maps-service/pkg/service/security.go

package service

import (
	"context"
	"errors"
	"git.itzana.me/strafesnet/go-grpc/auth"
	"git.itzana.me/strafesnet/maps-service/pkg/api"
)

var (
	// ErrMissingSessionID there is no session id
	ErrMissingSessionID = errors.New("SessionID missing")
	// ErrInvalidSession caller does not have a valid session
	ErrInvalidSession = errors.New("Session invalid")
)

type Role int32
var (
	// has ScriptWrite
	RoleQuat Role = 255
	// has SubmissionPublish
	RoleMapAdmin Role = 128
	// has SubmissionReview
	RoleMapCouncil Role = 64
)

type UserInfo struct {
	// Would love to know a better way to do this
	svc       *SecurityHandler
	ctx       *context.Context
	sessionId string
}

func (usr UserInfo) GetUserID() (uint64, error) {
	session, err := usr.svc.Client.GetSessionUser(*usr.ctx, &auth.IdMessage{
		SessionID: usr.sessionId,
	})
	if err != nil {
		return 0, err
	}
	return session.UserID, nil
}
func (usr UserInfo) IsSubmitter(submitter uint64) (bool, error) {
	userId, err := usr.GetUserID()
	if err != nil {
		return false, err
	}
	return userId == submitter, nil
}
func (usr UserInfo) hasRole(role Role) (bool, error) {
	roles, err := usr.svc.Client.GetGroupRole(*usr.ctx, &auth.IdMessage{
		SessionID: usr.sessionId,
	})
	if err != nil {
		return false, err
	}

	for _, r := range roles.Roles {
		if int32(role) <= r.Rank {
			return true, nil
		}
	}
	return false, nil
}


// RoleThumbnail
// RoleMapDownload
func (usr UserInfo) HasRoleSubmissionRelease() (bool, error) {
	return usr.hasRole(RoleMapAdmin)
}
func (usr UserInfo) HasRoleSubmissionReview() (bool, error) {
	return usr.hasRole(RoleMapCouncil)
}
func (usr UserInfo) HasRoleScriptWrite() (bool, error) {
	return usr.hasRole(RoleQuat)
}
/// Not implemented
func (usr UserInfo) HasRoleMaptest() (bool, error) {
	println("HasRoleMaptest is not implemented!")
	return false, nil
}

type SecurityHandler struct {
	Client auth.AuthServiceClient
}

func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName api.OperationName, t api.CookieAuth) (context.Context, error) {
	sessionId := t.GetAPIKey()
	if sessionId == "" {
		return nil, ErrMissingSessionID
	}

	validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{
		SessionID: sessionId,
	})
	if err != nil {
		return nil, err
	}
	if !validate.Valid {
		return nil, ErrInvalidSession
	}

	newCtx := context.WithValue(ctx, "UserInfo", UserInfo{
		svc:       &svc,
		ctx:       &ctx,
		sessionId: sessionId,
	})

	return newCtx, nil
}
auth 2024-11-29 21:58:47 +00:00			`package service`

			`import (`
			`"context"`
Unquatification 2024-12-12 22:29:20 +00:00			`"errors"`
auth 2024-11-29 21:58:47 +00:00			`"git.itzana.me/strafesnet/go-grpc/auth"`
Unquatification 2024-12-12 22:29:20 +00:00			`"git.itzana.me/strafesnet/maps-service/pkg/api"`
auth 2024-11-29 21:58:47 +00:00			`)`

			`var (`
			`// ErrMissingSessionID there is no session id`
			`ErrMissingSessionID = errors.New("SessionID missing")`
			`// ErrInvalidSession caller does not have a valid session`
			`ErrInvalidSession = errors.New("Session invalid")`
			`)`

submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`type Role int32`
auth 2024-11-29 21:58:47 +00:00			`var (`
submissions: implement ScriptWrite permission 2024-12-27 01:54:42 +00:00			`// has ScriptWrite`
submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`RoleQuat Role = 255`
fix roles 2024-12-11 02:23:23 +00:00			`// has SubmissionPublish`
submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`RoleMapAdmin Role = 128`
fix roles 2024-12-11 02:23:23 +00:00			`// has SubmissionReview`
submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`RoleMapCouncil Role = 64`
auth 2024-11-29 21:58:47 +00:00			`)`

submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`type UserInfo struct {`
			`// Would love to know a better way to do this`
			`svc *SecurityHandler`
			`ctx *context.Context`
			`sessionId string`
			`}`
roles: potential future roles 2024-12-14 20:01:34 +00:00
submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`func (usr UserInfo) GetUserID() (uint64, error) {`
			`session, err := usr.svc.Client.GetSessionUser(*usr.ctx, &auth.IdMessage{`
			`SessionID: usr.sessionId,`
			`})`
			`if err != nil {`
			`return 0, err`
			`}`
			`return session.UserID, nil`
auth 2024-11-29 21:58:47 +00:00			`}`
submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`func (usr UserInfo) IsSubmitter(submitter uint64) (bool, error) {`
			`userId, err := usr.GetUserID()`
			`if err != nil {`
			`return false, err`
			`}`
			`return userId == submitter, nil`
			`}`
			`func (usr UserInfo) hasRole(role Role) (bool, error) {`
			`roles, err := usr.svc.Client.GetGroupRole(*usr.ctx, &auth.IdMessage{`
			`SessionID: usr.sessionId,`
			`})`
			`if err != nil {`
			`return false, err`
			`}`
auth 2024-11-29 21:58:47 +00:00
submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`for _, r := range roles.Roles {`
			`if int32(role) <= r.Rank {`
			`return true, nil`
			`}`
			`}`
			`return false, nil`
auth 2024-11-29 21:58:47 +00:00			`}`

submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00
			`// RoleThumbnail`
			`// RoleMapDownload`
			`func (usr UserInfo) HasRoleSubmissionRelease() (bool, error) {`
			`return usr.hasRole(RoleMapAdmin)`
			`}`
			`func (usr UserInfo) HasRoleSubmissionReview() (bool, error) {`
			`return usr.hasRole(RoleMapCouncil)`
			`}`
			`func (usr UserInfo) HasRoleScriptWrite() (bool, error) {`
			`return usr.hasRole(RoleQuat)`
			`}`
			`/// Not implemented`
			`func (usr UserInfo) HasRoleMaptest() (bool, error) {`
			`println("HasRoleMaptest is not implemented!")`
			`return false, nil`
auth 2024-11-29 21:58:47 +00:00			`}`

			`type SecurityHandler struct {`
produce less garbage 2024-12-10 04:10:23 +00:00			`Client auth.AuthServiceClient`
auth 2024-11-29 21:58:47 +00:00			`}`

Unquatification 2024-12-12 22:29:20 +00:00			`func (svc SecurityHandler) HandleCookieAuth(ctx context.Context, operationName api.OperationName, t api.CookieAuth) (context.Context, error) {`
auth 2024-11-29 21:58:47 +00:00			`sessionId := t.GetAPIKey()`
			`if sessionId == "" {`
			`return nil, ErrMissingSessionID`
			`}`

produce less garbage 2024-12-10 04:10:23 +00:00			`validate, err := svc.Client.ValidateSession(ctx, &auth.IdMessage{`
auth 2024-11-29 21:58:47 +00:00			`SessionID: sessionId,`
			`})`
Unquatification 2024-12-12 22:29:20 +00:00			`if err != nil {`
auth 2024-11-29 21:58:47 +00:00			`return nil, err`
			`}`
Unquatification 2024-12-12 22:29:20 +00:00			`if !validate.Valid {`
auth 2024-11-29 21:58:47 +00:00			`return nil, ErrInvalidSession`
			`}`

			`newCtx := context.WithValue(ctx, "UserInfo", UserInfo{`
submissions: refactor auth to only make requests when needed 2024-12-28 01:24:09 +00:00			`svc: &svc,`
			`ctx: &ctx,`
			`sessionId: sessionId,`
auth 2024-11-29 21:58:47 +00:00			`})`

			`return newCtx, nil`
			`}`