diff --git a/auth/Dockerfile b/auth/Dockerfile index 35654b31..ef2e361b 100644 --- a/auth/Dockerfile +++ b/auth/Dockerfile @@ -12,7 +12,7 @@ COPY sql ./sql RUN sqlc generate COPY . . -RUN swag init --parseDependency +RUN swag init --parseDependency --outputTypes yaml RUN CGO_ENABLED=0 GOOS=linux go build -o /keibi FROM gcr.io/distroless/base-debian11 diff --git a/auth/docs/docs.go b/auth/docs/docs.go deleted file mode 100644 index e3e40a2e..00000000 --- a/auth/docs/docs.go +++ /dev/null @@ -1,650 +0,0 @@ -// Package docs Code generated by swaggo/swag. DO NOT EDIT -package docs - -import "github.com/swaggo/swag" - -const docTemplate = `{ - "schemes": {{ marshal .Schemes }}, - "swagger": "2.0", - "info": { - "description": "{{escape .Description}}", - "title": "{{.Title}}", - "contact": { - "name": "Repository", - "url": "https://github.com/zoriya/kyoo" - }, - "license": { - "name": "GPL-3.0", - "url": "https://www.gnu.org/licenses/gpl-3.0.en.html" - }, - "version": "{{.Version}}" - }, - "host": "{{.Host}}", - "basePath": "{{.BasePath}}", - "paths": { - "/info": { - "get": { - "description": "Get info like the public key used to sign the jwts.", - "produces": [ - "application/json" - ], - "tags": [ - "jwt" - ], - "summary": "Info", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.Info" - } - } - } - } - }, - "/jwt": { - "get": { - "security": [ - { - "Token": [] - } - ], - "description": "Convert a session token to a short lived JWT.", - "produces": [ - "application/json" - ], - "tags": [ - "jwt" - ], - "summary": "Get JWT", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.Jwt" - } - }, - "401": { - "description": "Missing session token", - "schema": {} - }, - "403": { - "description": "Invalid session token (or expired)", - "schema": {} - } - } - } - }, - "/sessions": { - "post": { - "description": "Login to your account and open a session", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "sessions" - ], - "summary": "Login", - "parameters": [ - { - "type": "string", - "description": "The device the created session will be used on", - "name": "device", - "in": "query" - }, - { - "description": "Account informations", - "name": "login", - "in": "body", - "schema": { - "$ref": "#/definitions/main.LoginDto" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/dbc.Session" - } - }, - "400": { - "description": "Invalid login body", - "schema": {} - }, - "403": { - "description": "Invalid password", - "schema": {} - }, - "404": { - "description": "Account does not exists", - "schema": {} - }, - "422": { - "description": "User does not have a password (registered via oidc, please login via oidc)", - "schema": {} - } - } - } - }, - "/sessions/current": { - "delete": { - "security": [ - { - "Jwt": [] - } - ], - "description": "Delete a session and logout", - "produces": [ - "application/json" - ], - "tags": [ - "sessions" - ], - "summary": "Logout", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.Session" - } - }, - "400": { - "description": "Invalid session id", - "schema": {} - }, - "401": { - "description": "Missing jwt token", - "schema": {} - }, - "403": { - "description": "Invalid jwt token (or expired)", - "schema": {} - }, - "404": { - "description": "Session not found with specified id (if not using the /current route)", - "schema": {} - } - } - } - }, - "/sessions/{id}": { - "delete": { - "security": [ - { - "Jwt": [] - } - ], - "description": "Delete a session and logout", - "produces": [ - "application/json" - ], - "tags": [ - "sessions" - ], - "summary": "Logout", - "parameters": [ - { - "type": "string", - "format": "uuid", - "description": "The id of the session to delete", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.Session" - } - }, - "400": { - "description": "Invalid session id", - "schema": {} - }, - "401": { - "description": "Missing jwt token", - "schema": {} - }, - "403": { - "description": "Invalid jwt token (or expired)", - "schema": {} - }, - "404": { - "description": "Session not found with specified id (if not using the /current route)", - "schema": {} - } - } - } - }, - "/users": { - "get": { - "security": [ - { - "Jwt": [ - "users.read" - ] - } - ], - "description": "List all users existing in this instance.