feat: util for generating client credentials

internal/apiservices/routes.go

@@ -0,0 +1,101 @@
+package apiservices
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"gitea.local/admin/hspguard/internal/config"
+	"gitea.local/admin/hspguard/internal/repository"
+	"gitea.local/admin/hspguard/internal/util"
+	"gitea.local/admin/hspguard/internal/web"
+	"github.com/go-chi/chi/v5"
+	"github.com/google/uuid"
+)
+
+type ApiServicesHandler struct {
+	repo *repository.Queries
+	cfg  *config.AppConfig
+}
+
+func New(repo *repository.Queries, cfg *config.AppConfig) *ApiServicesHandler {
+	return &ApiServicesHandler{
+		repo,
+		cfg,
+	}
+}
+
+func (h *ApiServicesHandler) RegisterRoutes(router chi.Router) {
+	router.Post("/api-services/create", h.Add)
+}
+
+type AddServiceRequest struct {
+	Name         string   `json:"name"`
+	RedirectUris []string `json:"redirect_uris"`
+	Scopes       []string `json:"scopes"`
+	GrantTypes   []string `json:"grant_types"`
+}
+
+func (h *ApiServicesHandler) Add(w http.ResponseWriter, r *http.Request) {
+	userId, ok := util.GetRequestUserId(r.Context())
+	if !ok {
+		web.Error(w, "failed to get user id from auth session", http.StatusInternalServerError)
+		return
+	}
+
+	user, err := h.repo.FindUserId(r.Context(), uuid.MustParse(userId))
+	if err != nil {
+		web.Error(w, "user with provided id does not exist", http.StatusUnauthorized)
+		return
+	}
+
+	if !user.IsAdmin {
+		web.Error(w, "you cannot create api services", http.StatusForbidden)
+		return
+	}
+
+	var req AddServiceRequest
+
+	decoder := json.NewDecoder(r.Body)
+
+	if err := decoder.Decode(&req); err != nil {
+		web.Error(w, "failed to parse request body", http.StatusBadRequest)
+		return
+	}
+
+	if req.Name == "" {
+		web.Error(w, "name is required for an api service", http.StatusBadRequest)
+		return
+	}
+
+	clientId, err := util.GenerateClientID()
+	if err != nil {
+		web.Error(w, "failed to generate client id", http.StatusInternalServerError)
+		return
+	}
+
+	clientSecret, err := util.GenerateClientSecret()
+	if err != nil {
+		web.Error(w, "failed to generate client secret", http.StatusInternalServerError)
+		return
+	}
+
+	service, err := h.repo.CreateApiService(r.Context(), repository.CreateApiServiceParams{
+		ClientID:     clientId,
+		ClientSecret: clientSecret,
+		Name:         req.Name,
+		RedirectUris: req.RedirectUris,
+		Scopes:       req.Scopes,
+		GrantTypes:   req.GrantTypes,
+	})
+	if err != nil {
+		web.Error(w, "failed to create new api service", http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json; charset=utf-8")
+
+	encoder := json.NewEncoder(w)
+	if err := encoder.Encode(service); err != nil {
+		web.Error(w, "failed to encode response", http.StatusInternalServerError)
+	}
+}

internal/util/client.go

@@ -0,0 +1,9 @@
+package util
+
+func GenerateClientID() (string, error) {
+	return generateRandomStringURLSafe(16)
+}
+
+func GenerateClientSecret() (string, error) {
+	return generateRandomStringURLSafe(32)
+}

internal/util/generate.go

@@ -0,0 +1,17 @@
+package util
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+)
+
+// generateRandomStringURLSafe generates a base64 URL-safe random string of n bytes.
+func generateRandomStringURLSafe(n int) (string, error) {
+	bytes := make([]byte, n)
+	_, err := rand.Read(bytes)
+	if err != nil {
+		return "", fmt.Errorf("failed to generate random bytes: %w", err)
+	}
+	return base64.RawURLEncoding.EncodeToString(bytes), nil
+}