Revert "Feat jwt auth"

auth/auth.go

@@ -7,40 +7,27 @@ import (
 	"crypto/rand"
 	"errors"
 	"fmt"
-	"github.com/KnightHacks/knighthacks_shared/models"
 	"github.com/golang-jwt/jwt"
 	"github.com/google/go-github/v45/github"
 	"golang.org/x/oauth2"
 	"io"
 	"strconv"
-	"time"
 )
 
-type TokenType string
+type Provider int
 
 const (
-	RefreshTokenType TokenType = "REFRESH"
-	AccessTokenType  TokenType = "ACCESS"
-)
-
-var (
-	TokenNotValid = errors.New("jwt token not valid")
+	GitHubAuthProvider Provider = iota
+	GmailAuthProvider  Provider = iota
 )
 
 type Auth struct {
-	ConfigMap  map[models.Provider]oauth2.Config
-	signingKey []byte
+	ConfigMap  map[Provider]oauth2.Config
+	signingKey string
 	gcm        cipher.AEAD
 }
 
-type UserClaims struct {
-	UserID string      `json:"user_id"`
-	Role   models.Role `json:"role"`
-	Type   TokenType   `json:"type"`
-	jwt.StandardClaims
-}
-
-func NewAuth(signingKey string, cipher32Bit string, configMap map[models.Provider]oauth2.Config) (*Auth, error) {
+func NewAuth(signingKey string, cipher32Bit string, configMap map[Provider]oauth2.Config) (*Auth, error) {
 	newCipher, err := aes.NewCipher([]byte(cipher32Bit))
 	if err != nil {
 		return nil, err
@@ -49,24 +36,25 @@ func NewAuth(signingKey string, cipher32Bit string, configMap map[models.Provide
 	if err != nil {
 		return nil, err
 	}
-	return &Auth{ConfigMap: configMap, signingKey: []byte(signingKey), gcm: gcm}, nil
+	return &Auth{ConfigMap: configMap, signingKey: signingKey, gcm: gcm}, nil
 }
 
-func (a *Auth) GetAuthCodeURL(provider models.Provider, state string) string {
+func (a *Auth) GetAuthCodeURL(provider Provider) string {
 	config := a.ConfigMap[provider]
-	return config.AuthCodeURL(state, oauth2.AccessTypeOffline)
+	// TODO: Implement oauth2 'state' on url to prevent CSRF https://datatracker.ietf.org/doc/html/rfc6749#section-10.12
+	return config.AuthCodeURL("state", oauth2.AccessTypeOffline)
 }
 
-func (a *Auth) ExchangeCode(ctx context.Context, provider models.Provider, code string) (*oauth2.Token, error) {
+func (a *Auth) ExchangeCode(ctx context.Context, provider Provider, code string) (*oauth2.Token, error) {
 	config := a.ConfigMap[provider]
 	return config.Exchange(ctx, code)
 }
 
-func (a *Auth) GetUID(ctx context.Context, provider models.Provider, token string) (string, error) {
+func (a *Auth) GetUID(ctx context.Context, provider Provider, token string) (string, error) {
 	config := a.ConfigMap[provider]
 	oauthClient := oauth2.NewClient(ctx, config.TokenSource(ctx, &oauth2.Token{AccessToken: token}))
 
-	if provider == models.ProviderGithub {
+	if provider == GitHubAuthProvider {
 		githubClient := github.NewClient(oauthClient)
 
 		user, _, err := githubClient.Users.Get(ctx, "")
@@ -109,62 +97,8 @@ func (a *Auth) DecryptAccessToken(token string) ([]byte, error) {
 	return decryptedBytes, nil
 }
 
-func (a *Auth) NewTokens(userId string, role models.Role) (refreshToken string, accessToken string, err error) {
-	refreshToken, err = a.NewRefreshToken(userId, role)
-	if err != nil {
-		return "", "", err
-	}
-	accessToken, err = a.NewAccessToken(userId, role)
-	if err != nil {
-		return "", "", err
-	}
-	return refreshToken, accessToken, nil
-}
-
-func (a *Auth) NewRefreshToken(userId string, role models.Role) (string, error) {
-	return a.newJWT(userId, role, RefreshTokenType, time.Hour*24)
-}
-
-func (a *Auth) NewAccessToken(userId string, role models.Role) (string, error) {
-	return a.newJWT(userId, role, AccessTokenType, time.Minute*30)
-}
-
-func (a *Auth) newJWT(userId string, role models.Role, tokenType TokenType, expiration time.Duration) (string, error) {
-	now := time.Now().UTC()
-	claims := UserClaims{
-		userId,
-		role,
-		tokenType,
-		jwt.StandardClaims{
-			ExpiresAt: now.Add(expiration).Unix(),
-			IssuedAt:  now.Unix(),
-			Issuer:    "knighthacks",
-		},
-	}
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+func (a *Auth) NewJWT(mapClaims jwt.MapClaims) (string, error) {
+	token := jwt.New(jwt.SigningMethodRS256)
+	token.Claims = mapClaims
 	return token.SignedString(a.signingKey)
 }
-
-func (a *Auth) ParseJWT(tokenString string, tokenType TokenType) (*UserClaims, error) {
-	token, err := jwt.ParseWithClaims(tokenString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
-		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
-		}
-		return a.signingKey, nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	if !token.Valid {
-		return nil, TokenNotValid
-	}
-
-	if claims, ok := token.Claims.(*UserClaims); ok {
-		if claims.Type != tokenType {
-			return nil, fmt.Errorf("you are sending a %s token while we need a %s token", claims.Type, tokenType)
-		}
-		return claims, nil
-	} else {
-		return nil, errors.New("unable to cast jwt claims to UserClaims")
-	}
-}