2020-02-07 16:27:45 +00:00
|
|
|
// Vikunja is a to-do list application to facilitate your life.
|
2023-09-01 06:32:28 +00:00
|
|
|
// Copyright 2018-present Vikunja and contributors. All rights reserved.
|
2019-08-31 20:56:41 +00:00
|
|
|
//
|
2019-12-04 19:39:56 +00:00
|
|
|
// This program is free software: you can redistribute it and/or modify
|
2020-12-23 15:41:52 +00:00
|
|
|
// it under the terms of the GNU Affero General Public Licensee as published by
|
2019-12-04 19:39:56 +00:00
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
2019-08-31 20:56:41 +00:00
|
|
|
//
|
2019-12-04 19:39:56 +00:00
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2020-12-23 15:41:52 +00:00
|
|
|
// GNU Affero General Public Licensee for more details.
|
2019-08-31 20:56:41 +00:00
|
|
|
//
|
2020-12-23 15:41:52 +00:00
|
|
|
// You should have received a copy of the GNU Affero General Public Licensee
|
2019-12-04 19:39:56 +00:00
|
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2019-08-31 20:56:41 +00:00
|
|
|
|
2020-11-21 16:38:58 +00:00
|
|
|
package auth
|
2019-08-31 20:56:41 +00:00
|
|
|
|
|
|
|
import (
|
2023-08-31 19:39:26 +00:00
|
|
|
"fmt"
|
2020-10-11 20:10:03 +00:00
|
|
|
"net/http"
|
|
|
|
"time"
|
|
|
|
|
2023-09-01 06:39:12 +00:00
|
|
|
"code.vikunja.io/api/pkg/db"
|
|
|
|
|
2019-08-31 20:56:41 +00:00
|
|
|
"code.vikunja.io/api/pkg/config"
|
|
|
|
"code.vikunja.io/api/pkg/models"
|
2020-01-26 17:08:06 +00:00
|
|
|
"code.vikunja.io/api/pkg/user"
|
2019-09-08 19:11:42 +00:00
|
|
|
"code.vikunja.io/web"
|
2021-10-31 11:37:31 +00:00
|
|
|
|
2023-05-23 14:37:16 +00:00
|
|
|
"github.com/golang-jwt/jwt/v5"
|
2019-09-08 19:11:42 +00:00
|
|
|
"github.com/labstack/echo/v4"
|
2019-08-31 20:56:41 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// These are all valid auth types
|
|
|
|
const (
|
|
|
|
AuthTypeUnknown int = iota
|
|
|
|
AuthTypeUser
|
|
|
|
AuthTypeLinkShare
|
|
|
|
)
|
|
|
|
|
2020-11-21 16:38:58 +00:00
|
|
|
// Token represents an authentification token
|
|
|
|
type Token struct {
|
2023-04-02 23:34:51 +00:00
|
|
|
Token string `json:"token" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"`
|
2020-11-21 16:38:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewUserAuthTokenResponse creates a new user auth token response from a user object.
|
2022-02-06 13:18:08 +00:00
|
|
|
func NewUserAuthTokenResponse(u *user.User, c echo.Context, long bool) error {
|
|
|
|
t, err := NewUserJWTAuthtoken(u, long)
|
2020-11-21 16:38:58 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.JSON(http.StatusOK, Token{Token: t})
|
|
|
|
}
|
|
|
|
|
2019-08-31 20:56:41 +00:00
|
|
|
// NewUserJWTAuthtoken generates and signes a new jwt token for a user. This is a global function to be able to call it from integration tests.
