fix: format logs
This commit is contained in:
Lakhan Samani
parent
d886d780b4
commit
714b79e4ab
|
|
@ -1,6 +1,8 @@
|
|||
package db
|
||||
|
||||
import (
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/authorizerdev/authorizer/server/constants"
|
||||
"github.com/authorizerdev/authorizer/server/db/providers"
|
||||
"github.com/authorizerdev/authorizer/server/db/providers/arangodb"
|
||||
|
|
@ -22,29 +24,37 @@ func InitDB() error {
|
|||
isCassandra := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType) == constants.DbTypeCassandraDB
|
||||
|
||||
if isSQL {
|
||||
log.Info("Initializing SQL Driver")
|
||||
Provider, err = sql.NewProvider()
|
||||
if err != nil {
|
||||
log.Fatal("Failed to initialize SQL driver: ", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if isArangoDB {
|
||||
log.Info("Initializing ArangoDB Driver")
|
||||
Provider, err = arangodb.NewProvider()
|
||||
if err != nil {
|
||||
log.Fatal("Failed to initialize ArangoDB driver: ", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if isMongoDB {
|
||||
log.Info("Initializing MongoDB Driver")
|
||||
Provider, err = mongodb.NewProvider()
|
||||
if err != nil {
|
||||
log.Fatal("Failed to initialize MongoDB driver: ", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if isCassandra {
|
||||
log.Info("Initializing CassandraDB Driver")
|
||||
Provider, err = cassandradb.NewProvider()
|
||||
if err != nil {
|
||||
log.Fatal("Failed to initialize CassandraDB driver: ", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ func SendMail(to []string, Subject, bodyMessage string) error {
|
|||
d.TLSConfig = &tls.Config{InsecureSkipVerify: true}
|
||||
}
|
||||
if err := d.DialAndSend(m); err != nil {
|
||||
log.Debug("SMTP Failed:", err)
|
||||
log.Debug("SMTP Failed: ", err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@ func InviteEmail(toEmail, token, verificationURL, redirectURI string) error {
|
|||
|
||||
err := SendMail(Receiver, Subject, message)
|
||||
if err != nil {
|
||||
log.Warn("error sending email:", err)
|
||||
log.Warn("error sending email: ", err)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@ func SendVerificationMail(toEmail, token, hostname string) error {
|
|||
|
||||
err := SendMail(Receiver, Subject, message)
|
||||
if err != nil {
|
||||
log.Warn("error sending email:", err)
|
||||
log.Warn("error sending email: ", err)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
4
server/env/env.go
vendored
4
server/env/env.go
vendored
|
|
@ -53,6 +53,7 @@ func InitRequiredEnv() error {
|
|||
}
|
||||
|
||||
if dbType == "" {
|
||||
log.Debug("DATABASE_TYPE is not set")
|
||||
return errors.New("invalid database type. DATABASE_TYPE is empty")
|
||||
}
|
||||
}
|
||||
|
|
@ -63,6 +64,7 @@ func InitRequiredEnv() error {
|
|||
}
|
||||
|
||||
if dbURL == "" && dbPort == "" && dbHost == "" && dbUsername == "" && dbPassword == "" {
|
||||
log.Debug("DATABASE_URL is not set")
|
||||
return errors.New("invalid database url. DATABASE_URL is required")
|
||||
}
|
||||
}
|
||||
|
|
@ -180,6 +182,7 @@ func InitAllEnv() error {
|
|||
} else {
|
||||
algo = envData.StringEnv[constants.EnvKeyJwtType]
|
||||
if !crypto.IsHMACA(algo) && !crypto.IsRSA(algo) && !crypto.IsECDSA(algo) {
|
||||
log.Debug("Invalid JWT Algorithm")
|
||||
return errors.New("invalid JWT_TYPE")
|
||||
}
|
||||
}
|
||||
|
|
@ -385,6 +388,7 @@ func InitAllEnv() error {
|
|||
}
|
||||
|
||||
if len(roles) > 0 && len(defaultRoles) == 0 && len(defaultRolesEnv) > 0 {
|
||||
log.Debug("Default roles not found in roles list. It can be one from ROLES only")
|
||||
return errors.New(`invalid DEFAULT_ROLE environment variable. It can be one from give ROLES environment variable value`)
|
||||
}
|
||||
|
||||
|
|
|
|||
15
server/env/persist_env.go
vendored
15
server/env/persist_env.go
vendored
|
|
@ -23,12 +23,14 @@ func GetEnvData() (envstore.Store, error) {
|
|||
env, err := db.Provider.GetEnv()
|
||||
// config not found in db
|
||||
if err != nil {
|
||||
log.Debug("Error while getting env data from db: ", err)
|
||||
return result, err
|
||||
}
|
||||
|
||||
encryptionKey := env.Hash
|
||||
decryptedEncryptionKey, err := crypto.DecryptB64(encryptionKey)
|
||||
if err != nil {
|
||||
log.Debug("Error while decrypting encryption key: ", err)
|
||||
return result, err
|
||||
}
|
||||
|
||||
|
|
@ -36,16 +38,19 @@ func GetEnvData() (envstore.Store, error) {
|
|||
|
||||
b64DecryptedConfig, err := crypto.DecryptB64(env.EnvData)
|
||||
if err != nil {
|
||||
log.Debug("Error while decrypting env data from B64: ", err)
|
||||
return result, err
|
||||
}
|
||||
|
||||
decryptedConfigs, err := crypto.DecryptAESEnv([]byte(b64DecryptedConfig))
|
||||
if err != nil {
|
||||
log.Debug("Error while decrypting env data from AES: ", err)
|
||||
return result, err
|
||||
}
|
||||
|
||||
err = json.Unmarshal(decryptedConfigs, &result)
|
||||
if err != nil {
|
||||
log.Debug("Error while unmarshalling env data: ", err)
|
||||
return result, err
|
||||
}
|
||||
|
||||
|
|
@ -64,6 +69,7 @@ func PersistEnv() error {
|
|||
|
||||
encryptedConfig, err := crypto.EncryptEnvData(envstore.EnvStoreObj.GetEnvStoreClone())
|
||||
if err != nil {
|
||||
log.Debug("Error while encrypting env data: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -74,6 +80,7 @@ func PersistEnv() error {
|
|||
|
||||
env, err = db.Provider.AddEnv(env)
|
||||
if err != nil {
|
||||
log.Debug("Error while persisting env data to db: ", err)
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
|
|
@ -82,6 +89,7 @@ func PersistEnv() error {
|
|||
encryptionKey := env.Hash
|
||||
decryptedEncryptionKey, err := crypto.DecryptB64(encryptionKey)
|
||||
if err != nil {
|
||||
log.Debug("Error while decrypting encryption key: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -89,11 +97,13 @@ func PersistEnv() error {
|
|||
|
||||
b64DecryptedConfig, err := crypto.DecryptB64(env.EnvData)
|
||||
if err != nil {
|
||||
log.Debug("Error while decrypting env data from B64: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
decryptedConfigs, err := crypto.DecryptAESEnv([]byte(b64DecryptedConfig))
|
||||
if err != nil {
|
||||
log.Debug("Error while decrypting env data from AES: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -102,6 +112,7 @@ func PersistEnv() error {
|
|||
|
||||
err = json.Unmarshal(decryptedConfigs, &storeData)
|
||||
if err != nil {
|
||||
log.Debug("Error while unmarshalling env data: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -169,6 +180,7 @@ func PersistEnv() error {
|
|||
envstore.EnvStoreObj.UpdateEnvStore(storeData)
|
||||
jwk, err := crypto.GenerateJWKBasedOnEnv()
|
||||
if err != nil {
|
||||
log.Debug("Error while generating JWK: ", err)
|
||||
return err
|
||||
}
|
||||
// updating jwk
|
||||
|
|
@ -177,13 +189,14 @@ func PersistEnv() error {
|
|||
if hasChanged {
|
||||
encryptedConfig, err := crypto.EncryptEnvData(storeData)
|
||||
if err != nil {
|
||||
log.Debug("Error while encrypting env data: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
env.EnvData = encryptedConfig
|
||||
_, err = db.Provider.UpdateEnv(env)
|
||||
if err != nil {
|
||||
log.Debug("Failed to Update Config:", err)
|
||||
log.Debug("Failed to Update Config: ", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,8 @@ var (
|
|||
ARG_DB_TYPE *string
|
||||
// ARG_ENV_FILE is the cli arg variable for the env file
|
||||
ARG_ENV_FILE *string
|
||||
// ARG_LOG_LEVEL is the cli arg variable for the log level
|
||||
ARG_LOG_LEVEL *string
|
||||
)
|
||||
|
||||
// Store data structure
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ func AppHandler() gin.HandlerFunc {
|
|||
if pusher := c.Writer.Pusher(); pusher != nil {
|
||||
// use pusher.Push() to do server push
|
||||
if err := pusher.Push("/app/build/bundle.js", nil); err != nil {
|
||||
log.Debug("Failed to push file path", err)
|
||||
log.Debug("Failed to push file path: ", err)
|
||||
}
|
||||
}
|
||||
c.HTML(http.StatusOK, "app.tmpl", gin.H{
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||
