go-http-peering/client/client.go

package client

import (
	"bytes"
	"crypto/rsa"
	"crypto/sha256"
	"encoding/json"
	"errors"
	"net/http"
	"time"

	jwt "github.com/dgrijalva/jwt-go"

	peering "forge.cadoles.com/wpetit/go-http-peering"
	"forge.cadoles.com/wpetit/go-http-peering/crypto"
	"forge.cadoles.com/wpetit/go-http-peering/server"
)

var (
	ErrInvalidPrivateKey  = errors.New("invalid private key")
	ErrUnexpectedResponse = errors.New("unexpected response")
	ErrUnauthorized       = errors.New("unauthorized")
	ErrRejected           = errors.New("rejected")
	ErrInvalidServerToken = errors.New("invalid server token")
)

type Client struct {
	options *Options
}

func (c *Client) Advertise(attrs peering.PeerAttributes) error {
	url := c.options.BaseURL + peering.AdvertisePath

	publicKey, err := crypto.EncodePublicKeyToPEM(c.options.PrivateKey.Public())
	if err != nil {
		return err
	}

	data := &peering.AdvertisingRequest{
		Attributes: attrs,
		PublicKey:  publicKey,
	}

	res, err := c.Post(url, data)
	if err != nil {
		return err
	}

	switch res.StatusCode {
	case http.StatusCreated:
		return nil
	case http.StatusConflict:
		return peering.ErrPeerExists
	default:
		return ErrUnexpectedResponse
	}
}

func (c *Client) UpdateAttributes(attrs peering.PeerAttributes) error {
	url := c.options.BaseURL + peering.UpdatePath

	data := &peering.UpdateRequest{
		Attributes: attrs,
	}

	res, err := c.Post(url, data)
	if err != nil {
		return err
	}

	switch res.StatusCode {
	case http.StatusNoContent:
		return nil
	case http.StatusUnauthorized:
		return ErrUnauthorized
	case http.StatusForbidden:
		return ErrRejected
	default:
		return ErrUnexpectedResponse
	}
}

func (c *Client) Ping() error {
	url := c.options.BaseURL + peering.PingPath

	res, err := c.Post(url, nil)
	if err != nil {
		return err
	}

	switch res.StatusCode {
	case http.StatusNoContent:
		return nil
	case http.StatusUnauthorized:
		return ErrUnauthorized
	case http.StatusForbidden:
		return ErrRejected
	default:
		return ErrUnexpectedResponse
	}
}

func (c *Client) Get(url string) (*http.Response, error) {
	req, err := http.NewRequest(http.MethodGet, url, nil)
	if err != nil {
		return nil, err
	}
	if err := c.addClientToken(req, nil); err != nil {
		return nil, err
	}
	return c.options.HTTPClient.Do(req)
}

func (c *Client) Post(url string, data interface{}) (*http.Response, error) {
	req, body, err := c.createPostRequest(url, data)
	if err != nil {
		return nil, err
	}
	if err := c.addClientToken(req, body); err != nil {
		return nil, err
	}
	return c.options.HTTPClient.Do(req)
}

func (c *Client) createPostRequest(url string, data interface{}) (*http.Request, []byte, error) {
	body, err := json.Marshal(data)
	if err != nil {
		return nil, nil, err
	}

	req, err := http.NewRequest(http.MethodPost, url, bytes.NewReader(body))
	if err != nil {
		return nil, nil, err
	}

	req.Header.Set("Content-Type", "application/json")

	return req, body, nil
}

func (c *Client) addServerToken(r *http.Request) {
	r.Header.Set(
		server.ServerTokenHeader,
		c.options.ServerToken,
	)
}

func (c *Client) addClientToken(r *http.Request, body []byte) error {
	bodySum, err := c.createBodySum(body)
	if err != nil {
		return err
	}

	token := jwt.NewWithClaims(jwt.SigningMethodRS256, peering.ClientTokenClaims{
		StandardClaims: jwt.StandardClaims{
			NotBefore: time.Now().Add(time.Minute * -1).Unix(),
			ExpiresAt: time.Now().Add(time.Minute * 5).Unix(),
		},
		BodySum: bodySum,
	})

	tokenStr, err := token.SignedString(c.options.PrivateKey)
	if err != nil {
		return err
	}

