mirror of
https://github.com/getAlby/lndhub.go.git
synced 2025-12-18 13:14:56 +01:00
e33693398e
* Update Makefile * Optionally load test DB from env variable * Add option to soft-delete a user This allows users to be marked as deleted. An additional middleware checks if a user is deleted or deactivated and rejects requests for those as StatusUnauthorized. note: the middelware adds an additional DB query to load the user.
120 lines
3.0 KiB
Go
120 lines
3.0 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"github.com/getAlby/lndhub.go/rabbitmq"
|
|
|
|
"github.com/getAlby/lndhub.go/db/models"
|
|
"github.com/getAlby/lndhub.go/lib/responses"
|
|
"github.com/getAlby/lndhub.go/lib/tokens"
|
|
"github.com/getAlby/lndhub.go/lnd"
|
|
"github.com/labstack/echo/v4"
|
|
"github.com/labstack/gommon/random"
|
|
"github.com/uptrace/bun"
|
|
"github.com/ziflex/lecho/v3"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
const alphaNumBytes = random.Alphanumeric
|
|
|
|
type LndhubService struct {
|
|
Config *Config
|
|
DB *bun.DB
|
|
LndClient lnd.LightningClientWrapper
|
|
RabbitMQClient rabbitmq.Client
|
|
Logger *lecho.Logger
|
|
InvoicePubSub *Pubsub
|
|
}
|
|
|
|
func (svc *LndhubService) GenerateToken(ctx context.Context, login, password, inRefreshToken string) (accessToken, refreshToken string, err error) {
|
|
var user models.User
|
|
|
|
switch {
|
|
case login != "" || password != "":
|
|
{
|
|
if err := svc.DB.NewSelect().Model(&user).Where("login = ?", login).Scan(ctx); err != nil {
|
|
return "", "", fmt.Errorf("bad auth")
|
|
}
|
|
if bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) != nil {
|
|
return "", "", fmt.Errorf("bad auth")
|
|
}
|
|
}
|
|
case inRefreshToken != "":
|
|
{
|
|
userId, err := tokens.GetUserIdFromToken(svc.Config.JWTSecret, inRefreshToken)
|
|
if err != nil {
|
|
return "", "", fmt.Errorf("bad auth")
|
|
}
|
|
|
|
if err := svc.DB.NewSelect().Model(&user).Where("id = ?", userId).Scan(ctx); err != nil {
|
|
return "", "", fmt.Errorf("bad auth")
|
|
}
|
|
}
|
|
default:
|
|
{
|
|
return "", "", fmt.Errorf("login and password or refresh token is required")
|
|
}
|
|
}
|
|
|
|
if user.Deactivated || user.Deleted {
|
|
return "", "", fmt.Errorf(responses.AccountDeactivatedError.Message)
|
|
}
|
|
|
|
accessToken, err = tokens.GenerateAccessToken(svc.Config.JWTSecret, svc.Config.JWTAccessTokenExpiry, &user)
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
|
|
refreshToken, err = tokens.GenerateRefreshToken(svc.Config.JWTSecret, svc.Config.JWTRefreshTokenExpiry, &user)
|
|
if err != nil {
|
|
return "", "", err
|
|
}
|
|
return accessToken, refreshToken, nil
|
|
}
|
|
|
|
func (svc *LndhubService) ParseInt(value interface{}) (int64, error) {
|
|
switch v := value.(type) {
|
|
case float64:
|
|
return int64(v), nil
|
|
case string:
|
|
c, err := strconv.ParseInt(v, 10, 64)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
return c, nil
|
|
default:
|
|
return 0, fmt.Errorf("conversion to int from %T not supported", v)
|
|
}
|
|
}
|
|
|
|
func (svc *LndhubService) ValidateUserMiddleware() echo.MiddlewareFunc {
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
userId := c.Get("UserID").(int64)
|
|
if userId == 0 {
|
|
return echo.ErrUnauthorized
|
|
}
|
|
user, err := svc.FindUser(c.Request().Context(), userId)
|
|
if err != nil {
|
|
return echo.NewHTTPError(http.StatusUnauthorized, echo.Map{
|
|
"error": true,
|
|
"code": 1,
|
|
"message": "bad auth",
|
|
})
|
|
}
|
|
if user.Deactivated || user.Deleted {
|
|
return echo.NewHTTPError(http.StatusUnauthorized, echo.Map{
|
|
"error": true,
|
|
"code": 1,
|
|
"message": "bad auth",
|
|
})
|
|
}
|
|
return next(c)
|
|
}
|
|
}
|
|
}
|