wip
All checks were successful
ci/woodpecker/push/test Pipeline was successful
ci/woodpecker/push/deploy Pipeline was successful

This commit is contained in:
Melora Hugues 2024-03-29 18:21:26 +01:00
parent 5b18551826
commit d89ce46a47
6 changed files with 197 additions and 12 deletions

View file

@ -0,0 +1,67 @@
package ui
import (
"net/http"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/approval"
"github.com/sirupsen/logrus"
)
const (
ApprovalRoute = "/approval"
rememberKey = "remember"
)
type ApprovalController struct {
l *logrus.Logger
downstreamController http.Handler
srv approval.ApprovalService
}
func NewApprovalController(l *logrus.Logger, downstream http.Handler, srv approval.ApprovalService) *ApprovalController {
return &ApprovalController{
l: l,
downstreamController: downstream,
srv: srv,
}
}
func (ac *ApprovalController) handleGetApproval(r *http.Request) {
ac.l.Debug("Checking if approval is remembered")
remembered, err := ac.srv.IsRemembered(r.Context(), approval.Claim{Email: "kilgore@kilgore.trout", ClientID: "9854d42da9cd91369a293758d514178c73d2b9774971d8965945ab2b81e83e69"})
if err != nil {
ac.l.Errorf("Failed to check if approval is remembered: %s", err.Error())
return
}
if remembered {
ac.l.Info("Approval is remembered, skipping approval page")
return
} else {
ac.l.Info("Approval is not remembered, continuing")
}
}
func (ac *ApprovalController) handlePostApproval(r *http.Request) {
ac.l.Debug("Handling POST approval request")
if err := r.ParseForm(); err != nil {
ac.l.Errorf("Failed to parse request form: %s", err.Error())
return
}
if remember := r.Form.Get(rememberKey); remember == "on" {
if err := ac.srv.Remember(r.Context(), approval.Claim{Email: "kilgore@kilgore.trout", ClientID: "9854d42da9cd91369a293758d514178c73d2b9774971d8965945ab2b81e83e69"}); err != nil {
ac.l.Errorf("Failed to remember approval request: %s", err.Error())
}
}
}
func (ac *ApprovalController) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodPost {
ac.handlePostApproval(r)
} else if r.Method == http.MethodGet {
ac.handleGetApproval(r)
}
ac.downstreamController.ServeHTTP(w, r)
}

View file

@ -11,6 +11,7 @@ import (
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/controller/ui"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/middlewares"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/approval"
dex_server "github.com/dexidp/dex/server"
"github.com/sirupsen/logrus"
)
@ -63,8 +64,11 @@ func New(appConf *config.AppConfig, dexSrv *dex_server.Server, logger *logrus.Lo
panic(fmt.Errorf("unexpected listening mode %v", appConf.ServerMode))
}
approvalSrv := approval.New(appConf)
controllers := map[string]http.Handler{
ui.StaticRoute: middlewares.WithLogger(&ui.StaticController{}, logger),
"/approval": middlewares.WithLogger(ui.NewApprovalController(logger, dexSrv, approvalSrv), logger),
"/": middlewares.WithLogger(ui.NewIndexController(logger, dexSrv), logger),
}

View file

@ -0,0 +1,81 @@
package approval
import (
"context"
"database/sql"
"errors"
"fmt"
"time"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/db"
)
const (
insertRememberApproval = `INSERT INTO stored_approvals (email, client_id, expiry) VALUES (?, ?, ?)`
getApproval = `SELECT expiry FROM stored_approvalts WHERE email = ? AND client_id = ?`
dbTimeout = 30 * time.Second
approvalExpiration = 30 * 24 * time.Hour
)
type Claim struct {
Email string
ClientID string
}
type ApprovalService interface {
Remember(ctx context.Context, claim Claim) error
IsRemembered(ctx context.Context, claim Claim) (bool, error)
}
type concreteApprovalService struct {
conf *config.AppConfig
}
func (cas *concreteApprovalService) Remember(ctx context.Context, claim Claim) error {
db, err := db.Connect(cas.conf)
if err != nil {
return fmt.Errorf("failed to connect to db: %w", err)
}
queryCtx, cancel := context.WithTimeout(ctx, dbTimeout)
defer cancel()
tx, err := db.BeginTx(queryCtx, nil)
if err != nil {
return fmt.Errorf("failed to begin transaction: %w", err)
}
expiry := time.Now().UTC().Add(approvalExpiration)
_, err = tx.Exec(insertRememberApproval, claim.Email, claim.ClientID, expiry)
if err != nil {
return fmt.Errorf("failed to insert approval in DB: %w", err)
}
if err := tx.Commit(); err != nil {
return fmt.Errorf("failed to commit transaction: %w", err)
}
return nil
}
func (cas *concreteApprovalService) IsRemembered(ctx context.Context, claim Claim) (bool, error) {
db, err := db.Connect(cas.conf)
if err != nil {
return false, fmt.Errorf("failed to connect to db: %w", err)
}
row := db.QueryRow(getApproval, claim.Email, claim.ClientID)
var expiry time.Time
if err := row.Scan(&expiry); err != nil {
if errors.Is(err, sql.ErrNoRows) {
return false, nil
}
return false, fmt.Errorf("failed to run query: %w", err)
}
return time.Now().UTC().Before(expiry), nil
}
func New(conf *config.AppConfig) ApprovalService {
return &concreteApprovalService{conf: conf}
}

View file

@ -0,0 +1,27 @@
package db
import (
"database/sql"
"errors"
"fmt"
"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
)
type concreteDBService struct {
}
func connectSQLite(path string) (*sql.DB, error) {
return sql.Open("sqlite3", path)
}
func Connect(conf *config.AppConfig) (*sql.DB, error) {
switch conf.StorageType {
case string(config.Memory):
return nil, errors.New("no db for memory mode")
case string(config.SQLite):
return connectSQLite(conf.StorageConfig.File)
default:
return nil, fmt.Errorf("unsupported storage mode %q", conf.StorageType)
}
}

View file

@ -1,5 +1,10 @@
let approvalForm = document.getElementById("approvalform");
function submitApproval(approve) {
if (approve) {
document.getElementById("approval").value = "approve";
} else {
document.getElementById("approval").value = "rejected";
}
approvalForm.addEventListener("submit", (e) => {
handleSuccess();
});
document.getElementById("approvalform").submit();
}

View file

@ -16,18 +16,19 @@
{{ end }}
</div>
<div class="form-buttons" id="approvalform">
<form method="post" class="container-form">
<div class="form-buttons">
<form method="post" class="container-form" id="approvalform">
<div>
<input type="checkbox" id="rememberme" name="remember" class="form-checkbox">
<label for="remember-me" class="form-checkbox-label">Remember my choice</label>
</div>
<input type="hidden" name="req" value="{{ .AuthReqID }}" />
<input type="hidden" name="approval" value="approve">
<button type="submit" class="button button-accept">
<input id="approval" type="hidden" name="approval" value="approve">
<button onclick="submitApproval(true)" class="button button-accept">
<span>Grant Access</span>
</button>
</form>
<form method="post" class="container-form">
<input type="hidden" name="req" value="{{ .AuthReqID }}" />
<input type="hidden" name="approval" value="rejected">
<button type="submit" class="button button-cancel">
<button onclick="submitApproval(false)" class="button button-cancel">
<span>Cancel</span>
</button>
</form>