wip

polyculeconnect/cmd/app/add.go

@@ -90,8 +90,9 @@ func init() {
 	appCmd.AddCommand(appAddCmd)
 
 	appAddCmd.Flags().StringVarP(&appName, "name", "n", "", "Name to represent the app")
-	appAddCmd.Flags().StringVarP(&appClientID, "id", "i", "", "ID to identify the app in the storage")
-	appAddCmd.Flags().StringVarP(&appClientSecret, "secret", "s", "", "OpenIDConnect client secret")
+	appAddCmd.Flags().StringVarP(&appID, "id", "i", "", "ID to identify the app in the storage")
+	appAddCmd.Flags().StringVarP(&appClientID, "client-id", "", "", "OpenIDConnect client secret")
+	appAddCmd.Flags().StringVarP(&appClientSecret, "client-secret", "", "", "OpenIDConnect client secret")
 	appAddCmd.Flags().StringSliceVarP(&appRedirectURIs, "redirect-uri", "r", []string{}, "Allowed redirect URI")
 
 	appAddCmd.Flags().BoolVar(&appInteractive, "interactive", false, "Set the client ID and secret in an interactive way")

polyculeconnect/cmd/db/connect.go

@@ -0,0 +1,65 @@
+package db
+
+import (
+	"errors"
+	"fmt"
+	"os/exec"
+	"syscall"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+	"github.com/spf13/cobra"
+)
+
+// connectCmd represents the db connect command
+var connectCmd = &cobra.Command{
+	Use:   "connect",
+	Short: "Connect to the database",
+	Long:  `Connect to the database.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		conf := utils.InitConfig("")
+		if err := connectToDB(conf); err != nil {
+			utils.Failf("Failed to connect to DB: %s", err.Error())
+		}
+	},
+}
+
+func connectSQLite(conf *config.StorageConfig) error {
+	path, err := exec.LookPath("sqlite3")
+	if err != nil {
+		if errors.Is(err, exec.ErrNotFound) {
+			return errors.New("sqlite3 not installed")
+		}
+		return fmt.Errorf("failed to find sqlite3 executable: %w", err)
+	}
+
+	if err := syscall.Exec(path, []string{path, conf.File}, nil); err != nil {
+		return fmt.Errorf("failed to run sqlite3 command: %w", err)
+	}
+	return nil
+}
+
+func connectToDB(conf *config.AppConfig) error {
+	switch conf.StorageType {
+	case string(config.Memory):
+		return errors.New("no DB associated with memory storage")
+	case string(config.SQLite):
+		return connectSQLite(conf.StorageConfig)
+	default:
+		return fmt.Errorf("unsupported storage type %q", conf.StorageType)
+	}
+}
+
+func init() {
+	dbCmd.AddCommand(connectCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+}

polyculeconnect/cmd/db/db.go

@@ -0,0 +1,27 @@
+package db
+
+import (
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
+	"github.com/spf13/cobra"
+)
+
+// dbCmd represents the db command
+var dbCmd = &cobra.Command{
+	Use:   "db",
+	Short: "Manage the database",
+	Long:  `Manage the database.`,
+}
+
+func init() {
+	cmd.RootCmd.AddCommand(dbCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+}

polyculeconnect/cmd/db/destroy.go

@@ -0,0 +1,60 @@
+package db
+
+import (
+	"errors"
+	"fmt"
+	"os"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/utils"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+	"github.com/spf13/cobra"
+)
+
+// destroyCmd represents the db destroy command
+var destroyCmd = &cobra.Command{
+	Use:   "destroy",
+	Short: "Completely delete the current database",
+	Long:  `Delete the current database.`,
+	Run: func(cmd *cobra.Command, args []string) {
+		conf := utils.InitConfig("")
+		if err := deleteDB(conf); err != nil {
+			utils.Failf("Failed to connect to DB: %s", err.Error())
+		}
+		fmt.Println("DB deleted")
+	},
+}
+
+func deleteSqliteDB(path string) error {
+	if err := os.Remove(path); err != nil {
+		if errors.Is(err, os.ErrNotExist) { // if the file has already been deleted we don't want to fail here
+			return nil
+		}
+		return fmt.Errorf("failed to delete SQLite file: %w", err)
+	}
+	return nil
+}
+
+func deleteDB(conf *config.AppConfig) error {
+	switch conf.StorageType {
+	case string(config.Memory):
+		return errors.New("no DB to delete in memory mode")
+	case string(config.SQLite):
+		return deleteSqliteDB(conf.StorageConfig.File)
+	default:
+		return fmt.Errorf("unsupported storage type %q", conf.StorageType)
+	}
+}
+
+func init() {
+	dbCmd.AddCommand(destroyCmd)
+
+	// Here you will define your flags and configuration settings.
+
+	// Cobra supports Persistent Flags which will work for this command
+	// and all subcommands, e.g.:
+	// dbCmd.PersistentFlags().String("foo", "", "A help for foo")
+
+	// Cobra supports local flags which will only run when this command
+	// is called directly, e.g.:
+	// dbCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+}

polyculeconnect/config/config.go

@@ -57,7 +57,7 @@ const (
 	defaultServerPort   = 5000
 	defaultServerSocket = ""
 
