GetAuthFromReq is a helper function to get the user DID and access token from the request. Also does some maintenance tasks like refreshing the access token if it has expired. @return: userDID, pds, tokenUUID, accessJwt, error
(c *fiber.Ctx)
| 137 | // |
| 138 | // @return: userDID, pds, tokenUUID, accessJwt, error |
| 139 | func GetAuthFromReq(c *fiber.Ctx) (*string, *string, *string, *string, error) { |
| 140 | authHeader := c.Get("Authorization") |
| 141 | fallbackRoute := "https://public.api.bsky.app" |
| 142 | if configData.DeveloperMode { |
| 143 | fmt.Println("Auth Header:", authHeader) |
| 144 | } |
| 145 | var accessJwt, refreshJwt, userPDS, basicHashSalt, basicAuthSalt, basicUUID *string |
| 146 | var userDID, tokenUUID, encryptionKey, basicAuthUsernamePassword, authPassword string |
| 147 | var access_expiry, refresh_expiry *float64 |
| 148 | var err error |
| 149 | |
| 150 | isBasic := false |
| 151 | nodid := "" |
| 152 | notoken := "" |
| 153 | var username string |
| 154 | |
| 155 | // Define a regular expression to match the oauth_token |
| 156 | if strings.HasPrefix(authHeader, "Basic ") { |
| 157 | // This really should be rewritten. If you can, send a PR :) |
| 158 | isBasic = true |
| 159 | // This is using basic authentication. Basic authentication, sucks. We have to somehow store the password, and i do not like that. |
| 160 | // But if we want iOS 2, we have to do this. |
| 161 | base64pass := strings.TrimPrefix(authHeader, "Basic ") |
| 162 | var did *string |
| 163 | basicAuthUsernamePassword, err = cryption.Base64URLDecode(base64pass) |
| 164 | if err != nil { |
| 165 | return &nodid, &fallbackRoute, nil, ¬oken, err |
| 166 | } |
| 167 | |
| 168 | // separate the username and password |
| 169 | username = strings.Split(basicAuthUsernamePassword, ":")[0] |
| 170 | authPassword = strings.Split(basicAuthUsernamePassword, ":")[1] |
| 171 | |
| 172 | accessJwt, refreshJwt, access_expiry, refresh_expiry, userPDS, did, basicHashSalt, basicAuthSalt, basicUUID, err = db_controller.GetTokenViaBasic(username, authPassword) |
| 173 | fmt.Println(err) |
| 174 | if err != nil { |
| 175 | // We might just not be signed in. |
| 176 | if err.Error() == "invalid credentials" { |
| 177 | // test if password is an app password thru regex |
| 178 | if !regexp.MustCompile(`^[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}$`).MatchString(authPassword) { |
| 179 | return &nodid, &fallbackRoute, nil, ¬oken, errors.New("invalid app password") |
| 180 | } |
| 181 | |
| 182 | res, pds, err := blueskyapi.Authenticate(username, authPassword) |
| 183 | if err != nil { |
| 184 | return &nodid, &fallbackRoute, nil, ¬oken, err |
| 185 | } |
| 186 | |
| 187 | access_token_expiry, err := cryption.GetJWTTokenExpirationUnix(res.AccessJwt) |
| 188 | if err != nil { |
| 189 | return &nodid, &fallbackRoute, nil, ¬oken, errors.New("failed to get access token expiry") |
| 190 | } |
| 191 | refresh_token_expiry, err := cryption.GetJWTTokenExpirationUnix(res.RefreshJwt) |
| 192 | if err != nil { |
| 193 | return &nodid, &fallbackRoute, nil, ¬oken, errors.New("failed to get refresh token expiry") |
| 194 | } |
| 195 | |
| 196 | _, err = db_controller.StoreTokenBasic(res.DID, *pds, res.AccessJwt, res.RefreshJwt, username, authPassword, *access_token_expiry, *refresh_token_expiry) |
no test coverage detected