Add simple auth (#186)

2026-04-24 03:31:53 +02:00 · 2022-06-13 18:13:31 +02:00
parent 4883646f39
commit 9f1041d7ef
43 changed files with 1304 additions and 622 deletions
--- a/auth/cookie.go
+++ b/auth/cookie.go
@@ -0,0 +1,84 @@
+package auth
+
+import (
+	"log"
+	"net/http"
+
+	"github.com/gorilla/securecookie"
+	"golang.org/x/crypto/argon2"
+
+	"github.com/SecurityBrewery/catalyst/generated/time"
+)
+
+const (
+	stateSessionCookie = "state"
+	userSessionCookie  = "user"
+)
+
+type Jar struct {
+	store *securecookie.SecureCookie
+}
+
+func NewJar(secret []byte) *Jar {
+	hashSalt := securecookie.GenerateRandomKey(64)
+	blockSalt := securecookie.GenerateRandomKey(64)
+
+	return &Jar{
+		store: securecookie.New(
+			argon2.IDKey(secret, hashSalt, 1, 64*1024, 4, 64),
+			argon2.IDKey(secret, blockSalt, 1, 64*1024, 4, 32),
+		),
+	}
+}
+
+func (j *Jar) setStateCookie(w http.ResponseWriter, state string) {
+	encoded, err := j.store.Encode(userSessionCookie, state)
+	if err != nil {
+		log.Println(err)
+
+		return
+	}
+
+	tomorrow := time.Now().AddDate(0, 0, 1)
+	http.SetCookie(w, &http.Cookie{Name: stateSessionCookie, Value: encoded, Path: "/", Expires: tomorrow})
+}
+
+func (j *Jar) stateCookie(r *http.Request) (string, error) {
+	stateCookie, err := r.Cookie(stateSessionCookie)
+	if err != nil {
+		return "", err
+	}
+
+	var state string
+	err = j.store.Decode(userSessionCookie, stateCookie.Value, &state)
+
+	return state, err
+}
+
+func (j *Jar) setClaimsCookie(w http.ResponseWriter, claims map[string]any) {
+	encoded, err := j.store.Encode(userSessionCookie, claims)
+	if err != nil {
+		log.Println(err)
+
+		return
+	}
+
+	tomorrow := time.Now().AddDate(0, 0, 1)
+	http.SetCookie(w, &http.Cookie{Name: userSessionCookie, Value: encoded, Path: "/", Expires: tomorrow})
+}
+
+func deleteClaimsCookie(w http.ResponseWriter) {
+	http.SetCookie(w, &http.Cookie{Name: userSessionCookie, Value: "", MaxAge: -1})
+}
+
+func (j *Jar) claimsCookie(r *http.Request) (map[string]any, bool, error) {
+	userCookie, err := r.Cookie(userSessionCookie)
+	if err != nil {
+		return nil, true, nil
+	}
+
+	var claims map[string]any
+	err = j.store.Decode(userSessionCookie, userCookie.Value, &claims)
+
+	return claims, false, err
+}