-	defaultIssuer = "locahost"
+	defaultIssuer = "http://localhost:5000"
 
 	defaultStorageType      = Memory
 	defaultStorageFile      = "./polyculeconnect.db"

polyculeconnect/controller/ui/approval.go

@@ -0,0 +1,67 @@
+package ui
+
+import (
+	"net/http"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/approval"
+	"github.com/sirupsen/logrus"
+)
+
+const (
+	ApprovalRoute = "/approval"
+	rememberKey   = "remember"
+)
+
+type ApprovalController struct {
+	l                    *logrus.Logger
+	downstreamController http.Handler
+	srv                  approval.ApprovalService
+}
+
+func NewApprovalController(l *logrus.Logger, downstream http.Handler, srv approval.ApprovalService) *ApprovalController {
+	return &ApprovalController{
+		l:                    l,
+		downstreamController: downstream,
+		srv:                  srv,
+	}
+}
+
+func (ac *ApprovalController) handleGetApproval(r *http.Request) {
+	ac.l.Debug("Checking if approval is remembered")
+
+	remembered, err := ac.srv.IsRemembered(r.Context(), approval.Claim{Email: "kilgore@kilgore.trout", ClientID: "9854d42da9cd91369a293758d514178c73d2b9774971d8965945ab2b81e83e69"})
+	if err != nil {
+		ac.l.Errorf("Failed to check if approval is remembered: %s", err.Error())
+		return
+	}
+
+	if remembered {
+		ac.l.Info("Approval is remembered, skipping approval page")
+		return
+	} else {
+		ac.l.Info("Approval is not remembered, continuing")
+	}
+}
+
+func (ac *ApprovalController) handlePostApproval(r *http.Request) {
+	ac.l.Debug("Handling POST approval request")
+	if err := r.ParseForm(); err != nil {
+		ac.l.Errorf("Failed to parse request form: %s", err.Error())
+		return
+	}
+
+	if remember := r.Form.Get(rememberKey); remember == "on" {
+		if err := ac.srv.Remember(r.Context(), approval.Claim{Email: "kilgore@kilgore.trout", ClientID: "9854d42da9cd91369a293758d514178c73d2b9774971d8965945ab2b81e83e69"}); err != nil {
+			ac.l.Errorf("Failed to remember approval request: %s", err.Error())
+		}
+	}
+}
+
+func (ac *ApprovalController) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodPost {
+		ac.handlePostApproval(r)
+	} else if r.Method == http.MethodGet {
+		ac.handleGetApproval(r)
+	}
+	ac.downstreamController.ServeHTTP(w, r)
+}

polyculeconnect/main.go

@@ -4,6 +4,7 @@ import (
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd"
 	_ "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/app"
 	_ "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/backend"
+	_ "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/db"
 	_ "git.faercol.me/faercol/polyculeconnect/polyculeconnect/cmd/serve"
 )
 

polyculeconnect/server/server.go

@@ -11,6 +11,7 @@ import (
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/controller/ui"
 	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/middlewares"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/approval"
 	dex_server "github.com/dexidp/dex/server"
 	"github.com/sirupsen/logrus"
 )
@@ -63,8 +64,11 @@ func New(appConf *config.AppConfig, dexSrv *dex_server.Server, logger *logrus.Lo
 		panic(fmt.Errorf("unexpected listening mode %v", appConf.ServerMode))
 	}
 
+	approvalSrv := approval.New(appConf)
+
 	controllers := map[string]http.Handler{
 		ui.StaticRoute: middlewares.WithLogger(&ui.StaticController{}, logger),
+		"/approval":    middlewares.WithLogger(ui.NewApprovalController(logger, dexSrv, approvalSrv), logger),
 		"/":            middlewares.WithLogger(ui.NewIndexController(logger, dexSrv), logger),
 	}
 

