From b0b2f11158c1d211490dbcc9a73793ddd4b86ba6 Mon Sep 17 00:00:00 2001
From: Jordan Bancino <jordan@bancino.net>
Date: Tue, 17 Jan 2023 01:36:22 +0000
Subject: [PATCH] Refactor endpoint authentication flow.

Instead of one MatrixAuthenticate() function, we'll do
MatrixGetAccessToken(), and then UserAuthenticate(). This allows us to
give different error messages depending on what the user provided and what
the server state is.
---
 TODO.txt             |  1 +
 src/Matrix.c         |  8 ++------
 src/User.c           | 46 ++++++++++++++++++++++++++++++++++++++++++++
 src/include/Matrix.h |  2 +-
 src/include/User.h   |  3 +++
 5 files changed, 53 insertions(+), 7 deletions(-)

diff --git a/TODO.txt b/TODO.txt
index c9a269a..46b9c2f 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -21,6 +21,7 @@ Milestone: v0.2.0
     [x] Username validation
     [x] Password hashing
     [x] User API
+[x] Password login
 
 [x] Document MemoryHexDump()
 [x] Document DbExists()
diff --git a/src/Matrix.c b/src/Matrix.c
index 5a0ab2e..701e8a1 100644
--- a/src/Matrix.c
+++ b/src/Matrix.c
@@ -302,14 +302,11 @@ MatrixErrorCreate(MatrixError errorArg)
 }
 
 HashMap *
-MatrixAuthenticate(HttpServerContext * context, Db * db)
+MatrixGetAccessToken(HttpServerContext * context, char **accessToken)
 {
     HashMap *params;
     char *token;
 
-    (void) db;                     /* Silence warning about unused var;
-                                    * we'll use it eventually. */
-
     params = HttpRequestHeaders(context);
     token = HashMapGet(params, "authorization");
 
@@ -345,8 +342,7 @@ MatrixAuthenticate(HttpServerContext * context, Db * db)
         }
     }
 
-    /* TODO: Check that "token" is actually valid */
-
+    *accessToken = token;
     return NULL;
 }
 
diff --git a/src/User.c b/src/User.c
index b302cc2..48f1d34 100644
--- a/src/User.c
+++ b/src/User.c
@@ -118,6 +118,52 @@ UserLock(Db * db, char *name)
     return user;
 }
 
+User *
+UserAuthenticate(Db * db, char *accessToken)
+{
+    User *user;
+    DbRef *atRef;
+
+    char *userName;
+    char *deviceId;
+    long expires;
+
+    if (!db || !accessToken)
+    {
+        return NULL;
+    }
+
+    atRef = DbLock(db, 3, "tokens", "access", accessToken);
+    if (!atRef)
+    {
+        return NULL;
+    }
+
+    userName = JsonValueAsString(HashMapGet(DbJson(atRef), "user"));
+    deviceId = JsonValueAsString(HashMapGet(DbJson(atRef), "device"));
+    expires = JsonValueAsInteger(HashMapGet(DbJson(atRef), "expires"));
+
+    user = UserLock(db, userName);
+    if (!user)
+    {
+        DbUnlock(db, atRef);
+        return NULL;
+    }
+
+    if (UtilServerTs() >= (unsigned long) expires)
+    {
+        UserUnlock(user);
+        DbUnlock(db, atRef);
+        return NULL;
+    }
+
+    /* TODO: Attach deviceId to User */
+    (void) deviceId;
+
+    DbUnlock(db, atRef);
+    return user;
+}
+
 int
 UserUnlock(User * user)
 {
diff --git a/src/include/Matrix.h b/src/include/Matrix.h
index 3d5bae8..98d0f4a 100644
--- a/src/include/Matrix.h
+++ b/src/include/Matrix.h
@@ -81,7 +81,7 @@ extern HashMap *
  MatrixErrorCreate(MatrixError);
 
 extern HashMap *
- MatrixAuthenticate(HttpServerContext *, Db *);
+ MatrixGetAccessToken(HttpServerContext *, char **);
 
 extern HashMap *
  MatrixRateLimit(HttpServerContext *, Db *);
diff --git a/src/include/User.h b/src/include/User.h
index a4bbc40..80d0039 100644
--- a/src/include/User.h
+++ b/src/include/User.h
@@ -51,6 +51,9 @@ extern User *
 extern User *
  UserLock(Db *, char *name);
 
+extern User *
+ UserAuthenticate(Db *, char *accessToken);
+
 extern int
  UserUnlock(User *);