after fork

2023-04-11 22:43:48 +02:00
commit 6486bfd1c8
33 changed files with 3366 additions and 0 deletions
--- a/security/apikey.go
+++ b/security/apikey.go
@ -0,0 +1,33 @@
+package security
+
+import (
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/gofiber/fiber/v2"
+)
+
+type ApiKey struct {
+	Security
+	Name string
+}
+
+func (k *ApiKey) Authorize(c *fiber.Ctx) error {
+	auth := c.Get(k.Name)
+	if auth == "" {
+		return fiber.NewError(fiber.StatusUnauthorized, "empty apikey")
+	} else {
+		k.Callback(c, auth)
+	}
+	return c.Next()
+}
+
+func (k *ApiKey) Provider() AuthType {
+	return ApiKeyAuth
+}
+
+func (k *ApiKey) Scheme() *openapi3.SecurityScheme {
+	return &openapi3.SecurityScheme{
+		Type: "http",
+		In:   "header",
+		Name: k.Name,
+	}
+}
--- a/security/basic.go
+++ b/security/basic.go
@ -0,0 +1,62 @@
+package security
+
+import (
+	"encoding/base64"
+	"strings"
+
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/gofiber/fiber/v2"
+)
+
+type Basic struct {
+	Security
+}
+
+type User struct {
+	Username string
+	Password string
+}
+
+func decode(s string) ([]byte, error) {
+	return base64.StdEncoding.DecodeString(s)
+}
+
+func (b *Basic) parseBasicAuth(c *fiber.Ctx) (User, error) {
+	var user User
+	auth := c.Get(fiber.HeaderAuthorization)
+	if auth == "" {
+		return user, fiber.NewError(fiber.StatusUnauthorized, "authorization header is missing")
+	}
+	if !strings.HasPrefix(strings.ToLower(auth), "basic ") {
+		return user, fiber.NewError(fiber.StatusUnauthorized, "authorization header is not basic")
+	}
+	raw, err := decode(auth[6:])
+	if err != nil {
+		return user, fiber.ErrUnauthorized
+	}
+	credentials := strings.Split(string(raw), ":")
+	user.Username = credentials[0]
+	user.Password = credentials[1]
+	return user, nil
+}
+
+func (b *Basic) Authorize(c *fiber.Ctx) error {
+	user, err := b.parseBasicAuth(c)
+	if err != nil {
+		return err
+	} else {
+		b.Callback(c, user)
+	}
+	return c.Next()
+}
+
+func (b *Basic) Provider() AuthType {
+	return BasicAuth
+}
+
+func (b *Basic) Scheme() *openapi3.SecurityScheme {
+	return &openapi3.SecurityScheme{
+		Type:   "http",
+		Scheme: "basic",
+	}
+}
--- a/security/bearer.go
+++ b/security/bearer.go
@ -0,0 +1,39 @@
+package security
+
+import (
+	"strings"
+
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/gofiber/fiber/v2"
+)
+
+type Bearer struct {
+	Security
+}
+
+func (b *Bearer) Authorize(c *fiber.Ctx) error {
+	auth := c.Get(fiber.HeaderAuthorization)
+	if auth == "" {
+		return fiber.NewError(fiber.StatusUnauthorized, "empty authentication")
+	} else {
+		splits := strings.Split(auth, "Bearer ")
+		if len(splits) != 2 {
+			return fiber.NewError(fiber.StatusUnauthorized, "invalid authentication string")
+		} else {
+			b.Callback(c, splits[1])
+		}
+		return c.Next()
+	}
+}
+
+func (b *Bearer) Provider() AuthType {
+	return BearerAuth
+}
+
+func (b *Bearer) Scheme() *openapi3.SecurityScheme {
+	return &openapi3.SecurityScheme{
+		Type:         "http",
+		Scheme:       "bearer",
+		BearerFormat: "JWT",
+	}
+}
--- a/security/cookie.go
+++ b/security/cookie.go
@ -0,0 +1,33 @@
+package security
+
+import (
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/gofiber/fiber/v2"
+)
+
+type Cookie struct {
+	Security
+	Name string
+}
+
+func (k *Cookie) Authorize(c *fiber.Ctx) error {
+	cookie := c.Cookies(k.Name)
+	if cookie == "" {
+		return fiber.NewError(fiber.StatusUnauthorized, "empty cookie: "+k.Name)
+	} else {
+		k.Callback(c, cookie)
+	}
+	return c.Next()
+}
+
+func (k *Cookie) Provider() AuthType {
+	return CookieAuth
+}
+
+func (k *Cookie) Scheme() *openapi3.SecurityScheme {
+	return &openapi3.SecurityScheme{
+		Type: "apiKey",
+		In:   "cookie",
+		Name: k.Name,
+	}
+}
--- a/security/oauth2.go
+++ b/security/oauth2.go
@ -0,0 +1,36 @@
+package security
+
+import (
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/gofiber/fiber/v2"
+)
+
+type OAuth2 struct {
+	Security
+	AuthorizationURL string
+	TokenURL         string
+	RefreshURL       string
+	Scopes           map[string]string
+}
+
+func (i *OAuth2) Authorize(c *fiber.Ctx) error {
+	return nil
+}
+
+func (i *OAuth2) Provider() AuthType {
+	return OAuth2Auth
+}
+
+func (i *OAuth2) Scheme() *openapi3.SecurityScheme {
+	return &openapi3.SecurityScheme{
+		Type: "oauth2",
+		Flows: &openapi3.OAuthFlows{
+			AuthorizationCode: &openapi3.OAuthFlow{
+				AuthorizationURL: i.AuthorizationURL,
+				TokenURL:         i.TokenURL,
+				RefreshURL:       i.RefreshURL,
+				Scopes:           i.Scopes,
+			},
+		},
+	}
+}
--- a/security/openid.go
+++ b/security/openid.go
@ -0,0 +1,26 @@
+package security
+
+import (
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/gofiber/fiber/v2"
+)
+
+type OpenID struct {
+	Security
+	ConnectUrl string
+}
+
+func (i *OpenID) Authorize(c *fiber.Ctx) error {
+	return nil
+}
+
+func (i *OpenID) Provider() AuthType {
+	return OpenIDAuth
+}
+
+func (i *OpenID) Scheme() *openapi3.SecurityScheme {
+	return &openapi3.SecurityScheme{
+		Type:             "openIdConnect",
+		OpenIdConnectUrl: i.ConnectUrl,
+	}
+}
--- a/security/security.go
+++ b/security/security.go
@ -0,0 +1,33 @@
+package security
+
+import (
+	"github.com/getkin/kin-openapi/openapi3"
+	"github.com/gofiber/fiber/v2"
+)
+
+type AuthType string
+
+const (
+	Credentials          = "credentials"
+	BasicAuth   AuthType = "BasicAuth"
+	BearerAuth  AuthType = "BearerAuth"
+	ApiKeyAuth  AuthType = "ApiKeyAuth"
+	OpenIDAuth  AuthType = "OpenIDAuth"
+	OAuth2Auth  AuthType = "OAuth2Auth"
+	CookieAuth  AuthType = "CookieAuth"
+)
+
+type ISecurity interface {
+	Authorize(c *fiber.Ctx) error
+	Callback(c *fiber.Ctx, credentials interface{})
+	Provider() AuthType
+	Scheme() *openapi3.SecurityScheme
+}
+
+type Security struct {
+	ISecurity
+}
+
+func (s *Security) Callback(c *fiber.Ctx, credentials interface{}) {
+	c.Locals(Credentials, credentials)
+}