sonr/internal/mdw/authz.go

package mdw

import (
	"net/http"

	echojwt "github.com/labstack/echo-jwt/v4"
	"github.com/labstack/echo/v4"
	"gopkg.in/macaroon.v2"
)

type Authz struct {
	echo.Context
	echojwt.Config

	signKey []byte
}

func newAuthz(c echo.Context, signKey []byte) *Authz {
	return &Authz{Context: c, signKey: signKey}
}

func (a *Authz) Accessible(route string, handler echo.HandlerFunc) echo.HandlerFunc {
	// Verify the macaroon
	//	verified := a.Verify(a.signKey, func(caveat string) error {
	// Implement your caveat verification logic here
	// For example, you might check if the caveat is still valid (e.g., not expired)
	// return nil // Return nil if the caveat is valid
	//	}, nil)
	// if !verified {
	// return func(c echo.Context) error {
	// return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid macaroon"})
	// }
	// }
	a.SetPath(route)
	return handler
}

func ValidateMacaroonMiddleware(secretKey []byte, location string) echo.MiddlewareFunc {
	return func(next echo.HandlerFunc) echo.HandlerFunc {
		return func(c echo.Context) error {
			// Extract the macaroon from the Authorization header
			auth := c.Request().Header.Get("Authorization")
			if auth == "" {
				return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Missing Authorization header"})
			}

			// Decode the macaroon
			mac, err := macaroon.Base64Decode([]byte(auth))
			if err != nil {
				return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid macaroon encoding"})
			}

			token, err := macaroon.New(secretKey, mac, location, macaroon.LatestVersion)
			if err != nil {
				return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid macaroon"})
			}

			// Verify the macaroon
			err = token.Verify(secretKey, func(caveat string) error {
				// Implement your caveat verification logic here
				// For example, you might check if the caveat is still valid (e.g., not expired)
				return nil // Return nil if the caveat is valid
			}, nil)
			if err != nil {
				return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid macaroon"})
			}

			// Macaroon is valid, proceed to the next handler
			return next(c)
		}
	}
}
feature/refactor did state (#10) * feat(did): remove account types * feat: Refactor Property to Proof in zkprop.go * feat: add ZKP proof mechanism for verifications * fix: return bool and error from pinInitialVault * feat: implement KeyshareSet for managing user and validator keyshares * feat: Update Credential type in protobuf * feat: update credential schema with sign count * feat: migrate and modules to middleware * refactor: rename vault module to ORM * chore(dwn): add service worker registration to index template * feat: integrate service worker for offline functionality * refactor(did): use DIDNamespace enum for verification method in proto reflection * refactor: update protobuf definitions to support Keyshare * feat: expose did keeper in app keepers * Add Motr Web App * refactor: rename motr/handlers/discovery.go to motr/handlers/openid.go * refactor: move session related code to middleware * feat: add database operations for managing assets, chains, and credentials * feat: add htmx support for UI updates * refactor: extract common helper scripts * chore: remove unused storage GUI components * refactor: Move frontend rendering to dedicated handlers * refactor: rename to * refactor: move alert implementation to templ * feat: add alert component with icon, title, and message * feat: add new RequestHeaders struct to store request headers * Feature/create home view (#9) * refactor: move view logic to new htmx handler * refactor: remove unnecessary dependencies * refactor: remove unused dependencies * feat(devbox): integrate air for local development * feat: implement openid connect discovery document * refactor: rename to * refactor(did): update service handling to support DNS discovery * feat: add support for user and validator keyshares * refactor: move keyshare signing logic to signer 2024-09-11 15:10:54 -04:00			`package mdw`

			`import (`
			`"net/http"`

			`echojwt "github.com/labstack/echo-jwt/v4"`
			`"github.com/labstack/echo/v4"`
			`"gopkg.in/macaroon.v2"`
			`)`

			`type Authz struct {`
			`echo.Context`
			`echojwt.Config`

			`signKey []byte`
			`}`

			`func newAuthz(c echo.Context, signKey []byte) *Authz {`
			`return &Authz{Context: c, signKey: signKey}`
			`}`

			`func (a *Authz) Accessible(route string, handler echo.HandlerFunc) echo.HandlerFunc {`
			`// Verify the macaroon`
			`// verified := a.Verify(a.signKey, func(caveat string) error {`
			`// Implement your caveat verification logic here`
			`// For example, you might check if the caveat is still valid (e.g., not expired)`
			`// return nil // Return nil if the caveat is valid`
			`// }, nil)`
			`// if !verified {`
			`// return func(c echo.Context) error {`
			`// return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid macaroon"})`
			`// }`
			`// }`
			`a.SetPath(route)`
			`return handler`
			`}`

			`func ValidateMacaroonMiddleware(secretKey []byte, location string) echo.MiddlewareFunc {`
			`return func(next echo.HandlerFunc) echo.HandlerFunc {`
			`return func(c echo.Context) error {`
			`// Extract the macaroon from the Authorization header`
			`auth := c.Request().Header.Get("Authorization")`
			`if auth == "" {`
			`return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Missing Authorization header"})`
			`}`

			`// Decode the macaroon`
			`mac, err := macaroon.Base64Decode([]byte(auth))`
			`if err != nil {`
			`return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid macaroon encoding"})`
			`}`

			`token, err := macaroon.New(secretKey, mac, location, macaroon.LatestVersion)`
			`if err != nil {`
			`return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid macaroon"})`
			`}`

			`// Verify the macaroon`
			`err = token.Verify(secretKey, func(caveat string) error {`
			`// Implement your caveat verification logic here`
			`// For example, you might check if the caveat is still valid (e.g., not expired)`
			`return nil // Return nil if the caveat is valid`
			`}, nil)`
			`if err != nil {`
			`return c.JSON(http.StatusUnauthorized, map[string]string{"error": "Invalid macaroon"})`
			`}`

			`// Macaroon is valid, proceed to the next handler`
			`return next(c)`
			`}`
			`}`
			`}`