✨ Created user package

2021-12-30 01:17:33 +05:00 · 2021-12-30 01:17:33 +05:00 · 3a85ba2e0a
parent 20b517fdb7
commit 3a85ba2e0a
8 changed files with 504 additions and 0 deletions
--- a/internal/user/repository.go
+++ b/internal/user/repository.go
@ -0,0 +1,14 @@
+package user
+
+import (
+	"context"
+	"errors"
+
+	"source.toby3d.me/website/oauth/internal/domain"
+)
+
+type Repository interface {
+	Get(ctx context.Context, me *domain.Me) (*domain.User, error)
+}
+
+var ErrNotExist = errors.New("user not exists")
--- a/internal/user/repository/http/http_user.go
+++ b/internal/user/repository/http/http_user.go
@ -0,0 +1,261 @@
+package http
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/tomnomnom/linkheader"
+	http "github.com/valyala/fasthttp"
+	"willnorris.com/go/microformats"
+
+	"source.toby3d.me/website/oauth/internal/domain"
+	"source.toby3d.me/website/oauth/internal/user"
+)
+
+type (
+	//nolint: tagliatelle
+	Response struct {
+		// The server's issuer identifier. The issuer identifier is a
+		// URL that uses the "https" scheme and has no query or fragment
+		// components. The identifier MUST be a prefix of the
+		// indieauth-metadata URL. e.g. for an indieauth-metadata
+		// endpoint
+		// https://example.com/.well-known/oauth-authorization-server,
+		// the issuer URL could be https://example.com/, or for a
+		// metadata URL of
+		// https://example.com/wp-json/indieauth/1.0/metadata, the
+		// issuer URL could be https://example.com/wp-json/indieauth/1.0
+		Issuer *domain.URL `json:"issuer"`
+
+		// The Authorization Endpoint.
+		AuthorizationEndpoint *domain.URL `json:"authorization_endpoint"`
+
+		// The Token Endpoint.
+		TokenEndpoint *domain.URL `json:"token_endpoint"`
+
+		//  JSON array containing scope values supported by the
+		// IndieAuth server. Servers MAY choose not to advertise some
+		// supported scope values even when this parameter is used.
+		ScopesSupported domain.Scopes `json:"scopes_supported,omitempty"`
+
+		// JSON array containing the response_type values supported.
+		// This differs from RFC8414 in that this parameter is OPTIONAL
+		// and that, if omitted, the default is code.
+		ResponseTypesSupported []domain.ResponseType `json:"response_types_supported,omitempty"`
+
+		// JSON array containing grant type values supported. If
+		// omitted, the default value differs from RFC8414 and is
+		// authorization_code.
+		GrantTypesSupported []domain.GrantType `json:"grant_types_supported,omitempty"`
+
+		// URL of a page containing human-readable information that
+		// developers might need to know when using the server. This
+		// might be a link to the IndieAuth spec or something more
+		// personal to your implementation.
+		ServiceDocumentation *domain.URL `json:"service_documentation,omitempty"`
+
+		// JSON array containing the methods supported for PKCE. This
+		// parameter differs from RFC8414 in that it is not optional as
+		// PKCE is REQUIRED.
+		CodeChallengeMethodsSupported []domain.CodeChallengeMethod `json:"code_challenge_methods_supported"`
+
+		// Boolean parameter indicating whether the authorization server
+		// provides the iss parameter. If omitted, the default value is
+		// false. As the iss parameter is REQUIRED, this is provided for
+		// compatibility with OAuth 2.0 servers implementing the
+		// parameter.
