use oauth for file uploads

2026-01-11 01:22:48 +00:00 · 2018-02-19 16:06:33 -06:00
parent 79b4fecd3c
commit 02fe8e1748
16 changed files with 490 additions and 286 deletions
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -20,13 +20,16 @@ type configFile struct {
 	ClientSecret string `json:"client_secret"`
 	RedirectURI  string `json:"redirect_uri"`

-	GuildID        string `json:"guild_id"`
-	UploadPassword string `json:"upload_password"`
+	GuildID string `json:"guild_id"`
+
+	BotPrefix string `json:"bot_prefix"` //prefix to use for bot commands

-	BotPrefix  string `json:"bot_prefix"` //prefix to use for bot commands
 	SoundsPath string `json:"sounds_path"`
 	ClipsPath  string `json:"clips_path"`
-	ServerAddr string `json:"server_addr"`
+
+	AdminEmails []string `json:"admin_emails"`
+	ServerAddr  string   `json:"server_addr"`
+	JWTKey      string   `json:"jwt_key"`

 	Pubg struct {
 		Enabled bool     `json:"enabled"`
--- a/server/webserver/handlers/oauth.go
+++ b/server/webserver/handlers/oauth.go
@@ -1,10 +1,9 @@
 package handlers

 import (
-	"fmt"
-
 	"github.com/gin-gonic/gin"
 	"github.com/mgerb/go-discord-bot/server/webserver/discord"
+	"github.com/mgerb/go-discord-bot/server/webserver/middleware"
 	log "github.com/sirupsen/logrus"
 )

@@ -27,6 +26,7 @@ func Oauth(c *gin.Context) {
 		return
 	}

+	// get users oauth code
 	oauth, err := discord.Oauth(json.Code)

 	if err != nil {
@@ -35,6 +35,7 @@ func Oauth(c *gin.Context) {
 		return
 	}

+	// verify and grab user information
 	user, err := discord.GetUserInfo(oauth.AccessToken)

 	if err != nil {
@@ -43,8 +44,14 @@ func Oauth(c *gin.Context) {
 		return
 	}

-	// TODO: generate jwt for user
-	fmt.Println(user)
+	// generate json web token
+	token, err := middleware.GetJWT(user)

-	c.JSON(200, oauth)
+	if err != nil {
+		log.Error(err)
+		c.JSON(500, err)
+		return
+	}
+
+	c.JSON(200, token)
 }
--- a/server/webserver/handlers/upload.go
+++ b/server/webserver/handlers/upload.go
@@ -11,15 +11,12 @@ import (
 	log "github.com/sirupsen/logrus"
 )

-// FileUpload
+// FileUpload -
 func FileUpload(c *gin.Context) {

-	password := c.PostForm("password")
-
-	if string(password) != config.Config.UploadPassword {
-		c.JSON(http.StatusInternalServerError, "Invalid password.")
-		return
-	}
+	// originalClaims, _ := c.Get("claims")
+	// claims, _ := originalClaims.(*middleware.CustomClaims)
+	// TODO: verify user for upload

 	file, err := c.FormFile("file")
 	if err != nil {
--- a/server/webserver/middleware/jwt.go
+++ b/server/webserver/middleware/jwt.go
@@ -0,0 +1,90 @@
+package middleware
+
+import (
+	"strings"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/mgerb/go-discord-bot/server/config"
+	"github.com/mgerb/go-discord-bot/server/webserver/discord"
+	log "github.com/sirupsen/logrus"
+	"gopkg.in/dgrijalva/jwt-go.v3"
+)
+
+// CustomClaims -
+type CustomClaims struct {
+	ID            string `json:"id"`
+	Username      string `json:"username"`
+	Discriminator string `json:"discriminator"`
+	Email         string `json:"email"`
+	Permissions   string `json:"permissions"`
+	jwt.StandardClaims
+}
+
+// GetJWT - get json web token
+func GetJWT(user discord.User) (string, error) {
+
+	permissions := "user"
+
+	// check if email is in config admin list
+	for _, email := range config.Config.AdminEmails {
+		if user.Email == email {
+			permissions = "admin"
+			break
+		}
+	}
+
+	claims := CustomClaims{
+		user.ID,
+		user.Username,
+		user.Discriminator,
+		user.Email,
+		permissions,
+		jwt.StandardClaims{
+			ExpiresAt: time.Now().AddDate(0, 1, 0).Unix(), // one month
+			Issuer:    "Go Discord Bot",
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString([]byte(config.Config.JWTKey))
+}
+
+// AuthorizedJWT - jwt middleware
+func AuthorizedJWT() gin.HandlerFunc {
+	return func(c *gin.Context) {
+
+		// grab token from authorization header: Bearer token
+		tokenString := strings.Split(c.GetHeader("Authorization"), " ")
+
+		if len(tokenString) != 2 {
+			c.JSON(401, "Unauthorized")
+			c.Abort()
+			return
+		}
+
+		// parse and verify token
+		token, err := jwt.ParseWithClaims(tokenString[1], &CustomClaims{}, func(token *jwt.Token) (interface{}, error) {
+			return []byte(config.Config.JWTKey), nil
+		})
+
+		if err != nil {
+			log.Error(err)
+			c.JSON(401, "Unauthorized")
+			c.Abort()
+			return
+		}
+
+		// get claims and set on gin context
+		if claims, ok := token.Claims.(*CustomClaims); ok && token.Valid {
+			c.Set("claims", claims)
+		} else {
+			log.Error(err)
+			c.JSON(401, "Unauthorized")
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
--- a/server/webserver/server.go
+++ b/server/webserver/server.go
@@ -4,6 +4,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/mgerb/go-discord-bot/server/config"
 	"github.com/mgerb/go-discord-bot/server/webserver/handlers"
+	"github.com/mgerb/go-discord-bot/server/webserver/middleware"
 	"github.com/mgerb/go-discord-bot/server/webserver/pubg"
 )

@@ -24,9 +25,12 @@ func getRouter() *gin.Engine {
 	api.GET("/ytdownloader", handlers.Downloader)
 	api.GET("/soundlist", handlers.SoundList)
 	api.GET("/cliplist", handlers.ClipList)
-	api.POST("/upload", handlers.FileUpload)
 	api.POST("/oauth", handlers.Oauth)

+	authorizedAPI := router.Group("/api")
+	authorizedAPI.Use(middleware.AuthorizedJWT())
+	authorizedAPI.POST("/upload", handlers.FileUpload)
+
 	return router
 }