	r.Header.Set(server.ClientTokenHeader, tokenStr)

	c.addServerToken(r)

	return nil
}

func (c *Client) createBodySum(body []byte) ([]byte, error) {
	if body == nil || len(body) == 0 {
		body = []byte("")
	}
	sha := sha256.New()
	_, err := sha.Write(body)
	if err != nil {
		return nil, err
	}
	return sha.Sum(nil), nil
}

func (c *Client) PeerID(serverPublicKey *rsa.PublicKey) (peering.PeerID, error) {
	token, err := jwt.ParseWithClaims(
		c.options.ServerToken,
		&peering.ServerTokenClaims{},
		func(token *jwt.Token) (interface{}, error) {
			return serverPublicKey, nil
		},
	)
	if err != nil {
		return "", err
	}
	if !token.Valid {
		return "", ErrInvalidServerToken
	}
	serverClaims, ok := token.Claims.(*peering.ServerTokenClaims)
	if !ok {
		return "", ErrInvalidServerToken
	}
	return serverClaims.PeerID, nil
}

func New(funcs ...OptionFunc) *Client {
	options := createOptions(funcs...)
	return &Client{options}
}
Initial commit 2019-02-03 20:56:58 +01:00			`package client`

			`import (`
			`"bytes"`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`"crypto/rsa"`
Initial commit 2019-02-03 20:56:58 +01:00			`"crypto/sha256"`
			`"encoding/json"`
			`"errors"`
			`"net/http"`
			`"time"`

Fix client token generation - Set NotBefore timestamp one minute in the past to prevent false negative checks - Set NotAfter timestamp 5 minutes to the future 2019-05-10 13:44:29 +02:00			`jwt "github.com/dgrijalva/jwt-go"`
Initial commit 2019-02-03 20:56:58 +01:00
			`peering "forge.cadoles.com/wpetit/go-http-peering"`
			`"forge.cadoles.com/wpetit/go-http-peering/crypto"`
			`"forge.cadoles.com/wpetit/go-http-peering/server"`
			`)`

			`var (`
			`ErrInvalidPrivateKey = errors.New("invalid private key")`
			`ErrUnexpectedResponse = errors.New("unexpected response")`
			`ErrUnauthorized = errors.New("unauthorized")`
			`ErrRejected = errors.New("rejected")`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`ErrInvalidServerToken = errors.New("invalid server token")`
Initial commit 2019-02-03 20:56:58 +01:00			`)`

			`type Client struct {`
			`options *Options`
			`}`

			`func (c *Client) Advertise(attrs peering.PeerAttributes) error {`
			`url := c.options.BaseURL + peering.AdvertisePath`

			`publicKey, err := crypto.EncodePublicKeyToPEM(c.options.PrivateKey.Public())`
			`if err != nil {`
			`return err`
			`}`

			`data := &peering.AdvertisingRequest{`
			`Attributes: attrs,`
			`PublicKey: publicKey,`
			`}`

Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`res, err := c.Post(url, data)`
Initial commit 2019-02-03 20:56:58 +01:00			`if err != nil {`
			`return err`
			`}`

			`switch res.StatusCode {`
			`case http.StatusCreated:`
			`return nil`
			`case http.StatusConflict:`
			`return peering.ErrPeerExists`
			`default:`
			`return ErrUnexpectedResponse`
			`}`
			`}`

			`func (c *Client) UpdateAttributes(attrs peering.PeerAttributes) error {`
			`url := c.options.BaseURL + peering.UpdatePath`

			`data := &peering.UpdateRequest{`
			`Attributes: attrs,`
			`}`

			`res, err := c.Post(url, data)`
			`if err != nil {`
			`return err`
			`}`

			`switch res.StatusCode {`
			`case http.StatusNoContent:`
			`return nil`
			`case http.StatusUnauthorized:`
			`return ErrUnauthorized`
			`case http.StatusForbidden:`
			`return ErrRejected`
			`default:`
			`return ErrUnexpectedResponse`
			`}`
			`}`

			`func (c *Client) Ping() error {`
			`url := c.options.BaseURL + peering.PingPath`

			`res, err := c.Post(url, nil)`
			`if err != nil {`
			`return err`
			`}`

			`switch res.StatusCode {`
			`case http.StatusNoContent:`
			`return nil`
			`case http.StatusUnauthorized:`
			`return ErrUnauthorized`
			`case http.StatusForbidden:`
			`return ErrRejected`
			`default:`
			`return ErrUnexpectedResponse`
			`}`
			`}`

