Reorganized auth module

middleware/middleware.go

@@ -7,7 +7,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/NeuralNexusDev/neuralnexus-api/modules/auth"
+	sess "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/session"
 	"github.com/NeuralNexusDev/neuralnexus-api/modules/database"
 	"github.com/NeuralNexusDev/neuralnexus-api/responses"
 	"github.com/google/uuid"
@@ -70,7 +70,7 @@ func Auth(next http.HandlerFunc) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		db := database.GetDB("neuralnexus")
 		rdb := database.GetRedis()
-		sessService := auth.NewSessionService(auth.NewSessionStore(db, rdb))
+		sessService := sess.NewSessionService(sess.NewSessionStore(db, rdb))
 
 		authHeader := r.Header.Get("Authorization")
 		if authHeader == "" {

modules/auth/linking/discord.go

@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/NeuralNexusDev/neuralnexus-api/modules/auth"
+	sess "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/session"
 	"github.com/google/uuid"
 )
 
@@ -203,7 +204,7 @@ func GetDiscordUser(accessToken string) (*DiscordData, error) {
 }
 
 // DiscordOAuth process the Discord OAuth flow
-func DiscordOAuth(as auth.AccountStore, ss auth.SessionStore, las LinkAccountStore, code, state string) (*auth.Session, error) {
+func DiscordOAuth(as auth.AccountStore, ss sess.SessionStore, las LinkAccountStore, code, state string) (*sess.Session, error) {
 	var a *auth.Account
 	// TODO: Sign the state so it can't be tampered with/impersonated
 	if state != "" && false { // TEMPORARILY DISABLED

modules/auth/rbac.go → modules/auth/permissions/rbac.go

@@ -1,4 +1,4 @@
-package auth
+package perms
 
 import "errors"
 

modules/auth/routes/authroutes.go

@@ -8,6 +8,7 @@ import (
 	mw "github.com/NeuralNexusDev/neuralnexus-api/middleware"
 	"github.com/NeuralNexusDev/neuralnexus-api/modules/auth"
 	accountlinking "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/linking"
+	sess "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/session"
 	"github.com/NeuralNexusDev/neuralnexus-api/modules/database"
 	"github.com/NeuralNexusDev/neuralnexus-api/responses"
 )
@@ -19,7 +20,7 @@ func ApplyRoutes(mux *http.ServeMux) *http.ServeMux {
 	db := database.GetDB("neuralnexus")
 	rdb := database.GetRedis()
 	acctStore := auth.NewAccountStore(db)
-	sessStore := auth.NewSessionStore(db, rdb)
+	sessStore := sess.NewSessionStore(db, rdb)
 	alstore := accountlinking.NewStore(db)
 
 	mux.HandleFunc("POST /api/v1/auth/login", LoginHandler(acctStore, sessStore))
@@ -30,7 +31,7 @@ func ApplyRoutes(mux *http.ServeMux) *http.ServeMux {
 }
 
 // LoginHandler handles the login route
-func LoginHandler(as auth.AccountStore, ss auth.SessionStore) http.HandlerFunc {
+func LoginHandler(as auth.AccountStore, ss sess.SessionStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		var login struct {
 			Username string `json:"username" xml:"username" validate:"required_without=Email"`
@@ -67,17 +68,17 @@ func LoginHandler(as auth.AccountStore, ss auth.SessionStore) http.HandlerFunc {
 }
 
 // LogoutHandler handles the logout route
-func LogoutHandler(ss auth.SessionStore) http.HandlerFunc {
+func LogoutHandler(ss sess.SessionStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := r.Context().Value(mw.SessionKey).(*auth.Session)
+		session := r.Context().Value(mw.SessionKey).(*sess.Session)
 		ss.DeleteSessionFromCache(session.ID)
 		responses.SendAndEncodeStruct(w, r, http.StatusOK, session)
 		ss.DeleteSessionInDB(session.ID)
 	}
 }
 
 // OAuthHandler handles the Discord OAuth route
-func OAuthHandler(as auth.AccountStore, ss auth.SessionStore, las accountlinking.LinkAccountStore) http.HandlerFunc {
+func OAuthHandler(as auth.AccountStore, ss sess.SessionStore, las accountlinking.LinkAccountStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		code := r.URL.Query().Get("code")
 		if code == "" {

modules/auth/sessionservice.go → modules/auth/session/service.go

@@ -1,4 +1,4 @@
-package auth
+package sess
 
 import "github.com/google/uuid"
 

modules/auth/sessionsstore.go → modules/auth/session/store.go

@@ -1,4 +1,4 @@
-package auth
+package sess
 
 import (
 	"context"