+		//
+		//nolint: lll
+		AuthorizationResponseIssParameterSupported bool `json:"authorization_response_iss_parameter_supported,omitempty"`
+	}
+
+	httpUserRepository struct {
+		client *http.Client
+	}
+)
+
+const DefaultMaxRedirectsCount int = 10
+
+const (
+	relAuthorizationEndpoint string = "authorization_endpoint"
+	relIndieAuthMetadata     string = "indieauth-metadata"
+	relMicropub              string = "micropub"
+	relMicrosub              string = "microsub"
+	relTicketEndpoint        string = "ticket_endpoint"
+	relTokenEndpoint         string = "token_endpoint"
+
+	hCard string = "h-card"
+
+	propertyEmail string = "email"
+	propertyName  string = "name"
+	propertyPhoto string = "photo"
+	propertyURL   string = "url"
+)
+
+func NewHTTPUserRepository(client *http.Client) user.Repository {
+	return &httpUserRepository{
+		client: client,
+	}
+}
+
+func (repo *httpUserRepository) Get(ctx context.Context, me *domain.Me) (*domain.User, error) {
+	req := http.AcquireRequest()
+	defer http.ReleaseRequest(req)
+	req.SetRequestURI(me.String())
+	req.Header.SetMethod(http.MethodGet)
+
+	resp := http.AcquireResponse()
+	defer http.ReleaseResponse(resp)
+
+	if err := repo.client.DoRedirects(req, resp, DefaultMaxRedirectsCount); err != nil {
+		return nil, fmt.Errorf("cannot fetch user by me: %w", err)
+	}
+
+	profile := domain.NewProfile()
+	profile.Name = extractValues(resp, propertyName)
+
+	for _, val := range extractValues(resp, propertyEmail) {
+		profile.Email = append(profile.Email, domain.Email(strings.TrimPrefix(val, "mailto:")))
+	}
+
+	for _, val := range extractValues(resp, propertyPhoto) {
+		u, err := domain.NewURL(val)
+		if err != nil {
+			continue
+		}
+
+		profile.Photo = append(profile.Photo, u)
+	}
+
+	for _, val := range extractValues(resp, propertyURL) {
+		u, err := domain.NewURL(val)
+		if err != nil {
+			continue
+		}
+
+		profile.URL = append(profile.URL, u)
+	}
+
+	// TODO(toby3d): handle error here?
+	resolvedMe, _ := domain.NewMe(string(resp.Header.Peek(http.HeaderLocation)))
+
+	u := &domain.User{
+		Profile:               profile,
+		Me:                    resolvedMe,
+		AuthorizationEndpoint: extractEndpoint(resp, relAuthorizationEndpoint),
+		IndieAuthMetadata:     extractEndpoint(resp, relIndieAuthMetadata),
+		Micropub:              extractEndpoint(resp, relMicropub),
+		Microsub:              extractEndpoint(resp, relMicrosub),
+		TicketEndpoint:        extractEndpoint(resp, relTicketEndpoint),
+		TokenEndpoint:         extractEndpoint(resp, relTokenEndpoint),
+	}
+
+	if u.IndieAuthMetadata == nil {
+		return u, nil
+	}
+
+	// TODO(toby3d): handle error here?
+	_ = extractFromMetadata(repo.client, u.IndieAuthMetadata, u)
+
+	return u, nil
+}
+
+func extractEndpoint(resp *http.Response, name string) *domain.URL {
+	u, err := extractEndpointFromHeader(resp, name)
+	if err == nil && u != nil {
+		return u
+	}
+
+	if u, err = extractEndpointFromBody(resp, name); err == nil && u != nil {
+		return u
+	}
+
+	return nil
+}
+
+func extractValues(resp *http.Response, key string) []string {
+	results := make([]string, 0)
+
+	for _, item := range microformats.Parse(bytes.NewReader(resp.Body()), nil).Items {
+		if len(item.Type) == 0 || item.Type[0] != hCard {
+			continue
+		}
+
+		properties, ok := item.Properties[key]
+		if !ok || len(properties) == 0 {
+			return nil
+		}
+
+		for j := range properties {
+			switch p := properties[j].(type) {
+			case string:
+				results = append(results, p)
+			case map[string][]interface{}:
+				for _, val := range p["value"] {
+					v, ok := val.(string)
+					if !ok {
+						continue
+					}
+
+					results = append(results, v)
+				}
+			}
+		}
+
+		return results
+	}
+
+	return nil
+}
+
+func extractEndpointFromHeader(resp *http.Response, name string) (*domain.URL, error) {