polyculeconnect/services/approval/approval.go

@@ -0,0 +1,81 @@
+package approval
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+	"time"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/services/db"
+)
+
+const (
+	insertRememberApproval = `INSERT INTO stored_approvals (email, client_id, expiry) VALUES (?, ?, ?)`
+	getApproval            = `SELECT expiry FROM stored_approvalts WHERE email = ? AND client_id = ?`
+	dbTimeout              = 30 * time.Second
+	approvalExpiration     = 30 * 24 * time.Hour
+)
+
+type Claim struct {
+	Email    string
+	ClientID string
+}
+
+type ApprovalService interface {
+	Remember(ctx context.Context, claim Claim) error
+	IsRemembered(ctx context.Context, claim Claim) (bool, error)
+}
+
+type concreteApprovalService struct {
+	conf *config.AppConfig
+}
+
+func (cas *concreteApprovalService) Remember(ctx context.Context, claim Claim) error {
+	db, err := db.Connect(cas.conf)
+	if err != nil {
+		return fmt.Errorf("failed to connect to db: %w", err)
+	}
+
+	queryCtx, cancel := context.WithTimeout(ctx, dbTimeout)
+	defer cancel()
+
+	tx, err := db.BeginTx(queryCtx, nil)
+	if err != nil {
+		return fmt.Errorf("failed to begin transaction: %w", err)
+	}
+
+	expiry := time.Now().UTC().Add(approvalExpiration)
+	_, err = tx.Exec(insertRememberApproval, claim.Email, claim.ClientID, expiry)
+	if err != nil {
+		return fmt.Errorf("failed to insert approval in DB: %w", err)
+	}
+
+	if err := tx.Commit(); err != nil {
+		return fmt.Errorf("failed to commit transaction: %w", err)
+	}
+	return nil
+}
+
+func (cas *concreteApprovalService) IsRemembered(ctx context.Context, claim Claim) (bool, error) {
+	db, err := db.Connect(cas.conf)
+	if err != nil {
+		return false, fmt.Errorf("failed to connect to db: %w", err)
+	}
+
+	row := db.QueryRow(getApproval, claim.Email, claim.ClientID)
+	var expiry time.Time
+	if err := row.Scan(&expiry); err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return false, nil
+		}
+		return false, fmt.Errorf("failed to run query: %w", err)
+	}
+
+	return time.Now().UTC().Before(expiry), nil
+}
+
+func New(conf *config.AppConfig) ApprovalService {
+	return &concreteApprovalService{conf: conf}
+}

polyculeconnect/services/db/db.go

@@ -0,0 +1,27 @@
+package db
+
+import (
+	"database/sql"
+	"errors"
+	"fmt"
+
+	"git.faercol.me/faercol/polyculeconnect/polyculeconnect/config"
+)
+
+type concreteDBService struct {
+}
+
+func connectSQLite(path string) (*sql.DB, error) {
+	return sql.Open("sqlite3", path)
+}
+
+func Connect(conf *config.AppConfig) (*sql.DB, error) {
+	switch conf.StorageType {
+	case string(config.Memory):
+		return nil, errors.New("no db for memory mode")
+	case string(config.SQLite):
+		return connectSQLite(conf.StorageConfig.File)
+	default:
+		return nil, fmt.Errorf("unsupported storage mode %q", conf.StorageType)
+	}
+}

polyculeconnect/static/scripts/approval.js

@@ -0,0 +1,10 @@
+function submitApproval(approve) {
+  if (approve) {
+    document.getElementById("approval").value = "approve";
+  } else {
+    document.getElementById("approval").value = "rejected";
+  }
+
+  handleSuccess();
+  document.getElementById("approvalform").submit();
+}

polyculeconnect/static/scripts/appstate.js

@@ -0,0 +1,17 @@
+const STATE_SUCCESS = "SUCCESS";
+const STATE_IN_PROGRESS = "IN PROGRESS"
+const STATE_EMPTY = "NO STATE"
+
+const stateKey = "appState"
+
+function getState() {
+  state = localStorage.getItem(stateKey);
+  if (state === null) {
+    return STATE_EMPTY;
+  }
+  return state;
+}
+
+function setState(value) {
+  localStorage.setItem(stateKey, value);
+}

polyculeconnect/static/scripts/error.js

@@ -0,0 +1,6 @@
+let backButton = document.getElementById("error-back");
+
+backButton.addEventListener("click", (e) => {
+  e.preventDefault();
+  goBackToLogin();
+});

polyculeconnect/static/scripts/form.js

@@ -0,0 +1,11 @@
+let connectorForm = document.getElementById("connectorform");
+
+connectorForm.addEventListener("submit", (e) => {
+  e.preventDefault();
+  let connectorName = document.getElementById("cname").value;
+  let rememberMe = document.getElementById("remember-me").checked;
+  if (rememberMe === true) {
+    localStorage.setItem(connectorNameKey, connectorName);
+  }
+  chooseConnector(connectorName);
+});

polyculeconnect/static/scripts/index.js

@@ -1,11 +1,47 @@
-let connectorForm = document.getElementById("connectorform");
+const connectorNameKey = "connectorName";
+const connectorIDParam = "connector_id";
 
-connectorForm.addEventListener("submit", (e) => {
-  e.preventDefault();
+const urlParams = new URLSearchParams(window.location.search);
 