}
|
||||
|
||||
if responseMode != "query" && responseMode != "web_message" {
|
||||
log.Debug("Invalid response_mode")
|
||||
log.Debug("Invalid response_mode: ", responseMode)
|
||||
gc.JSON(400, gin.H{"error": "invalid response mode"})
|
||||
}
|
||||
|
||||
|
|
@ -66,7 +66,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||
if isQuery {
|
||||
gc.Redirect(http.StatusFound, loginURL)
|
||||
} else {
|
||||
log.Debug("Failed to get client_id")
|
||||
log.Debug("Failed to get client_id: ", clientID)
|
||||
gc.HTML(http.StatusOK, template, gin.H{
|
||||
"target_origin": redirectURI,
|
||||
"authorization_response": map[string]interface{}{
|
||||
|
|
@ -84,7 +84,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||
if isQuery {
|
||||
gc.Redirect(http.StatusFound, loginURL)
|
||||
} else {
|
||||
log.Debug("Invalid client_id")
|
||||
log.Debug("Invalid client_id: ", clientID)
|
||||
gc.HTML(http.StatusOK, template, gin.H{
|
||||
"target_origin": redirectURI,
|
||||
"authorization_response": map[string]interface{}{
|
||||
|
|
@ -102,7 +102,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||
if isQuery {
|
||||
gc.Redirect(http.StatusFound, loginURL)
|
||||
} else {
|
||||
log.Debug("Failed to get state")
|
||||
log.Debug("Failed to get state: ", state)
|
||||
gc.HTML(http.StatusOK, template, gin.H{
|
||||
"target_origin": redirectURI,
|
||||
"authorization_response": map[string]interface{}{
|
||||
|
|
@ -127,7 +127,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||
if isQuery {
|
||||
gc.Redirect(http.StatusFound, loginURL)
|
||||
} else {
|
||||
log.Debug("Invalid response_type")
|
||||
log.Debug("Invalid response_type: ", responseType)
|
||||
gc.HTML(http.StatusOK, template, gin.H{
|
||||
"target_origin": redirectURI,
|
||||
"authorization_response": map[string]interface{}{
|
||||
|
|
@ -146,7 +146,7 @@ func AuthorizeHandler() gin.HandlerFunc {
|
|||
if isQuery {
|
||||
gc.Redirect(http.StatusFound, loginURL)
|
||||
} else {
|
||||
log.Debug("Failed to get code_challenge")
|
||||
log.Debug("Failed to get code_challenge: ", codeChallenge)
|
||||
gc.HTML(http.StatusBadRequest, template, gin.H{
|
||||
"target_origin": redirectURI,
|
||||
"authorization_response": map[string]interface{}{
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ func JWKsHandler() gin.HandlerFunc {
|
|||
jwk := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJWK)
|
||||
err := json.Unmarshal([]byte(jwk), &data)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse JWK", err)
|
||||
log.Debug("Failed to parse JWK: ", err)
|
||||
c.JSON(500, gin.H{
|
||||
"error": err.Error(),
|
||||
})
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ func LogoutHandler() gin.HandlerFunc {
|
|||
// get fingerprint hash
|
||||
fingerprintHash, err := cookie.GetSession(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get session", err)
|
||||
log.Debug("Failed to get session: ", err)
|
||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||
"error": err.Error(),
|
||||
})
|
||||
|
|
@ -28,7 +28,7 @@ func LogoutHandler() gin.HandlerFunc {
|
|||
|
||||
decryptedFingerPrint, err := crypto.DecryptAES(fingerprintHash)
|
||||
if err != nil {
|
||||
log.Debug("Failed to decrypt fingerprint", err)
|
||||
log.Debug("Failed to decrypt fingerprint: ", err)
|
||||
gc.JSON(http.StatusUnauthorized, gin.H{
|
||||
"error": err.Error(),
|
||||
})
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
|||
|
||||
sessionState := sessionstore.GetState(state)
|
||||
if sessionState == "" {
|
||||
log.Debug("Invalid oauth state")
|
||||
log.Debug("Invalid oauth state: ", state)
|
||||
c.JSON(400, gin.H{"error": "invalid oauth state"})
|
||||
}
|
||||
sessionstore.GetState(state)
|
||||
|
|
@ -42,7 +42,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
|||
sessionSplit := strings.Split(state, "___")
|
||||
|
||||
if len(sessionSplit) < 3 {
|
||||
log.Debug("Invalid redirect url")
|
||||
log.Debug("Unable to get redirect url from state: ", state)
|
||||
c.JSON(400, gin.H{"error": "invalid redirect url"})
|
||||
return
|
||||
}
|
||||
|
|
@ -93,7 +93,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
|||
}
|
||||
|
||||
if hasProtectedRole {
|
||||
log.Debug("Invalid role")
|
||||
log.Debug("Signup is not allowed with protected roles:", inputRoles)
|
||||
c.JSON(400, gin.H{"error": "invalid role"})
|
||||
return
|
||||
}
|
||||
|
|
@ -104,7 +104,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
|
|||
user, _ = db.Provider.AddUser(user)
|
||||
} else {
|
||||
if user.RevokedTimestamp != nil {
|
||||
log.Debug("User access revoked")
|
||||
log.Debug("User access revoked at: ", user.RevokedTimestamp)
|
||||
c.JSON(400, gin.H{"error": "user access has been revoked"})
|
||||
}
|
||||
|
||||
|
|
@ -215,7 +215,7 @@ func processGoogleUserInfo(code string) (models.User, error) {
|
|||
// Extract the ID Token from OAuth2 token.
|
||||
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
|
||||
if !ok {
|
||||
log.Debug("Failed to extract ID Token from OAuth2 token.")
|
||||
log.Debug("Failed to extract ID Token from OAuth2 token")
|
||||
return user, fmt.Errorf("unable to extract id_token")
|
||||
}
|
||||
|
||||
|
|
@ -238,13 +238,13 @@ func processGithubUserInfo(code string) (models.User, error) {
|
|||
user := models.User{}
|
||||
token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
|
||||
if err != nil {
|
||||
log.Debug("Failed to exchange code for token:", err)
|
||||
log.Debug("Failed to exchange code for token: ", err)
|
||||
return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
|
||||
}
|
||||
client := http.Client{}
|
||||
req, err := http.NewRequest("GET", constants.GithubUserInfoURL, nil)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create github user info request:", err)
|
||||
log.Debug("Failed to create github user info request: ", err)
|
||||
return user, fmt.Errorf("error creating github user info request: %s", err.Error())
|
||||
}
|
||||
req.Header = http.Header{
|
||||
|
|
@ -253,14 +253,14 @@ func processGithubUserInfo(code string) (models.User, error) {
|
|||
|
||||
response, err := client.Do(req)
|
||||
if err != nil {
|
||||
log.Debug("Failed to request github user info:", err)
|
||||
log.Debug("Failed to request github user info: ", err)
|
||||
return user, err
|
||||
}
|
||||
|
||||
defer response.Body.Close()
|
||||
body, err := ioutil.ReadAll(response.Body)
|
||||
if err != nil {
|
||||
log.Debug("Failed to read github user info response body:", err)
|
||||
log.Debug("Failed to read github user info response body: ", err)
|
||||
return user, fmt.Errorf("failed to read github response body: %s", err.Error())
|
||||
}
|
||||
|
||||
|
|
@ -293,26 +293,26 @@ func processFacebookUserInfo(code string) (models.User, error) {
|
|||
user := models.User{}
|
||||
token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
|
||||
if err != nil {
|
||||
log.Debug("Invalid facebook exchange code:", err)
|
||||
log.Debug("Invalid facebook exchange code: ", err)
|
||||
return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
|
||||
}
|
||||
client := http.Client{}
|
||||
req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+token.AccessToken, nil)
|
||||
if err != nil {
|
||||
log.Debug("Error creating facebook user info request:", err)
|
||||
log.Debug("Error creating facebook user info request: ", err)
|
||||
return user, fmt.Errorf("error creating facebook user info request: %s", err.Error())
|
||||
}
|
||||
|
||||
response, err := client.Do(req)
|
||||
if err != nil {
|
||||
log.Debug("Failed to process facebook user:", err)
|
||||
log.Debug("Failed to process facebook user: ", err)
|
||||
return user, err
|
||||
}
|
||||
|
||||
defer response.Body.Close()
|
||||
body, err := ioutil.ReadAll(response.Body)
|
||||
if err != nil {
|
||||
log.Debug("Failed to read facebook response:", err)
|
||||
log.Debug("Failed to read facebook response: ", err)
|
||||
return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
|
|||
// use protected roles verification for admin login only.
