[otp] separate package from the auth

Author: capcom6

api/mobile.http

@@ -9,7 +9,8 @@ Authorization: Bearer {{mobileToken}}
 
 ###
 GET {{baseUrl}}/user/code HTTP/1.1
-Authorization: Bearer {{mobileToken}}
+Authorization: Basic {{credentials}}
+# Authorization: Bearer {{mobileToken}}
 
 ###
 POST {{baseUrl}}/device HTTP/1.1

configs/config.example.yml

@@ -38,6 +38,9 @@ cache: # cache config
   url: memory:// # cache url (memory:// or redis://) [CACHE__URL]
 pubsub: # pubsub config
   url: memory:// # pubsub url (memory:// or redis://) [PUBSUB__URL]
+otp: # otp config
+  ttl: 300 # otp ttl in seconds [OTP__TTL]
+  retries: 3 # otp generation retries [OTP__RETRIES]
 
 ## Worker Config ##
 

internal/config/config.go

@@ -17,6 +17,7 @@ type Config struct {
 	Messages Messages  `yaml:"messages"` // messages config
 	Cache    Cache     `yaml:"cache"`    // cache (memory or redis) config
 	PubSub   PubSub    `yaml:"pubsub"`   // pubsub (memory or redis) config
+	OTP      OTP       `yaml:"otp"`      // one-time password config
 }
 
 type Gateway struct {
@@ -85,6 +86,11 @@ type PubSub struct {
 	URL string `yaml:"url" envconfig:"PUBSUB__URL"`
 }
 
+type OTP struct {
+	TTL     uint16 `yaml:"ttl" envconfig:"OTP__TTL"`
+	Retries uint8  `yaml:"retries" envconfig:"OTP__RETRIES"`
+}
+
 var defaultConfig = Config{
 	Gateway: Gateway{Mode: GatewayModePublic},
 	HTTP: HTTP{
@@ -119,4 +125,8 @@ var defaultConfig = Config{
 	PubSub: PubSub{
 		URL: "memory://",
 	},
+	OTP: OTP{
+		TTL:     300,
+		Retries: 3,
+	},
 }

internal/config/module.go

@@ -11,6 +11,7 @@ import (
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/messages"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/push"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/sse"
+	"github.com/android-sms-gateway/server/internal/sms-gateway/otp"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/pubsub"
 	"github.com/capcom6/go-infra-fx/config"
 	"github.com/capcom6/go-infra-fx/db"
@@ -124,4 +125,10 @@ var Module = fx.Module(
 			BufferSize: 128,
 		}
 	}),
+	fx.Provide(func(cfg Config) otp.Config {
+		return otp.Config{
+			TTL:     time.Duration(cfg.OTP.TTL) * time.Second,
+			Retries: int(cfg.OTP.Retries),
+		}
+	}),
 )

internal/sms-gateway/app.go

@@ -19,6 +19,7 @@ import (
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/webhooks"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/online"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/openapi"
+	"github.com/android-sms-gateway/server/internal/sms-gateway/otp"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/pubsub"
 	"github.com/android-sms-gateway/server/pkg/health"
 	"github.com/capcom6/go-infra-fx/cli"
@@ -53,6 +54,7 @@ var Module = fx.Module(
 	metrics.Module,
 	sse.Module,
 	online.Module(),
+	otp.Module(),
 )
 
 func Run() {

internal/sms-gateway/handlers/middlewares/userauth/userauth.go

@@ -72,7 +72,7 @@ func NewCode(authSvc *auth.Service) fiber.Handler {
 		// Get the code
 		code := auth[5:]
 
-		user, err := authSvc.AuthorizeUserByCode(code)
+		user, err := authSvc.AuthorizeUserByCode(c.Context(), code)
 		if err != nil {
 			return fiber.ErrUnauthorized
 		}

internal/sms-gateway/handlers/mobile.go

@@ -176,7 +176,7 @@ func (h *mobileHandler) patchDevice(device models.Device, c *fiber.Ctx) error {
 //
 // Get user code
 func (h *mobileHandler) getUserCode(user models.User, c *fiber.Ctx) error {
-	code, err := h.authSvc.GenerateUserCode(user.ID)
+	code, err := h.authSvc.GenerateUserCode(c.Context(), user.ID)
 	if err != nil {
 		return err
 	}

internal/sms-gateway/modules/auth/module.go

@@ -12,8 +12,8 @@ var Module = fx.Module(
 	fx.Decorate(func(log *zap.Logger) *zap.Logger {
 		return log.Named("auth")
 	}),
-	fx.Provide(New),
 	fx.Provide(newRepository, fx.Private),
+	fx.Provide(New),
 	fx.Invoke(func(lc fx.Lifecycle, svc *Service) {
 		ctx, cancel := context.WithCancel(context.Background())
 		lc.Append(fx.Hook{

internal/sms-gateway/modules/auth/service.go

@@ -2,7 +2,6 @@ package auth
 
 import (
 	"context"
-	"crypto/rand"
 	"crypto/sha256"
 	"crypto/subtle"
 	"encoding/hex"
@@ -12,10 +11,10 @@ import (
 	"github.com/android-sms-gateway/server/internal/sms-gateway/models"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/modules/devices"
 	"github.com/android-sms-gateway/server/internal/sms-gateway/online"
+	"github.com/android-sms-gateway/server/internal/sms-gateway/otp"
 	"github.com/android-sms-gateway/server/pkg/crypto"
 	"github.com/capcom6/go-helpers/cache"
 	"github.com/jaevor/go-nanoid"
-	"go.uber.org/fx"
 	"go.uber.org/zap"
 )
 
