[API-68] Implement auth middleware

raymondjacobson · raymondjacobson · commit 651fa90b27a7 · 2025-04-15T17:51:30.000-07:00
diff --git a/api/auth_middleware.go b/api/auth_middleware.go
@@ -0,0 +1,83 @@
+package api
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/gofiber/fiber/v2"
+)
+
+const (
+	messageHeader   = "Encoded-Data-Message"
+	signatureHeader = "Encoded-Data-Signature"
+)
+
+// Recover user id and wallet from signature headers
+func (app *ApiServer) recoverAuthorityFromSignatureHeaders(c *fiber.Ctx) (int32, string) {
+	message := c.Get(messageHeader)
+	signature := c.Get(signatureHeader)
+
+	if message == "" || signature == "" {
+		return 0, ""
+	}
+
+	encodedToRecover := []byte(message)
+	prefixedMessage := []byte(fmt.Sprintf("\x19Ethereum Signed Message:\n%d%s", len(encodedToRecover), encodedToRecover))
+	finalHash := crypto.Keccak256Hash(prefixedMessage)
+	signatureBytes := common.FromHex(signature)
+	if signatureBytes[64] >= 27 {
+		signatureBytes[64] -= 27
+	}
+
+	publicKey, err := crypto.SigToPub(finalHash.Bytes(), signatureBytes)
+	if err != nil {
+		return 0, ""
+	}
+
+	recoveredAddr := crypto.PubkeyToAddress(*publicKey)
+	walletLower := strings.ToLower(recoveredAddr.Hex())
+
+	var userId int32
+	err = app.pool.QueryRow(
+		c.Context(),
+		`
+		SELECT user_id FROM users 
+		WHERE
+			wallet = $1 
+			AND is_current = true 
+		ORDER BY created_at ASC 
+		LIMIT 1
+		`,
+		walletLower,
+	).Scan(&userId)
+
+	if err != nil {
+		return 0, walletLower
+	}
+
+	return userId, walletLower
+}
+
+// Middleware to set authedUserId and authedWallet in context
+func (app *ApiServer) authMiddleware(c *fiber.Ctx) error {
+	userId, wallet := app.recoverAuthorityFromSignatureHeaders(c)
+	c.Locals("authedUserId", userId)
+	c.Locals("authedWallet", wallet)
+
+	return c.Next()
+}
+
+func (app *ApiServer) getAuthedUserId(c *fiber.Ctx) int32 {
+	return int32(c.Locals("authedUserId").(int32))
+}
+
+// Middleware that asserts authedUserId is valid
+func (app *ApiServer) requiresAuthMiddleware(c *fiber.Ctx) error {
+	authedUserId := app.getAuthedUserId(c)
+	if authedUserId == 0 {
+		return fiber.NewError(fiber.StatusUnauthorized, "You must be logged in to make this request")
+	}
+	return c.Next()
+}
diff --git a/api/server.go b/api/server.go
@@ -115,6 +115,7 @@ func NewApiServer(config config.Config) *ApiServer {
 	// resolve myId
 	app.Use(app.isFullMiddleware)
 	app.Use(app.resolveMyIdMiddleware)
+	app.Use(app.authMiddleware)
 
 	v1 := app.Group("/v1")
 	v1Full := app.Group("/v1/full")
