identity providers and bearerauth

service/api/authorization/auth-bearer.go

@@ -0,0 +1,50 @@
+package authorization
+
+import (
+	"errors"
+	"strings"
+
+	"github.com/notherealmarco/WASAPhoto/service/database"
+)
+
+type BearerAuth struct {
+	token string
+}
+
+func (b *BearerAuth) GetType() string {
+	return "Bearer"
+}
+
+func BuildBearer(header string) (*BearerAuth, error) {
+	if header == "" {
+		return nil, errors.New("missing authorization header")
+	}
+	if header == "Bearer" {
+		return nil, errors.New("missing token")
+	}
+	if !strings.HasPrefix(header, "Bearer ") {
+		return nil, errors.New("invalid authorization header")
+	}
+	return &BearerAuth{token: header[7:]}, nil
+}
+
+func (b *BearerAuth) GetToken() string {
+	return b.token
+}
+
+func (b *BearerAuth) Authorized(db database.AppDatabase) (bool, error) {
+	// this is the way we manage authorization, the bearer token is the user id
+	state, err := db.UserExists(b.token)
+
+	if err != nil {
+		return false, err
+	}
+	return state, nil
+}
+
+func (b *BearerAuth) UserAuthorized(db database.AppDatabase, uid string) (bool, error) {
+	if b.token == uid {
+		return b.Authorized(db)
+	}
+	return false, nil
+}

service/api/authorization/auth-manager.go

@@ -0,0 +1,18 @@
+package authorization
+
+import (
+	"errors"
+
+	"github.com/notherealmarco/WASAPhoto/service/api/reqcontext"
+)
+
+func BuildAuth(header string) (reqcontext.Authorization, error) {
+	auth, err := BuildBearer(header)
+	if err != nil {
+		if err.Error() == "invalid authorization header" {
+			return nil, errors.New("method not supported") // todo: better error description
+		}
+		return nil, err
+	}
+	return auth, nil
+}