[otp] separate package from the auth

Author: capcom6

api/mobile.http

@@ -9,7 +9,8 @@ Authorization: Bearer {{mobileToken}}
 
 ###
 GET {{baseUrl}}/user/code HTTP/1.1
-Authorization: Bearer {{mobileToken}}
+Authorization: Basic {{credentials}}
+# Authorization: Bearer {{mobileToken}}
 
 ###
 POST {{baseUrl}}/device HTTP/1.1

configs/config.example.yml

@@ -38,6 +38,9 @@ cache: # cache config
   url: memory:// # cache url (memory:// or redis://) [CACHE__URL]
 pubsub: # pubsub config
   url: memory:// # pubsub url (memory:// or redis://) [PUBSUB__URL]
+otp: # otp config
+  ttl: 300 # otp ttl in seconds [OTP__TTL]
+  retries: 3 # otp generation retries (collision handling) [OTP__RETRIES]
 
 ## Worker Config ##
 

internal/config/config.go

@@ -16,6 +16,7 @@ type Config struct {
 	Messages Messages  `yaml:"messages"` // messages config
 	Cache    Cache     `yaml:"cache"`    // cache (memory or redis) config
 	PubSub   PubSub    `yaml:"pubsub"`   // pubsub (memory or redis) config
+	OTP      OTP       `yaml:"otp"`      // one-time password config
 }
 
 type Gateway struct {
@@ -81,6 +82,11 @@ type PubSub struct {
 	BufferSize uint   `yaml:"buffer_size" envconfig:"PUBSUB__BUFFER_SIZE"`
 }
 
+type OTP struct {
+	TTL     uint16 `yaml:"ttl"     envconfig:"OTP__TTL"`
+	Retries uint8  `yaml:"retries" envconfig:"OTP__RETRIES"`
+}
+
 func Default() Config {
 	//nolint:exhaustruct,mnd // default values
 	return Config{
@@ -113,5 +119,9 @@ func Default() Config {
 			URL:        "memory://",
 			BufferSize: 128,
 		},
+		OTP: OTP{
+			TTL:     300,
+			Retries: 3,
+		},
 	}
 }

internal/config/module.go

@@ -11,6 +11,7 @@ import (
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/messages"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/push"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/sse"
+	"github.com/android-sms-gateway/server/internal/sms-gateway/otp"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/pubsub"
 	"github.com/capcom6/go-infra-fx/config"
 	"github.com/capcom6/go-infra-fx/db"
@@ -132,5 +133,11 @@ func Module() fx.Option {
 				BufferSize: cfg.PubSub.BufferSize,
 			}
 		}),
+		fx.Provide(func(cfg Config) otp.Config {
+			return otp.Config{
+				TTL:     time.Duration(cfg.OTP.TTL) * time.Second,
+				Retries: int(cfg.OTP.Retries),
+			}
+		}),
 	)
 }

internal/sms-gateway/app.go

@@ -19,6 +19,7 @@ import (
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/webhooks"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/online"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/openapi"
+	"github.com/android-sms-gateway/server/internal/sms-gateway/otp"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/pubsub"
 	"github.com/android-sms-gateway/server/pkg/health"
 	"github.com/capcom6/go-infra-fx/cli"
@@ -54,6 +55,7 @@ func Module() fx.Option {
 		metrics.Module(),
 		sse.Module(),
 		online.Module(),
+		otp.Module(),
 	)
 }
 

internal/sms-gateway/handlers/middlewares/userauth/userauth.go

@@ -72,7 +72,7 @@ func NewCode(authSvc *auth.Service) fiber.Handler {
 		// Get the code
 		code := auth[5:]
 
-		user, err := authSvc.AuthorizeUserByCode(code)
+		user, err := authSvc.AuthorizeUserByCode(c.Context(), code)
 		if err != nil {
 			return fiber.ErrUnauthorized
 		}

internal/sms-gateway/handlers/mobile.go

@@ -179,7 +179,7 @@ func (h *mobileHandler) patchDevice(device models.Device, c *fiber.Ctx) error {
 //
 // Get user code.
 func (h *mobileHandler) getUserCode(user models.User, c *fiber.Ctx) error {
-	code, err := h.authSvc.GenerateUserCode(user.ID)
+	code, err := h.authSvc.GenerateUserCode(c.Context(), user.ID)
 	if err != nil {
 		h.Logger.Error("failed to generate user code", zap.Error(err), zap.String("user_id", user.ID))
 		return fiber.NewError(fiber.StatusInternalServerError, "failed to generate user code")

internal/sms-gateway/modules/auth/module.go

@@ -13,8 +13,8 @@ func Module() fx.Option {
 		fx.Decorate(func(log *zap.Logger) *zap.Logger {
 			return log.Named("auth")
 		}),
-		fx.Provide(New),
 		fx.Provide(newRepository, fx.Private),
+		fx.Provide(New),
 		fx.Invoke(func(lc fx.Lifecycle, svc *Service) {
 			ctx, cancel := context.WithCancel(context.Background())
 			lc.Append(fx.Hook{

internal/sms-gateway/modules/auth/service.go

@@ -2,18 +2,15 @@ package auth
 
 import (
 	"context"
-	"crypto/rand"
 	"crypto/subtle"
 	"fmt"
 	"time"
 
