feat(webauthn): add user database (#33)

Darkness4 · Jan 13, 2024 · 3e052c3 · 3e052c3
1 parent f14619a
commit 3e052c3
Show file tree

Hide file tree

Showing 22 changed files with 1,701 additions and 219 deletions.
diff --git a/auth/auth.go b/auth/auth.go
@@ -15,7 +15,8 @@ import (
 )
 
 const (
-	tokenCookieKey = "session_token"
+	// TokenCookieKey is the key of the cookie stored in the context.
+	TokenCookieKey = "session_token"
 )
 
 type claimsContextKey struct{}
@@ -115,14 +116,14 @@ func (a *Auth) CallBack() http.HandlerFunc {
 			return
 		}
 
-		token, err := a.JWTSecret.GenerateToken(userID, userName)
+		token, err := a.JWTSecret.GenerateToken(userID, userName, strings.ToLower(p))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
 		cookie := &http.Cookie{
-			Name:     tokenCookieKey,
+			Name:     TokenCookieKey,
 			Value:    token,
 			Path:     "/",
 			Expires:  time.Now().Add(jwt.ExpiresDuration),
@@ -136,7 +137,7 @@ func (a *Auth) CallBack() http.HandlerFunc {
 // Logout removes session cookies and redirect to home.
 func (a *Auth) Logout() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		cookie, err := r.Cookie(tokenCookieKey)
+		cookie, err := r.Cookie(TokenCookieKey)
 		if err != nil {
 			// Ignore error. Cookie doesn't exists.
 			http.Redirect(w, r, "/", http.StatusSeeOther)
@@ -154,7 +155,7 @@ func (a *Auth) Logout() http.HandlerFunc {
 func (a *Auth) Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Get the JWT token from the request header
-		cookie, err := r.Cookie(tokenCookieKey)
+		cookie, err := r.Cookie(TokenCookieKey)
 		if err != nil {
 			next.ServeHTTP(w, r)
 			return
@@ -169,13 +170,13 @@ func (a *Auth) Middleware(next http.Handler) http.Handler {
 		}
 
 		// Store the claims in the request context for further use
-		ctx := context.WithValue(r.Context(), claimsContextKey{}, claims)
+		ctx := context.WithValue(r.Context(), claimsContextKey{}, *claims)
 		next.ServeHTTP(w, r.WithContext(ctx))
 	})
 }
 
 // GetClaimsFromRequest is a helper function to fetch the JWT session token from an HTTP request.
-func GetClaimsFromRequest(r *http.Request) (claims *jwt.Claims, ok bool) {
-	claims, ok = r.Context().Value(claimsContextKey{}).(*jwt.Claims)
+func GetClaimsFromRequest(r *http.Request) (claims jwt.Claims, ok bool) {
+	claims, ok = r.Context().Value(claimsContextKey{}).(jwt.Claims)
 	return claims, ok
 }
diff --git a/auth/auth_config.go b/auth/auth_config.go
@@ -13,7 +13,8 @@ import (
 
 // Config is the authentication configuration definition for the application.
 type Config struct {
-	Providers []ProviderConfig `yaml:"providers"`
+	Providers     []ProviderConfig `yaml:"providers"`
+	SelfHostUsers bool             `yaml:"selfHostUsers"`
 }
 
 // ProviderConfig is the configuration of one provider to achieve the OAuth2 flow.

diff --git a/auth/webauthn/session/webauthn_session_store.go b/auth/webauthn/session/webauthn_session_store.go
@@ -0,0 +1,47 @@
+// Package session handles the login/register sessions of webauthn.
+package session
+
+import (
+	"context"
+	"errors"
+
+	"github.com/go-webauthn/webauthn/webauthn"
+)
+
+// Store stores the login/registration session.
+type Store interface {
+	Save(ctx context.Context, session *webauthn.SessionData) error
+	Get(ctx context.Context, userID []byte) (*webauthn.SessionData, error)
+}
+
+// ErrNotFound happens when the session is not found in the store.
+var ErrNotFound = errors.New("not found in session store")
+
+// StoreInMemory stores the login/registration session in-memory.
+//
+// In production, you should use a Redis or ETCD, or any distributed Key-Value database.
+// Because of this, you cannot create replicas.
+type StoreInMemory struct {
+	store map[string]*webauthn.SessionData
+}
+
+// NewInMemory instanciates a session store in memory.
+func NewInMemory() Store {
+	return &StoreInMemory{
+		store: make(map[string]*webauthn.SessionData),
+	}
+}
+
+// Get the login or registration session.
+func (s *StoreInMemory) Get(_ context.Context, userID []byte) (*webauthn.SessionData, error) {
+	if v, ok := s.store[string(userID)]; ok {
+		return v, nil
+	}
+	return nil, ErrNotFound
+}
+
+// Save the login or registration session.
+func (s *StoreInMemory) Save(_ context.Context, session *webauthn.SessionData) error {
+	s.store[string(session.UserID)] = session
+	return nil
+}