|
||||
// though if not associated with user, it will be rejected from oauth_callback
|
||||
if !utils.IsValidRoles(rolesSplit, append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...)) {
|
||||
log.Debug("Invalid roles: ", roles)
|
||||
c.JSON(400, gin.H{
|
||||
"error": "invalid role",
|
||||
})
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ func RevokeHandler() gin.HandlerFunc {
|
|||
}
|
||||
|
||||
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
log.Debug("Client ID is invalid")
|
||||
log.Debug("Client ID is invalid: ", clientID)
|
||||
gc.JSON(http.StatusBadRequest, gin.H{
|
||||
"error": "invalid_client_id",
|
||||
"error_description": "The client id is invalid",
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ func TokenHandler() gin.HandlerFunc {
|
|||
isAuthorizationCodeGrant := grantType == "authorization_code"
|
||||
|
||||
if !isRefreshTokenGrant && !isAuthorizationCodeGrant {
|
||||
log.Debug("Invalid grant type")
|
||||
log.Debug("Invalid grant type: ", grantType)
|
||||
gc.JSON(http.StatusBadRequest, gin.H{
|
||||
"error": "invalid_grant_type",
|
||||
"error_description": "grant_type is invalid",
|
||||
|
|
@ -63,7 +63,7 @@ func TokenHandler() gin.HandlerFunc {
|
|||
}
|
||||
|
||||
if clientID != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID) {
|
||||
log.Debug("Client ID is invalid")
|
||||
log.Debug("Client ID is invalid: ", clientID)
|
||||
gc.JSON(http.StatusBadRequest, gin.H{
|
||||
"error": "invalid_client_id",
|
||||
"error_description": "The client id is invalid",
|
||||
|
|
@ -100,7 +100,7 @@ func TokenHandler() gin.HandlerFunc {
|
|||
encryptedCode = strings.ReplaceAll(encryptedCode, "=", "")
|
||||
sessionData := sessionstore.GetState(encryptedCode)
|
||||
if sessionData == "" {
|
||||
log.Debug("Invalid code verifier")
|
||||
log.Debug("Session data is empty")
|
||||
gc.JSON(http.StatusBadRequest, gin.H{
|
||||
"error": "invalid_code_verifier",
|
||||
"error_description": "The code verifier is invalid",
|
||||
|
|
@ -113,7 +113,7 @@ func TokenHandler() gin.HandlerFunc {
|
|||
sessionDataSplit := strings.Split(sessionData, "@")
|
||||
|
||||
if sessionDataSplit[0] != code {
|
||||
log.Debug("Invalid code verifier.Unable to split session data")
|
||||
log.Debug("Invalid code verifier. Unable to split session data")
|
||||
gc.JSON(http.StatusBadRequest, gin.H{
|
||||
"error": "invalid_code_verifier",
|
||||
"error_description": "The code verifier is invalid",
|
||||
|
|
|
|||
|
|
@ -16,27 +16,54 @@ import (
|
|||
|
||||
var VERSION string
|
||||
|
||||
type UTCFormatter struct {
|
||||
log.Formatter
|
||||
}
|
||||
|
||||
func (u UTCFormatter) Format(e *log.Entry) ([]byte, error) {
|
||||
e.Time = e.Time.UTC()
|
||||
return u.Formatter.Format(e)
|
||||
}
|
||||
|
||||
func main() {
|
||||
envstore.ARG_DB_URL = flag.String("database_url", "", "Database connection string")
|
||||
envstore.ARG_DB_TYPE = flag.String("database_type", "", "Database type, possible values are postgres,mysql,sqlite")
|
||||
envstore.ARG_ENV_FILE = flag.String("env_file", "", "Env file path")
|
||||
flag.Parse()
|
||||
// envstore.ARG_LOG_LEVEL = flag.String("log_level", "", "Log level, possible values are debug,info,warn,error,fatal,panic")
|
||||
|
||||
log.SetFormatter(&log.JSONFormatter{})
|
||||
log.SetFormatter(UTCFormatter{&log.JSONFormatter{}})
|
||||
log.SetReportCaller(true)
|
||||
log.SetLevel(log.DebugLevel)
|
||||
|
||||
// switch *envstore.ARG_LOG_LEVEL {
|
||||
// case "debug":
|
||||
// log.SetLevel(log.DebugLevel)
|
||||
// case "info":
|
||||
// log.SetLevel(log.InfoLevel)
|
||||
// case "warn":
|
||||
// log.SetLevel(log.WarnLevel)
|
||||
// case "error":
|
||||
// log.SetLevel(log.ErrorLevel)
|
||||
// case "fatal":
|
||||
// log.SetLevel(log.FatalLevel)
|
||||
// case "panic":
|
||||
// log.SetLevel(log.PanicLevel)
|
||||
// default:
|
||||
// log.SetLevel(log.InfoLevel)
|
||||
// }
|
||||
|
||||
constants.VERSION = VERSION
|
||||
|
||||
// initialize required envs (mainly db & env file path)
|
||||
err := env.InitRequiredEnv()
|
||||
if err != nil {
|
||||
log.Fatal("Error while initializing required envs:", err)
|
||||
log.Fatal("Error while initializing required envs: ", err)
|
||||
}
|
||||
|
||||
// initialize db provider
|
||||
err = db.InitDB()
|
||||
if err != nil {
|
||||
log.Fatalln("Error while initializing db:", err)
|
||||
log.Fatalln("Error while initializing db: ", err)
|
||||
}
|
||||
|
||||
// initialize all envs
|
||||
|
|
@ -49,19 +76,19 @@ func main() {
|
|||
// persist all envs
|
||||
err = env.PersistEnv()
|
||||
if err != nil {
|
||||
log.Fatalln("Error while persisting env:", err)
|
||||
log.Fatalln("Error while persisting env: ", err)
|
||||
}
|
||||
|
||||
// initialize session store (redis or in-memory based on env)
|
||||
err = sessionstore.InitSession()
|
||||
if err != nil {
|
||||
log.Fatalln("Error while initializing session store:", err)
|
||||
log.Fatalln("Error while initializing session store: ", err)
|
||||
}
|
||||
|
||||
// initialize oauth providers based on env
|
||||
err = oauth.InitOAuth()
|
||||
if err != nil {
|
||||
log.Fatalln("Error while initializing oauth:", err)
|
||||
log.Fatalln("Error while initializing oauth: ", err)
|
||||
}
|
||||
|
||||
router := routes.InitRouter()
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ func (fn GinLogWriteFunc) Write(data []byte) (int, error) {
|
|||
// NewGinLogrusWrite logrus writer for gin
|
||||
func NewGinLogrusWrite() io.Writer {
|
||||
return GinLogWriteFunc(func(data []byte) (int, error) {
|
||||
log.Info("%s", data)
|
||||
log.Info("%v", data)
|
||||
return 0, nil
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ func AdminLoginResolver(ctx context.Context, params model.AdminLoginInput) (*mod
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ func AdminLogoutResolver(ctx context.Context) (*model.Response, error) {
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,18 +21,18 @@ func AdminSessionResolver(ctx context.Context) (*model.Response, error) {
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if !token.IsSuperAdmin(gc) {
|
||||
log.Debug("Not logged in as super admin.")