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "List all users", - "parameters": [ - { - "type": "string", - "format": "uuid", - "description": "used for pagination.", - "name": "afterId", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - }, - "400": { - "description": "Invalid after id", - "schema": {} - } - } - }, - "post": { - "description": "Register as a new user and open a session for it", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Register", - "parameters": [ - { - "type": "string", - "description": "The device the created session will be used on", - "name": "device", - "in": "query" - }, - { - "description": "Registration informations", - "name": "user", - "in": "body", - "schema": { - "$ref": "#/definitions/main.RegisterDto" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/dbc.Session" - } - }, - "400": { - "description": "Invalid register body", - "schema": {} - }, - "409": { - "description": "Duplicated email or username", - "schema": {} - } - } - } - }, - "/users/me": { - "get": { - "security": [ - { - "Jwt": [] - } - ], - "description": "Get informations about the currently connected user", - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Get me", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - }, - "401": { - "description": "Missing jwt token", - "schema": {} - }, - "403": { - "description": "Invalid jwt token (or expired)", - "schema": {} - } - } - }, - "delete": { - "security": [ - { - "Jwt": [] - } - ], - "description": "Delete your account and all your sessions", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Delete self", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - } - } - } - }, - "/users/{id}": { - "get": { - "security": [ - { - "Jwt": [ - "users.read" - ] - } - ], - "description": "Get informations about a user from it's id", - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Get user", - "parameters": [ - { - "type": "string", - "format": "uuid", - "description": "The id of the user", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - }, - "404": { - "description": "No user with the given id found", - "schema": {} - } - } - }, - "delete": { - "security": [ - { - "Jwt": [ - "users.delete" - ] - } - ], - "description": "Delete an account and all it's sessions.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Delete user", - "parameters": [ - { - "type": "string", - "format": "uuid", - "description": "User id of the user to delete", - "name": "id", - "in": "path" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - }, - "404": { - "description": "Invalid user id", - "schema": {} - } - } - } - } - }, - "definitions": { - "dbc.Session": { - "type": "object", - "properties": { - "createdDate": { - "type": "string" - }, - "device": { - "type": "string" - }, - "id": { - "type": "string" - }, - "lastUsed": { - "type": "string" - }, - "pk": { - "type": "integer" - }, - "token": { - "type": "string" - }, - "userPk": { - "type": "integer" - } - } - }, - "main.Info": { - "type": "object", - "properties": { - "publicKey": { - "description": "The public key used to sign jwt tokens. It can be used by your services to check if the jwt is valid.", - "type": "string" - } - } - }, - "main.Jwt": { - "type": "object", - "properties": { - "token": { - "description": "The jwt token you can use for all authorized call to either keibi or other services.", - "type": "string" - } - } - }, - "main.LoginDto": { - "type": "object", - "required": [ - "login", - "password" - ], - "properties": { - "login": { - "description": "Either the email or the username.", - "type": "string" - }, - "password": { - "description": "Password of the account.", - "type": "string" - } - } - }, - "main.OidcHandle": { - "type": "object", - "properties": { - "id": { - "description": "Id of this oidc handle.", - "type": "string" - }, - "profileUrl": { - "description": "Link to the profile of the user on the external service. Null if unknown or irrelevant.", - "type": "string", - "format": "url" - }, - "username": { - "description": "Username of the user on the external service.", - "type": "string" - } - } - }, - "main.RegisterDto": { - "type": "object", - "required": [ - "email", - "password", - "username" - ], - "properties": { - "email": { - "description": "Valid email that could be used for forgotten password requests. Can be used for login.", - "type": "string", - "format": "email" - }, - "password": { - "description": "Password to use.", - "type": "string" - }, - "username": { - "description": "Username of the new account, can't contain @ signs. Can be used for login.", - "type": "string" - } - } - }, - "main.Session": { - "type": "object", - "properties": { - "createdDate": { - "description": "When