feat: check if user is authenticated in server

Signed-off-by: Jad Chahed <[email protected]>

go/admin/api.go

@@ -227,7 +227,13 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 		return
 	}
 
-	encryptedToken := server.Encrypt(token.AccessToken, a.auth)
+	encryptedToken, err := server.Encrypt(token.AccessToken, a.auth)
+
+	if err != nil {
+		slog.Error("Failed to encrypt token: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to encrypt token"})
+		return
+	}
 
 	requestPayload := ExecutionRequest{
 		Auth:               encryptedToken,
@@ -239,7 +245,6 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 
 	jsonData, err := json.Marshal(requestPayload)
 
-
 	if err != nil {
 		slog.Error("Failed to marshal request payload: ", err)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to marshal request payload"})

go/server/api.go

@@ -555,9 +555,21 @@ func (s *Server) addExecutions(c *gin.Context) {
 		return
 	}
 
-	decryptedToken := server.Decrypt(req.Auth, s.ghTokenSalt)
+	decryptedToken, err := server.Decrypt(req.Auth, s.ghTokenSalt)
 
-	slog.Info(req.Auth, decryptedToken)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "Unauthorized"})
+		return
+	}
+
+	isUserAuthenticated, err := IsUserAuthenticated(decryptedToken)
+
+	if err != nil || !isUserAuthenticated {
+		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "Unauthorized"})
+		return
+	}
+
+	slog.Info(decryptedToken)
 
 	if req.Source == "" || req.SHA == "" || len(req.Workloads) == 0 || req.NumberOfExecutions == "" {
 		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "missing argument"})
@@ -582,7 +594,29 @@ func (s *Server) addExecutions(c *gin.Context) {
 		}
 	}
 
-	s.appendToQueue(newElements)
+	// s.appendToQueue(newElements)
 
 	c.JSON(http.StatusOK, "ok")
 }
+
+func IsUserAuthenticated(accessToken string) (bool, error) {
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "https://api.github.com/user", nil)
+	if err != nil {
+		slog.Error("Error creating request to Github: %v", err)
+		return false, err
+	}
+
+	req.Header.Set("Authorization", "Bearer "+accessToken)
+	req.Header.Set("Accept", "application/vnd.github+json")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		slog.Error("Error making request to Github: %v", err)
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	return resp.StatusCode == http.StatusOK, nil
+}

go/tools/server/utils.go

@@ -32,53 +32,57 @@ const (
 	ErrorIncorrectConfiguration = "incorrect configuration"
 )
 
-func Encrypt(stringToEncrypt string, keyString string) (encryptedString string) {
+func Encrypt(stringToEncrypt string, keyString string) (string, error) {
 	log.Println(stringToEncrypt, keyString)
 	key, _ := hex.DecodeString(keyString)
 	plaintext := []byte(stringToEncrypt)
 
 	block, err := aes.NewCipher(key)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	aesGCM, err := cipher.NewGCM(block)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	nonce := make([]byte, aesGCM.NonceSize())
 	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
-	return fmt.Sprintf("%x", ciphertext)
+	return fmt.Sprintf("%x", ciphertext), nil
 }
 
-func Decrypt(encryptedString string, keyString string) (decryptedString string) {
+func Decrypt(encryptedString string, keyString string) (string, error) {
 
 	key, _ := hex.DecodeString(keyString)
 	enc, _ := hex.DecodeString(encryptedString)
 
 	block, err := aes.NewCipher(key)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	aesGCM, err := cipher.NewGCM(block)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	nonceSize := aesGCM.NonceSize()
 
+	if len(enc) <= nonceSize {
+		return "", fmt.Errorf("Encrypted string is too short")
+	}
+
 	nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
 
 	plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
-	return fmt.Sprintf("%s", plaintext)
+	return fmt.Sprintf("%s", plaintext), nil
 }