idp-go-sdk: Refactor some stuff

Author: OliverSchlueter

integrations/idp-go-sdk/idp/auth.go

@@ -2,28 +2,91 @@ package idp
 
 import (
 	"crypto/rsa"
+	"encoding/json"
 
 	"github.com/OliverSchlueter/goutils/broker"
 )
 
+var ServiceBaseURL = "https://fancyanalytics.net/idp/api/v1"
+
+// Service provides methods to interact with the IDP service.
 type Service struct {
 	broker         broker.Broker
 	excludedRoutes []string
 	publicKey      *rsa.PublicKey
 	usersCache     *usersCache
 }
 
+// Configuration holds the necessary configuration for initializing the IDP service.
 type Configuration struct {
-	PublicKey      *rsa.PublicKey
-	Broker         broker.Broker
+	// Broker is the message broker used for communication with the IDP service.
+	Broker broker.Broker
+
+	// PublicKey is the RSA public key used for validating JWT tokens issued by the IDP service.
+	PublicKey *rsa.PublicKey
+
+	// ExcludedRoutes is a list of (HTTP) routes that should be excluded from authentication checks. (optional)
 	ExcludedRoutes []string
 }
 
+// NewService initializes and returns a new instance of the IDP service with the provided configuration.
 func NewService(cfg Configuration) *Service {
+	if cfg.ExcludedRoutes == nil {
+		cfg.ExcludedRoutes = []string{}
+	}
+
 	return &Service{
 		broker:         cfg.Broker,
 		excludedRoutes: cfg.ExcludedRoutes,
 		publicKey:      cfg.PublicKey,
 		usersCache:     newUsersCache(),
 	}
 }
+
+// GetUser retrieves a user by their ID or email.
+func (s *Service) GetUser(id string) (*User, error) {
+	userFromCache, err := s.usersCache.GetByID(id)
+	if err == nil {
+		return userFromCache, nil
+	}
+
+	resp, err := s.broker.Request("idp.user.get", []byte(id))
+	if err != nil {
+		return nil, err
+	}
+
+	var u User
+	if err := json.Unmarshal(resp.Data, &u); err != nil {
+		return nil, err
+	}
+
+	s.usersCache.UpsertUser(&u)
+
+	return &u, nil
+}
+
+// ValidateUser validates a user's credentials and returns the user if valid.
+func (s *Service) ValidateUser(userID, password string) (*User, error) {
+	userFromCache, err := s.usersCache.GetByID(userID)
+	if err == nil {
+		// user found in cache, validate password
+		if userFromCache.Password != PasswordHash(password) {
+			return nil, ErrInvalidBasicCredentials
+		}
+		return userFromCache, nil
+	}
+
+	resp, err := s.broker.Request("idp.user.validate", []byte(`{"username":"`+userID+`", "password":"`+password+`"}`))
+	if err != nil {
+		return nil, err
+	}
+
+	var u User
+	if err := json.Unmarshal(resp.Data, &u); err != nil {
+		return nil, err
+	}
+
+	s.usersCache.UpsertUser(&u)
+
+	return &u, nil
+}

integrations/idp-go-sdk/idp/errors.go

@@ -12,6 +12,7 @@ var (
 	ErrMissingAuthorizationHeader  = errors.New("missing Authorization header")
 	ErrInvalidTokenFormat          = errors.New("invalid token format")
 	ErrInvalidAuthenticationMethod = errors.New("invalid authentication method, expected Bearer or Basic")
+	ErrInvalidBasicCredentials     = errors.New("invalid basic authentication credentials")
 	ErrInvalidToken                = errors.New("invalid token")
 	ErrUserNotFound                = errors.New("user not found")
 )

integrations/idp-go-sdk/idp/hash.go

@@ -0,0 +1,13 @@
+package idp
+
+import (
+	"crypto/sha256"
+	"fmt"
+)
+
+func PasswordHash(password string) string {
+	h := sha256.New()
+	h.Write([]byte(password))
+	bs := h.Sum(nil)
+	return fmt.Sprintf("%x", bs)
+}

integrations/idp-go-sdk/idp/http.go

@@ -1,14 +1,13 @@
 package idp
 
 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"regexp"
 	"strings"
 )
 
-func (s *Service) validateRequest(r *http.Request) (*User, error) {
+func (s *Service) validateHTTPRequest(r *http.Request) (*User, error) {
 	if r.Header.Get("Authorization") == "" {
 		return nil, ErrMissingAuthorizationHeader
 	}
@@ -21,29 +20,11 @@ func (s *Service) validateRequest(r *http.Request) (*User, error) {
 			return nil, err
 		}
 
