From 396f4bcfd8857445eb70e1e1ba343fdc8db7afc7 Mon Sep 17 00:00:00 2001
From: Vikram Rangnekar <vicram@gmail.com>
Date: Fri, 15 Nov 2019 01:35:19 -0500
Subject: [PATCH] Fix issues with JWT auth

---
 config/prod.yml         | 34 ----------------------------------
 serv/auth_jwt.go        |  3 +++
 serv/http.go            |  6 ++----
 serv/serv.go            |  1 +
 tmpl/docker-compose.yml |  2 +-
 tmpl/prod.yml           | 34 ----------------------------------
 6 files changed, 7 insertions(+), 73 deletions(-)

diff --git a/config/prod.yml b/config/prod.yml
index c733472..674a8b4 100644
--- a/config/prod.yml
+++ b/config/prod.yml
@@ -41,40 +41,6 @@ enable_tracing: true
 # SG_AUTH_RAILS_REDIS_PASSWORD
 # SG_AUTH_JWT_PUBLIC_KEY_FILE
 
-# inflections:
-#   person: people
-#   sheep: sheep
-
-auth: 
-  # Can be 'rails' or 'jwt'
-  type: rails
-  cookie: _app_session
-
-  rails:
-    # Rails version this is used for reading the
-    # various cookies formats.
-    version: 5.2
-
-    # Found in 'Rails.application.config.secret_key_base'
-    secret_key_base: 0a248500a64c01184edb4d7ad3a805488f8097ac761b76aaa6c17c01dcb7af03a2f18ba61b2868134b9c7b79a122bc0dadff4367414a2d173297bfea92be5566
-    
-    # Remote cookie store. (memcache or redis)
-    # url: redis://127.0.0.1:6379
-    # password: test
-    # max_idle: 80,
-    # max_active: 12000,
-
-    # In most cases you don't need these
-    # salt: "encrypted cookie"
-    # sign_salt: "signed encrypted cookie"
-    # auth_salt: "authenticated encrypted cookie"
-
-  # jwt:
-  #   provider: auth0
-  #   secret: abc335bfcfdb04e50db5bb0a4d67ab9
-  #   public_key_file: /secrets/public_key.pem
-  #   public_key_type: ecdsa #rsa
-
 database:
   type: postgres
   host: db
diff --git a/serv/auth_jwt.go b/serv/auth_jwt.go
index ef4f834..d7041a2 100644
--- a/serv/auth_jwt.go
+++ b/serv/auth_jwt.go
@@ -95,8 +95,11 @@ func jwtHandler(next http.HandlerFunc) http.HandlerFunc {
 			} else {
 				ctx = context.WithValue(ctx, userIDKey, claims.Subject)
 			}
+
 			next.ServeHTTP(w, r.WithContext(ctx))
+			return
 		}
+
 		next.ServeHTTP(w, r)
 	}
 }
diff --git a/serv/http.go b/serv/http.go
index 5cf4e8a..83939c3 100644
--- a/serv/http.go
+++ b/serv/http.go
@@ -77,16 +77,14 @@ func apiv1Http(w http.ResponseWriter, r *http.Request) {
 	}
 
 	b, err := ioutil.ReadAll(io.LimitReader(r.Body, maxReadBytes))
-	defer r.Body.Close()
-
 	if err != nil {
 		logger.Err(err).Msg("failed to read request body")
 		errorResp(w, err)
 		return
 	}
+	defer r.Body.Close()
 
 	err = json.Unmarshal(b, &ctx.req)
-
 	if err != nil {
 		logger.Err(err).Msg("failed to decode json request body")
 		errorResp(w, err)
@@ -109,10 +107,10 @@ func apiv1Http(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		logger.Err(err).Msg("failed to handle request")
 		errorResp(w, err)
+		return
 	}
 }
 
 func errorResp(w http.ResponseWriter, err error) {
-	w.WriteHeader(http.StatusBadRequest)
 	json.NewEncoder(w).Encode(gqlResp{Error: err.Error()})
 }
diff --git a/serv/serv.go b/serv/serv.go
index 55b985b..8036119 100644
--- a/serv/serv.go
+++ b/serv/serv.go
@@ -169,6 +169,7 @@ func routeHandler() http.Handler {
 	mux := http.NewServeMux()
 
 	mux.Handle("/api/v1/graphql", withAuth(apiv1Http))
+
 	if conf.WebUI {
 		mux.Handle("/", http.FileServer(rice.MustFindBox("../web/build").HTTPBox()))
 	}
diff --git a/tmpl/docker-compose.yml b/tmpl/docker-compose.yml
index 6d0406c..e596966 100644
--- a/tmpl/docker-compose.yml
+++ b/tmpl/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '3'
+version: '3.4'
 services:
   db:
     image: postgres
diff --git a/tmpl/prod.yml b/tmpl/prod.yml
index c2c6f3f..1542554 100644
--- a/tmpl/prod.yml
+++ b/tmpl/prod.yml
@@ -40,40 +40,6 @@ enable_tracing: true
 # SG_AUTH_RAILS_REDIS_PASSWORD
 # SG_AUTH_JWT_PUBLIC_KEY_FILE
 
-# inflections:
-#   person: people
-#   sheep: sheep
-
-auth: 
-  # Can be 'rails' or 'jwt'
-  type: rails
-  cookie: _{% app_name_slug %}_session
-
-  rails:
-    # Rails version this is used for reading the
-    # various cookies formats.
-    version: 5.2
-
-    # Found in 'Rails.application.config.secret_key_base'
-    secret_key_base: 0a248500a64c01184edb4d7ad3a805488f8097ac761b76aaa6c17c01dcb7af03a2f18ba61b2868134b9c7b79a122bc0dadff4367414a2d173297bfea92be5566
-    
-    # Remote cookie store. (memcache or redis)
-    # url: redis://127.0.0.1:6379
-    # password: test
-    # max_idle: 80,
-    # max_active: 12000,
-
-    # In most cases you don't need these
-    # salt: "encrypted cookie"
-    # sign_salt: "signed encrypted cookie"
-    # auth_salt: "authenticated encrypted cookie"
-
-  # jwt:
-  #   provider: auth0
-  #   secret: abc335bfcfdb04e50db5bb0a4d67ab9
-  #   public_key_file: /secrets/public_key.pem
-  #   public_key_type: ecdsa #rsa
-
 database:
   type: postgres
   host: db