|
||||
log.Debug("Not logged in as super admin")
|
||||
return res, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
hashedKey, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
if err != nil {
|
||||
log.Debug("Failed to encrypt key:", err)
|
||||
log.Debug("Failed to encrypt key: ", err)
|
||||
return res, err
|
||||
}
|
||||
cookie.SetAdminCookie(gc, hashedKey)
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext:", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -53,36 +53,36 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
|
|||
|
||||
jsonBytes, err := json.Marshal(envstore.EnvStoreObj.GetEnvStoreClone())
|
||||
if err != nil {
|
||||
log.Debug("Failed to marshal envstore:", err)
|
||||
log.Debug("Failed to marshal envstore: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(jsonBytes, &storeData); err != nil {
|
||||
log.Debug("Failed to unmarshal envstore:", err)
|
||||
log.Debug("Failed to unmarshal envstore: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
env, err := db.Provider.GetEnv()
|
||||
if err != nil {
|
||||
log.Debug("Failed to get env:", err)
|
||||
log.Debug("Failed to get env: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
envData, err := crypto.EncryptEnvData(storeData)
|
||||
if err != nil {
|
||||
log.Debug("Failed to encrypt envstore:", err)
|
||||
log.Debug("Failed to encrypt envstore: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
env.EnvData = envData
|
||||
if _, err := db.Provider.UpdateEnv(env); err != nil {
|
||||
log.Debug("Failed to update env:", err)
|
||||
log.Debug("Failed to update env: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
hashedKey, err := crypto.EncryptPassword(params.AdminSecret)
|
||||
if err != nil {
|
||||
log.Debug("Failed to encrypt admin session key:", err)
|
||||
log.Debug("Failed to encrypt admin session key: ", err)
|
||||
return res, err
|
||||
}
|
||||
cookie.SetAdminCookie(gc, hashedKey)
|
||||
|
|
|
|||
|
|
@ -19,12 +19,12 @@ func DeleteUserResolver(ctx context.Context, params model.DeleteUserInput) (*mod
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if !token.IsSuperAdmin(gc) {
|
||||
log.Debug("Not logged in as super admin.")
|
||||
log.Debug("Not logged in as super admin")
|
||||
return res, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
|
|
@ -34,7 +34,7 @@ func DeleteUserResolver(ctx context.Context, params model.DeleteUserInput) (*mod
|
|||
|
||||
user, err := db.Provider.GetUserByEmail(params.Email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user from DB:", err)
|
||||
log.Debug("Failed to get user from DB: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -42,7 +42,7 @@ func DeleteUserResolver(ctx context.Context, params model.DeleteUserInput) (*mod
|
|||
|
||||
err = db.Provider.DeleteUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to delete user:", err)
|
||||
log.Debug("Failed to delete user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ func EnableAccessResolver(ctx context.Context, params model.UpdateAccessInput) (
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -33,7 +33,7 @@ func EnableAccessResolver(ctx context.Context, params model.UpdateAccessInput) (
|
|||
|
||||
user, err := db.Provider.GetUserByID(params.UserID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user from DB:", err)
|
||||
log.Debug("Failed to get user from DB: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -41,7 +41,7 @@ func EnableAccessResolver(ctx context.Context, params model.UpdateAccessInput) (
|
|||
|
||||
user, err = db.Provider.UpdateUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update user:", err)
|
||||
log.Debug("Failed to update user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,18 +24,18 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
|
||||
log.Debug("Basic authentication is disabled.")
|
||||
log.Debug("Basic authentication is disabled")
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
params.Email = strings.ToLower(params.Email)
|
||||
|
||||
if !utils.IsValidEmail(params.Email) {
|
||||
log.Debug("Invalid email address.")
|
||||
log.Debug("Invalid email address: ", params.Email)
|
||||
return res, fmt.Errorf("invalid email")
|
||||
}
|
||||
|
||||
|
|
@ -44,12 +44,14 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
|
|||
})
|
||||
_, err = db.Provider.GetUserByEmail(params.Email)
|
||||
if err != nil {
|
||||
log.Debug("User not found: ", err)
|
||||
return res, fmt.Errorf(`user with this email not found`)
|
||||
}
|
||||
|
||||
hostname := utils.GetHost(gc)
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate nonce: ", err)
|
||||
return res, err
|
||||
}
|
||||
redirectURL := utils.GetAppURL(gc) + "/reset-password"
|
||||
|
|
|
|||
|
|
@ -17,12 +17,12 @@ import (
|
|||
func GenerateJWTKeysResolver(ctx context.Context, params model.GenerateJWTKeysInput) (*model.GenerateJWTKeysResponse, error) {
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !token.IsSuperAdmin(gc) {
|
||||
log.Debug("Not logged in as super admin.")
|
||||
log.Debug("Not logged in as super admin")
|
||||
return nil, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
|
|
@ -30,7 +30,7 @@ func GenerateJWTKeysResolver(ctx context.Context, params model.GenerateJWTKeysIn
|
|||
if crypto.IsHMACA(params.Type) {
|
||||
secret, _, err := crypto.NewHMACKey(params.Type, clientID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate new HMAC key:", err)
|
||||
log.Debug("Failed to generate new HMAC key: ", err)
|
||||
return nil, err
|
||||
}
|
||||
return &model.GenerateJWTKeysResponse{
|
||||
|
|
@ -41,7 +41,7 @@ func GenerateJWTKeysResolver(ctx context.Context, params model.GenerateJWTKeysIn
|
|||
if crypto.IsRSA(params.Type) {
|
||||
_, privateKey, publicKey, _, err := crypto.NewRSAKey(params.Type, clientID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate new RSA key:", err)
|
||||
log.Debug("Failed to generate new RSA key: ", err)
|
||||
return nil, err
|
||||
}
|
||||
return &model.GenerateJWTKeysResponse{
|
||||
|
|
@ -53,7 +53,7 @@ func GenerateJWTKeysResolver(ctx context.Context, params model.GenerateJWTKeysIn
|
|||
if crypto.IsECDSA(params.Type) {
|
||||
_, privateKey, publicKey, _, err := crypto.NewECDSAKey(params.Type, clientID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate new ECDSA key:", err)
|
||||
log.Debug("Failed to generate new ECDSA key: ", err)
|
||||
return nil, err
|
||||
}
|
||||
return &model.GenerateJWTKeysResponse{
|
||||
|
|
@ -62,6 +62,6 @@ func GenerateJWTKeysResolver(ctx context.Context, params model.GenerateJWTKeysIn
|
|||
}, nil
|
||||
}
|
||||
|
||||
log.Debug("Invalid algorithm:", params.Type)
|
||||
log.Debug("Invalid algorithm: ", params.Type)
|
||||
return nil, fmt.Errorf("invalid algorithm")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import (
|
|||
func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput) (*model.Response, error) {
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
@ -34,7 +34,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
|
|||
|
||||
// this feature is only allowed if email server is configured
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
|
||||
log.Debug("Email server is not configured.")
|
||||
log.Debug("Email server is not configured")
|
||||
return nil, errors.New("email sending is disabled")
|
||||
}
|
||||
|
||||
|
|
@ -52,7 +52,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
|
|||
}
|
||||
|
||||
if len(emails) == 0 {
|
||||
log.Debug("No valid email addresses.")
|
||||
log.Debug("No valid email addresses")
|
||||
return nil, errors.New("no valid emails found")
|
||||
}
|
||||
|
||||
|
|
@ -62,10 +62,10 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
|
|||
for _, email := range emails {
|
||||
_, err := db.Provider.GetUserByEmail(email)
|
||||
if err != nil {
|
||||
log.Info("User with this email not found, so inviting...")
|
||||
log.Debugf("User with %s email not found, so inviting user", email)
|
||||
newEmails = append(newEmails, email)
|
||||
} else {
|
||||
log.Info("User with this email already exists, so not inviting...")