|
2022-02-06 13:18:08 +00:00
|
|
|
func NewUserJWTAuthtoken(u *user.User, long bool) (token string, err error) {
|
2019-08-31 20:56:41 +00:00
|
|
|
t := jwt.New(jwt.SigningMethodHS256)
|
|
|
|
|
2021-10-09 11:02:28 +00:00
|
|
|
var ttl = time.Duration(config.ServiceJWTTTL.GetInt64())
|
2022-02-06 13:18:08 +00:00
|
|
|
if long {
|
|
|
|
ttl = time.Duration(config.ServiceJWTTTLLong.GetInt64())
|
|
|
|
}
|
2021-10-09 11:02:28 +00:00
|
|
|
var exp = time.Now().Add(time.Second * ttl).Unix()
|
|
|
|
|
2019-08-31 20:56:41 +00:00
|
|
|
// Set claims
|
|
|
|
claims := t.Claims.(jwt.MapClaims)
|
|
|
|
claims["type"] = AuthTypeUser
|
2021-10-31 11:37:31 +00:00
|
|
|
claims["id"] = u.ID
|
|
|
|
claims["username"] = u.Username
|
|
|
|
claims["email"] = u.Email
|
2021-10-09 11:02:28 +00:00
|
|
|
claims["exp"] = exp
|
2021-10-31 11:37:31 +00:00
|
|
|
claims["name"] = u.Name
|
|
|
|
claims["emailRemindersEnabled"] = u.EmailRemindersEnabled
|
|
|
|
claims["isLocalUser"] = u.Issuer == user.IssuerLocal
|
2022-02-06 13:18:08 +00:00
|
|
|
claims["long"] = long
|
2019-08-31 20:56:41 +00:00
|
|
|
|
|
|
|
// Generate encoded token and send it as response.
|
|
|
|
return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewLinkShareJWTAuthtoken creates a new jwt token from a link share
|
|
|
|
func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err error) {
|
|
|
|
t := jwt.New(jwt.SigningMethodHS256)
|
|
|
|
|
2021-10-09 11:02:28 +00:00
|
|
|
var ttl = time.Duration(config.ServiceJWTTTL.GetInt64())
|
|
|
|
var exp = time.Now().Add(time.Second * ttl).Unix()
|
|
|
|
|
2019-08-31 20:56:41 +00:00
|
|
|
// Set claims
|
|
|
|
claims := t.Claims.(jwt.MapClaims)
|
|
|
|
claims["type"] = AuthTypeLinkShare
|
|
|
|
claims["id"] = share.ID
|
|
|
|
claims["hash"] = share.Hash
|
2022-11-13 16:07:01 +00:00
|
|
|
claims["project_id"] = share.ProjectID
|
2019-08-31 20:56:41 +00:00
|
|
|
claims["right"] = share.Right
|
|
|
|
claims["sharedByID"] = share.SharedByID
|
2021-10-09 11:02:28 +00:00
|
|
|
claims["exp"] = exp
|
2021-10-31 11:37:31 +00:00
|
|
|
claims["isLocalUser"] = true // Link shares are always local
|
2019-08-31 20:56:41 +00:00
|
|
|
|
|
|
|
// Generate encoded token and send it as response.
|
|
|
|
return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))
|
|
|
|
}
|
2019-09-08 19:11:42 +00:00
|
|
|
|
|
|
|
// GetAuthFromClaims returns a web.Auth object from jwt claims
|
|
|
|
func GetAuthFromClaims(c echo.Context) (a web.Auth, err error) {
|
2023-08-31 19:39:26 +00:00
|
|
|
// check if we have a token in context and use it if that's the case
|
|
|
|
if c.Get("api_token") != nil {
|
|
|
|
apiToken := c.Get("api_token").(*models.APIToken)
|
|
|
|
u, err := user.GetUserByID(db.NewSession(), apiToken.OwnerID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return u, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
jwtinf, is := c.Get("user").(*jwt.Token)
|
|
|
|
if !is {
|
|
|
|
return nil, fmt.Errorf("user in context is not jwt token")
|
|
|
|
}
|
2019-09-08 19:11:42 +00:00
|
|
|
claims := jwtinf.Claims.(jwt.MapClaims)
|
|
|
|
typ := int(claims["type"].(float64))
|
|
|
|
if typ == AuthTypeLinkShare && config.ServiceEnableLinkSharing.GetBool() {
|
|
|
|
return models.GetLinkShareFromClaims(claims)
|
|
|
|
}
|
|
|
|
if typ == AuthTypeUser {
|
2020-01-26 17:08:06 +00:00
|
|
|
return user.GetUserFromClaims(claims)
|
2019-09-08 19:11:42 +00:00
|
|
|
}
|
|
|
|
return nil, echo.NewHTTPError(http.StatusBadRequest, models.Message{Message: "Invalid JWT token."})
|
|
|
|
}
|