WIP still, tuning up auth and room wildcard with middleware
This commit is contained in:
Nate Anderson
@@ -3,27 +3,43 @@ import 'dart:io';
|
||||
import 'package:backend/database.dart';
|
||||
import 'package:backend/service/db_access.dart';
|
||||
import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
|
||||
import 'package:logging/logging.dart';
|
||||
import 'package:shared_models/user.dart';
|
||||
|
||||
final jwtSecret = _getSecret();
|
||||
const expTimeSecs = 3600;
|
||||
|
||||
final log = Logger('Authenticator');
|
||||
|
||||
enum JWTTokenStatus {
|
||||
valid,
|
||||
expired,
|
||||
invalid,
|
||||
}
|
||||
|
||||
class Authenticator {
|
||||
Future<String?> generateToken({required String username}) async {
|
||||
final newUser = await Db.createUser(username: username);
|
||||
Future<String?> generateToken(CreateUserRequest req) async {
|
||||
final newUser = await Db.createUser(username: req.username, roomCode: req.roomCode);
|
||||
if (newUser == null) return null;
|
||||
|
||||
final iat = DateTime.now().millisecondsSinceEpoch ~/ 1000;
|
||||
final jwt = JWT(
|
||||
{
|
||||
'uid': newUser.uuid,
|
||||
'roomUuid': newUser.gameRoomUuid,
|
||||
'iat': iat,
|
||||
'exp': iat + expTimeSecs,
|
||||
},
|
||||
);
|
||||
|
||||
return jwt.sign(SecretKey(jwtSecret));
|
||||
}
|
||||
|
||||
Future<User?> verifyToken(
|
||||
Future<(User?, JWTTokenStatus)> verifyToken(
|
||||
String token,
|
||||
) async {
|
||||
try {
|
||||
log.info('Verifying jwt: ${token.substring(0, 10)}...${token.substring(token.length - 10)}');
|
||||
final payload = JWT.verify(
|
||||
token,
|
||||
SecretKey(jwtSecret),
|
||||
@@ -31,16 +47,47 @@ class Authenticator {
|
||||
|
||||
final payloadData = payload.payload as Map<String, dynamic>;
|
||||
|
||||
final iat = payloadData['iat'] as int;
|
||||
final exp = payloadData['exp'] as int;
|
||||
|
||||
if (iat + expTimeSecs != exp || DateTime.now().millisecondsSinceEpoch ~/ 1000 > exp) {
|
||||
return (null, JWTTokenStatus.expired);
|
||||
}
|
||||
|
||||
final uuid = payloadData['uuid'] as String;
|
||||
return await Db.getUser(uuid);
|
||||
return (await Db.getUser(uuid), JWTTokenStatus.valid);
|
||||
} catch (e) {
|
||||
return null;
|
||||
return (null, JWTTokenStatus.invalid);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// load any env vars inside root of project's .env file, then looks for JWT_TOKEN_SECRET
|
||||
String _getSecret() {
|
||||
final secret = Platform.environment['JWT_TOKEN_SECRET'];
|
||||
final envs = {...Platform.environment};
|
||||
try {
|
||||
final result = Process.runSync('git', ['rev-parse', '--show-toplevel']);
|
||||
if (result.exitCode != 0) {
|
||||
log.warning('Failed to get git root directory: ${result.stderr}');
|
||||
throw Exception('Failed to get git root directory');
|
||||
}
|
||||
final rootDir = (result.stdout as String).trim();
|
||||
final envFile = File('$rootDir/.env');
|
||||
if (envFile.existsSync()) {
|
||||
for (final line in envFile.readAsLinesSync()) {
|
||||
if (line.trim().isEmpty || line.startsWith('#')) continue;
|
||||
final parts = line.split('=');
|
||||
if (parts.length != 2) continue;
|
||||
final key = parts[0].trim();
|
||||
final value = parts[1].trim();
|
||||
envs[key] = value;
|
||||
}
|
||||
}
|
||||
} catch (e) {
|
||||
log.warning('Failed to load .env file: $e');
|
||||
}
|
||||
// check for secret
|
||||
final secret = envs['JWT_TOKEN_SECRET'];
|
||||
if (secret == null || secret.isEmpty) {
|
||||
throw Exception('JWT secret not configured. Define JWT_TOKEN_SECRET in environment.');
|
||||
} else {
|
||||
|
||||
@@ -7,21 +7,34 @@ part 'database.g.dart';
|
||||
|
||||
class Users extends Table {
|
||||
TextColumn get uuid => text().unique()();
|
||||
TextColumn get gameRoom => text().references(GameRooms, #uuid).nullable()();
|
||||
TextColumn get gameRoomUuid => text().references(GameRooms, #uuid)();
|
||||
TextColumn get name => text().withLength(min: 2, max: 32)();
|
||||
DateTimeColumn get createdAt => dateTime().nullable()();
|
||||
|
||||
@override
|
||||
bool get isStrict => true;
|
||||
}
|
||||
|
||||
enum GameStatus {
|
||||
opened,
|
||||
open,
|
||||
running,
|
||||
closed,
|
||||
cancelled,
|
||||
}
|
||||
|
||||
class GameRooms extends Table {
|
||||
TextColumn get uuid => text().unique()();
|
||||
TextColumn get status => textEnum<GameStatus>()();
|
||||
TextColumn get code => text().withLength(min: 6, max: 6)();
|
||||
DateTimeColumn get createdAt => dateTime().nullable()();
|
||||
|
||||
@override
|
||||
bool get isStrict => true;
|
||||
|
||||
@override
|
||||
List<Set<Column>> get uniqueKeys => [
|
||||
{code, status},
|
||||
];
|
||||
}
|
||||
|
||||
@DriftDatabase(tables: [Users, GameRooms])
|
||||
@@ -32,7 +45,7 @@ class AppDatabase extends _$AppDatabase {
|
||||
int get schemaVersion => 1;
|
||||
|
||||