modules/auth/session/types.go

@@ -0,0 +1,36 @@
+package sess
+
+import (
+	"time"
+
+	perms "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/permissions"
+	"github.com/google/uuid"
+)
+
+// Session struct
+type Session struct {
+	ID          uuid.UUID `json:"session_id" xml:"session_id" db:"session_id"`
+	UserID      uuid.UUID `json:"user_id" xml:"user_id" db:"user_id"`
+	Permissions []string  `json:"permissions" xml:"permissions" db:"permissions"`
+	IssuedAt    int64     `json:"iat" xml:"iat" db:"iat"`
+	LastUsedAt  int64     `json:"lua" xml:"lua" db:"lua"`
+	ExpiresAt   int64     `json:"exp" xml:"exp" db:"exp"`
+}
+
+// HasPermission checks if a session has a permission
+func (s *Session) HasPermission(permission perms.Scope) bool {
+	for _, p := range s.Permissions {
+		if p == permission.Name+"|"+permission.Value {
+			return true
+		}
+	}
+	return false
+}
+
+// IsExpired checks if a session is expired
+func (s *Session) IsValid() bool {
+	if s.ExpiresAt == 0 {
+		return true
+	}
+	return time.Now().Unix() < s.ExpiresAt
+}

modules/auth/types.go

@@ -5,6 +5,8 @@ import (
 	"log"
 	"time"
 
+	perms "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/permissions"
+	sess "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/session"
 	"github.com/google/uuid"
 	"golang.org/x/crypto/argon2"
 )
@@ -80,21 +82,11 @@ func (user *Account) RemoveRole(role string) {
 	}
 }
 
-// Session struct
-type Session struct {
-	ID          uuid.UUID `json:"session_id" xml:"session_id" db:"session_id"`
-	UserID      uuid.UUID `json:"user_id" xml:"user_id" db:"user_id"`
-	Permissions []string  `json:"permissions" xml:"permissions" db:"permissions"`
-	IssuedAt    int64     `json:"iat" xml:"iat" db:"iat"`
-	LastUsedAt  int64     `json:"lua" xml:"lua" db:"lua"`
-	ExpiresAt   int64     `json:"exp" xml:"exp" db:"exp"`
-}
-
 // NewSession creates a new session
-func (a *Account) NewSession(expiresAt int64) *Session {
+func (a *Account) NewSession(expiresAt int64) *sess.Session {
 	permissions := []string{}
 	for _, r := range a.Roles {
-		role, err := GetRoleByName(r)
+		role, err := perms.GetRoleByName(r)
 		if err != nil {
 			log.Println(err)
 			continue
@@ -104,7 +96,7 @@ func (a *Account) NewSession(expiresAt int64) *Session {
 		}
 	}
 
-	return &Session{
+	return &sess.Session{
 		ID:          uuid.New(),
 		UserID:      a.UserID,
 		Permissions: permissions,
@@ -113,21 +105,3 @@ func (a *Account) NewSession(expiresAt int64) *Session {
 		ExpiresAt:   expiresAt,
 	}
 }
-
-// HasPermission checks if a session has a permission
-func (s *Session) HasPermission(permission Scope) bool {
-	for _, p := range s.Permissions {
-		if p == permission.Name+"|"+permission.Value {
-			return true
-		}
-	}
-	return false
-}
-
-// IsExpired checks if a session is expired
-func (s *Session) IsValid() bool {
-	if s.ExpiresAt == 0 {
-		return true
-	}
-	return time.Now().Unix() < s.ExpiresAt
-}

modules/bee_name_generator/handler.go

@@ -6,7 +6,8 @@ import (
 	"strconv"
 
