From ed2c0e7ef960f6a476222663fa38cf4bcb6e0f58 Mon Sep 17 00:00:00 2001
From: jabuxas <jabuxas@proton.me>
Date: Thu, 17 Oct 2024 10:52:33 -0300
Subject: [PATCH] feat: add tokens for authentication

---
 abyss.go    |  2 ++
 go.mod      |  2 ++
 go.sum      |  2 ++
 handlers.go | 17 +++++++++++++++++
 helpers.go  | 28 +++++++++++++++++++++++++++-
 5 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/abyss.go b/abyss.go
index c8d28a6..32b8ae9 100644
--- a/abyss.go
+++ b/abyss.go
@@ -93,6 +93,8 @@ func setupHandlers(mux *http.ServeMux, app *Application) {
 
 	mux.HandleFunc("/last", app.lastUploadedHandler)
 
+	mux.HandleFunc("/token", BasicAuth(app.createTokenHandler, app))
+
 	mux.HandleFunc("/files/", app.fileHandler)
 
 	if app.authText == "yes" {
diff --git a/go.mod b/go.mod
index bd2aaf7..552829e 100644
--- a/go.mod
+++ b/go.mod
@@ -3,3 +3,5 @@ module github.com/jabuxas/abyss
 go 1.22.6
 
 require github.com/joho/godotenv v1.5.1
+
+require github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
diff --git a/go.sum b/go.sum
index d61b19e..4500056 100644
--- a/go.sum
+++ b/go.sum
@@ -1,2 +1,4 @@
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
diff --git a/handlers.go b/handlers.go
index d0945fe..6b0d105 100644
--- a/handlers.go
+++ b/handlers.go
@@ -9,6 +9,9 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
 )
 
 type Application struct {
@@ -198,3 +201,17 @@ func (app *Application) publicURL(file io.Reader, extension string) string {
 
 	return filename
 }
+
+func (app *Application) createTokenHandler(w http.ResponseWriter, r *http.Request) {
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+		"exp": time.Now().Add(time.Hour * 2).Unix(),
+	})
+
+	tokenString, err := token.SignedString([]byte(app.key))
+	if err != nil {
+		http.Error(w, "Error generating token", http.StatusInternalServerError)
+		return
+	}
+
+	fmt.Fprintf(w, "%s", tokenString)
+}
diff --git a/helpers.go b/helpers.go
index 18168fa..a799e62 100644
--- a/helpers.go
+++ b/helpers.go
@@ -9,6 +9,8 @@ import (
 	"io"
 	"net/http"
 	"os"
+
+	"github.com/golang-jwt/jwt/v5"
 )
 
 type FileInfo struct {
@@ -27,7 +29,31 @@ type TemplateData struct {
 }
 
 func CheckAuth(r *http.Request, key string) bool {
-	return r.Header.Get("X-Auth") == key
+	receivedKey := r.Header.Get("X-Auth")
+	if receivedKey == key {
+		return true
+	} else if err := validateToken(receivedKey, key); err == nil {
+		return true
+	}
+	return false
+}
+
+func validateToken(tokenString, key string) error {
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		return []byte(key), nil
+	})
+	if err != nil {
+		return err
+	}
+
+	if _, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+		return nil
+	} else {
+		return fmt.Errorf("invalid token")
+	}
 }
 
 func FormatFileSize(size int64) string {