was the session first opened", - "type": "string" - }, - "device": { - "description": "Device that created the session.", - "type": "string" - }, - "id": { - "description": "Unique id of this session. Can be used for calls to DELETE", - "type": "string" - }, - "lastUsed": { - "description": "Last date this session was used to access a service.", - "type": "string" - } - } - }, - "main.User": { - "type": "object", - "properties": { - "claims": { - "description": "List of custom claims JWT created via get /jwt will have", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "createdDate": { - "description": "When was this account created?", - "type": "string" - }, - "email": { - "description": "Email of the user. Can be used as a login.", - "type": "string", - "format": "email" - }, - "id": { - "description": "Id of the user.", - "type": "string" - }, - "lastSeen": { - "description": "When was the last time this account made any authorized request?", - "type": "string" - }, - "oidc": { - "description": "List of other login method available for this user. Access tokens wont be returned here.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/main.OidcHandle" - } - }, - "username": { - "description": "Username of the user. Can be used as a login.", - "type": "string" - } - } - } - }, - "securityDefinitions": { - "Jwt": { - "type": "apiKey", - "name": "Authorization", - "in": "header" - }, - "Token": { - "type": "apiKey", - "name": "Authorization", - "in": "header" - } - } -}` - -// SwaggerInfo holds exported Swagger Info so clients can modify it -var SwaggerInfo = &swag.Spec{ - Version: "1.0", - Host: "kyoo.zoriya.dev", - BasePath: "/auth", - Schemes: []string{}, - Title: "Keibi - Kyoo's auth", - Description: "Auth system made for kyoo.", - InfoInstanceName: "swagger", - SwaggerTemplate: docTemplate, - LeftDelim: "{{", - RightDelim: "}}", -} - -func init() { - swag.Register(SwaggerInfo.InstanceName(), SwaggerInfo) -} diff --git a/auth/docs/swagger.json b/auth/docs/swagger.json deleted file mode 100644 index a41e8589..00000000 --- a/auth/docs/swagger.json +++ /dev/null @@ -1,626 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "description": "Auth system made for kyoo.", - "title": "Keibi - Kyoo's auth", - "contact": { - "name": "Repository", - "url": "https://github.com/zoriya/kyoo" - }, - "license": { - "name": "GPL-3.0", - "url": "https://www.gnu.org/licenses/gpl-3.0.en.html" - }, - "version": "1.0" - }, - "host": "kyoo.zoriya.dev", - "basePath": "/auth", - "paths": { - "/info": { - "get": { - "description": "Get info like the public key used to sign the jwts.", - "produces": [ - "application/json" - ], - "tags": [ - "jwt" - ], - "summary": "Info", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.Info" - } - } - } - } - }, - "/jwt": { - "get": { - "security": [ - { - "Token": [] - } - ], - "description": "Convert a session token to a short lived JWT.", - "produces": [ - "application/json" - ], - "tags": [ - "jwt" - ], - "summary": "Get JWT", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.Jwt" - } - }, - "401": { - "description": "Missing session token", - "schema": {} - }, - "403": { - "description": "Invalid session token (or expired)", - "schema": {} - } - } - } - }, - "/sessions": { - "post": { - "description": "Login to your account and open a session", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "sessions" - ], - "summary": "Login", - "parameters": [ - { - "type": "string", - "description": "The device the created session will be used on", - "name": "device", - "in": "query" - }, - { - "description": "Account informations", - "name": "login", - "in": "body", - "schema": { - "$ref": "#/definitions/main.LoginDto" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/dbc.Session" - } - }, - "400": { - "description": "Invalid login body", - "schema": {} - }, - "403": { - "description": "Invalid password", - "schema": {} - }, - "404": { - "description": "Account does not exists", - "schema": {} - }, - "422": { - "description": "User does not have a password (registered via oidc, please login via oidc)", - "schema": {} - } - } - } - }, - "/sessions/current": { - "delete": { - "security": [ - { - "Jwt": [] - } - ], - "description": "Delete a session and logout", - "produces": [ - "application/json" - ], - "tags": [ - "sessions" - ], - "summary": "Logout", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.Session" - } - }, - "400": { - "description": "Invalid