+	for _, link := range linkheader.Parse(string(resp.Header.Peek(http.HeaderLink))) {
+		if !strings.EqualFold(link.Rel, name) {
+			continue
+		}
+
+		u := http.AcquireURI()
+		if err := u.Parse(resp.Header.Peek(http.HeaderHost), []byte(link.URL)); err != nil {
+			return nil, err
+		}
+
+		return &domain.URL{URI: u}, nil
+	}
+
+	return nil, nil
+}
+
+func extractEndpointFromBody(resp *http.Response, name string) (*domain.URL, error) {
+	host, err := url.Parse(string(resp.Header.Peek(http.HeaderHost)))
+	if err != nil {
+		return nil, fmt.Errorf("cannot parse host header: %w", err)
+	}
+
+	endpoints, ok := microformats.Parse(bytes.NewReader(resp.Body()), host).Rels[name]
+	if !ok || len(endpoints) == 0 {
+		return nil, nil
+	}
+
+	return domain.NewURL(endpoints[len(endpoints)-1])
+}
+
+func extractFromMetadata(client *http.Client, endpoint *domain.URL, dst *domain.User) error {
+	_, body, err := client.Get(nil, endpoint.String())
+	if err != nil {
+		return err
+	}
+
+	resp := new(Response)
+	if err = json.Unmarshal(body, resp); err != nil {
+		return err
+	}
+
+	dst.AuthorizationEndpoint = resp.AuthorizationEndpoint
+	dst.TokenEndpoint = resp.TokenEndpoint
+
+	return nil
+}
--- a/internal/user/repository/http/http_user_test.go
+++ b/internal/user/repository/http/http_user_test.go
@ -0,0 +1,97 @@
+package http_test
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/fasthttp/router"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	http "github.com/valyala/fasthttp"
+
+	"source.toby3d.me/website/oauth/internal/common"
+	"source.toby3d.me/website/oauth/internal/domain"
+	"source.toby3d.me/website/oauth/internal/testing/httptest"
+	repository "source.toby3d.me/website/oauth/internal/user/repository/http"
+)
+
+const testBody string = `
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>%[1]s</title>
+  </head>
+  <body>
+    <div class="h-card">
+      <img class="u-photo" src="%[3]s">
+      <h1>
+        <a class="p-name u-url" href="%[2]s">%[1]s</a>
+      </h1>
+      <a class="u-email" href="mailto:%[4]s">contact</a>
+    </div>
+  </body>
+</html>
+`
+
+func TestGet(t *testing.T) {
+	t.Parallel()
+
+	user := domain.TestUser(t)
+	client, _, cleanup := httptest.New(t, testHandler(t, user))
+	t.Cleanup(cleanup)
+
+	result, err := repository.NewHTTPUserRepository(client).Get(context.TODO(), user.Me)
+	require.NoError(t, err)
+
+	// NOTE(toby3d): endpoints
+	assert.Equal(t, user.AuthorizationEndpoint.String(), result.AuthorizationEndpoint.String())
+	assert.Equal(t, user.TokenEndpoint.String(), result.TokenEndpoint.String())
+	assert.Equal(t, user.Micropub.String(), result.Micropub.String())
+	assert.Equal(t, user.Microsub.String(), result.Microsub.String())
+
+	// NOTE(toby3d): profile
+	assert.Equal(t, user.Profile.Name, result.Profile.Name)
+	assert.Equal(t, user.Profile.Email, result.Profile.Email)
+
+	for i := range user.Profile.URL {
+		assert.Equal(t, user.Profile.URL[i].String(), result.Profile.URL[i].String())
+	}
+
+	for i := range user.Profile.Photo {
+		assert.Equal(t, user.Profile.Photo[i].String(), result.Profile.Photo[i].String())
+	}
+}
+
+func testHandler(tb testing.TB, user *domain.User) http.RequestHandler {
+	tb.Helper()
+
+	r := router.New()
+	r.GET("/", func(ctx *http.RequestCtx) {
+		ctx.Response.Header.Set(http.HeaderLink, strings.Join([]string{
+			`<` + user.AuthorizationEndpoint.String() + `>; rel="authorization_endpoint"`,
+			`<` + user.IndieAuthMetadata.String() + `>; rel="indieauth-metadata"`,
+			`<` + user.Micropub.String() + `>; rel="micropub"`,
+			`<` + user.Microsub.String() + `>; rel="microsub"`,
+			`<` + user.TicketEndpoint.String() + `>; rel="ticket_endpoint"`,
+			`<` + user.TokenEndpoint.String() + `>; rel="token_endpoint"`,
+		}, ", "))
+		ctx.SuccessString(common.MIMETextHTMLCharsetUTF8, fmt.Sprintf(
