Add Oauth2

src/auth.go

@@ -0,0 +1,113 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"net/http"
+	"strings"
+
+	"github.com/teris-io/shortid"
+)
+
+// creates a user session in redis
+func (a *App) CreateSession(uid string) (string, error) {
+	id, err := shortid.Generate()
+	if err != nil {
+		return "", err
+	}
+
+	ctx := context.Background()
+	if err := a.redisClient.Set(ctx, "session:"+id, uid, 0).Err(); err != nil {
+		return "", err
+	}
+
+	return id, nil
+}
+
+func (a *App) getSession(session_id string) (string, error) {
+	ctx := context.Background()
+	uid, err := a.redisClient.Get(ctx, "session:"+session_id).Result()
+	if err != nil {
+		return "", err
+	}
+
+	return uid, nil
+}
+
+func (a *App) getSessionFromRequest(r *http.Request) string {
+	authHeader := r.Header.Get("Authorization")
+	log.Println("test")
+	if strings.HasPrefix(authHeader, "Session ") {
+		return strings.TrimPrefix(authHeader, "Session ")
+	} else {
+	if cookie, err := r.Cookie("session"); err == nil {
+		return cookie.Value
+	}
+	}
+
+	return ""
+}
+
+func (a *App) UserAuthorizationHandler(w http.ResponseWriter, r *http.Request) (string, error) {
+	sessionID := a.getSessionFromRequest(r)
+
+	if sessionID != "" {
+		uid, err := a.getSession(sessionID)
+		if err == nil {
+			log.Println("authorized " + uid)
+			return uid, nil
+		}
+		log.Printf("Session validation failed: %v", err)
+	}
+
+	return "", fmt.Errorf("not authenticated")
+}
+
+func (a *App) withAuth(handler http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		auth := r.Header.Get("Authorization")
+
+		// Handle session-based auth
+		if strings.HasPrefix(auth, "Session ") {
+			sessionID := strings.TrimPrefix(auth, "Session ")
+			userID, err := a.getSession(sessionID)
+			if err != nil {
+				a.jsonResponse(w, http.StatusUnauthorized, APIResponse{
+					Success: false,
+					Error:   "Invalid session",
+				})
+				return
+			}
+
+			ctx := context.WithValue(r.Context(), "user_id", userID)
+			ctx = context.WithValue(ctx, "auth_type", "session")
+			handler(w, r.WithContext(ctx))
+			return
+		}
+
+		// Handle OAuth2 bearer tokens
+		if strings.HasPrefix(auth, "Bearer ") {
+			token := strings.TrimPrefix(auth, "Bearer ")
+			ti, err := a.manager.LoadAccessToken(context.Background(), token)
+			if err != nil {
+				a.jsonResponse(w, http.StatusUnauthorized, APIResponse{
+					Success: false,
+					Error:   "Invalid token",
+				})
+				return
+			}
+
+			ctx := context.WithValue(r.Context(), "user_id", ti.GetUserID())
+			ctx = context.WithValue(ctx, "auth_type", "oauth2")
+			ctx = context.WithValue(ctx, "client_id", ti.GetClientID())
+			handler(w, r.WithContext(ctx))
+			return
+		}
+
+		a.jsonResponse(w, http.StatusUnauthorized, APIResponse{
+			Success: false,
+			Error:   "Authentication required",
+		})
+	}
+}

src/go.mod

@@ -3,31 +3,31 @@ module mist
 go 1.24.3
 
 require (
-	github.com/docker/docker v28.2.2+incompatible
+	github.com/go-oauth2/oauth2/v4 v4.5.3
 	github.com/redis/go-redis/v9 v9.10.0
+	github.com/teris-io/shortid v0.0.0-20220617161101-71ec9f2aa569
+	golang.org/x/crypto v0.40.0
 )
 
 require (
-	github.com/Microsoft/go-winio v0.4.14 // indirect
+	github.com/bytedance/gopkg v0.1.2 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/containerd/errdefs v1.0.0 // indirect
-	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/go-connections v0.5.0 // indirect
-	github.com/docker/go-units v0.5.0 // indirect
-	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
-	go.opentelemetry.io/otel v1.36.0 // indirect
-	go.opentelemetry.io/otel/metric v1.36.0 // indirect
-	go.opentelemetry.io/otel/trace v1.36.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
+	github.com/go-session/session/v3 v3.2.1 // indirect
+	github.com/golang-jwt/jwt/v5 v5.3.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/tidwall/btree v1.8.0 // indirect
+	github.com/tidwall/buntdb v1.3.2 // indirect
+	github.com/tidwall/gjson v1.18.0 // indirect
+	github.com/tidwall/grect v0.1.4 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/tidwall/rtred v0.1.2 // indirect
+	github.com/tidwall/rtree v1.10.0 // indirect
+	github.com/tidwall/tinyqueue v0.1.1 // indirect
+	golang.org/x/net v0.42.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 )