 	mw "github.com/NeuralNexusDev/neuralnexus-api/middleware"
-	"github.com/NeuralNexusDev/neuralnexus-api/modules/auth"
+	perms "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/permissions"
+	sess "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/session"
 	"github.com/NeuralNexusDev/neuralnexus-api/modules/database"
 	"github.com/NeuralNexusDev/neuralnexus-api/responses"
 )
@@ -41,8 +42,8 @@ func GetBeeNameHandler(s BNGStore) http.HandlerFunc {
 // UploadBeeNameHandler Upload a bee name
 func UploadBeeNameHandler(s BNGStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := r.Context().Value(mw.SessionKey).(*auth.Session)
-		if !session.HasPermission(auth.ScopeAdminBeeNameGenerator) {
+		session := r.Context().Value(mw.SessionKey).(*sess.Session)
+		if !session.HasPermission(perms.ScopeAdminBeeNameGenerator) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to upload bee names")
 			return
 		}
@@ -66,8 +67,8 @@ func UploadBeeNameHandler(s BNGStore) http.HandlerFunc {
 // DeleteBeeName Delete a bee name
 func DeleteBeeNameHandler(s BNGStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := r.Context().Value(mw.SessionKey).(*auth.Session)
-		if !session.HasPermission(auth.ScopeAdminBeeNameGenerator) {
+		session := r.Context().Value(mw.SessionKey).(*sess.Session)
+		if !session.HasPermission(perms.ScopeAdminBeeNameGenerator) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to delete bee names")
 			return
 		}
@@ -110,8 +111,8 @@ func SubmitBeeNameHandler(s BNGStore) http.HandlerFunc {
 // GetBeeNameSuggestions Get a list of bee name suggestions
 func GetBeeNameSuggestionsHandler(s BNGStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := r.Context().Value(mw.SessionKey).(*auth.Session)
-		if !session.HasPermission(auth.ScopeAdminBeeNameGenerator) {
+		session := r.Context().Value(mw.SessionKey).(*sess.Session)
+		if !session.HasPermission(perms.ScopeAdminBeeNameGenerator) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to get bee name suggestions")
 			return
 		}
@@ -143,8 +144,8 @@ func GetBeeNameSuggestionsHandler(s BNGStore) http.HandlerFunc {
 // AcceptBeeNameSuggestionHandler Accept a bee name suggestion
 func AcceptBeeNameSuggestionHandler(s BNGStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := r.Context().Value(mw.SessionKey).(*auth.Session)
-		if !session.HasPermission(auth.ScopeAdminBeeNameGenerator) {
+		session := r.Context().Value(mw.SessionKey).(*sess.Session)
+		if !session.HasPermission(perms.ScopeAdminBeeNameGenerator) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to accept bee name suggestions")
 			return
 		}
@@ -168,8 +169,8 @@ func AcceptBeeNameSuggestionHandler(s BNGStore) http.HandlerFunc {
 // RejectBeeNameSuggestionHandler Reject a bee name suggestion
 func RejectBeeNameSuggestionHandler(s BNGStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := r.Context().Value(mw.SessionKey).(*auth.Session)
-		if !session.HasPermission(auth.ScopeAdminBeeNameGenerator) {
+		session := r.Context().Value(mw.SessionKey).(*sess.Session)
+		if !session.HasPermission(perms.ScopeAdminBeeNameGenerator) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to reject bee name suggestions")
 			return
 		}

modules/pet_pictures/handler.go

@@ -6,7 +6,8 @@ import (
 	"strconv"
 
 	mw "github.com/NeuralNexusDev/neuralnexus-api/middleware"
-	"github.com/NeuralNexusDev/neuralnexus-api/modules/auth"
+	perms "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/permissions"
+	sess "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/session"
 	"github.com/NeuralNexusDev/neuralnexus-api/modules/database"
 	"github.com/NeuralNexusDev/neuralnexus-api/responses"
 )
@@ -32,8 +33,8 @@ func ApplyRoutes(router *http.ServeMux) *http.ServeMux {
 // CreatePetHandler - Create a new pet
 func CreatePetHandler(s PetPicService) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := r.Context().Value(mw.SessionKey).(auth.Session)
-		if !session.HasPermission(auth.ScopeAdminPetPictures) {
+		session := r.Context().Value(mw.SessionKey).(sess.Session)
+		if !session.HasPermission(perms.ScopeAdminPetPictures) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to create a pet")
 			return
 		}
@@ -105,8 +106,8 @@ func UpdatePetHandler(s PetPicService) http.HandlerFunc {
 			return
 		}
 
-		session := r.Context().Value(mw.SessionKey).(auth.Session)
-		if !session.HasPermission(auth.ScopePetPictures(pet.Name)) {
+		session := r.Context().Value(mw.SessionKey).(sess.Session)
+		if !session.HasPermission(perms.ScopePetPictures(pet.Name)) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to update this pet")
 			return
 		}
@@ -190,8 +191,8 @@ func UpdatePetPictureHandler(s PetPicService) http.HandlerFunc {
 			return
 		}
 
-		session := r.Context().Value(mw.SessionKey).(auth.Session)
-		if !session.HasPermission(auth.ScopePetPictures(pet.Name)) {
+		session := r.Context().Value(mw.SessionKey).(sess.Session)
+		if !session.HasPermission(perms.ScopePetPictures(pet.Name)) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to update this pet")
 			return
 		}
@@ -236,8 +237,8 @@ func DeletePetPictureHandler(s PetPicService) http.HandlerFunc {
 			return
 		}
 
-		session := r.Context().Value(mw.SessionKey).(auth.Session)
-		if !session.HasPermission(auth.ScopePetPictures(pet.Name)) {
+		session := r.Context().Value(mw.SessionKey).(sess.Session)
+		if !session.HasPermission(perms.ScopePetPictures(pet.Name)) {
 			responses.SendAndEncodeForbidden(w, r, "You do not have permission to update this pet")
 			return
 		}