From cdda8b21199cd764996e2bd44f9ba31045cdac92 Mon Sep 17 00:00:00 2001
From: James Ravenscroft <ravenscroftj@gmail.com>
Date: Sat, 5 Feb 2022 19:59:41 +0000
Subject: [PATCH] implement auth properly and add scrobble template

---
 controllers/index.go     |  3 +++
 controllers/indieauth.go | 42 +++++++++++++++++++++++++++++++++++++---
 controllers/scrobble.go  | 29 +++++++++++++++++++++++++++
 middlewares/auth.go      | 11 ++++++++---
 scrobble/types.go        |  8 ++++++++
 server/router.go         | 10 +++++++++-
 templates/index.tmpl     | 18 +++++++++++++++--
 templates/scrobble.tmpl  | 21 ++++++++++++++++++++
 8 files changed, 133 insertions(+), 9 deletions(-)
 create mode 100644 controllers/scrobble.go
 create mode 100644 scrobble/types.go
 create mode 100644 templates/scrobble.tmpl

diff --git a/controllers/index.go b/controllers/index.go
index fb211b3..fc9205f 100644
--- a/controllers/index.go
+++ b/controllers/index.go
@@ -3,11 +3,14 @@ package controllers
 import (
 	"net/http"
 
+	"git.jamesravey.me/ravenscroftj/indiescrobble/scrobble"
 	"github.com/gin-gonic/gin"
 )
 
 func Index(c *gin.Context) {
 	c.HTML(http.StatusOK, "index.tmpl", gin.H{
 		"title": "test",
+		"user": c.GetString("user"),
+		"scrobbleTypes": scrobble.ScrobbleTypeNames,
 	})
 }
diff --git a/controllers/indieauth.go b/controllers/indieauth.go
index 58c66ce..81ea7ae 100644
--- a/controllers/indieauth.go
+++ b/controllers/indieauth.go
@@ -50,6 +50,10 @@ func (iam *IndieAuthManager) GetCurrentUser(c *gin.Context) string {
 
 		val, present := tok.Get("user")
 
+		indietok, present := tok.Get("token")
+
+		fmt.Printf("indie token current user: %v", indietok)
+
 		if present {
 			return fmt.Sprintf("%v", val)
 		}else{
@@ -158,6 +162,24 @@ func (iam *IndieAuthManager) saveAuthInfo(w http.ResponseWriter, r *http.Request
 }
 
 
+func (iam *IndieAuthManager) Logout(c *gin.Context) {
+
+	// delete the cookie
+	cookie := &http.Cookie{
+		Name:     "jwt",
+		MaxAge:   -1,
+		Secure:   c.Request.URL.Scheme == "https",
+		HttpOnly: true,
+		Path:     "/",
+		SameSite: http.SameSiteLaxMode,
+	}
+
+	http.SetCookie(c.Writer, cookie)
+	
+	c.Redirect(http.StatusSeeOther, "/")
+
+}
+
 func (iam *IndieAuthManager) IndieAuthLoginPost(c *gin.Context) {
 
 	err := c.Request.ParseForm()
@@ -235,7 +257,17 @@ func (iam *IndieAuthManager) LoginCallbackGet(c *gin.Context) {
 		return
 	}
 
-	profile, err := iam.iac.FetchProfile(i, code)
+
+	// profile, err := iam.iac.FetchProfile(i, code)
+	// if err != nil {
+	// 	c.HTML(http.StatusBadRequest, "error.tmpl", gin.H{
+	// 		"message": err,
+	// 	})
+	// 	return
+	// }
+
+
+	token, _, err := iam.iac.GetToken(i, code)
 	if err != nil {
 		c.HTML(http.StatusBadRequest, "error.tmpl", gin.H{
 			"message": err,
@@ -243,7 +275,10 @@ func (iam *IndieAuthManager) LoginCallbackGet(c *gin.Context) {
 		return
 	}
 
-	if err := indieauth.IsValidProfileURL(profile.Me); err != nil {
+	me := token.Extra("me").(string)
+
+
+	if err := indieauth.IsValidProfileURL(me); err != nil {
 		err = fmt.Errorf("invalid 'me': %w", err)
 		c.HTML(http.StatusBadRequest, "error.tmpl", gin.H{
 			"message": err,
@@ -257,7 +292,8 @@ func (iam *IndieAuthManager) LoginCallbackGet(c *gin.Context) {
 		jwt.SubjectKey:    config.GetString("indieauth.sessionSubject"),
 		jwt.IssuedAtKey:   time.Now().Unix(),
 		jwt.ExpirationKey: expiration,
-		"user":            profile.Me,
+		"user":            me,
+		"token": token.AccessToken,
 	})
 	if err != nil {
 		c.HTML(http.StatusBadRequest, "error.tmpl", gin.H{
diff --git a/controllers/scrobble.go b/controllers/scrobble.go
new file mode 100644
index 0000000..4482243
--- /dev/null
+++ b/controllers/scrobble.go
@@ -0,0 +1,29 @@
+package controllers
+
+import (
+	"net/http"
+
+	"git.jamesravey.me/ravenscroftj/indiescrobble/scrobble"
+	"github.com/gin-gonic/gin"
+)
+
+
+func Scrobble(c *gin.Context){
+
+	err := c.Request.ParseForm()
+
+	if err != nil{
+		c.HTML(http.StatusBadRequest, "error.tmpl", gin.H{
+			"message": err,
+		})
+	}
+
+	// TODO: add validation of type
+	scrobbleType := c.Request.Form.Get("type")
+
+	c.HTML(http.StatusOK, "scrobble.tmpl", gin.H{
+		"user": c.GetString("user"),
+		"scrobbleType": scrobble.ScrobbleTypeNames[scrobbleType],
+	})
+
+}
\ No newline at end of file
diff --git a/middlewares/auth.go b/middlewares/auth.go
index abe549c..e48580f 100644
--- a/middlewares/auth.go
+++ b/middlewares/auth.go
@@ -1,21 +1,26 @@
 package middlewares
 
