implemented extended gql errors

internal/errors.go

@@ -0,0 +1,25 @@
+package s3browser
+
+import "fmt"
+
+type extendedError struct {
+	Message string
+	Code    string
+}
+
+func (err *extendedError) Error() string {
+	return err.Message
+}
+
+func (err *extendedError) Extensions() map[string]interface{} {
+	return map[string]interface{}{
+		"code": err.Code,
+	}
+}
+
+func extendError(code, format string, a ...interface{}) *extendedError {
+	return &extendedError{
+		Message: fmt.Sprintf(format, a...),
+		Code:    code,
+	}
+}

internal/helper.go

@@ -6,6 +6,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/golang-jwt/jwt"
 	"github.com/graph-gophers/dataloader"
 	"github.com/minio/minio-go/v7"
 	log "github.com/sirupsen/logrus"
@@ -108,3 +109,17 @@ func getParentDir(id string) string {
 
 	return nomalizeID(parent)
 }
+
+func isAuth(ctx context.Context) (bool, error) {
+	token, ok := ctx.Value("jwt").(*jwt.Token)
+
+	if !ok {
+		return false, extendError("UNAUTHORIZED", "Unauthorized")
+	}
+
+	if token.Valid {
+		return true, nil
+	} else {
+		return false, extendError("UNAUTHORIZED", "Unauthorized")
+	}
+}

internal/httpServer.go

@@ -53,7 +53,9 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
 				parsedToken, err := parseJWT(token)
 
 				if err == nil && parsedToken.Valid {
-					r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
+					newRequest := r.WithContext(context.WithValue(r.Context(), "jwt", parsedToken))
+					h.ServeHTTP(rw, newRequest)
+					return
 				}
 			}
 
@@ -62,7 +64,8 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
 	})
 
 	r.HandleFunc("/api/graphql", func(rw http.ResponseWriter, r *http.Request) {
-		gqlHandler.ContextHandler(resolveContext, rw, r)
+		token := r.Context().Value("jwt")
+		gqlHandler.ContextHandler(context.WithValue(resolveContext, "jwt", token), rw, r)
 	})
 
 	r.HandleFunc("/api/file", func(rw http.ResponseWriter, r *http.Request) {
@@ -75,6 +78,8 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
 
 	r.HandleFunc("/api/cookie", setLoginCookie).Methods("POST")
 
+	r.HandleFunc("/api/logout", logout).Methods("POST")
+
 	// Init the embedded static files
 	initStatic(r)
 
@@ -82,6 +87,11 @@ func initHttp(resolveContext context.Context, schema graphql.Schema, address str
 }
 
 func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
+	if is, _ := isAuth(r.Context()); !is {
+		rw.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
 	s3Client := ctx.Value("s3Client").(*minio.Client)
 	id := r.URL.Query().Get("id")
 
@@ -121,6 +131,11 @@ func httpGetFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
 }
 
 func httpPostFile(ctx context.Context, rw http.ResponseWriter, r *http.Request) {
+	if is, _ := isAuth(r.Context()); !is {
+		rw.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
 	s3Client := ctx.Value("s3Client").(*minio.Client)
 
 	id := r.URL.Query().Get("id")
@@ -229,3 +244,19 @@ func setLoginCookie(rw http.ResponseWriter, r *http.Request) {
 
 	rw.WriteHeader(http.StatusNoContent)
 }
+
+//logout removes the jwt cookie
+func logout(rw http.ResponseWriter, r *http.Request) {
+	cookie := &http.Cookie{
+		Name:     "jwt",
+		Value:    "",
+		Path:     "/api",
+		Expires:  time.Unix(0, 0),
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+	}
+
+	http.SetCookie(rw, cookie)
+
+	rw.WriteHeader(http.StatusNoContent)
+}

internal/schema.go

@@ -21,6 +21,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				path, ok := p.Args["path"].(string)
 
 				if !ok {
@@ -42,6 +46,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				path, ok := p.Args["path"].(string)
 
 				if !ok {
@@ -63,6 +71,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				id, ok := p.Args["id"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -75,6 +87,16 @@ func graphqlSchema() (graphql.Schema, error) {
 				}, nil
 			},
 		},
+		"authorized": &graphql.Field{
+			Name:        "authorized",
+			Type:        graphql.NewNonNull(graphql.Boolean),
+			Description: "True if the user is authorized",
+			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				auth, _ := isAuth(p.Context)
+
+				return auth, nil
+			},
+		},
 	}
 
 	mutationFields := graphql.Fields{
@@ -86,6 +108,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				id, ok := p.Args["id"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -107,6 +133,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				src, ok := p.Args["src"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -132,6 +162,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				src, ok := p.Args["src"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -154,6 +188,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				path, ok := p.Args["path"].(string)
 				if !ok {
 					return nil, fmt.Errorf("Failed to parse args")
@@ -172,6 +210,10 @@ func graphqlSchema() (graphql.Schema, error) {
 				},
 			},
 			Resolve: func(p graphql.ResolveParams) (interface{}, error) {
+				if is, err := isAuth(p.Context); !is {
+					return nil, err
+				}
+
 				path, ok := p.Args["path"].(string)
 
 				if !ok {