blasphem/pkg/wsapi/auth.go

package wsapi

import (
	"context"
	"encoding/json"
	"io"

	"dynatron.me/x/blasphem/pkg/auth"

	"github.com/rs/zerolog/log"
)

type authPhase struct {
	*wsSession
}

func (ws *wsSession) sendAuthRequired() error {
	authReq := &struct {
		MsgBase
		Version string `json:"ha_version"`
	}{
		MsgBase{Type: "auth_required"},
		ws.b.Version(),
	}
	return ws.conn.WriteJSON(&authReq)
}

type authMsg struct {
	MsgBase
	AccessToken auth.AccessToken `json:"access_token"`
}

func (ap *authPhase) msgSchema() interface{} {
	return &authMsg{}
}

func (ap *authPhase) finishAuth(rt *auth.RefreshToken) {
	ap.user = rt.User
	ap.refreshToken = rt
}

func (ap *authPhase) sendAuthOK() error {
	return ap.conn.WriteJSON(struct {
		Type    string `json:"type"`
		Version string `json:"ha_version"`
	}{Type: "auth_ok", Version: ap.Blas().Version()})
}

func (ap *authPhase) sendAuthInvalid() error {
	return ap.conn.WriteJSON(struct {
		Type    string `json:"type"`
		Message string `json:"message"`
	}{Type: "auth_ok", Message: "invalid auth"})
}

func (ap *authPhase) handleMsg(ctx context.Context, r io.Reader) error {
	var authMsg authMsg
	err := json.NewDecoder(r).Decode(&authMsg)
	if err != nil {
		return err
	}

	if err := ctx.Err(); err != nil {
		return err
	}

	refreshToken := ap.b.ValidateAccessToken(authMsg.AccessToken)
	if refreshToken != nil {
		ap.finishAuth(refreshToken)
		return ap.sendAuthOK()
	}

	log.Error().Str("remote", ap.ec.Request().RemoteAddr).Msg("websocket auth failed")

	err = ap.sendAuthInvalid()
	if err != nil {
		return err
	}

	return AuthInvalidErr
}
WIP: websocket 2022-12-19 19:24:01 -05:00			`package wsapi`

			`import (`
concurrent ws 2022-12-21 13:22:18 -05:00			`"context"`
WIP: pre dep injection 2022-12-20 11:34:25 -05:00			`"encoding/json"`
			`"io"`

WIP: websocket 2022-12-19 19:24:01 -05:00			`"dynatron.me/x/blasphem/pkg/auth"`

			`"github.com/rs/zerolog/log"`
			`)`

			`type authPhase struct {`
			`*wsSession`
			`}`

			`func (ws *wsSession) sendAuthRequired() error {`
compiles 2022-12-20 13:16:30 -05:00			`authReq := &struct {`
WIP: websocket 2022-12-19 19:24:01 -05:00			`MsgBase`
commands working ish 2022-12-20 20:11:11 -05:00			Version string `json:"ha_version"`
WIP: websocket 2022-12-19 19:24:01 -05:00			`}{`
concurrent ws 2022-12-21 13:22:18 -05:00			`MsgBase{Type: "auth_required"},`
WIP: websocket 2022-12-19 19:24:01 -05:00			`ws.b.Version(),`
			`}`
concurrent ws 2022-12-21 13:22:18 -05:00			`return ws.conn.WriteJSON(&authReq)`
WIP: websocket 2022-12-19 19:24:01 -05:00			`}`

			`type authMsg struct {`
			`MsgBase`
			AccessToken auth.AccessToken `json:"access_token"`
			`}`

			`func (ap *authPhase) msgSchema() interface{} {`
			`return &authMsg{}`
			`}`

			`func (ap authPhase) finishAuth(rt auth.RefreshToken) {`
			`ap.user = rt.User`
			`ap.refreshToken = rt`
auth progress 2022-12-20 19:05:45 -05:00			`}`

			`func (ap *authPhase) sendAuthOK() error {`
concurrent ws 2022-12-21 13:22:18 -05:00			`return ap.conn.WriteJSON(struct {`
auth progress 2022-12-20 19:05:45 -05:00			Type string `json:"type"`
commands working ish 2022-12-20 20:11:11 -05:00			Version string `json:"ha_version"`
auth progress 2022-12-20 19:05:45 -05:00			`}{Type: "auth_ok", Version: ap.Blas().Version()})`
WIP: websocket 2022-12-19 19:24:01 -05:00			`}`

wip: auth still broken 2022-12-20 19:31:46 -05:00			`func (ap *authPhase) sendAuthInvalid() error {`
concurrent ws 2022-12-21 13:22:18 -05:00			`return ap.conn.WriteJSON(struct {`
wip: auth still broken 2022-12-20 19:31:46 -05:00			Type string `json:"type"`
			Message string `json:"message"`
			`}{Type: "auth_ok", Message: "invalid auth"})`
			`}`

concurrent ws 2022-12-21 13:22:18 -05:00			`func (ap *authPhase) handleMsg(ctx context.Context, r io.Reader) error {`
WIP: pre dep injection 2022-12-20 11:34:25 -05:00			`var authMsg authMsg`
			`err := json.NewDecoder(r).Decode(&authMsg)`
			`if err != nil {`
			`return err`
			`}`

concurrent ws 2022-12-21 13:22:18 -05:00			`if err := ctx.Err(); err != nil {`
			`return err`
			`}`

WIP: websocket 2022-12-19 19:24:01 -05:00			`refreshToken := ap.b.ValidateAccessToken(authMsg.AccessToken)`
			`if refreshToken != nil {`
			`ap.finishAuth(refreshToken)`
auth progress 2022-12-20 19:05:45 -05:00			`return ap.sendAuthOK()`
WIP: websocket 2022-12-19 19:24:01 -05:00			`}`

			`log.Error().Str("remote", ap.ec.Request().RemoteAddr).Msg("websocket auth failed")`

concurrent ws 2022-12-21 13:22:18 -05:00			`err = ap.sendAuthInvalid()`
			`if err != nil {`
			`return err`
			`}`

			`return AuthInvalidErr`
WIP: websocket 2022-12-19 19:24:01 -05:00			`}`