Refactor API security and user handling for clarity

eliasmeireles · eliasmeireles · commit a9603cec90b0 · 2025-01-17T22:14:42.000-03:00
Updated API security service contexts and request data handling for better type safety and coherence. Improved user role loading and key retrieval logic, ensuring accurate and consistent access controls. Adjusted MongoDB initialization order to optimize server startup sequence.
diff --git a/cmd/generator/api_secret/main.go b/cmd/generator/api_secret/main.go
@@ -98,7 +98,7 @@ func main() {
 			Bytes: publicKeyBytes,
 		})
 
-		encryptedKey, err := security.GetApiSecurityService[api_context.DefaultContext](appEnv.ApiSecretAuthorization).Encrypt(string(publicKeyPEM))
+		encryptedKey, err := security.GetApiSecurityService[*api_context.DefaultContext](appEnv.ApiSecretAuthorization).Encrypt(string(publicKeyPEM))
 
 		if err != nil {
 			log.Fatalf("Failed to sec public key: %s", err)
@@ -120,13 +120,14 @@ func main() {
 			return
 		}
 
+		expirationToken := time.Hour * (time.Duration(*expirationHours))
 		apiJWTInfo := security.ApiJWTInfo{
 			Client:     *clientInfo,
-			Expiration: time.Duration(*expirationHours),
+			Expiration: expirationToken,
 			Key:        *id,
 		}
 
-		apiSecretJWT, err := security.GetApiSecurityService[api_context.DefaultContext](appEnv.ApiSecretAuthorization).GenerateApiSecretJWT(apiJWTInfo)
+		apiSecretJWT, err := security.GetApiSecurityService[*api_context.DefaultContext](appEnv.ApiSecretAuthorization).GenerateApiSecretJWT(apiJWTInfo)
 
 		if err != nil {
 			return
diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -16,9 +16,9 @@ import (
 
 func main() {
 	appEnv := env.AppEnv()
-	db.InitMongoDB()
 	service := user_service.GetService()
 	userAuthenticationUserHandler := user_handler.GetAuthenticationUserHandler(&service)
+
 	api := server.New[*request.ApiContext](
 		request.ContextBuilder,
 		userAuthenticationUserHandler.Handler,
@@ -28,6 +28,9 @@ func main() {
 	securityService := security.GetApiSecurityService[*request.ApiContext](appEnv.ApiSecretAuthorization)
 	auth.Handler(appEnv.ApiSecretKey, secretService.GetKey, &securityService, api)
 	handlers.Init(api)
+
+	db.InitMongoDB()
+
 	peer.GetService().Load()
 	service.Init()
 	api.StartServer()
diff --git a/go.sum b/go.sum
@@ -26,6 +26,8 @@ github.com/softwareplace/http-utils v0.0.0-20250117224835-13ee112340a6 h1:uxMnbp
 github.com/softwareplace/http-utils v0.0.0-20250117224835-13ee112340a6/go.mod h1:5o/vgMsC67X2DChcdR76qm8yyjkIKmSFHudNeaK060U=
 github.com/softwareplace/http-utils v0.0.0-20250117231145-c67f294855cd h1:NTHsh5xr4DlIGwaNrEuq7vREYryGPZol7qFYsQgPl8s=
 github.com/softwareplace/http-utils v0.0.0-20250117231145-c67f294855cd/go.mod h1:5o/vgMsC67X2DChcdR76qm8yyjkIKmSFHudNeaK060U=
+github.com/softwareplace/http-utils v0.0.0-20250118003817-f2b4ec9b8676 h1:pTZv6az0E/CQBbVXUROyWQjdaFyamMMkz2YYvRf9CmI=
+github.com/softwareplace/http-utils v0.0.0-20250118003817-f2b4ec9b8676/go.mod h1:5o/vgMsC67X2DChcdR76qm8yyjkIKmSFHudNeaK060U=
 github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.1.2 h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY=
diff --git a/pkg/domain/service/api_secret_service/service.go b/pkg/domain/service/api_secret_service/service.go
@@ -21,7 +21,7 @@ func GetService() ApiSecretService {
 }
 
 func (s *serviceImpl) GetKey(ctx *api_context.ApiRequestContext[*request.ApiContext]) (string, error) {
-	apiSecret, err := s.repository.GetById(ctx.ApiKey)
+	apiSecret, err := s.repository.GetById(ctx.RequestData.ApiKeyId)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/domain/service/user_service/service.go b/pkg/domain/service/user_service/service.go
@@ -11,7 +11,6 @@ import (
 	"github.com/softwareplace/wireguard-api/pkg/utils/sec"
 	"github.com/softwareplace/wireguard-api/pkg/utils/validator"
 	"log"
-	"net/http"
 )
 
 type Service interface {
@@ -26,14 +25,17 @@ type serviceImpl struct {
 }
 
 func (s *serviceImpl) LoadUserRoles(ctx api_context.ApiRequestContext[*request.ApiContext]) []string {
-	user, err := s.repository.FindUserBySalt(ctx.RequestData.Salt())
-	if err != nil {
-		log.Printf("[%s]:: error finding user: %v", ctx.GetSessionId(), err)
-		ctx.Error("Error finding user in the database", http.StatusInternalServerError)
-		return nil
+	if s.securityService.ExtractJWTClaims(ctx) {
+		user, err := s.repository.FindUserBySalt(ctx.RequestData.AccessId)
+		if err != nil {
+			log.Printf("[%s]:: error finding user: %v", ctx.GetSessionId(), err)
+			return nil
+		}
+		ctx.RequestData.User = user
+		return user.Roles
 	}
-	ctx.RequestData.User = user
-	return user.Roles
+
+	return nil
 }
 
 func GetService() Service {
diff --git a/pkg/handlers/user/login.go b/pkg/handlers/user/login.go
@@ -45,6 +45,7 @@ func (h *handlerImpl) checkUserCredentials(ctx *api_context.ApiRequestContext[*r
 		return
 	}
 
+	ctx.RequestData.User = userResponse
 	// Generate JWT and respond
 	tokenData, err := h.ApiSecurityService().GenerateJWT(ctx.RequestData, time.Minute*10)
 	if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ func GetService() ApiSecretService {`
`21`	`21`	`}`
`22`	`22`
`23`	`23`	`func (s serviceImpl) GetKey(ctx api_context.ApiRequestContext[*request.ApiContext]) (string, error) {`
`24`		`- apiSecret, err := s.repository.GetById(ctx.ApiKey)`
	`24`	`+ apiSecret, err := s.repository.GetById(ctx.RequestData.ApiKeyId)`
`25`	`25`	`if err != nil {`
`26`	`26`	`return "", err`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@ func (h handlerImpl) checkUserCredentials(ctx api_context.ApiRequestContext[*r`
`45`	`45`	`return`
`46`	`46`	`}`
`47`	`47`
	`48`	`+ ctx.RequestData.User = userResponse`
`48`	`49`	`// Generate JWT and respond`
`49`	`50`	`tokenData, err := h.ApiSecurityService().GenerateJWT(ctx.RequestData, time.Minute*10)`
`50`	`51`	`if err != nil {`