@@ -24,75 +23,55 @@ type Config struct {
 	PrivateToken string
 }
 
-type Params struct {
-	fx.In
-
-	Config Config
-
-	Users      *repository
-	DevicesSvc *devices.Service
-	OnlineSvc  online.Service
-
-	Logger *zap.Logger
-}
-
 type Service struct {
 	config Config
 
-	users      *repository
-	codesCache *cache.Cache[string]
-	usersCache *cache.Cache[models.User]
+	users *repository
 
+	otpSvc     *otp.Service
 	devicesSvc *devices.Service
 	onlineSvc  online.Service
 
 	logger *zap.Logger
 
-	idgen func() string
+	idgen      func() string
+	usersCache *cache.Cache[models.User]
 }
 
-func New(params Params) *Service {
+func New(
+	config Config,
+	users *repository,
+	otpSvc *otp.Service,
+	devicesSvc *devices.Service,
+	onlineSvc online.Service,
+	logger *zap.Logger,
+) *Service {
 	idgen, _ := nanoid.Standard(21)
 
 	return &Service{
-		config:     params.Config,
-		users:      params.Users,
-		devicesSvc: params.DevicesSvc,
-		onlineSvc:  params.OnlineSvc,
-		logger:     params.Logger,
-		idgen:      idgen,
+		config: config,
 
-		codesCache: cache.New[string](cache.Config{}),
-		usersCache: cache.New[models.User](cache.Config{TTL: 1 * time.Hour}),
-	}
-}
+		users: users,
 
-// GenerateUserCode generates a unique one-time user authorization code
-func (s *Service) GenerateUserCode(userID string) (AuthCode, error) {
-	var code string
-	var err error
-
-	b := make([]byte, 3)
-	validUntil := time.Now().Add(codeTTL)
-	for range 3 {
-		if _, err = rand.Read(b); err != nil {
-			continue
-		}
-		num := (int(b[0]) << 16) | (int(b[1]) << 8) | int(b[2])
-		code = fmt.Sprintf("%06d", num%1000000)
+		otpSvc:     otpSvc,
+		devicesSvc: devicesSvc,
+		onlineSvc:  onlineSvc,
 
-		if err = s.codesCache.SetOrFail(code, userID, cache.WithValidUntil(validUntil)); err != nil {
-			continue
-		}
+		logger: logger,
 
-		break
+		idgen:      idgen,
+		usersCache: cache.New[models.User](cache.Config{TTL: 1 * time.Hour}),
 	}
+}
 
+// GenerateUserCode generates a unique one-time user authorization code
+func (s *Service) GenerateUserCode(ctx context.Context, userID string) (*otp.Code, error) {
+	code, err := s.otpSvc.Generate(context.Background(), userID)
 	if err != nil {
-		return AuthCode{}, fmt.Errorf("can't generate code: %w", err)
+		return nil, fmt.Errorf("failed to generate code: %w", err)
 	}
 
-	return AuthCode{Code: code, ValidUntil: validUntil}, nil
+	return code, nil
 }
 
 func (s *Service) RegisterUser(login, password string) (models.User, error) {
@@ -180,18 +159,18 @@ func (s *Service) AuthorizeUser(username, password string) (models.User, error)
 }
 
 // AuthorizeUserByCode authorizes a user by one-time code.
-func (s *Service) AuthorizeUserByCode(code string) (models.User, error) {
-	userID, err := s.codesCache.GetAndDelete(code)
+func (s *Service) AuthorizeUserByCode(ctx context.Context, code string) (*models.User, error) {
+	userID, err := s.otpSvc.Validate(ctx, code)
 	if err != nil {
-		return models.User{}, err
+		return nil, fmt.Errorf("failed to validate code: %w", err)
 	}
 
 	user, err := s.users.GetByID(userID)
 	if err != nil {
-		return models.User{}, err
+		return nil, fmt.Errorf("failed to get user: %w", err)
 	}
 
-	return user, nil
+	return &user, nil
 }
 
 func (s *Service) ChangePassword(userID string, currentPassword string, newPassword string) error {
@@ -240,6 +219,5 @@ func (s *Service) Run(ctx context.Context) {
 }
 
 func (s *Service) clean(_ context.Context) {
-	s.codesCache.Cleanup()
 	s.usersCache.Cleanup()
 }

internal/sms-gateway/modules/auth/types.go

@@ -1,18 +1,8 @@
 package auth
 
-import "time"
-
-const codeTTL = 5 * time.Minute
-
 type Mode string
 
 const (
 	ModePublic  Mode = "public"
 	ModePrivate Mode = "private"
 )
-
-// AuthCode is a one-time user authorization code
-type AuthCode struct {
-	Code       string
-	ValidUntil time.Time
-}