|
||||
log.Debugf("User with %s email already exists, so not inviting user", email)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -97,7 +97,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
|
|||
|
||||
verificationToken, err := token.CreateVerificationToken(email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURL)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create verification token.", err)
|
||||
log.Debug("Failed to create verification token: ", err)
|
||||
}
|
||||
|
||||
verificationRequest := models.VerificationRequest{
|
||||
|
|
@ -123,13 +123,13 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
|
|||
|
||||
user, err = db.Provider.AddUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Error adding user: %s, err: %v", email, err)
|
||||
log.Debugf("Error adding user: %s, err: %v", email, err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
_, err = db.Provider.AddVerificationRequest(verificationRequest)
|
||||
if err != nil {
|
||||
log.Debug("Error adding verification request: %s, err: %v", email, err)
|
||||
log.Debugf("Error adding verification request: %s, err: %v", email, err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -41,7 +41,7 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
|
|||
params.Email = strings.ToLower(params.Email)
|
||||
user, err := db.Provider.GetUserByEmail(params.Email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by email", err)
|
||||
log.Debug("Failed to get user by email: ", err)
|
||||
return res, fmt.Errorf(`user with this email not found`)
|
||||
}
|
||||
|
||||
|
|
@ -63,14 +63,14 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
|
|||
err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(params.Password))
|
||||
|
||||
if err != nil {
|
||||
log.Debug("Failed to compare password", err)
|
||||
log.Debug("Failed to compare password: ", err)
|
||||
return res, fmt.Errorf(`invalid password`)
|
||||
}
|
||||
roles := envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
|
||||
currentRoles := strings.Split(user.Roles, ",")
|
||||
if len(params.Roles) > 0 {
|
||||
if !utils.IsValidRoles(params.Roles, currentRoles) {
|
||||
log.Debug("Invalid roles")
|
||||
log.Debug("Invalid roles: ", params.Roles)
|
||||
return res, fmt.Errorf(`invalid roles`)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,20 +18,20 @@ func LogoutResolver(ctx context.Context) (*model.Response, error) {
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// get fingerprint hash
|
||||
fingerprintHash, err := cookie.GetSession(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get fingerprint hash:", err)
|
||||
log.Debug("Failed to get fingerprint hash: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
decryptedFingerPrint, err := crypto.DecryptAES(fingerprintHash)
|
||||
if err != nil {
|
||||
log.Debug("Failed to decrypt fingerprint hash:", err)
|
||||
log.Debug("Failed to decrypt fingerprint hash: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -63,7 +63,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
if len(params.Roles) > 0 {
|
||||
// check if roles exists
|
||||
if !utils.IsValidRoles(params.Roles, envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles)) {
|
||||
log.Debug("Invalid roles")
|
||||
log.Debug("Invalid roles: ", params.Roles)
|
||||
return res, fmt.Errorf(`invalid roles`)
|
||||
} else {
|
||||
inputRoles = params.Roles
|
||||
|
|
@ -82,7 +82,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
// Need to modify roles in this case
|
||||
|
||||
if user.RevokedTimestamp != nil {
|
||||
log.Debug("User access is revoked")
|
||||
log.Debug("User access is revoked at: ", user.RevokedTimestamp)
|
||||
return res, fmt.Errorf(`user access has been revoked`)
|
||||
}
|
||||
|
||||
|
|
@ -125,7 +125,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
user.SignupMethods = signupMethod
|
||||
user, _ = db.Provider.UpdateUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update user", err)
|
||||
log.Debug("Failed to update user: ", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -134,7 +134,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
// insert verification request
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate nonce", err)
|
||||
log.Debug("Failed to generate nonce: ", err)
|
||||
return res, err
|
||||
}
|
||||
redirectURLParams := "&roles=" + strings.Join(inputRoles, ",")
|
||||
|
|
@ -158,7 +158,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
verificationType := constants.VerificationTypeMagicLinkLogin
|
||||
verificationToken, err := token.CreateVerificationToken(params.Email, verificationType, hostname, nonceHash, redirectURL)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create verification token", err)
|
||||
log.Debug("Failed to create verification token: ", err)
|
||||
}
|
||||
_, err = db.Provider.AddVerificationRequest(models.VerificationRequest{
|
||||
Token: verificationToken,
|
||||
|
|
@ -169,7 +169,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
|
|||
RedirectURI: redirectURL,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add verification request in db:", err)
|
||||
log.Debug("Failed to add verification request in db: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,19 +17,19 @@ func ProfileResolver(ctx context.Context) (*model.User, error) {
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
accessToken, err := token.GetAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get access token:", err)
|
||||
log.Debug("Failed to get access token: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
||||
if err != nil {
|
||||
log.Debug("Failed to validate access token:", err)
|
||||
log.Debug("Failed to validate access token: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -40,7 +40,7 @@ func ProfileResolver(ctx context.Context) (*model.User, error) {
|
|||
})
|
||||
user, err := db.Provider.GetUserByID(userID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user:", err)
|
||||
log.Debug("Failed to get user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -22,43 +22,43 @@ func ResendVerifyEmailResolver(ctx context.Context, params model.ResendVerifyEma
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
params.Email = strings.ToLower(params.Email)
|
||||
|
||||
if !utils.IsValidEmail(params.Email) {
|
||||
log.Debug("Invalid email", params.Email)
|
||||
log.Debug("Invalid email: ", params.Email)
|
||||
return res, fmt.Errorf("invalid email")
|
||||
}
|
||||
|
||||
if !utils.IsValidVerificationIdentifier(params.Identifier) {
|
||||
log.Debug("Invalid verification identifier", params.Identifier)
|
||||
log.Debug("Invalid verification identifier: ", params.Identifier)
|
||||
return res, fmt.Errorf("invalid identifier")
|
||||
}
|
||||
|
||||
verificationRequest, err := db.Provider.GetVerificationRequestByEmail(params.Email, params.Identifier)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get verification request", err)
|
||||
log.Debug("Failed to get verification request: ", err)
|
||||
return res, fmt.Errorf(`verification request not found`)
|
||||
}
|
||||
|
||||
// delete current verification and create new one
|
||||
err = db.Provider.DeleteVerificationRequest(verificationRequest)
|
||||
if err != nil {
|
||||
log.Debug("Failed to delete verification request", err)
|
||||
log.Debug("Failed to delete verification request: ", err)
|
||||
}
|
||||
|
||||
hostname := utils.GetHost(gc)
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate nonce", err)
|
||||
log.Debug("Failed to generate nonce: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
verificationToken, err := token.CreateVerificationToken(params.Email, params.Identifier, hostname, nonceHash, verificationRequest.RedirectURI)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create verification token", err)
|
||||
log.Debug("Failed to create verification token: ", err)
|
||||
}
|
||||
_, err = db.Provider.AddVerificationRequest(models.VerificationRequest{
|
||||
Token: verificationToken,
|
||||
|
|
@ -69,7 +69,7 @@ func ResendVerifyEmailResolver(ctx context.Context, params model.ResendVerifyEma
|
|||
RedirectURI: verificationRequest.RedirectURI,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add verification request", err)
|
||||
log.Debug("Failed to add verification request: ", err)
|
||||
}
|
||||
|
||||
// exec it as go routin so that we can reduce the api latency
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
|
||||
|
|
@ -33,7 +33,7 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
|
|||
|
||||
verificationRequest, err := db.Provider.GetVerificationRequestByToken(params.Token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get verification request", err)
|
||||
log.Debug("Failed to get verification request: ", err)
|
||||
return res, fmt.Errorf(`invalid token`)
|
||||
}
|
||||
|
||||
|
|
@ -51,7 +51,7 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
|
|||
hostname := utils.GetHost(gc)
|
||||
claim, err := token.ParseJWTToken(params.Token, hostname, verificationRequest.Nonce, verificationRequest.Email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse token", err)
|
||||
log.Debug("Failed to parse token: ", err)
|
||||
return res, fmt.Errorf(`invalid token`)
|
||||
}
|
||||
|
||||
|
|
@ -61,7 +61,7 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
|
|||
})
|
||||
user, err := db.Provider.GetUserByEmail(email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user", err)
|
||||
log.Debug("Failed to get user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -83,13 +83,13 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
|
|||
// delete from verification table
|
||||
err = db.Provider.DeleteVerificationRequest(verificationRequest)
|
||||
if err != nil {
|
||||
log.Debug("Failed to delete verification request", err)
|
||||
log.Debug("Failed to delete verification request: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
_, err = db.Provider.UpdateUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update user", err)
|
||||
log.Debug("Failed to update user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,12 +20,12 @@ func RevokeAccessResolver(ctx context.Context, params model.UpdateAccessInput) (
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if !token.IsSuperAdmin(gc) {
|
||||
log.Debug("Not logged in as super admin.")
|
||||
log.Debug("Not logged in as super admin")
|
||||
return res, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
|
|
@ -34,7 +34,7 @@ func RevokeAccessResolver(ctx context.Context, params model.UpdateAccessInput) (
|
|||
})
|
||||
user, err := db.Provider.GetUserByID(params.UserID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by ID", err)
|
||||
log.Debug("Failed to get user by ID: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -43,7 +43,7 @@ func RevokeAccessResolver(ctx context.Context, params model.UpdateAccessInput) (
|
|||
|
||||
user, err = db.Provider.UpdateUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update user", err)
|
||||
log.Debug("Failed to update user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -58,7 +58,7 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
|
|||
if params != nil && params.Roles != nil && len(params.Roles) > 0 {
|
||||
for _, v := range params.Roles {
|
||||
if !utils.StringSliceContains(claimRoles, v) {
|
||||
log.Debug("User does not have required role:", claimRoles, v)
|
||||
log.Debug("User does not have required role: ", claimRoles, v)
|
||||
return res, fmt.Errorf(`unauthorized`)
|
||||
}
|
||||
}
|
||||
|
|
@ -71,7 +71,7 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
|
|||
|
||||
authToken, err := token.CreateAuthToken(gc, user, claimRoles, scope)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create auth token", err)
|
||||
log.Debug("Failed to create auth token: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -27,22 +27,22 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
|
||||
log.Debug("Signup is disabled.")
