[PD2] Gateway login, logout and auth middleware done.

Co-authored-by: tsousa111 <tiagao2001@hotmail.com>
2024-05-30 00:54:19 +01:00 · 2024-05-30 00:54:19 +01:00 · 69559f41ca
commit 69559f41ca
parent aa90bfddce
7 changed files with 277 additions and 28 deletions
--- a/Projs/PD2/internal/gateway/gateway.go
+++ b/Projs/PD2/internal/gateway/gateway.go
@ -2,46 +2,140 @@ package gateway

 import (
 	"PD1/internal/protocol"
+	"PD1/internal/utils/cryptoUtils"
+	"crypto/x509"
 	"fmt"
+	"log"
 	"net/http"

 	"github.com/gin-gonic/gin"
 )

-func HandleGetMessage(c *gin.Context){
-    fmt.Println("Get Message Handler")
+func HandleGetMessage(c *gin.Context) {
+	fmt.Println("Get Message Handler")

 }
-func HandleGetUnreadMsgsInfo(c *gin.Context){
-    fmt.Println("Get Unread Messages Info Handler")
+func HandleGetUnreadMsgsInfo(c *gin.Context) {
+	fmt.Println("Get Unread Messages Info Handler")

 }
-func HandleGetUserCert(c *gin.Context){
-    fmt.Println("Get User Cert Handler")
+func HandleGetUserCert(c *gin.Context) {
+	fmt.Println("Get User Cert Handler")

 }
-func HandleSendMessage(c *gin.Context){
-    fmt.Println("Send Message Handler")
+func HandleSendMessage(c *gin.Context) {
+	fmt.Println("Send Message Handler")

 }

-func HandleRegister(c *gin.Context){
-    var postRegister protocol.PostRegister 
-    c.Bind(postRegister)
-    //Hash the password (using salt) and store it on the db
-    //Get the username from the certificate
+func HandleRegister(c *gin.Context, dataStore DataStore, keyStore cryptoUtils.KeyStore) {
+	var postRegister protocol.PostRegister
+	err := c.Bind(postRegister)
+	if err != nil {
+        c.JSON(http.StatusBadRequest,gin.H{"error": "Request body is not a PostRegister"})
+        return
+	}
+
+	//Check if the certificate pseudonym matches the uid in postRegister
+	//And if it's signed by the CA
+	userCert, err := x509.ParseCertificate(postRegister.Certificate)
+	if err != nil {
+        c.JSON(http.StatusBadRequest,gin.H{"error": "User certificate is invalid"})
+        return
+	}
+
+	oidMap := cryptoUtils.ExtractAllOIDValues(userCert)
+	//Check if certificate usage is MSG SERVICE
+	usage := oidMap["2.5.4.11"]
+	if usage != "MSG SERVICE" {
+        c.JSON(http.StatusBadRequest,gin.H{"error": "Certificate usage is not \"MSG SERVICE\""})
+        return
+	}
+
+	err = keyStore.CheckCert(userCert, postRegister.UID)
+	if err != nil {
+        c.JSON(http.StatusBadRequest,gin.H{"error": "User certificate is invalid, not trusted or belongs to another user"})
+        return
+	}
+
+	hashedPassword, err := HashPassword(postRegister.Password)
+	if err != nil {
+		log.Fatalln("Could not hash the password")
+	}
+
+	err = dataStore.InsertUser(postRegister.UID, hashedPassword)
+	if err != nil {
+        log.Fatalln("Could not insert user into DB")
+	}
+
+    //TODO: Send the certificate to the server
+
+	c.JSON(http.StatusOK, gin.H{})
+
 }

-func AuthMiddleware(c *gin.Context){
-    fmt.Println("Authentication Middleware")
+func HandleLogin(c *gin.Context, dataStore DataStore, keyStore cryptoUtils.KeyStore) {
+	var postLogin protocol.PostLogin
+	err := c.Bind(postLogin)
+	if err != nil {
+		c.AbortWithStatus(http.StatusBadRequest)
+	}
+
+	hashedPassword, err := dataStore.GetPassword(postLogin.UID)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user id or password"})
+		return
+	}
+	err = CheckPassword(hashedPassword, postLogin.Password)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid user id or password"})
+		return
+	}
+    jwToken, err := GenerateJWT(postLogin.UID)
+
+    if err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Failed to create token"})
+    }
+    //Send token to user
+    c.JSON(http.StatusOK, gin.H{"token":jwToken})
 }

-func Run(){
-    router := gin.Default()

-    auth := router.Group("/", func(c *gin.Context) {
-        AuthMiddleware(c)
-    })
+func AuthMiddleware(c *gin.Context) {
+	fmt.Println("Authentication Middleware")
+    tokenList := c.Request.Header["Token"]
+    if tokenList == nil {
+        c.JSON(http.StatusUnauthorized,gin.H{"error": "No authentication token provided"})
+    }
+    // We only care about the first entry
+    token := tokenList[0]
+    
+    uid, err := ValidateJWT(token)
+    if err!= nil {
+        c.JSON(http.StatusUnauthorized,gin.H{"error": "Token is invalid or has expired"})
+    }
+    c.Set("uid", uid)
+    c.Next()
+}
+
+func Run() {
+	dataStore, err := OpenDB()
+	if err != nil {
+		log.Fatalln("Error opening the database")
+	}
+	defer dataStore.db.Close()
+
+	passphrase := readStdin("Insert keystore passphrase")
+	keyStore, err := cryptoUtils.LoadKeyStore("certs/gateway/gateway.p12", passphrase)
+	if err != nil {
+		log.Fatalln(err.Error())
+	}
+
+	router := gin.Default()
+
+	auth := router.Group("/", func(c *gin.Context) {
+		AuthMiddleware(c)
+	})

 	auth.GET("/message/:num", func(c *gin.Context) {
 		HandleGetMessage(c)
@ -59,19 +153,22 @@ func Run(){
 		HandleSendMessage(c)
 	})

-    router.POST("/register",func(c *gin.Context) {
-       HandleRegister(c) 
-    })
+	router.POST("/register", func(c *gin.Context) {
+		HandleRegister(c, dataStore, keyStore)
+	})
+
+	router.POST("/login", func(c *gin.Context) {
+		HandleLogin(c, dataStore, keyStore)
+	})

 	server := http.Server{
 		Addr:      "0.0.0.0:8080",
 		Handler:   router,
-        //TODO: Verify if it's the gateway
 		TLSConfig: serverKeyStore.GetServerTLSConfig(),
 	}

-	err = server.ListenAndServeTLS("", "")
-    if err!=nil {
-        log.Fatal(err.Error())
-    }
+	err := server.ListenAndServeTLS("", "")
+	if err != nil {
+		log.Fatal(err.Error())
+	}
 }