session id", - "schema": {} - }, - "401": { - "description": "Missing jwt token", - "schema": {} - }, - "403": { - "description": "Invalid jwt token (or expired)", - "schema": {} - }, - "404": { - "description": "Session not found with specified id (if not using the /current route)", - "schema": {} - } - } - } - }, - "/sessions/{id}": { - "delete": { - "security": [ - { - "Jwt": [] - } - ], - "description": "Delete a session and logout", - "produces": [ - "application/json" - ], - "tags": [ - "sessions" - ], - "summary": "Logout", - "parameters": [ - { - "type": "string", - "format": "uuid", - "description": "The id of the session to delete", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.Session" - } - }, - "400": { - "description": "Invalid session id", - "schema": {} - }, - "401": { - "description": "Missing jwt token", - "schema": {} - }, - "403": { - "description": "Invalid jwt token (or expired)", - "schema": {} - }, - "404": { - "description": "Session not found with specified id (if not using the /current route)", - "schema": {} - } - } - } - }, - "/users": { - "get": { - "security": [ - { - "Jwt": [ - "users.read" - ] - } - ], - "description": "List all users existing in this instance.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "List all users", - "parameters": [ - { - "type": "string", - "format": "uuid", - "description": "used for pagination.", - "name": "afterId", - "in": "query" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - }, - "400": { - "description": "Invalid after id", - "schema": {} - } - } - }, - "post": { - "description": "Register as a new user and open a session for it", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Register", - "parameters": [ - { - "type": "string", - "description": "The device the created session will be used on", - "name": "device", - "in": "query" - }, - { - "description": "Registration informations", - "name": "user", - "in": "body", - "schema": { - "$ref": "#/definitions/main.RegisterDto" - } - } - ], - "responses": { - "201": { - "description": "Created", - "schema": { - "$ref": "#/definitions/dbc.Session" - } - }, - "400": { - "description": "Invalid register body", - "schema": {} - }, - "409": { - "description": "Duplicated email or username", - "schema": {} - } - } - } - }, - "/users/me": { - "get": { - "security": [ - { - "Jwt": [] - } - ], - "description": "Get informations about the currently connected user", - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Get me", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - }, - "401": { - "description": "Missing jwt token", - "schema": {} - }, - "403": { - "description": "Invalid jwt token (or expired)", - "schema": {} - } - } - }, - "delete": { - "security": [ - { - "Jwt": [] - } - ], - "description": "Delete your account and all your sessions", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Delete self", - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - } - } - } - }, - "/users/{id}": { - "get": { - "security": [ - { - "Jwt": [ - "users.read" - ] - } - ], - "description": "Get informations about a user from it's id", - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Get user", - "parameters": [ - { - "type": "string", - "format": "uuid", - "description": "The id of the user", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - }, - "404": { - "description": "No user with the given id found", - "schema": {} - } - } - }, - "delete": { - "security": [ - { - "Jwt": [ - "users.delete" - ] - } - ], - "description": "Delete an account and all it's sessions.", - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "tags": [ - "users" - ], - "summary": "Delete user", - "parameters": [ - { - "type": "string", - "format": "uuid", - "description": "User id of the user to delete", - "name": "id", - "in": "path" - } - ], - "responses": { - "200": { - "description": "OK", - "schema": { - "$ref": "#/definitions/main.User" - } - }, - "404": { - "description": "Invalid user id", - "schema": {} - } - } - } - } - }, - "definitions": { - "dbc.Session": { - "type": "object", - "properties": { - "createdDate": { - "type": "string" - }, - "device": { - "type": "string" - }, - "id": { - "type": "string" - }, - "lastUsed": { - "type": "string" - }, - "pk": { - "type": "integer" - }, - "token": { - "type": "string" - }, - "userPk": { - "type": "integer" - } - } - }, - "main.Info": { - "type": "object", - "properties": { - "publicKey": { - "description": "The