static QueryExecutor _openConnection() {
|
||||
return NativeDatabase.createInBackground(File('./backend.db'));
|
||||
return NativeDatabase.createInBackground(File('./db.sqlite'));
|
||||
}
|
||||
|
||||
@override
|
||||
|
||||
@@ -0,0 +1,47 @@
|
||||
import 'dart:io';
|
||||
|
||||
import 'package:backend/authenticator.dart';
|
||||
import 'package:dart_frog/dart_frog.dart';
|
||||
|
||||
Authenticator? _authenticator;
|
||||
|
||||
Middleware authenticatorMiddlewareProvider() {
|
||||
return provider<Authenticator>((context) => _authenticator ??= Authenticator());
|
||||
}
|
||||
|
||||
typedef Applies = Future<bool> Function(RequestContext context);
|
||||
|
||||
Future<bool> _defaultApplies(RequestContext context) async => true;
|
||||
|
||||
Middleware tokenAuthMiddleware({
|
||||
Applies applies = _defaultApplies,
|
||||
}) {
|
||||
return (handler) => (context) async {
|
||||
if (!await applies(context)) {
|
||||
return handler(context);
|
||||
}
|
||||
final auth = context.read<Authenticator>();
|
||||
// use `auth.verifyToken(token)` to check the jwt that came in the request header bearer
|
||||
final authHeader = context.request.headers['authorization'];
|
||||
final auths = authHeader?.split(' ');
|
||||
if (authHeader == null || !authHeader.startsWith('Bearer ') || auths == null || auths.length != 2) {
|
||||
log.fine('Denied request - No Auth - ${context.request.method.value} ${context.request.uri.path}');
|
||||
return Response(statusCode: HttpStatus.unauthorized);
|
||||
}
|
||||
final token = auths.last;
|
||||
|
||||
final (user, tokStatus) = await auth.verifyToken(token);
|
||||
|
||||
if (user == null) {
|
||||
log.fine(
|
||||
'Denied request - Bad Auth:$tokStatus - ${context.request.method.value} ${context.request.uri.path}, no auth');
|
||||
return Response(statusCode: HttpStatus.unauthorized);
|
||||
}
|
||||
|
||||
return handler(
|
||||
context.provide(
|
||||
() => user,
|
||||
),
|
||||
);
|
||||
};
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
import 'package:dart_frog/dart_frog.dart';
|
||||
import 'package:logging/logging.dart';
|
||||
|
||||
final log = Logger('ServerLogger');
|
||||
|
||||
Middleware loggerMiddleware() {
|
||||
return (Handler handler) {
|
||||
return (RequestContext context) async {
|
||||
final request = context.request;
|
||||
final startTime = DateTime.now();
|
||||
|
||||
final response = await handler(context);
|
||||
|
||||
final duration = DateTime.now().difference(startTime);
|
||||
|
||||
log.info(
|
||||
'${request.method.name} ${request.uri.path} '
|
||||
'${response.statusCode} ${duration.inMilliseconds}ms',
|
||||
);
|
||||
|
||||
return response;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -6,19 +6,40 @@ import 'package:uuid/uuid.dart';
|
||||
final log = Logger('Db');
|
||||
|
||||
class Db {
|
||||
static final _db = AppDatabase();
|
||||
|
||||
static Future<User> getUser(String uuid) {
|
||||
log.finer('Getting user $uuid');
|
||||
return AppDatabase().managers.users.filter((f) => f.uuid.equals(uuid)).get().then((u) => u.first);
|
||||
return _db.managers.users.filter((f) => f.uuid.equals(uuid)).getSingle();
|
||||
}
|
||||
|
||||
static Future<User?> createUser({required String username}) => AppDatabase()
|
||||
.managers
|
||||
.users
|
||||
.createReturningOrNull(
|
||||
(o) => o(createdAt: Value(DateTime.now()), uuid: const Uuid().v4(), name: username),
|
||||
)
|
||||
.catchError((Object err) {
|
||||
log.severe('Failed to create user', err, StackTrace.current);
|
||||
throw Exception(err.toString());
|
||||
});
|
||||
static Future<User?> createUser({required String username, required String roomCode}) async {
|
||||
final room = await _db.managers.gameRooms
|
||||
.filter((f) => f.code.equals(roomCode) & f.status.isIn([GameStatus.open, GameStatus.running]))
|
||||
.getSingleOrNull()
|
||||
.catchError((Object err) {
|
||||
log.info('Failed to find available room:$roomCode', err, StackTrace.current);
|
||||
return null;
|
||||
});
|
||||
if (room == null) return null;
|
||||
return _db.managers.users
|
||||
.createReturningOrNull(
|
||||
(o) => o(createdAt: Value(DateTime.now()), uuid: const Uuid().v4(), name: username, gameRoomUuid: room.uuid),
|
||||
)
|
||||
.catchError((Object err) {
|
||||
log.severe('Failed to create user', err, StackTrace.current);
|
||||
throw Exception(err.toString());
|
||||
});
|
||||
}
|
||||
|
||||
static Future<GameRoom> createRoom({required String roomCode}) => _db.managers.gameRooms
|
||||
.createReturning(
|
||||
(o) => o(createdAt: Value(DateTime.now()), status: GameStatus.open, uuid: const Uuid().v4(), code: roomCode),
|
||||
)
|
||||
.catchError(
|
||||
(Object err) {
|
||||
log.severe('Failed to create room', err, StackTrace.current);
|
||||
throw Exception(err.toString());
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user