 	"github.com/android-sms-gateway/server/internal/sms-gateway/models"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/devices"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/online"
+	"github.com/android-sms-gateway/server/internal/sms-gateway/otp"
 	"github.com/android-sms-gateway/server/pkg/crypto"
-	"github.com/capcom6/go-helpers/cache"
-	"github.com/jaevor/go-nanoid"
-	"go.uber.org/fx"
 	"go.uber.org/zap"
 )
 
@@ -22,78 +19,50 @@ type Config struct {
 	PrivateToken string
 }
 
-type Params struct {
-	fx.In
-
-	Config Config
-
-	Users      *repository
-	DevicesSvc *devices.Service
-	OnlineSvc  online.Service
-
-	Logger *zap.Logger
-}
-
 type Service struct {
 	config Config
 
 	users      *repository
-	codesCache *cache.Cache[string]
 	usersCache *usersCache
 
+	otpSvc     *otp.Service
 	devicesSvc *devices.Service
 	onlineSvc  online.Service
 
 	logger *zap.Logger
-
-	idgen func() string
 }
 
-func New(params Params) *Service {
-	const idLen = 21
-	idgen, _ := nanoid.Standard(idLen)
-
+func New(
+	config Config,
+	users *repository,
+	otpSvc *otp.Service,
+	devicesSvc *devices.Service,
+	onlineSvc online.Service,
+	logger *zap.Logger,
+) *Service {
 	return &Service{
-		config:     params.Config,
-		users:      params.Users,
-		devicesSvc: params.DevicesSvc,
-		onlineSvc:  params.OnlineSvc,
-		logger:     params.Logger,
-		idgen:      idgen,
-
-		codesCache: cache.New[string](cache.Config{TTL: codeTTL}),
-		usersCache: newUsersCache(),
-	}
-}
+		config: config,
 
-// GenerateUserCode generates a unique one-time user authorization code.
-func (s *Service) GenerateUserCode(userID string) (OneTimeCode, error) {
-	var code string
-	var err error
-
-	const bytesLen = 3
-	const maxCode = 1000000
-	b := make([]byte, bytesLen)
-	validUntil := time.Now().Add(codeTTL)
-	for range 3 {
-		if _, err = rand.Read(b); err != nil {
-			continue
-		}
-		num := (int(b[0]) << 16) | (int(b[1]) << 8) | int(b[2]) //nolint:mnd //bitshift
-		code = fmt.Sprintf("%06d", num%maxCode)
+		users: users,
 
-		if err = s.codesCache.SetOrFail(code, userID, cache.WithValidUntil(validUntil)); err != nil {
-			continue
-		}
+		otpSvc:     otpSvc,
+		devicesSvc: devicesSvc,
+		onlineSvc:  onlineSvc,
 
-		break
+		logger: logger,
+
+		usersCache: newUsersCache(),
 	}
+}
 
+// GenerateUserCode generates a unique one-time user authorization code.
+func (s *Service) GenerateUserCode(ctx context.Context, userID string) (*otp.Code, error) {
+	code, err := s.otpSvc.Generate(ctx, userID)
 	if err != nil {
-		return OneTimeCode{}, fmt.Errorf("failed to generate code: %w", err)
+		return nil, fmt.Errorf("failed to generate code: %w", err)
 	}
 
-	return OneTimeCode{Code: code, ValidUntil: validUntil}, nil
+	return code, nil
 }
 
 func (s *Service) RegisterUser(login, password string) (*models.User, error) {
@@ -176,15 +145,15 @@ func (s *Service) AuthorizeUser(username, password string) (*models.User, error)
 }
 
 // AuthorizeUserByCode authorizes a user by one-time code.
-func (s *Service) AuthorizeUserByCode(code string) (*models.User, error) {
-	userID, err := s.codesCache.GetAndDelete(code)
+func (s *Service) AuthorizeUserByCode(ctx context.Context, code string) (*models.User, error) {
+	userID, err := s.otpSvc.Validate(ctx, code)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get user by code: %w", err)
+		return nil, fmt.Errorf("failed to validate code: %w", err)
 	}
 
 	user, err := s.users.GetByID(userID)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("failed to get user: %w", err)
 	}
 
 	return user, nil
@@ -234,6 +203,5 @@ func (s *Service) Run(ctx context.Context) {
 }
 
 func (s *Service) clean(_ context.Context) {
-	s.codesCache.Cleanup()
 	s.usersCache.Cleanup()
 }

internal/sms-gateway/modules/auth/types.go

@@ -1,18 +1,8 @@
 package auth
 
-import "time"
-
-const codeTTL = 5 * time.Minute
-
 type Mode string
 
 const (
 	ModePublic  Mode = "public"
 	ModePrivate Mode = "private"
 )
-
-// OneTimeCode is a one-time user authorization code.
-type OneTimeCode struct {
-	Code       string
-	ValidUntil time.Time
-}