+function chooseConnector(connectorName) {
   let nextURL = new URL(window.location.href);
-  let connectorName = document.getElementById("cname").value;
-  nextURL.searchParams.append("connector_id", connectorName)
-
+  nextURL.searchParams.append(connectorIDParam, connectorName);
+  setState(STATE_IN_PROGRESS);
   window.location.href = nextURL;
-});
+}
+
+// Clean the cache in case previous authentication didn't succeed
+// in order not to get stuck in a login loop
+function handleFailedState() {
+  if (getState() !== STATE_SUCCESS) {
+    localStorage.removeItem(connectorNameKey);
+  }
+}
+
+// Add the connector name to local storage in case the auth succeeded
+// and the remember-me box was checked
+function handleSuccess(connectorName) {
+  setState(STATE_SUCCESS);
+  if (localStorage.getItem(rememberMeKey)) {
+    localStorage.removeItem(rememberMeKey);
+    localStorage.setItem(connectorNameKey, connectorName);
+  }
+}
+
+function handleLoginPage() {
+  handleFailedState();
+  let connectorName = localStorage.getItem(connectorNameKey);
+  if (getState() === STATE_SUCCESS && connectorName != null) {
+    chooseConnector(connectorName);
+  }
+}
+
+function goBackToLogin() {
+  let nextURL = new URL(window.location.href);
+  nextURL.searchParams.delete(connectorIDParam);
+  window.location.href = nextURL;
+}
+
+if (window.location.pathname === "/auth" && !urlParams.has(connectorIDParam)) {
+  handleLoginPage();
+}

polyculeconnect/static/style/index.css

@@ -76,6 +76,15 @@ body {
     color: var(--subtext-1);
 }
 
+.form-checkbox {
+    cursor: pointer;
+}
+
+.form-checkbox-label {
+    color: var(--subtext-0);
+    font-size: small;
+}
+
 .button {
     border: none;
     color: var(--mantle);

polyculeconnect/templates/approval.html

@@ -1,5 +1,7 @@
 {{ template "header.html" . }}
 
+<script src="/static/scripts/approval.js" defer></script>
+
 <div class="container">
     <div class="container-content">
         {{ if .Scopes }}
@@ -14,18 +16,19 @@
         {{ end }}
     </div>
 
+
     <div class="form-buttons">
-        <form method="post" class="container-form">
+        <form method="post" class="container-form" id="approvalform">
+            <div>
+                <input type="checkbox" id="rememberme" name="remember" class="form-checkbox">
+                <label for="remember-me" class="form-checkbox-label">Remember my choice</label>
+            </div>
             <input type="hidden" name="req" value="{{ .AuthReqID }}" />
-            <input type="hidden" name="approval" value="approve">
-            <button type="submit" class="button button-accept">
+            <input id="approval" type="hidden" name="approval" value="approve">
+            <button onclick="submitApproval(true)" class="button button-accept">
                 <span>Grant Access</span>
             </button>
-        </form>
-        <form method="post" class="container-form">
-            <input type="hidden" name="req" value="{{ .AuthReqID }}" />
-            <input type="hidden" name="approval" value="rejected">
-            <button type="submit" class="button button-cancel">
+            <button onclick="submitApproval(false)" class="button button-cancel">
                 <span>Cancel</span>
             </button>
         </form>

polyculeconnect/templates/error.html

@@ -1,7 +1,10 @@
 {{ template "header.html" . }}
 
+<script src="/static/scripts/error.js" defer></script>
+
 <div class="container">
     <div class="container-content">
+        <button id="error-back" class="button button-cancel">Back</button>
         <h2>{{ .ErrType }}</h2>
         <p>{{ .ErrMsg }}</p>
     </div>

polyculeconnect/templates/header.html

@@ -16,6 +16,9 @@
     <link rel="mask-icon" href="/static/icons/safari-pinned-tab.svg" color="#5bbad5">
     <meta name="msapplication-TileColor" content="#9f00a7">
     <meta name="theme-color" content="#ffffff">
+    <script src="/static/scripts/appstate.js"></script>
+    <script src="/static/scripts/index.js"></script>
+
 </head>
 
 <body>

polyculeconnect/templates/login.html

@@ -1,6 +1,6 @@
 {{ template "header.html" . }}
 
-<script src="/static/scripts/index.js" defer></script>
+<script src="/static/scripts/form.js" defer></script>
 
 <div class="container">
     <div class="container-content">
@@ -12,6 +12,10 @@
             <div class="form-elements">
                 <input type="text" id="cname" name="connector_id" placeholder="Service name" required
                     class="form-input">
+                <div>
+                    <input type="checkbox" id="remember-me" name="remember_me" class="form-checkbox">
+                    <label for="remember-me" class="form-checkbox-label">Remember my choice</label>
+                </div>
             </div>
             <div class="form-buttons">
                 <input type="submit" class="button button-accept" value="Continue">