:     email,
+		AvatarURL: "https://vercel.com/api/www/avatar/?u=" + email + "&s=80",
+	}
+
+	if user, _, err := a.GetUser(goth_user); err == nil {
+		jwt_token, err := utils.CreateToken(user.Email, user.ID)
+		if err != nil {
+			return "", err
+		}
+		return jwt_token, nil
+	}
+
+	user, err := a.Register(goth_user)
+
+	if err != nil {
+		return "", err
+	}
+
+	jwt_token, err := utils.CreateToken(user.Email, user.ID)
+
+	return jwt_token, err
+}
+
+func (a *AuthServiceImpl) Callback(c *fiber.Ctx) error {
+	auth_user, err := goth_fiber.CompleteUserAuth(c)
+	if err != nil {
+		log.Error(err)
+		return ErrCantCompleteAuth
+	}
+
+	user_md, _, err := a.GetUser(auth_user)
+
+	if err == nil {
+		token, err := utils.CreateToken(user_md.Email, user_md.ID)
+		if err != nil {
+			return err
+		}
+		return c.JSON(fiber.Map{
+			"token": token,
+		})
+	}
+
+	user_md, err = a.Register(auth_user)
+
+	if err != nil {
+		return err
+	}
+
+	jwt, err := utils.CreateToken(user_md.Email, user_md.ID)
+	if err != nil {
+		return err
+	}
+
+	return c.JSON(fiber.Map{
+		"token": jwt,
+	})
+}
+
+func (a *AuthServiceImpl) GetUser(auth_user goth.User) (*user.User, *AuthIdentity, error) {
+	auth_and_user, err := new(AuthIdentitySQL).GetWithUser(auth_user.UserID)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return &auth_and_user.User, &auth_and_user.AuthIdentity, nil
+}
+
+func (a *AuthServiceImpl) Register(auth_user goth.User) (*user.User, error) {
+	data, err := json.Marshal(auth_user)
+	if err != nil {
+		return nil, errors.New("couldn't marshal user")
+	}
+
+	user_model := user.UserSQL{
+		ID:      sql.NullString{String: auth_user.UserID, Valid: true},
+		Email:   sql.NullString{String: auth_user.Email, Valid: true},
+		Name:    sql.NullString{String: auth_user.Name, Valid: true},
+		Picture: sql.NullString{String: auth_user.AvatarURL, Valid: true},
+	}
+
+	user_data, err := user_model.Save()
+
+	if err != nil {
+		return nil, err
+	}
+
+	auth_identity_model := AuthIdentitySQL{
+		Data:       sql.NullString{String: string(data), Valid: true},
+		Type:       sql.NullString{String: auth_user.Provider, Valid: true},
+		OwnerID:    sql.NullString{String: user_data.ID, Valid: true},
+		ProviderID: sql.NullString{String: auth_user.UserID, Valid: true},
+	}
+
+	auth_identity, err := auth_identity_model.Save()
+	log.Info(auth_identity)
+	return user_data, err
+}
+
+func (a *AuthServiceImpl) RegisterProviders() {
+	goth.UseProviders(
+		google.New(utils.Get("GOOGLE_KEY"), utils.Get("GOOGLE_SECRET"), utils.Get("PUBLIC_URL")+"/auth/callback/google"),
+		github.New(utils.Get("GITHUB_KEY"), utils.Get("GITHUB_SECRET"), utils.Get("PUBLIC_URL")+"/auth/callback/github"),
+	)
+}
+
+func (a *AuthServiceImpl) IsAuthenticated(token string) (*JWTClaim, error) {
+	claims, err := utils.VerifyJWT(token)
+
+	if err != nil {
+		return nil, err
+	}
+
+	jwtClaim := new(JWTClaim)
+	jwtClaim.Pub = claims["pub"].(string)
+	jwtClaim.Email = claims["email"].(string)
+
+	return jwtClaim, nil
+}
+
+var AuthService AuthServiceImpl = AuthServiceImpl{}
+var ErrCantCompleteAuth = errors.New("can't complete auth")