auth/internal/user/delivery/http/user_http.go

package http

import (
	"encoding/json"
	"strings"

	"github.com/fasthttp/router"
	"github.com/lestrrat-go/jwx/jwa"
	http "github.com/valyala/fasthttp"

	"source.toby3d.me/toby3d/middleware"
	"source.toby3d.me/toby3d/auth/internal/common"
	"source.toby3d.me/toby3d/auth/internal/domain"
	"source.toby3d.me/toby3d/auth/internal/token"
)

type (
	UserInformationResponse struct {
		Name  string `json:"name,omitempty"`
		URL   string `json:"url,omitempty"`
		Photo string `json:"photo,omitempty"`
		Email string `json:"email,omitempty"`
	}

	RequestHandler struct {
		config *domain.Config
		tokens token.UseCase
	}
)

func NewRequestHandler(tokens token.UseCase, config *domain.Config) *RequestHandler {
	return &RequestHandler{
		tokens: tokens,
		config: config,
	}
}

func (h *RequestHandler) Register(r *router.Router) {
	chain := middleware.Chain{
		middleware.JWTWithConfig(middleware.JWTConfig{
			AuthScheme:    "Bearer",
			ContextKey:    "token",
			SigningKey:    []byte(h.config.JWT.Secret),
			SigningMethod: jwa.SignatureAlgorithm(h.config.JWT.Algorithm),
			Skipper:       middleware.DefaultSkipper,
			TokenLookup:   "header:" + http.HeaderAuthorization + ":Bearer ",
		}),
		middleware.LogFmt(),
	}

	r.GET("/userinfo", chain.RequestHandler(h.handleUserInformation))
}

func (h *RequestHandler) handleUserInformation(ctx *http.RequestCtx) {
	ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
	ctx.SetStatusCode(http.StatusOK)

	encoder := json.NewEncoder(ctx)

	tkn, userInfo, err := h.tokens.Verify(ctx, strings.TrimPrefix(string(ctx.Request.Header.Peek(
		http.HeaderAuthorization)), "Bearer "))
	if err != nil || tkn == nil {
		// WARN(toby3d): If the token is not valid, the endpoint still
		// MUST return a 200 Response.
		_ = encoder.Encode(err)

		return
	}

	if !tkn.Scope.Has(domain.ScopeProfile) {
		ctx.SetStatusCode(http.StatusForbidden)

		_ = encoder.Encode(domain.NewError(
			domain.ErrorCodeInsufficientScope,
			"token with 'profile' scope is required to view profile data",
			"https://indieauth.net/source/#user-information",
		))

		return
	}

	resp := new(UserInformationResponse)
	if userInfo == nil {
		_ = encoder.Encode(resp)

		return
	}

	if userInfo.HasName() {
		resp.Name = userInfo.GetName()
	}

	if userInfo.HasURL() {
		resp.URL = userInfo.GetURL().String()
	}

	if userInfo.HasPhoto() {
		resp.Photo = userInfo.GetPhoto().String()
	}

	if tkn.Scope.Has(domain.ScopeEmail) && userInfo.HasEmail() {
		resp.Email = userInfo.GetEmail().String()
	}

	_ = encoder.Encode(resp)
}
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`package http`

			`import (`
			`"encoding/json"`
			`"strings"`

			`"github.com/fasthttp/router"`
			`"github.com/lestrrat-go/jwx/jwa"`
			`http "github.com/valyala/fasthttp"`

			`"source.toby3d.me/toby3d/middleware"`
:truck: Renamed module due project migration 2022-03-13 10:58:34 +00:00			`"source.toby3d.me/toby3d/auth/internal/common"`
			`"source.toby3d.me/toby3d/auth/internal/domain"`
			`"source.toby3d.me/toby3d/auth/internal/token"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`)`

			`type (`
			`UserInformationResponse struct {`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			Name string `json:"name,omitempty"`
			URL string `json:"url,omitempty"`
			Photo string `json:"photo,omitempty"`
			Email string `json:"email,omitempty"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}`

			`RequestHandler struct {`
			`config *domain.Config`
			`tokens token.UseCase`
			`}`
			`)`

			`func NewRequestHandler(tokens token.UseCase, config domain.Config) RequestHandler {`
			`return &RequestHandler{`
			`tokens: tokens,`
			`config: config,`
			`}`
			`}`

			`func (h RequestHandler) Register(r router.Router) {`
			`chain := middleware.Chain{`
			`middleware.JWTWithConfig(middleware.JWTConfig{`
:arrow_up: Upgraded go modules 2022-02-25 23:18:04 +00:00			`AuthScheme: "Bearer",`
			`ContextKey: "token",`
			`SigningKey: []byte(h.config.JWT.Secret),`
			`SigningMethod: jwa.SignatureAlgorithm(h.config.JWT.Algorithm),`
			`Skipper: middleware.DefaultSkipper,`
			`TokenLookup: "header:" + http.HeaderAuthorization + ":Bearer ",`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}),`
			`middleware.LogFmt(),`
			`}`

			`r.GET("/userinfo", chain.RequestHandler(h.handleUserInformation))`
			`}`

			`func (h RequestHandler) handleUserInformation(ctx http.RequestCtx) {`
			`ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)`
			`ctx.SetStatusCode(http.StatusOK)`

			`encoder := json.NewEncoder(ctx)`

:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`tkn, userInfo, err := h.tokens.Verify(ctx, strings.TrimPrefix(string(ctx.Request.Header.Peek(`
			`http.HeaderAuthorization)), "Bearer "))`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`if err != nil \|\| tkn == nil {`
			`// WARN(toby3d): If the token is not valid, the endpoint still`
			`// MUST return a 200 Response.`
			`_ = encoder.Encode(err)`

			`return`
			`}`

:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`if !tkn.Scope.Has(domain.ScopeProfile) {`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`ctx.SetStatusCode(http.StatusForbidden)`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`_ = encoder.Encode(domain.NewError(`
			`domain.ErrorCodeInsufficientScope,`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`"token with 'profile' scope is required to view profile data",`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`"https://indieauth.net/source/#user-information",`
			`))`

			`return`
			`}`

:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`resp := new(UserInformationResponse)`
:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if userInfo == nil {`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`_ = encoder.Encode(resp)`

			`return`
			`}`

:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if userInfo.HasName() {`
			`resp.Name = userInfo.GetName()`
			`}`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00
:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if userInfo.HasURL() {`
			`resp.URL = userInfo.GetURL().String()`
:recycle: Improved profile token claims support 2022-02-17 21:47:13 +00:00			`}`

:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if userInfo.HasPhoto() {`
			`resp.Photo = userInfo.GetPhoto().String()`
:recycle: Improved profile token claims support 2022-02-17 21:47:13 +00:00			`}`

:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if tkn.Scope.Has(domain.ScopeEmail) && userInfo.HasEmail() {`
			`resp.Email = userInfo.GetEmail().String()`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`}`

			`_ = encoder.Encode(resp)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}`