			`func (c Client) Get(url string) (http.Response, error) {`
			`req, err := http.NewRequest(http.MethodGet, url, nil)`
			`if err != nil {`
			`return nil, err`
			`}`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`if err := c.addClientToken(req, nil); err != nil {`
Initial commit 2019-02-03 20:56:58 +01:00			`return nil, err`
			`}`
			`return c.options.HTTPClient.Do(req)`
			`}`

			`func (c Client) Post(url string, data interface{}) (http.Response, error) {`
			`req, body, err := c.createPostRequest(url, data)`
			`if err != nil {`
			`return nil, err`
			`}`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`if err := c.addClientToken(req, body); err != nil {`
Initial commit 2019-02-03 20:56:58 +01:00			`return nil, err`
			`}`
			`return c.options.HTTPClient.Do(req)`
			`}`

			`func (c Client) createPostRequest(url string, data interface{}) (http.Request, []byte, error) {`
			`body, err := json.Marshal(data)`
			`if err != nil {`
			`return nil, nil, err`
			`}`

			`req, err := http.NewRequest(http.MethodPost, url, bytes.NewReader(body))`
			`if err != nil {`
			`return nil, nil, err`
			`}`

			`req.Header.Set("Content-Type", "application/json")`

			`return req, body, nil`
			`}`

Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`func (c Client) addServerToken(r http.Request) {`
			`r.Header.Set(`
			`server.ServerTokenHeader,`
			`c.options.ServerToken,`
			`)`
			`}`

			`func (c Client) addClientToken(r http.Request, body []byte) error {`
Initial commit 2019-02-03 20:56:58 +01:00			`bodySum, err := c.createBodySum(body)`
			`if err != nil {`
			`return err`
			`}`

Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`token := jwt.NewWithClaims(jwt.SigningMethodRS256, peering.ClientTokenClaims{`
Initial commit 2019-02-03 20:56:58 +01:00			`StandardClaims: jwt.StandardClaims{`
Fix client token generation - Set NotBefore timestamp one minute in the past to prevent false negative checks - Set NotAfter timestamp 5 minutes to the future 2019-05-10 13:44:29 +02:00			`NotBefore: time.Now().Add(time.Minute * -1).Unix(),`
			`ExpiresAt: time.Now().Add(time.Minute * 5).Unix(),`
Initial commit 2019-02-03 20:56:58 +01:00			`},`
			`BodySum: bodySum,`
			`})`

			`tokenStr, err := token.SignedString(c.options.PrivateKey)`
			`if err != nil {`
			`return err`
			`}`

Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`r.Header.Set(server.ClientTokenHeader, tokenStr)`

			`c.addServerToken(r)`
Initial commit 2019-02-03 20:56:58 +01:00
			`return nil`
			`}`

			`func (c *Client) createBodySum(body []byte) ([]byte, error) {`
			`if body == nil \|\| len(body) == 0 {`
Remove default JSON body 2019-04-07 15:55:36 +02:00			`body = []byte("")`
Initial commit 2019-02-03 20:56:58 +01:00			`}`
			`sha := sha256.New()`
			`_, err := sha.Write(body)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return sha.Sum(nil), nil`
			`}`

Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`func (c Client) PeerID(serverPublicKey rsa.PublicKey) (peering.PeerID, error) {`
			`token, err := jwt.ParseWithClaims(`
			`c.options.ServerToken,`
			`&peering.ServerTokenClaims{},`
			`func(token *jwt.Token) (interface{}, error) {`
			`return serverPublicKey, nil`
			`},`
			`)`
			`if err != nil {`
			`return "", err`
			`}`
			`if !token.Valid {`
			`return "", ErrInvalidServerToken`
			`}`
			`serverClaims, ok := token.Claims.(*peering.ServerTokenClaims)`
			`if !ok {`
			`return "", ErrInvalidServerToken`
			`}`
			`return serverClaims.PeerID, nil`
			`}`

Initial commit 2019-02-03 20:56:58 +01:00			`func New(funcs ...OptionFunc) *Client {`
			`options := createOptions(funcs...)`
			`return &Client{options}`
			`}`