1. Top
  2. yamori
  3. Files
  4. packages
  5. backend
  6. core
  7. auth.go
yamori

有給休暇計算を主目的とした簡易勤怠管理システム

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
  23. 23
  24. 24
  25. 25
  26. 26
  27. 27
  28. 28
  29. 29
  30. 30
  31. 31
  32. 32
  33. 33
  34. 34
  35. 35
  36. 36
  37. 37
  38. 38
  39. 39
  40. 40
  41. 41
  42. 42
  43. 43
  44. 44
  45. 45
  46. 46
  47. 47
  48. 48
  49. 49
  50. 50
  51. 51
  52. 52
  53. 53
  54. 54
  55. 55
  56. 56
  57. 57
  58. 58
  59. 59
  60. 60
  61. 61
  62. 62
  63. 63
  64. 64
  65. 65
  66. 66
  67. 67
  68. 68
  69. 69
  70. 70
  71. 71
  72. 72
  73. 73
  74. 74
  75. 75
  76. 76
  77. 77
  78. 78
  79. 79
  80. 80
  81. 81
  82. 82
  83. 83
  84. 84
  85. 85
  86. 86
  87. 87
  88. 88
  89. 89
  90. 90
  91. 91
  92. 92
  93. 93
  94. 94
  95. 95
  96. 96
  97. 97
  98. 98
  99. 99
  100. 100
  101. 101
  102. 102
  103. 103
  104. 104
  105. 105
  106. 106
  107. 107
  108. 108
  109. 109
  110. 110 
// SPDX-FileCopyrightText: 2025 Shota FUJI <pockawoooh@gmail.com>
// SPDX-License-Identifier: AGPL-3.0-only

package core

import (
	"fmt"
	"net/http"
	"time"

	"github.com/golang-jwt/jwt/v5"

	workspace "pocka.jp/x/yamori/proto/go/backend/projections/workspace/v1"

	"pocka.jp/x/yamori/backend/core/projection"
)

const cookieName = "yamori-login-token"

type token string

func (core *Core) LoadTokenFromCookie(header *http.Header) (*token, error) {
	for _, header := range header.Values("Cookie") {
		cookies, err := http.ParseCookie(header)
		if err != nil {
			return nil, err
		}

		for _, cookie := range cookies {
			if cookie.Name == cookieName {
				token := token(cookie.Value)
				return &token, nil
			}
		}
	}

	return nil, nil
}

func DeleteTokenFromCookie(header *http.Header) {
	cookie := http.Cookie{
		Name:     cookieName,
		Value:    "",
		Expires:  time.Now(),
		SameSite: http.SameSiteStrictMode,
		Secure:   true,
		HttpOnly: true,
	}

	header.Add("Set-Cookie", cookie.String())
}

func (core *Core) IssueToken(secret *projection.LoginJwtSecret, user *workspace.Users_User) (*token, error) {
	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"sub": user.GetId(),
	})

	signed, err := t.SignedString(secret.Projection)
	if err != nil {
		return nil, err
	}

	token := token(signed)
	return &token, nil
}

func (t *token) SaveToCookie(header *http.Header) {
	cookie := http.Cookie{
		Name:     cookieName,
		Value:    string(*t),
		SameSite: http.SameSiteStrictMode,
		Secure:   true,
		HttpOnly: true,
	}

	header.Add("Set-Cookie", cookie.String())
}

func (t *token) Validate(secret *projection.LoginJwtSecret) error {
	_, err := jwt.Parse(string(*t), func(token *jwt.Token) (any, error) {
		return secret.Projection, nil
	}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))

	return err
}

func (t *token) FindUser(
	secret *projection.LoginJwtSecret,
	users *projection.Users,
) (*workspace.Users_User, error) {
	parsed, err := jwt.Parse(string(*t), func(token *jwt.Token) (any, error) {
		return secret.Projection, nil
	}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))
	if err != nil {
		return nil, err
	}

	sub, err := parsed.Claims.GetSubject()
	if err != nil {
		return nil, err
	}

	for _, u := range users.Projection.Users {
		if u.GetId() == sub {
			return u, nil
		}
	}

	return nil, fmt.Errorf("No user found for sub=%s", sub)
}