 import (
-	"fmt"
+	"net/http"
 
 	"git.jamesravey.me/ravenscroftj/indiescrobble/controllers"
 	"github.com/gin-gonic/gin"
 )
 
-func AuthMiddleware() gin.HandlerFunc {
+func AuthMiddleware(requireValidUser bool) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// config := config.GetConfig()
 
 		iam := controllers.NewIndieAuthManager()
 		
+		currentUser := iam.GetCurrentUser(c)
 
+		if requireValidUser && (currentUser == "") {
+			c.SetCookie("jwt", "", -1, "/", "", c.Request.URL.Scheme == "https", true)
+			c.Redirect(http.StatusSeeOther, "/")
+		}
 
-		fmt.Printf("Current user: %v\n", iam.GetCurrentUser(c))
+		c.Set("user", currentUser)
 
 		// reqKey := c.Request.Header.Get("X-Auth-Key")
 		// reqSecret := c.Request.Header.Get("X-Auth-Secret")
diff --git a/scrobble/types.go b/scrobble/types.go
new file mode 100644
index 0000000..ad9bf63
--- /dev/null
+++ b/scrobble/types.go
@@ -0,0 +1,8 @@
+package scrobble
+
+var ScrobbleTypeNames =  map[string]string {
+	"scrobble" : "🎧 Listen",
+	"tv" : "📺 TV Show",
+	"movie": "🎬 Movie",
+	"read": "📖 Read",
+};
\ No newline at end of file
diff --git a/server/router.go b/server/router.go
index 3a6af7c..8ed45a9 100644
--- a/server/router.go
+++ b/server/router.go
@@ -21,14 +21,22 @@ func NewRouter() *gin.Engine {
 
 	router.GET("/health", health.Status)
 
-	router.Use(middlewares.AuthMiddleware())
+	router.Use(middlewares.AuthMiddleware(false))
 
 	router.GET("/", controllers.Index)
 
 	router.Static("/static", config.GetString("server.static_path"))
 
+	// add auth endpoints
+
 	router.POST("/indieauth", iam.IndieAuthLoginPost)
 	router.GET("/auth", iam.LoginCallbackGet)
+	router.GET("/logout", iam.Logout)
+
+	authed := router.Use(middlewares.AuthMiddleware(true))
+
+	// add scrobble endpoints
+	authed.GET("/scrobble", controllers.Scrobble)
 
 
 
diff --git a/templates/index.tmpl b/templates/index.tmpl
index 12cfacb..3464ea0 100644
--- a/templates/index.tmpl
+++ b/templates/index.tmpl
@@ -4,11 +4,25 @@
 	<body>
 	{{ template "header.tmpl" . }}
 	<main>
+
+	{{ if .user }}
+	Logged in as {{.user}} <a href="/logout"><button>Log Out</button></a>
+
+	<h2>Add A Scrobble</h2>
+
+	I want to add a:
+	<form method="GET" action="/scrobble">
+    {{range $type, $label := .scrobbleTypes }}
+    <label><input type="radio" name="type" value="{{ $type }}"/>{{$label}}</label><br/>
+    {{end}}
+
+	<button type="submit">Next &gt;&gt;</button>
+	</form>
+
+	{{else}}
 		<p>Welcome to indiescrobble! IndieScrobble is a <a href="https://micropub.spec.indieweb.org/">MicroPub</a> compliant tool
 	for posting about your watches, reads and scrobbles directly back to your site.</p>
 
-	{{ if index . "user" }}
-	{{else}}
 	<form action="/indieauth" method="POST">
 	<p>
 		<label>Your domain: </label>
diff --git a/templates/scrobble.tmpl b/templates/scrobble.tmpl
new file mode 100644
index 0000000..0cb6fce
--- /dev/null
+++ b/templates/scrobble.tmpl
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+	{{ template "head.tmpl" . }}
+	<body>
+	{{ template "header.tmpl" . }}
+	<main>
+
+	{{ if .user }}
+	Logged in as {{.user}} <a href="/logout"><button>Log Out</button></a>
+    {{end}}
+
+	<h2>Add A Post &gt; Add {{ .scrobbleType }}</h2>
+
+
+
+	<button type="submit">Next &gt;&gt;</button>
+	</form>
+
+	</main>
+	</body>
+</html>
\ No newline at end of file