auth/internal/user/delivery/http/user_http.go

package http

import (
	"net/http"
	"strings"

	"github.com/goccy/go-json"
	"github.com/lestrrat-go/jwx/v2/jwa"

	"source.toby3d.me/toby3d/auth/internal/common"
	"source.toby3d.me/toby3d/auth/internal/domain"
	"source.toby3d.me/toby3d/auth/internal/middleware"
	"source.toby3d.me/toby3d/auth/internal/token"
)

type Handler struct {
	config *domain.Config
	tokens token.UseCase
}

func NewHandler(tokens token.UseCase, config *domain.Config) *Handler {
	return &Handler{
		tokens: tokens,
		config: config,
	}
}

func (h *Handler) Handler() http.Handler {
	chain := middleware.Chain{
		//nolint:exhaustivestruct
		middleware.JWTWithConfig(middleware.JWTConfig{
			AuthScheme:    "Bearer",
			ContextKey:    "token",
			SigningKey:    []byte(h.config.JWT.Secret),
			SigningMethod: jwa.SignatureAlgorithm(h.config.JWT.Algorithm),
			Skipper:       middleware.DefaultSkipper,
			TokenLookup:   "header:" + common.HeaderAuthorization + ":Bearer ",
		}),
	}

	return chain.Handler(h.handleFunc)
}

func (h *Handler) handleFunc(w http.ResponseWriter, r *http.Request) {
	if r.Method != "" && r.Method != http.MethodGet {
		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)

		return
	}

	w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)

	encoder := json.NewEncoder(w)

	tkn, userInfo, err := h.tokens.Verify(r.Context(),
		strings.TrimPrefix(r.Header.Get(common.HeaderAuthorization), "Bearer "))
	if err != nil || tkn == nil {
		// WARN(toby3d): If the token is not valid, the endpoint still
		// MUST return a 200 Response.
		_ = encoder.Encode(err) //nolint:errchkjson

		w.WriteHeader(http.StatusOK)

		return
	}

	if !tkn.Scope.Has(domain.ScopeProfile) {
		//nolint:errchkjson
		_ = encoder.Encode(domain.NewError(
			domain.ErrorCodeInsufficientScope,
			"token with 'profile' scope is required to view profile data",
			"https://indieauth.net/source/#user-information",
		))

		w.WriteHeader(http.StatusForbidden)

		return
	}

	//nolint:errchkjson
	_ = encoder.Encode(NewUserInformationResponse(userInfo,
		userInfo.HasEmail() && tkn.Scope.Has(domain.ScopeEmail)))

	w.WriteHeader(http.StatusOK)
}
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`package http`

			`import (`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`"net/http"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`"strings"`

:recycle: Drop HTTP delivery framework replaced 'valyala/fasthttp' to native 'net/http' package, close #4 2023-01-14 21:27:37 +00:00			`"github.com/goccy/go-json"`
:recycle: Refactoring due dependencies upgrade 2022-06-09 19:14:21 +00:00			`"github.com/lestrrat-go/jwx/v2/jwa"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
:truck: Renamed module due project migration 2022-03-13 10:58:34 +00:00			`"source.toby3d.me/toby3d/auth/internal/common"`
			`"source.toby3d.me/toby3d/auth/internal/domain"`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`"source.toby3d.me/toby3d/auth/internal/middleware"`
:truck: Renamed module due project migration 2022-03-13 10:58:34 +00:00			`"source.toby3d.me/toby3d/auth/internal/token"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`)`

:recycle: Drop HTTP delivery framework replaced 'valyala/fasthttp' to native 'net/http' package, close #4 2023-01-14 21:27:37 +00:00			`type Handler struct {`
			`config *domain.Config`
			`tokens token.UseCase`
			`}`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`func NewHandler(tokens token.UseCase, config domain.Config) Handler {`
			`return &Handler{`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`tokens: tokens,`
			`config: config,`
			`}`
			`}`

:recycle: Drop HTTP delivery framework replaced 'valyala/fasthttp' to native 'net/http' package, close #4 2023-01-14 21:27:37 +00:00			`func (h *Handler) Handler() http.Handler {`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`chain := middleware.Chain{`
:art: Format GolangCI-Lint comments 2022-12-26 14:09:34 +00:00			`//nolint:exhaustivestruct`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`middleware.JWTWithConfig(middleware.JWTConfig{`
:arrow_up: Upgraded go modules 2022-02-25 23:18:04 +00:00			`AuthScheme: "Bearer",`
			`ContextKey: "token",`
			`SigningKey: []byte(h.config.JWT.Secret),`
			`SigningMethod: jwa.SignatureAlgorithm(h.config.JWT.Algorithm),`
			`Skipper: middleware.DefaultSkipper,`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`TokenLookup: "header:" + common.HeaderAuthorization + ":Bearer ",`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}),`
			`}`

:recycle: Drop HTTP delivery framework replaced 'valyala/fasthttp' to native 'net/http' package, close #4 2023-01-14 21:27:37 +00:00			`return chain.Handler(h.handleFunc)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}`

:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`func (h Handler) handleFunc(w http.ResponseWriter, r http.Request) {`
:recycle: Drop HTTP delivery framework replaced 'valyala/fasthttp' to native 'net/http' package, close #4 2023-01-14 21:27:37 +00:00			`if r.Method != "" && r.Method != http.MethodGet {`
			`http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)`

			`return`
			`}`

:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`encoder := json.NewEncoder(w)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`tkn, userInfo, err := h.tokens.Verify(r.Context(),`
			`strings.TrimPrefix(r.Header.Get(common.HeaderAuthorization), "Bearer "))`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`if err != nil \|\| tkn == nil {`
			`// WARN(toby3d): If the token is not valid, the endpoint still`
			`// MUST return a 200 Response.`
:art: Format GolangCI-Lint comments 2022-12-26 14:09:34 +00:00			`_ = encoder.Encode(err) //nolint:errchkjson`
:recycle: Refactored user HTTP delivery schema 2023-01-16 19:01:22 +00:00
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`w.WriteHeader(http.StatusOK)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
			`return`
			`}`

:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`if !tkn.Scope.Has(domain.ScopeProfile) {`
:art: Format GolangCI-Lint comments 2022-12-26 14:09:34 +00:00			`//nolint:errchkjson`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`_ = encoder.Encode(domain.NewError(`
			`domain.ErrorCodeInsufficientScope,`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`"token with 'profile' scope is required to view profile data",`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`"https://indieauth.net/source/#user-information",`
			`))`

:recycle: Refactored user HTTP delivery schema 2023-01-16 19:01:22 +00:00			`w.WriteHeader(http.StatusForbidden)`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00
			`return`
			`}`

:recycle: Refactored user HTTP delivery schema 2023-01-16 19:01:22 +00:00			`//nolint:errchkjson`
			`_ = encoder.Encode(NewUserInformationResponse(userInfo,`
			`userInfo.HasEmail() && tkn.Scope.Has(domain.ScopeEmail)))`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`w.WriteHeader(http.StatusOK)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}`