|
||||
log.Debug("Signup is disabled")
|
||||
return res, fmt.Errorf(`signup is disabled for this instance`)
|
||||
}
|
||||
|
||||
if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
|
||||
log.Debug("Basic authentication is disabled.")
|
||||
log.Debug("Basic authentication is disabled")
|
||||
return res, fmt.Errorf(`basic authentication is disabled for this instance`)
|
||||
}
|
||||
|
||||
if params.ConfirmPassword != params.Password {
|
||||
log.Debug("Passwords do not match.")
|
||||
log.Debug("Passwords do not match")
|
||||
return res, fmt.Errorf(`password and confirm password does not match`)
|
||||
}
|
||||
|
||||
|
|
@ -54,7 +54,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
params.Email = strings.ToLower(params.Email)
|
||||
|
||||
if !utils.IsValidEmail(params.Email) {
|
||||
log.Debug("Invalid email:", params.Email)
|
||||
log.Debug("Invalid email: ", params.Email)
|
||||
return res, fmt.Errorf(`invalid email address`)
|
||||
}
|
||||
|
||||
|
|
@ -64,7 +64,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
// find user with email
|
||||
existingUser, err := db.Provider.GetUserByEmail(params.Email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by email:", err)
|
||||
log.Debug("Failed to get user by email: ", err)
|
||||
}
|
||||
|
||||
if existingUser.EmailVerifiedAt != nil {
|
||||
|
|
@ -81,7 +81,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
if len(params.Roles) > 0 {
|
||||
// check if roles exists
|
||||
if !utils.IsValidRoles(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), params.Roles) {
|
||||
log.Debug("Invalid roles", params.Roles)
|
||||
log.Debug("Invalid roles: ", params.Roles)
|
||||
return res, fmt.Errorf(`invalid roles`)
|
||||
} else {
|
||||
inputRoles = params.Roles
|
||||
|
|
@ -138,7 +138,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
}
|
||||
user, err = db.Provider.AddUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to add user:", err)
|
||||
log.Debug("Failed to add user: ", err)
|
||||
return res, err
|
||||
}
|
||||
roles := strings.Split(user.Roles, ",")
|
||||
|
|
@ -149,7 +149,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
// insert verification request
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate nonce:", err)
|
||||
log.Debug("Failed to generate nonce: ", err)
|
||||
return res, err
|
||||
}
|
||||
verificationType := constants.VerificationTypeBasicAuthSignup
|
||||
|
|
@ -159,7 +159,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
}
|
||||
verificationToken, err := token.CreateVerificationToken(params.Email, verificationType, hostname, nonceHash, redirectURL)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create verification token:", err)
|
||||
log.Debug("Failed to create verification token: ", err)
|
||||
return res, err
|
||||
}
|
||||
_, err = db.Provider.AddVerificationRequest(models.VerificationRequest{
|
||||
|
|
@ -171,7 +171,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
RedirectURI: redirectURL,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add verification request:", err)
|
||||
log.Debug("Failed to add verification request: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -190,7 +190,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
|
|||
|
||||
authToken, err := token.CreateAuthToken(gc, user, roles, scope)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create auth token:", err)
|
||||
log.Debug("Failed to create auth token: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,12 +28,12 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if !token.IsSuperAdmin(gc) {
|
||||
log.Debug("Not logged in as super admin.")
|
||||
log.Debug("Not logged in as super admin")
|
||||
return res, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
if params.JwtType != nil {
|
||||
algo = *params.JwtType
|
||||
if !crypto.IsHMACA(algo) && !crypto.IsECDSA(algo) && !crypto.IsRSA(algo) {
|
||||
log.Debug("Invalid JWT type", algo)
|
||||
log.Debug("Invalid JWT type: ", algo)
|
||||
return res, fmt.Errorf("invalid jwt type")
|
||||
}
|
||||
|
||||
|
|
@ -75,7 +75,7 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
|
||||
if crypto.IsRSA(algo) {
|
||||
if params.JwtPrivateKey == nil || params.JwtPublicKey == nil {
|
||||
log.Debug("JWT private key and public key are required for RSA", params.JwtPrivateKey, params.JwtPublicKey)
|
||||
log.Debug("JWT private key and public key are required for RSA: ", *params.JwtPrivateKey, *params.JwtPublicKey)
|
||||
return res, fmt.Errorf("jwt private and public key is required for RSA (PKCS1) / ECDSA algorithm")
|
||||
}
|
||||
|
||||
|
|
@ -83,20 +83,20 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
params.JwtSecret = &defaultSecret
|
||||
_, err = crypto.ParseRsaPrivateKeyFromPemStr(*params.JwtPrivateKey)
|
||||
if err != nil {
|
||||
log.Debug("Invalid JWT private key", err)
|
||||
log.Debug("Invalid JWT private key: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
_, err := crypto.ParseRsaPublicKeyFromPemStr(*params.JwtPublicKey)
|
||||
if err != nil {
|
||||
log.Debug("Invalid JWT public key", err)
|
||||
log.Debug("Invalid JWT public key: ", err)
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
if crypto.IsECDSA(algo) {
|
||||
if params.JwtPrivateKey == nil || params.JwtPublicKey == nil {
|
||||
log.Debug("JWT private key and public key are required for ECDSA", params.JwtPrivateKey, params.JwtPublicKey)
|
||||
log.Debug("JWT private key and public key are required for ECDSA: ", *params.JwtPrivateKey, *params.JwtPublicKey)
|
||||
return res, fmt.Errorf("jwt private and public key is required for RSA (PKCS1) / ECDSA algorithm")
|
||||
}
|
||||
|
||||
|
|
@ -104,13 +104,13 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
params.JwtSecret = &defaultSecret
|
||||
_, err = crypto.ParseEcdsaPrivateKeyFromPemStr(*params.JwtPrivateKey)
|
||||
if err != nil {
|
||||
log.Debug("Invalid JWT private key", err)
|
||||
log.Debug("Invalid JWT private key: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
_, err := crypto.ParseEcdsaPublicKeyFromPemStr(*params.JwtPublicKey)
|
||||
if err != nil {
|
||||
log.Debug("Invalid JWT public key", err)
|
||||
log.Debug("Invalid JWT public key: ", err)
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
|
@ -120,13 +120,13 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
var data map[string]interface{}
|
||||
byteData, err := json.Marshal(params)
|
||||
if err != nil {
|
||||
log.Debug("Failed to marshal update env input", err)
|
||||
log.Debug("Failed to marshal update env input: ", err)
|
||||
return res, fmt.Errorf("error marshalling params: %t", err)
|
||||
}
|
||||
|
||||
err = json.Unmarshal(byteData, &data)
|
||||
if err != nil {
|
||||
log.Debug("Failed to unmarshal update env input", err)
|
||||
log.Debug("Failed to unmarshal update env input: ", err)
|
||||
return res, fmt.Errorf("error un-marshalling params: %t", err)
|
||||
}
|
||||
|
||||
|
|
@ -209,14 +209,14 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
envstore.EnvStoreObj.UpdateEnvStore(updatedData)
|
||||
jwk, err := crypto.GenerateJWKBasedOnEnv()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate JWK", err)
|
||||
log.Debug("Failed to generate JWK: ", err)
|
||||
return res, err
|
||||
}
|
||||
// updating jwk
|
||||
envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJWK, jwk)
|
||||
err = sessionstore.InitSession()
|
||||
if err != nil {
|
||||
log.Debug("Failed to init session store", err)
|
||||
log.Debug("Failed to init session store: ", err)
|
||||
return res, err
|
||||
}
|
||||
err = oauth.InitOAuth()
|
||||
|
|
@ -227,14 +227,14 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
// Fetch the current db store and update it
|
||||
env, err := db.Provider.GetEnv()
|
||||
if err != nil {
|
||||
log.Debug("Failed to get env", err)
|
||||
log.Debug("Failed to get env: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if params.AdminSecret != nil {
|
||||
hashedKey, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
|
||||
if err != nil {
|
||||
log.Debug("Failed to encrypt admin secret", err)
|
||||
log.Debug("Failed to encrypt admin secret: ", err)
|
||||
return res, err
|
||||
}
|
||||
cookie.SetAdminCookie(gc, hashedKey)
|
||||
|
|
@ -242,14 +242,14 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
|||
|
||||
encryptedConfig, err := crypto.EncryptEnvData(updatedData)
|
||||
if err != nil {
|
||||
log.Debug("Failed to encrypt env data", err)
|
||||
log.Debug("Failed to encrypt env data: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
env.EnvData = encryptedConfig
|
||||
_, err = db.Provider.UpdateEnv(env)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update env", err)
|
||||
log.Debug("Failed to update env: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,23 +28,24 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
accessToken, err := token.GetAccessToken(gc)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get access token", err)
|
||||
log.Debug("Failed to get access token: ", err)
|
||||
return res, err
|
||||
}
|
||||
claims, err := token.ValidateAccessToken(gc, accessToken)
|
||||
if err != nil {
|
||||
log.Debug("Failed to validate access token", err)
|
||||
log.Debug("Failed to validate access token: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
// validate if all params are not empty
|
||||
if params.GivenName == nil && params.FamilyName == nil && params.Picture == nil && params.MiddleName == nil && params.Nickname == nil && params.OldPassword == nil && params.Email == nil && params.Birthdate == nil && params.Gender == nil && params.PhoneNumber == nil {