+			testBody, user.Name[0], user.URL[0].String(), user.Photo[0].String(), user.Email[0],
+		))
+	})
+	r.GET(string(user.IndieAuthMetadata.Path()), func(ctx *http.RequestCtx) {
+		ctx.SetContentType(common.MIMEApplicationJSONCharsetUTF8)
+		json.NewEncoder(ctx).Encode(repository.Response{
+			Issuer:                &domain.URL{URI: user.Me.URI()},
+			AuthorizationEndpoint: user.AuthorizationEndpoint,
+			TokenEndpoint:         user.TokenEndpoint,
+		})
+	})
+
+	return r.Handler
+}
--- a/internal/user/repository/memory/memory_user.go
+++ b/internal/user/repository/memory/memory_user.go
@ -0,0 +1,36 @@
+package memory
+
+import (
+	"context"
+	"path"
+	"sync"
+
+	"source.toby3d.me/website/oauth/internal/domain"
+	"source.toby3d.me/website/oauth/internal/user"
+)
+
+type memoryUserRepository struct {
+	store *sync.Map
+}
+
+const DefaultPathPrefix string = "users"
+
+func NewMemoryUserRepository(store *sync.Map) user.Repository {
+	return &memoryUserRepository{
+		store: store,
+	}
+}
+
+func (repo *memoryUserRepository) Get(ctx context.Context, me *domain.Me) (*domain.User, error) {
+	p, ok := repo.store.Load(path.Join(DefaultPathPrefix, me.String()))
+	if !ok {
+		return nil, user.ErrNotExist
+	}
+
+	result, ok := p.(*domain.User)
+	if !ok {
+		return nil, user.ErrNotExist
+	}
+
+	return result, nil
+}
--- a/internal/user/repository/memory/memory_user_test.go
+++ b/internal/user/repository/memory/memory_user_test.go
@ -0,0 +1,27 @@
+package memory_test
+
+import (
+	"context"
+	"path"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"source.toby3d.me/website/oauth/internal/domain"
+	repository "source.toby3d.me/website/oauth/internal/user/repository/memory"
+)
+
+func TestGet(t *testing.T) {
+	t.Parallel()
+
+	user := domain.TestUser(t)
+
+	store := new(sync.Map)
+	store.Store(path.Join(repository.DefaultPathPrefix, user.Me.String()), user)
+
+	result, err := repository.NewMemoryUserRepository(store).Get(context.TODO(), user.Me)
+	require.NoError(t, err)
+	assert.Equal(t, user, result)
+}
--- a/internal/user/usecase.go
+++ b/internal/user/usecase.go
@ -0,0 +1,12 @@
+package user
+
+import (
+	"context"
+
+	"source.toby3d.me/website/oauth/internal/domain"
+)
+
+type UseCase interface {
+	// Fetch discovery all available endpoints and Profile info on Me URL.
+	Fetch(ctx context.Context, me *domain.Me) (*domain.User, error)
+}
--- a/internal/user/usecase/user_ucase.go
+++ b/internal/user/usecase/user_ucase.go
@ -0,0 +1,28 @@
+package usecase
+
+import (
+	"context"
+	"fmt"
+
+	"source.toby3d.me/website/oauth/internal/domain"
+	"source.toby3d.me/website/oauth/internal/user"
+)
+
+type userUseCase struct {
+	repo user.Repository
+}
+
+func NewUserUseCase(repo user.Repository) user.UseCase {
+	return &userUseCase{
+		repo: repo,
+	}
+}
+
+func (useCase *userUseCase) Fetch(ctx context.Context, me *domain.Me) (*domain.User, error) {
+	user, err := useCase.repo.Get(ctx, me)
+	if err != nil {
+		return nil, fmt.Errorf("cannot find user by me: %w", err)
+	}
+
+	return user, nil
+}
--- a/internal/user/usecase/user_ucase_test.go
+++ b/internal/user/usecase/user_ucase_test.go
@ -0,0 +1,29 @@
+package usecase_test
+
+import (
+	"context"
+	"path"
+	"sync"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"source.toby3d.me/website/oauth/internal/domain"
+	repository "source.toby3d.me/website/oauth/internal/user/repository/memory"
+	ucase "source.toby3d.me/website/oauth/internal/user/usecase"
+)
+
+func TestFetch(t *testing.T) {
+	t.Parallel()
+
+	me := domain.TestMe(t)
+	user := domain.TestUser(t)
+
+	store := new(sync.Map)
+	store.Store(path.Join(repository.DefaultPathPrefix, me.String()), user)
+
+	result, err := ucase.NewUserUseCase(repository.NewMemoryUserRepository(store)).
+		Fetch(context.Background(), me)
+	assert.NoError(t, err)
+	assert.Equal(t, user, result)
+}