-		userID, err := s.validateToken(token)
+		u, err := s.ValidateToken(token)
 		if err != nil {
 			return nil, fmt.Errorf("failed to validate token: %w", err)
 		}
-
-		userFromCache, err := s.usersCache.GetByID(userID)
-		if err == nil {
-			return userFromCache, nil
-		}
-
-		resp, err := s.broker.Request("idp.user.get", []byte(userID))
-		if err != nil {
-			return nil, fmt.Errorf("failed to get user data: %w", err)
-		}
-
-		var u User
-		if err := json.Unmarshal(resp.Data, &u); err != nil {
-			return nil, fmt.Errorf("failed to unmarshal user data: %w", err)
-		}
-
-		s.usersCache.UpsertUser(&u)
-
-		return &u, nil
+		return u, nil
 	}
 
 	if strings.HasPrefix(authValue, "Basic ") {
@@ -52,23 +33,18 @@ func (s *Service) validateRequest(r *http.Request) (*User, error) {
 			return nil, err
 		}
 
-		resp, err := s.broker.Request("idp.user.validate", []byte(fmt.Sprintf(`{"username":"%s", "password":"%s"}`, userid, password)))
+		u, err := s.ValidateUser(userid, password)
 		if err != nil {
-			return nil, fmt.Errorf("failed to validate user: %w", err)
-		}
-
-		var u User
-		if err := json.Unmarshal(resp.Data, &u); err != nil {
-			return nil, fmt.Errorf("failed to unmarshal user data: %w", err)
+			return nil, fmt.Errorf("failed to validate basic credentials: %w", err)
 		}
 
-		return &u, nil
+		return u, nil
 	}
 
 	return nil, ErrInvalidAuthenticationMethod
 }
 
-func (s *Service) Middleware(next http.Handler) http.Handler {
+func (s *Service) HTTPMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == http.MethodOptions {
 			next.ServeHTTP(w, r)
@@ -90,7 +66,7 @@ func (s *Service) Middleware(next http.Handler) http.Handler {
 		}
 
 		// validate the request and get the user
-		user, err := s.validateRequest(r)
+		user, err := s.validateHTTPRequest(r)
 		if err != nil {
 			fmt.Printf("Error validating user: %v\n", err)
 			http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)

…/idp-go-sdk/idp/auth_token_validation.go …tions/idp-go-sdk/idp/token_validation.gointegrations/idp-go-sdk/idp/auth_token_validation.go renamed to integrations/idp-go-sdk/idp/token_validation.go integrations/idp-go-sdk/idp/auth_token_validation.go renamed to integrations/idp-go-sdk/idp/token_validation.go

@@ -10,32 +10,34 @@ const ServiceName = "fancyanalytics-idp"
 
 var SigningMethod = jwt.SigningMethodRS256
 
-// validateToken validates the given JWT token string and returns the user ID if the token is valid.
-func (s *Service) validateToken(tokenString string) (string, error) {
+// ValidateToken validates the provided JWT token string and returns the associated user if the token is valid.
+func (s *Service) ValidateToken(token string) (*User, error) {
 	parser := jwt.NewParser(
 		jwt.WithValidMethods([]string{SigningMethod.Alg()}),
 		jwt.WithIssuer(ServiceName),
 	)
 
-	token, err := parser.ParseWithClaims(
-		tokenString,
+	t, err := parser.ParseWithClaims(
+		token,
 		&jwt.RegisteredClaims{},
 		s.tokenKeyFunc,
 	)
 	if err != nil {
-		return "", fmt.Errorf("failed to parse token: %w", err)
+		return nil, fmt.Errorf("failed to parse token: %w", err)
 	}
 
-	claims, ok := token.Claims.(*jwt.RegisteredClaims)
-	if !ok || !token.Valid {
-		return "", ErrInvalidToken
+	claims, ok := t.Claims.(*jwt.RegisteredClaims)
+	if !ok || !t.Valid {
+		return nil, ErrInvalidToken
 	}
 
 	if claims.Issuer != ServiceName {
-		return "", ErrInvalidToken
+		return nil, ErrInvalidToken
 	}
 
-	return claims.Subject, nil
+	userID := claims.Subject
+
+	return s.GetUser(userID)
 }
 
 // tokenKeyFunc is a helper function that returns the public key for validating the token's signature.