|
||||
log.Debug("All params are empty")
|
||||
return res, fmt.Errorf("please enter at least one param to update")
|
||||
}
|
||||
|
||||
|
|
@ -55,7 +56,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
|||
|
||||
user, err := db.Provider.GetUserByID(userID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by id", err)
|
||||
log.Debug("Failed to get user by id: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -93,17 +94,17 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
|||
|
||||
if params.OldPassword != nil {
|
||||
if err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(*params.OldPassword)); err != nil {
|
||||
log.Debug("Failed to compare hash and old password", err)
|
||||
log.Debug("Failed to compare hash and old password: ", err)
|
||||
return res, fmt.Errorf("incorrect old password")
|
||||
}
|
||||
|
||||
if params.NewPassword == nil {
|
||||
log.Debug("Failed to get new password")
|
||||
log.Debug("Failed to get new password: ")
|
||||
return res, fmt.Errorf("new password is required")
|
||||
}
|
||||
|
||||
if params.ConfirmNewPassword == nil {
|
||||
log.Debug("Failed to get confirm new password")
|
||||
log.Debug("Failed to get confirm new password: ")
|
||||
return res, fmt.Errorf("confirm password is required")
|
||||
}
|
||||
|
||||
|
|
@ -122,15 +123,21 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
|||
if params.Email != nil && user.Email != *params.Email {
|
||||
// check if valid email
|
||||
if !utils.IsValidEmail(*params.Email) {
|
||||
log.Debug("Failed to validate email", *params.Email)
|
||||
log.Debug("Failed to validate email: ", *params.Email)
|
||||
return res, fmt.Errorf("invalid email address")
|
||||
}
|
||||
newEmail := strings.ToLower(*params.Email)
|
||||
|
||||
// check if valid email
|
||||
if !utils.IsValidEmail(newEmail) {
|
||||
log.Debug("Failed to validate new email: ", newEmail)
|
||||
return res, fmt.Errorf("invalid new email address")
|
||||
}
|
||||
// check if user with new email exists
|
||||
_, err := db.Provider.GetUserByEmail(newEmail)
|
||||
// err = nil means user exists
|
||||
if err == nil {
|
||||
log.Debug("Failed to get user by email", newEmail)
|
||||
log.Debug("Failed to get user by email: ", newEmail)
|
||||
return res, fmt.Errorf("user with this email address already exists")
|
||||
}
|
||||
|
||||
|
|
@ -145,14 +152,14 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
|||
// insert verification request
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate nonce", err)
|
||||
log.Debug("Failed to generate nonce: ", err)
|
||||
return res, err
|
||||
}
|
||||
verificationType := constants.VerificationTypeUpdateEmail
|
||||
redirectURL := utils.GetAppURL(gc)
|
||||
verificationToken, err := token.CreateVerificationToken(newEmail, verificationType, hostname, nonceHash, redirectURL)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create verification token", err)
|
||||
log.Debug("Failed to create verification token: ", err)
|
||||
return res, err
|
||||
}
|
||||
_, err = db.Provider.AddVerificationRequest(models.VerificationRequest{
|
||||
|
|
@ -164,7 +171,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
|||
RedirectURI: redirectURL,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add verification request", err)
|
||||
log.Debug("Failed to add verification request: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -175,7 +182,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
|||
}
|
||||
_, err = db.Provider.UpdateUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update user", err)
|
||||
log.Debug("Failed to update user: ", err)
|
||||
return res, err
|
||||
}
|
||||
message := `Profile details updated successfully.`
|
||||
|
|
|
|||
|
|
@ -26,17 +26,17 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
if !token.IsSuperAdmin(gc) {
|
||||
log.Debug("Not logged in as super admin.")
|
||||
log.Debug("Not logged in as super admin")
|
||||
return res, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
if params.ID == "" {
|
||||
log.Debug("Invalid user id")
|
||||
log.Debug("UserID is empty")
|
||||
return res, fmt.Errorf("User ID is required")
|
||||
}
|
||||
|
||||
|
|
@ -51,7 +51,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
|
||||
user, err := db.Provider.GetUserByID(params.ID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by id", err)
|
||||
log.Debug("Failed to get user by id: ", err)
|
||||
return res, fmt.Errorf(`User not found`)
|
||||
}
|
||||
|
||||
|
|
@ -99,7 +99,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
if params.Email != nil && user.Email != *params.Email {
|
||||
// check if valid email
|
||||
if !utils.IsValidEmail(*params.Email) {
|
||||
log.Debug("Invalid email", *params.Email)
|
||||
log.Debug("Invalid email: ", *params.Email)
|
||||
return res, fmt.Errorf("invalid email address")
|
||||
}
|
||||
newEmail := strings.ToLower(*params.Email)
|
||||
|
|
@ -107,7 +107,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
_, err = db.Provider.GetUserByEmail(newEmail)
|
||||
// err = nil means user exists
|
||||
if err == nil {
|
||||
log.Debug("User with email already exists", newEmail)
|
||||
log.Debug("User with email already exists: ", newEmail)
|
||||
return res, fmt.Errorf("user with this email address already exists")
|
||||
}
|
||||
|
||||
|
|
@ -120,14 +120,14 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
// insert verification request
|
||||
_, nonceHash, err := utils.GenerateNonce()
|
||||
if err != nil {
|
||||
log.Debug("Failed to generate nonce", err)
|
||||
log.Debug("Failed to generate nonce: ", err)
|
||||
return res, err
|
||||
}
|
||||
verificationType := constants.VerificationTypeUpdateEmail
|
||||
redirectURL := utils.GetAppURL(gc)
|
||||
verificationToken, err := token.CreateVerificationToken(newEmail, verificationType, hostname, nonceHash, redirectURL)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create verification token", err)
|
||||
log.Debug("Failed to create verification token: ", err)
|
||||
}
|
||||
_, err = db.Provider.AddVerificationRequest(models.VerificationRequest{
|
||||
Token: verificationToken,
|
||||
|
|
@ -138,7 +138,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
RedirectURI: redirectURL,
|
||||
})
|
||||
if err != nil {
|
||||
log.Debug("Failed to add verification request", err)
|
||||
log.Debug("Failed to add verification request: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -156,7 +156,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
}
|
||||
|
||||
if !utils.IsValidRoles(inputRoles, append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...)) {
|
||||
log.Debug("Invalid roles", params.Roles)
|
||||
log.Debug("Invalid roles: ", params.Roles)
|
||||
return res, fmt.Errorf("invalid list of roles")
|
||||
}
|
||||
|
||||
|
|
@ -173,7 +173,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
|
|||
|
||||
user, err = db.Provider.UpdateUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update user", err)
|
||||
log.Debug("Failed to update user: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ import (
|
|||
func UsersResolver(ctx context.Context, params *model.PaginatedInput) (*model.Users, error) {
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
@ -30,7 +30,7 @@ func UsersResolver(ctx context.Context, params *model.PaginatedInput) (*model.Us
|
|||
|
||||
res, err := db.Provider.ListUsers(pagination)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get users", err)
|
||||
log.Debug("Failed to get users: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,13 +24,13 @@ import (
|
|||
func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTTokenInput) (*model.ValidateJWTTokenResponse, error) {
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
tokenType := params.TokenType
|
||||
if tokenType != "access_token" && tokenType != "refresh_token" && tokenType != "id_token" {
|
||||
log.Debug("Invalid token type:", tokenType)
|
||||
log.Debug("Invalid token type: ", tokenType)
|
||||
return nil, errors.New("invalid token type")
|
||||
}
|
||||
|
||||
|
|
@ -57,7 +57,7 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken
|
|||
if userID != "" && nonce != "" {
|
||||
claims, err = token.ParseJWTToken(params.Token, hostname, nonce, userID)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse jwt token", err)
|
||||
log.Debug("Failed to parse jwt token: ", err)
|
||||
return &model.ValidateJWTTokenResponse{
|
||||
IsValid: false,
|
||||
}, nil
|
||||
|
|
@ -65,7 +65,7 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken
|
|||
} else {
|
||||
claims, err = token.ParseJWTTokenWithoutNonce(params.Token, hostname)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse jwt token without nonce", err)
|
||||
log.Debug("Failed to parse jwt token without nonce: ", err)
|
||||
return &model.ValidateJWTTokenResponse{
|
||||
IsValid: false,
|
||||
}, nil
|
||||
|
|
@ -82,7 +82,7 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken
|
|||
if params.Roles != nil && len(params.Roles) > 0 {
|
||||
for _, v := range params.Roles {
|
||||
if !utils.StringSliceContains(claimRoles, v) {
|
||||
log.Debug("Token does not have required role:", v)
|
||||
log.Debug("Token does not have required role: ", v)
|
||||
return nil, fmt.Errorf(`unauthorized`)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,12 +17,12 @@ import (
|
|||
func VerificationRequestsResolver(ctx context.Context, params *model.PaginatedInput) (*model.VerificationRequests, error) {
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !token.IsSuperAdmin(gc) {
|
||||
log.Debug("Not logged in as super admin.")
