Feature: Auth (#4)

* feat(api): add auth * feat(web): add auth and refactor * refactor(web): baseurl * feat: add autobrrctl cli for user creation * build: move static assets * refactor(web): auth guard and routing * refactor: rename var * fix: remove subrouter * build: update default config
2025-07-23 08:49:13 +00:00 · 2021-08-14 14:19:21 +02:00 · 2021-08-14 14:19:21 +02:00 · 40b855bf39
commit 40b855bf39
parent 2e8d0950c1
56 changed files with 1208 additions and 257 deletions
--- a/internal/http/auth.go
+++ b/internal/http/auth.go
@ -0,0 +1,86 @@
+package http
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/go-chi/chi"
+	"github.com/gorilla/sessions"
+
+	"github.com/autobrr/autobrr/internal/config"
+	"github.com/autobrr/autobrr/internal/domain"
+)
+
+type authService interface {
+	Login(username, password string) (*domain.User, error)
+}
+
+type authHandler struct {
+	encoder     encoder
+	authService authService
+}
+
+var (
+	// key will only be valid as long as it's running.
+	key   = []byte(config.Config.SessionSecret)
+	store = sessions.NewCookieStore(key)
+)
+
+func (h authHandler) Routes(r chi.Router) {
+	r.Post("/login", h.login)
+	r.Post("/logout", h.logout)
+	r.Get("/test", h.test)
+}
+
+func (h authHandler) login(w http.ResponseWriter, r *http.Request) {
+	var (
+		ctx  = r.Context()
+		data domain.User
+	)
+
+	if err := json.NewDecoder(r.Body).Decode(&data); err != nil {
+		// encode error
+		h.encoder.StatusResponse(ctx, w, nil, http.StatusBadRequest)
+		return
+	}
+
+	session, _ := store.Get(r, "user_session")
+
+	_, err := h.authService.Login(data.Username, data.Password)
+	if err != nil {
+		h.encoder.StatusResponse(ctx, w, nil, http.StatusUnauthorized)
+		return
+	}
+
+	// Set user as authenticated
+	session.Values["authenticated"] = true
+	session.Save(r, w)
+
+	h.encoder.StatusResponse(ctx, w, nil, http.StatusNoContent)
+}
+
+func (h authHandler) logout(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	session, _ := store.Get(r, "user_session")
+
+	// Revoke users authentication
+	session.Values["authenticated"] = false
+	session.Save(r, w)
+
+	h.encoder.StatusResponse(ctx, w, nil, http.StatusNoContent)
+}
+
+func (h authHandler) test(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	session, _ := store.Get(r, "user_session")
+
+	// Check if user is authenticated
+	if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
+		http.Error(w, "Forbidden", http.StatusForbidden)
+		return
+	}
+
+	// send empty response as ok
+	h.encoder.StatusResponse(ctx, w, nil, http.StatusNoContent)
+}
--- a/internal/http/middleware.go
+++ b/internal/http/middleware.go
@ -0,0 +1,17 @@
+package http
+
+import "net/http"
+
+func IsAuthenticated(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// check session
+		session, _ := store.Get(r, "user_session")
+
+		// Check if user is authenticated
+		if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			return
+		}
+		next.ServeHTTP(w, r)
+	})
+}
--- a/internal/http/service.go
+++ b/internal/http/service.go
@ -15,17 +15,19 @@ type Server struct {
 	address               string
 	baseUrl               string
 	actionService         actionService
+	authService           authService
 	downloadClientService downloadClientService
 	filterService         filterService
 	indexerService        indexerService
 	ircService            ircService
 }

-func NewServer(address string, baseUrl string, actionService actionService, downloadClientSvc downloadClientService, filterSvc filterService, indexerSvc indexerService, ircSvc ircService) Server {
+func NewServer(address string, baseUrl string, actionService actionService, authService authService, downloadClientSvc downloadClientService, filterSvc filterService, indexerSvc indexerService, ircSvc ircService) Server {
 	return Server{
 		address:               address,
 		baseUrl:               baseUrl,
 		actionService:         actionService,
+		authService:           authService,
 		downloadClientService: downloadClientSvc,
 		filterService:         filterSvc,
 		indexerService:        indexerSvc,
@ -62,7 +64,15 @@ func (s Server) Handler() http.Handler {
 		fileSystem.ServeHTTP(w, r)
 	})

+	authHandler := authHandler{
+		encoder:     encoder,
+		authService: s.authService,
+	}
+
+	r.Route("/api/auth", authHandler.Routes)
+
 	r.Group(func(r chi.Router) {
+		r.Use(IsAuthenticated)

 		actionHandler := actionHandler{
 			encoder:       encoder,