More godoc

pkg/gordio/auth/apikey.go

@@ -10,6 +10,8 @@ import (
 	"github.com/rs/zerolog/log"
 )
 
+// CheckAPIKey validates the provided key and returns the API key record.
+// An error is returned if validation fails for any reason.
 func (a *Authenticator) CheckAPIKey(ctx context.Context, key string) (*database.ApiKey, error) {
 	keyUuid, err := uuid.Parse(key)
 	if err != nil {
@@ -25,6 +27,7 @@ func (a *Authenticator) CheckAPIKey(ctx context.Context, key string) (*database.
 			return nil, ErrUnauthorized
 		}
 
+		log.Error().Str("apikey", keyUuid.String()).Err(err).Msg("error looking up key")
 		return nil, ErrInternal
 	}
 

pkg/gordio/auth/auth.go

@@ -7,11 +7,13 @@ import (
 	"github.com/go-chi/jwtauth/v5"
 )
 
+// Authenticator performs API key and user JWT authentication.
 type Authenticator struct {
 	domain string
 	jwt    *jwtauth.JWTAuth
 }
 
+// NewAuthenticator creates a new Authenticator with the provided JWT secret and cookie domain.
 func NewAuthenticator(jwtSecret string, domain string) *Authenticator {
 	return &Authenticator{
 		domain: domain,
@@ -26,6 +28,7 @@ var (
 	ErrBadRequest   = errors.New("Bad request")
 )
 
+// ErrorResponse writes the error and appropriate HTTP response code.
 func ErrorResponse(w http.ResponseWriter, err error) {
 	switch err {
 	case ErrLoginFailed, ErrUnauthorized:

pkg/gordio/auth/jwt.go

@@ -2,10 +2,11 @@ package auth
 
 import (
 	"context"
-	"golang.org/x/crypto/bcrypt"
 	"net/http"
 	"time"
 
+	"golang.org/x/crypto/bcrypt"
+
 	"dynatron.me/x/stillbox/pkg/gordio/database"
 
 	"github.com/go-chi/chi/v5"
@@ -16,20 +17,24 @@ import (
 
 type claims map[string]interface{}
 
+// Authenticated returns whether the request is authenticated. It also returns the claims.
 func (a *Authenticator) Authenticated(r *http.Request) (claims, bool) {
 	// TODO: check IP against ACL, or conf.Public, and against map of routes
 	tok, cl, err := jwtauth.FromContext(r.Context())
 	return cl, err != nil && tok != nil
 }
 
+// InstallVerifyMiddleware installs the JWT verifier middleware to the provided chi Router.
 func (a *Authenticator) InstallVerifyMiddleware(r chi.Router) {
 	r.Use(jwtauth.Verifier(a.jwt))
 }
 
+// InstallVerifyMiddleware installs the JWT authenticator middleware to the provided chi Router.
 func (a *Authenticator) InstallAuthMiddleware(r chi.Router) {
 	r.Use(jwtauth.Authenticator(a.jwt))
 }
 
+// Login attempts to return a JWT for the provided user and password.
 func (a *Authenticator) Login(ctx context.Context, username, password string) (token string, err error) {
 	q := database.New(database.FromCtx(ctx))
 	users, err := q.GetUsers(ctx)
@@ -56,10 +61,10 @@ func (a *Authenticator) Login(ctx context.Context, username, password string) (t
 		}
 	}
 
-	return a.NewToken(found.ID), nil
+	return a.newToken(found.ID), nil
 }
 
-func (a *Authenticator) NewToken(uid int32) string {
+func (a *Authenticator) newToken(uid int32) string {
 	claims := claims{
 		"user_id": uid,
 	}
@@ -71,6 +76,7 @@ func (a *Authenticator) NewToken(uid int32) string {
 	return tokenString
 }
 
+// InstallRoutes installs the auth route to the provided chi Router.
 func (a *Authenticator) InstallRoutes(r chi.Router) {
 	r.Post("/auth", a.routeAuth)
 }