|
||||
log.Debug("Not logged in as super admin")
|
||||
return nil, fmt.Errorf("unauthorized")
|
||||
}
|
||||
|
||||
|
|
@ -30,7 +30,7 @@ func VerificationRequestsResolver(ctx context.Context, params *model.PaginatedIn
|
|||
|
||||
res, err := db.Provider.ListVerificationRequests(pagination)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get verification requests", err)
|
||||
log.Debug("Failed to get verification requests: ", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,13 +23,13 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
|
|||
|
||||
gc, err := utils.GinContextFromContext(ctx)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get GinContext", err)
|
||||
log.Debug("Failed to get GinContext: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
verificationRequest, err := db.Provider.GetVerificationRequestByToken(params.Token)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get verification request by token", err)
|
||||
log.Debug("Failed to get verification request by token: ", err)
|
||||
return res, fmt.Errorf(`invalid token: %s`, err.Error())
|
||||
}
|
||||
|
||||
|
|
@ -37,7 +37,7 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
|
|||
hostname := utils.GetHost(gc)
|
||||
claim, err := token.ParseJWTToken(params.Token, hostname, verificationRequest.Nonce, verificationRequest.Email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to parse token", err)
|
||||
log.Debug("Failed to parse token: ", err)
|
||||
return res, fmt.Errorf(`invalid token: %s`, err.Error())
|
||||
}
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
|
|||
})
|
||||
user, err := db.Provider.GetUserByEmail(email)
|
||||
if err != nil {
|
||||
log.Debug("Failed to get user by email", err)
|
||||
log.Debug("Failed to get user by email: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -56,13 +56,13 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
|
|||
user.EmailVerifiedAt = &now
|
||||
user, err = db.Provider.UpdateUser(user)
|
||||
if err != nil {
|
||||
log.Debug("Failed to update user", err)
|
||||
log.Debug("Failed to update user: ", err)
|
||||
return res, err
|
||||
}
|
||||
// delete from verification table
|
||||
err = db.Provider.DeleteVerificationRequest(verificationRequest)
|
||||
if err != nil {
|
||||
log.Debug("Failed to delete verification request", err)
|
||||
log.Debug("Failed to delete verification request: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
@ -70,7 +70,7 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
|
|||
scope := []string{"openid", "email", "profile"}
|
||||
authToken, err := token.CreateAuthToken(gc, user, roles, scope)
|
||||
if err != nil {
|
||||
log.Debug("Failed to create auth token", err)
|
||||
log.Debug("Failed to create auth token: ", err)
|
||||
return res, err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -9,9 +9,8 @@ import (
|
|||
|
||||
// InitRouter initializes gin router
|
||||
func InitRouter() *gin.Engine {
|
||||
router := gin.Default()
|
||||
gin.DefaultWriter = middlewares.NewGinLogrusWrite()
|
||||
router.Use(middlewares.JSONLogMiddleware())
|
||||
router := gin.New()
|
||||
router.Use(gin.Recovery())
|
||||
router.Use(middlewares.GinContextToContextMiddleware())
|
||||
router.Use(middlewares.CORSMiddleware())
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ type RedisStore struct {
|
|||
func (c *RedisStore) ClearStore() {
|
||||
err := c.store.Del(c.ctx, "authorizer_*").Err()
|
||||
if err != nil {
|
||||
log.Debug("Error clearing redis store:", err)
|
||||
log.Debug("Error clearing redis store: ", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -24,7 +24,7 @@ func (c *RedisStore) ClearStore() {
|
|||
func (c *RedisStore) GetUserSessions(userID string) map[string]string {
|
||||
data, err := c.store.HGetAll(c.ctx, "*").Result()
|
||||
if err != nil {
|
||||
log.Debug("error getting token from redis store:", err)
|
||||
log.Debug("error getting token from redis store: ", err)
|
||||
}
|
||||
|
||||
res := map[string]string{}
|
||||
|
|
@ -45,7 +45,7 @@ func (c *RedisStore) DeleteAllUserSession(userId string) {
|
|||
if k == "token" {
|
||||
err := c.store.Del(c.ctx, v)
|
||||
if err != nil {
|
||||
log.Debug("Error deleting redis token:", err)
|
||||
log.Debug("Error deleting redis token: ", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -55,7 +55,7 @@ func (c *RedisStore) DeleteAllUserSession(userId string) {
|
|||
func (c *RedisStore) SetState(key, value string) {
|
||||
err := c.store.Set(c.ctx, "authorizer_"+key, value, 0).Err()
|
||||
if err != nil {
|
||||
log.Debug("Error saving redis token:", err)
|
||||
log.Debug("Error saving redis token: ", err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -64,7 +64,7 @@ func (c *RedisStore) GetState(key string) string {
|
|||
state := ""
|
||||
state, err := c.store.Get(c.ctx, "authorizer_"+key).Result()
|
||||
if err != nil {
|
||||
log.Debug("error getting token from redis store:", err)
|
||||
log.Debug("error getting token from redis store: ", err)
|
||||
}
|
||||
|
||||
return state
|
||||
|
|
@ -74,6 +74,6 @@ func (c *RedisStore) GetState(key string) string {
|
|||
func (c *RedisStore) RemoveState(key string) {
|
||||
err := c.store.Del(c.ctx, "authorizer_"+key).Err()
|
||||
if err != nil {
|
||||
log.Fatalln("Error deleting redis token:", err)
|
||||
log.Fatalln("Error deleting redis token: ", err)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -98,6 +98,7 @@ func InitSession() error {
|
|||
if len(redisURLHostPortsList) > 1 {
|
||||
opt, err := redis.ParseURL(redisURLHostPortsList[0])
|
||||
if err != nil {
|
||||
log.Debug("error parsing redis url: ", err)
|
||||
return err
|
||||
}
|
||||
urls := []string{opt.Addr}
|
||||
|
|
@ -109,6 +110,7 @@ func InitSession() error {
|
|||
ctx := context.Background()
|
||||
_, err = rdb.Ping(ctx).Result()
|
||||
if err != nil {
|
||||
log.Debug("error connecting to redis: ", err)
|
||||
return err
|
||||
}
|
||||
SessionStoreObj.RedisMemoryStoreObj = &RedisStore{
|
||||
|
|
@ -122,6 +124,7 @@ func InitSession() error {
|
|||
|
||||
opt, err := redis.ParseURL(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyRedisURL))
|
||||
if err != nil {
|
||||
log.Debug("error parsing redis url: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -129,6 +132,7 @@ func InitSession() error {
|
|||
ctx := context.Background()
|
||||
_, err = rdb.Ping(ctx).Result()
|
||||
if err != nil {
|
||||
log.Debug("error connecting to redis: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -332,12 +332,12 @@ func CreateIDToken(user models.User, roles []string, hostname, nonce string) (st
|
|||
|
||||
val, err := vm.Get("functionRes")
|
||||
if err != nil {
|
||||
log.Debug("error getting custom access token script:", err)
|
||||
log.Debug("error getting custom access token script: ", err)
|
||||
} else {
|
||||
extraPayload := make(map[string]interface{})
|
||||
err = json.Unmarshal([]byte(fmt.Sprintf("%s", val)), &extraPayload)
|
||||
if err != nil {
|
||||
log.Debug("error converting accessTokenScript response to map:", err)
|
||||
log.Debug("error converting accessTokenScript response to map: ", err)
|
||||
} else {
|
||||
for k, v := range extraPayload {
|
||||
customClaims[k] = v
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user