From 33bd7e8babe1ae554bec264f81100d407be8e01a Mon Sep 17 00:00:00 2001
From: Settel <settel@localhost>
Date: Sun, 18 Feb 2024 12:56:24 +0100
Subject: [PATCH] feat: use JWT for authentication

BREAKING CHANGE: changes format of cookie
---
 server/src/handler/private.go | 14 +------------
 server/src/handler/token.go   | 37 +++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/server/src/handler/private.go b/server/src/handler/private.go
index f86c29c..5cdc0e3 100644
--- a/server/src/handler/private.go
+++ b/server/src/handler/private.go
@@ -3,7 +3,6 @@ package handler
 import (
 	"fmt"
 	"net/http"
-	"strings"
 
 	"sirlab.de/go/knowyt/user"
 )
@@ -30,22 +29,11 @@ func (authMux *AuthMux) accessDenied(w http.ResponseWriter, r *http.Request) {
 }
 
 func (authMux *AuthMux) getUserFromSession(r *http.Request) (*user.User, error) {
-	authCookie, err := r.Cookie("knowyt-auth")
+	usr, err := authMux.validateSessionAndGetUser(r)
 	if err != nil {
 		return nil, fmt.Errorf("invalid cookie")
 	}
 
-	vals := strings.SplitN(authCookie.Value, ":", 2)
-
-	usr, usrErr := authMux.app.GetUserById(vals[0])
-	if usrErr != nil {
-		return nil, fmt.Errorf("invalid cookie")
-	}
-
-	if usr.GetAuthCode() != vals[1] {
-		return nil, fmt.Errorf("invalid cookie")
-	}
-
 	if usr.IsAdmin() {
 		if cookieCameo, err := r.Cookie("knowyt-auth-cameo"); err == nil {
 			if usrCameo, err := authMux.app.GetUserById(cookieCameo.Value); err == nil {
diff --git a/server/src/handler/token.go b/server/src/handler/token.go
index 8399ceb..9205e13 100644
--- a/server/src/handler/token.go
+++ b/server/src/handler/token.go
@@ -2,9 +2,12 @@ package handler
 
 import (
 	"crypto/rand"
+	"fmt"
+	"net/http"
 	"time"
 
 	"github.com/golang-jwt/jwt"
+	"sirlab.de/go/knowyt/user"
 )
 
 var secretKey []byte = nil
@@ -25,3 +28,37 @@ func (authMux *AuthMux) createToken(uid string) (string, error) {
 
 	return token.SignedString(secretKey)
 }
+
+func (authMux *AuthMux) validateSessionAndGetUser(r *http.Request) (*user.User, error) {
+	tokenString, err := r.Cookie("knowyt-auth")
+	if err != nil {
+		return nil, err
+	}
+
+	token, err := jwt.Parse(tokenString.Value, func(token *jwt.Token) (interface{}, error) {
+		return secretKey, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	if !token.Valid {
+		return nil, fmt.Errorf("invalid JWT")
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		return nil, fmt.Errorf("invalid JWT")
+	}
+	userId := claims["uid"].(string)
+	if len(userId) == 0 {
+		return nil, fmt.Errorf("invalid JWT")
+	}
+
+	usr, err := authMux.app.GetUserById(userId)
+	if err != nil {
+		return nil, err
+	}
+
+	return usr, nil
+}