feature: verify tokens

2024-11-17 22:28:29 +05:30
parent 26a00c9f7c
commit 9d40c9d7ec
57 changed files with 4188 additions and 276 deletions
--- a/cmd/server/handler/request.go
+++ b/cmd/server/handler/request.go
@@ -0,0 +1,63 @@
+package handler
+
+import (
+	"context"
+	"net"
+	"net/http"
+	"strings"
+
+	"gitserver.in/patialtech/rano/util/uid"
+)
+
+const RequestIDKey = "RequestID"
+const RequestIPKey = "RequestIP"
+const RequestUserAgentKey = "RequestUA"
+
+var defaultHeaders = []string{
+	"True-Client-IP", // Cloudflare Enterprise plan
+	"X-Real-IP",
+	"X-Forwarded-For",
+}
+
+// Request middleware that will do the following:
+//   - pull session user
+//   - set requestID
+//   - set ctx RealIP and client userAgent info
+func Request() func(http.Handler) http.Handler {
+	return func(h http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			ctx := r.Context()
+
+			// ID
+			requestID := r.Header.Get("X-Request-Id")
+			if requestID == "" {
+				requestID = uid.ULID()
+			}
+			ctx = context.WithValue(ctx, RequestIDKey, requestID)
+
+			// IP
+			if ip := getRealIP(r, defaultHeaders); ip != "" {
+				r.RemoteAddr = ip
+			}
+			ctx = context.WithValue(ctx, RequestIPKey, requestID)
+
+			// User Agent
+			ctx = context.WithValue(ctx, RequestUserAgentKey, r.UserAgent())
+
+			h.ServeHTTP(w, r)
+		})
+	}
+}
+
+func getRealIP(r *http.Request, headers []string) string {
+	for _, header := range headers {
+		if ip := r.Header.Get(header); ip != "" {
+			ips := strings.Split(ip, ",")
+			if ips[0] == "" || net.ParseIP(ips[0]) == nil {
+				continue
+			}
+			return ips[0]
+		}
+	}
+	return ""
+}
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -0,0 +1,47 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+
+	"gitserver.in/patialtech/mux"
+	"gitserver.in/patialtech/mux/middleware"
+	"gitserver.in/patialtech/rano/cmd/server/handler"
+	"gitserver.in/patialtech/rano/config"
+	"gitserver.in/patialtech/rano/graph"
+	"gitserver.in/patialtech/rano/util/logger"
+)
+
+func main() {
+	r := mux.NewRouter()
+
+	r.Use(handler.Request())
+
+	// CORS
+	r.Use(middleware.CORS(middleware.CORSOption{
+		AllowedHeaders: []string{"Content-Type"},
+		MaxAge:         60,
+	}))
+	// Secure Headers
+	r.Use(middleware.Helmet(middleware.HelmetOption{
+		ContentSecurityPolicy: middleware.CSP{
+			ScriptSrc: []string{"self", "https://cdn.jsdelivr.net", "unsafe-inline"},
+		},
+	}))
+
+	// graphiql
+	r.GET("/graphiql", graph.GraphiQL("/query"))
+	// graph query
+	r.POST("/query", graph.Query)
+
+	// catch all
+	r.GET("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("hello there"))
+	})
+
+	r.Serve(func(srv *http.Server) error {
+		srv.Addr = fmt.Sprintf(":%d", config.Read().GraphPort)
+		logger.Info("graph server listening on %s", srv.Addr)
+		return srv.ListenAndServe()
+	})
+}