public key used to sign jwt tokens. It can be used by your services to check if the jwt is valid.", - "type": "string" - } - } - }, - "main.Jwt": { - "type": "object", - "properties": { - "token": { - "description": "The jwt token you can use for all authorized call to either keibi or other services.", - "type": "string" - } - } - }, - "main.LoginDto": { - "type": "object", - "required": [ - "login", - "password" - ], - "properties": { - "login": { - "description": "Either the email or the username.", - "type": "string" - }, - "password": { - "description": "Password of the account.", - "type": "string" - } - } - }, - "main.OidcHandle": { - "type": "object", - "properties": { - "id": { - "description": "Id of this oidc handle.", - "type": "string" - }, - "profileUrl": { - "description": "Link to the profile of the user on the external service. Null if unknown or irrelevant.", - "type": "string", - "format": "url" - }, - "username": { - "description": "Username of the user on the external service.", - "type": "string" - } - } - }, - "main.RegisterDto": { - "type": "object", - "required": [ - "email", - "password", - "username" - ], - "properties": { - "email": { - "description": "Valid email that could be used for forgotten password requests. Can be used for login.", - "type": "string", - "format": "email" - }, - "password": { - "description": "Password to use.", - "type": "string" - }, - "username": { - "description": "Username of the new account, can't contain @ signs. Can be used for login.", - "type": "string" - } - } - }, - "main.Session": { - "type": "object", - "properties": { - "createdDate": { - "description": "When was the session first opened", - "type": "string" - }, - "device": { - "description": "Device that created the session.", - "type": "string" - }, - "id": { - "description": "Unique id of this session. Can be used for calls to DELETE", - "type": "string" - }, - "lastUsed": { - "description": "Last date this session was used to access a service.", - "type": "string" - } - } - }, - "main.User": { - "type": "object", - "properties": { - "claims": { - "description": "List of custom claims JWT created via get /jwt will have", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "createdDate": { - "description": "When was this account created?", - "type": "string" - }, - "email": { - "description": "Email of the user. Can be used as a login.", - "type": "string", - "format": "email" - }, - "id": { - "description": "Id of the user.", - "type": "string" - }, - "lastSeen": { - "description": "When was the last time this account made any authorized request?", - "type": "string" - }, - "oidc": { - "description": "List of other login method available for this user. Access tokens wont be returned here.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/main.OidcHandle" - } - }, - "username": { - "description": "Username of the user. Can be used as a login.", - "type": "string" - } - } - } - }, - "securityDefinitions": { - "Jwt": { - "type": "apiKey", - "name": "Authorization", - "in": "header" - }, - "Token": { - "type": "apiKey", - "name": "Authorization", - "in": "header" - } - } -} \ No newline at end of file diff --git a/auth/docs/swagger.yaml b/auth/docs/swagger.yaml index 38ada431..a3a2b77e 100644 --- a/auth/docs/swagger.yaml +++ b/auth/docs/swagger.yaml @@ -17,20 +17,50 @@ definitions: userPk: type: integer type: object - main.Info: + main.JwkSet: properties: - publicKey: - description: The public key used to sign jwt tokens. It can be used by your - services to check if the jwt is valid. - type: string + keys: + items: + properties: + e: + example: AQAB + type: string + key_ops: + example: + - '[verify]' + items: + type: string + type: array + kty: + example: RSA + type: string + "n": + example: oBcXcJUR-Sb8_b4qIj28LRAPxdF_6odRr52K5-ymiEkR2DOlEuXBtM-biWxPESW-U-zhfHzdVLf6ioy5xL0bJTh8BMIorkrDliN3vb81jCvyOMgZ7ATMJpMAQMmSDN7sL3U45r22FaoQufCJMQHmUsZPecdQSgj2aFBiRXxsLleYlSezdBVT_gKH-coqeYXSC_hk-ezSq4aDZ10BlDnZ-FA7-ES3T7nBmJEAU7KDAGeSvbYAfYimOW0r-Vc0xQNuwGCfzZtSexKXDbYbNwOVo3SjfCabq-gMfap_owcHbKicGBZu1LDlh7CpkmLQf_kv6GihM2LWFFh6Vwg2cltiwF22EIPlUDtYTkUR0qRkdNJaNkwV5Vv_6r3pzSmu5ovRriKtlrvJMjlTnLb4_ltsge3fw5Z34cJrsp094FbUc2O6Or4FGEXUldieJCnVRhs2_h6SDcmeMXs1zfvE5GlDnq8tZV6WMJ5Sb4jNO7rs_hTkr23_E6mVg-DdtozGfqzRzhIjPym6D_jVfR6dZv5W0sKwOHRmT7nYq-C7b2sAwmNNII296M4Rq-jn0b5pgSeMDYbIpbIA4thU8LYU0lBZp_ZVwWKG1RFZDxz3k9O5UVth2kTpTWlwn0hB1aAvgXHo6in1CScITGA72p73RbDieNnLFaCK4xUVstkWAKLqPxs + type: string + use: + example: sig + type: string + type: object + type: array type: object main.Jwt: properties: token: description: The jwt token you can use for all authorized call to either keibi or other services. + example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30 type: string type: object + main.KError: + properties: + details: {} + message: + example: No user found with this id + type: string + status: + example: 404 + type: integer + type: object main.LoginDto: properties: login: @@ -133,17 +163,17 @@ info: title: Keibi - Kyoo's auth version: "1.0" paths: - /info: + /.well-known/jwks.json: get: - description: Get info like the public key used to sign the jwts. + description: Get the jwks info, used to validate jwts. produces: - application/json responses: "200": description: OK schema: - $ref: '#/definitions/main.Info' - summary: Info + $ref: '#/definitions/main.JwkSet' + summary: Jwks tags: - jwt /jwt: @@ -154,14 +184,16 @@ paths: responses: "200": description: OK + headers: + Authorization: + description: Jwt (same value as the returned token) + type: string schema: $ref: '#/definitions/main.Jwt' - "401": - description: Missing session token - schema: {} "403": description: Invalid session token (or expired) - schema: {} + schema: + $ref: '#/definitions/main.KError' security: - Token: [] summary: Get JWT diff --git a/auth/jwt.go b/auth/jwt.go index 00dc2211..98e48247 100644 --- a/auth/jwt.go +++ b/auth/jwt.go @@ -15,7 +15,7 @@ import ( type Jwt struct { // The jwt token you can use for all authorized call to either keibi or other services. - Token *string `json:"token"` + Token *string `json:"token" example:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30"` } // @Summary Get JWT @@ -24,8 +24,8 @@ type Jwt struct { // @Produce json // @Security Token // @Success 200 {object} Jwt -// @Failure 401 {object} problem.Problem "Missing session token" -// @Failure 403 {object} problem.Problem "Invalid session token (or expired)" +// @Failure 403 {object} KError "Invalid session token (or expired)" +// @Header 200 {string} Authorization "Jwt (same value as the returned token)" // @Router /jwt [get] func (h *Handler) CreateJwt(c echo.Context) error { auth := c.Request().Header.Get("Authorization") @@ -69,11 +69,22 @@ func (h *Handler) CreateJwt(c echo.Context) error { }) } +// only used for the swagger doc +type JwkSet struct { + Keys []struct { + E string `json:"e" example:"AQAB"` + KeyOps []string `json:"key_ops" example:"[verify]"` + Kty string `json:"kty" example:"RSA"` + N string `json:"n" example:"oBcXcJUR-Sb8_b4qIj28LRAPxdF_6odRr52K5-ymiEkR2DOlEuXBtM-biWxPESW-U-zhfHzdVLf6ioy5xL0bJTh8BMIorkrDliN3vb81jCvyOMgZ7ATMJpMAQMmSDN7sL3U45r22FaoQufCJMQHmUsZPecdQSgj2aFBiRXxsLleYlSezdBVT_gKH-coqeYXSC_hk-ezSq4aDZ10BlDnZ-FA7-ES3T7nBmJEAU7KDAGeSvbYAfYimOW0r-Vc0xQNuwGCfzZtSexKXDbYbNwOVo3SjfCabq-gMfap_owcHbKicGBZu1LDlh7CpkmLQf_kv6GihM2LWFFh6Vwg2cltiwF22EIPlUDtYTkUR0qRkdNJaNkwV5Vv_6r3pzSmu5ovRriKtlrvJMjlTnLb4_ltsge3fw5Z34cJrsp094FbUc2O6Or4FGEXUldieJCnVRhs2_h6SDcmeMXs1zfvE5GlDnq8tZV6WMJ5Sb4jNO7rs_hTkr23_E6mVg-DdtozGfqzRzhIjPym6D_jVfR6dZv5W0sKwOHRmT7nYq-C7b2sAwmNNII296M4Rq-jn0b5pgSeMDYbIpbIA4thU8LYU0lBZp_ZVwWKG1RFZDxz3k9O5UVth2kTpTWlwn0hB1aAvgXHo6in1CScITGA72p73RbDieNnLFaCK4xUVstkWAKLqPxs"` + Use string `json:"use" example:"sig"` + } +} + // @Summary Jwks // @Description Get the jwks info, used to validate jwts. // @Tags jwt // @Produce json -// @Success 200 {object} jwk.Key +// @Success 200 {object} JwkSet "OK" // @Router /.well-known/jwks.json [get] func (h *Handler) GetJwks(c echo.Context) error { key, err := jwk.New(h.config.JwtPublicKey) diff --git a/auth/kerror.go b/auth/kerror.go new file mode 100644 index 00000000..a2104ea6 --- /dev/null +++ b/auth/kerror.go @@ -0,0 +1,7 @@ +package main + +type KError struct { + Status int `json:"status" example:"404"` + Message string `json:"message" example:"No user found with this id"` + Details any `json:"details"` +} diff --git a/auth/utils.go b/auth/utils.go index 38753bc3..20b8c377 100644 --- a/auth/utils.go +++ b/auth/utils.go @@ -19,7 +19,7 @@ func GetCurrentUserId(c echo.Context) (uuid.UUID, error) { } sub, err := user.Claims.GetSubject() if err != nil { - return uuid.UUID{}, echo.NewHTTPError(403, "Could not retrive subject") + return uuid.UUID{}, echo.NewHTTPError(403, "Could not retrieve subject") } ret, err := uuid.Parse(sub) if err != nil {