auth/internal/user/delivery/http/user_http.go

package http

import (
	"encoding/json"
	"net/http"
	"strings"

	"github.com/lestrrat-go/jwx/v2/jwa"

	"source.toby3d.me/toby3d/auth/internal/common"
	"source.toby3d.me/toby3d/auth/internal/domain"
	"source.toby3d.me/toby3d/auth/internal/middleware"
	"source.toby3d.me/toby3d/auth/internal/token"
)

type (
	UserInformationResponse struct {
		Name  string `json:"name,omitempty"`
		URL   string `json:"url,omitempty"`
		Photo string `json:"photo,omitempty"`
		Email string `json:"email,omitempty"`
	}

	Handler struct {
		config *domain.Config
		tokens token.UseCase
	}
)

func NewHandler(tokens token.UseCase, config *domain.Config) *Handler {
	return &Handler{
		tokens: tokens,
		config: config,
	}
}

func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	chain := middleware.Chain{
		//nolint:exhaustivestruct
		middleware.JWTWithConfig(middleware.JWTConfig{
			AuthScheme:    "Bearer",
			ContextKey:    "token",
			SigningKey:    []byte(h.config.JWT.Secret),
			SigningMethod: jwa.SignatureAlgorithm(h.config.JWT.Algorithm),
			Skipper:       middleware.DefaultSkipper,
			TokenLookup:   "header:" + common.HeaderAuthorization + ":Bearer ",
		}),
		middleware.LogFmt(),
	}

	chain.Handler(h.handleFunc).ServeHTTP(w, r)
}

func (h *Handler) handleFunc(w http.ResponseWriter, r *http.Request) {
	w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)

	encoder := json.NewEncoder(w)

	tkn, userInfo, err := h.tokens.Verify(r.Context(),
		strings.TrimPrefix(r.Header.Get(common.HeaderAuthorization), "Bearer "))
	if err != nil || tkn == nil {
		// WARN(toby3d): If the token is not valid, the endpoint still
		// MUST return a 200 Response.
		_ = encoder.Encode(err) //nolint:errchkjson
		w.WriteHeader(http.StatusOK)

		return
	}

	if !tkn.Scope.Has(domain.ScopeProfile) {
		//nolint:errchkjson
		_ = encoder.Encode(domain.NewError(
			domain.ErrorCodeInsufficientScope,
			"token with 'profile' scope is required to view profile data",
			"https://indieauth.net/source/#user-information",
		))
		w.WriteHeader(http.StatusForbidden)

		return
	}

	resp := new(UserInformationResponse)
	if userInfo == nil {
		_ = encoder.Encode(resp) //nolint:errchkjson

		return
	}

	if userInfo.HasName() {
		resp.Name = userInfo.GetName()
	}

	if userInfo.HasURL() {
		resp.URL = userInfo.GetURL().String()
	}

	if userInfo.HasPhoto() {
		resp.Photo = userInfo.GetPhoto().String()
	}

	if tkn.Scope.Has(domain.ScopeEmail) && userInfo.HasEmail() {
		resp.Email = userInfo.GetEmail().String()
	}

	_ = encoder.Encode(resp) //nolint:errchkjson
	w.WriteHeader(http.StatusOK)
}
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`package http`

			`import (`
			`"encoding/json"`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`"net/http"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`"strings"`

:recycle: Refactoring due dependencies upgrade 2022-06-09 19:14:21 +00:00			`"github.com/lestrrat-go/jwx/v2/jwa"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
:truck: Renamed module due project migration 2022-03-13 10:58:34 +00:00			`"source.toby3d.me/toby3d/auth/internal/common"`
			`"source.toby3d.me/toby3d/auth/internal/domain"`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`"source.toby3d.me/toby3d/auth/internal/middleware"`
:truck: Renamed module due project migration 2022-03-13 10:58:34 +00:00			`"source.toby3d.me/toby3d/auth/internal/token"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`)`

			`type (`
			`UserInformationResponse struct {`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			Name string `json:"name,omitempty"`
			URL string `json:"url,omitempty"`
			Photo string `json:"photo,omitempty"`
			Email string `json:"email,omitempty"`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}`

:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`Handler struct {`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`config *domain.Config`
			`tokens token.UseCase`
			`}`
			`)`

:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`func NewHandler(tokens token.UseCase, config domain.Config) Handler {`
			`return &Handler{`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`tokens: tokens,`
			`config: config,`
			`}`
			`}`

:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`func (h Handler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`chain := middleware.Chain{`
:art: Format GolangCI-Lint comments 2022-12-26 14:09:34 +00:00			`//nolint:exhaustivestruct`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`middleware.JWTWithConfig(middleware.JWTConfig{`
:arrow_up: Upgraded go modules 2022-02-25 23:18:04 +00:00			`AuthScheme: "Bearer",`
			`ContextKey: "token",`
			`SigningKey: []byte(h.config.JWT.Secret),`
			`SigningMethod: jwa.SignatureAlgorithm(h.config.JWT.Algorithm),`
			`Skipper: middleware.DefaultSkipper,`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`TokenLookup: "header:" + common.HeaderAuthorization + ":Bearer ",`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}),`
			`middleware.LogFmt(),`
			`}`

:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`chain.Handler(h.handleFunc).ServeHTTP(w, r)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}`

:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`func (h Handler) handleFunc(w http.ResponseWriter, r http.Request) {`
			`w.Header().Set(common.HeaderContentType, common.MIMEApplicationJSONCharsetUTF8)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`encoder := json.NewEncoder(w)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`tkn, userInfo, err := h.tokens.Verify(r.Context(),`
			`strings.TrimPrefix(r.Header.Get(common.HeaderAuthorization), "Bearer "))`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`if err != nil \|\| tkn == nil {`
			`// WARN(toby3d): If the token is not valid, the endpoint still`
			`// MUST return a 200 Response.`
:art: Format GolangCI-Lint comments 2022-12-26 14:09:34 +00:00			`_ = encoder.Encode(err) //nolint:errchkjson`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`w.WriteHeader(http.StatusOK)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
			`return`
			`}`

:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`if !tkn.Scope.Has(domain.ScopeProfile) {`
:art: Format GolangCI-Lint comments 2022-12-26 14:09:34 +00:00			`//nolint:errchkjson`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`_ = encoder.Encode(domain.NewError(`
			`domain.ErrorCodeInsufficientScope,`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`"token with 'profile' scope is required to view profile data",`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`"https://indieauth.net/source/#user-information",`
			`))`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`w.WriteHeader(http.StatusForbidden)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00
			`return`
			`}`

:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`resp := new(UserInformationResponse)`
:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if userInfo == nil {`
:art: Format GolangCI-Lint comments 2022-12-26 14:09:34 +00:00			`_ = encoder.Encode(resp) //nolint:errchkjson`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00
			`return`
			`}`

:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if userInfo.HasName() {`
			`resp.Name = userInfo.GetName()`
			`}`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00
:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if userInfo.HasURL() {`
			`resp.URL = userInfo.GetURL().String()`
:recycle: Improved profile token claims support 2022-02-17 21:47:13 +00:00			`}`

:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if userInfo.HasPhoto() {`
			`resp.Photo = userInfo.GetPhoto().String()`
:recycle: Improved profile token claims support 2022-02-17 21:47:13 +00:00			`}`

:necktie: Updated token use case logic 2022-02-25 15:34:20 +00:00			`if tkn.Scope.Has(domain.ScopeEmail) && userInfo.HasEmail() {`
			`resp.Email = userInfo.GetEmail().String()`
:bug: Fixed profile injection panic in /userinfo route 2022-02-17 19:22:20 +00:00			`}`

:art: Format GolangCI-Lint comments 2022-12-26 14:09:34 +00:00			`_ = encoder.Encode(resp) //nolint:errchkjson`
:recycle: Refactored user HTTP delivery layer 2023-01-02 02:31:31 +00:00			`w.WriteHeader(http.StatusOK)`
:sparkles: Added UserInfo endpoint 2022-02-17 16:16:15 +00:00			`}`