Fixed rate limit panic when authenticatin with a link share auth token (#97)

pkg/routes/api/v1/auth.go

@@ -19,7 +19,10 @@ package v1
 import (
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/models"
+	"code.vikunja.io/web"
 	"github.com/dgrijalva/jwt-go"
+	"github.com/labstack/echo/v4"
+	"net/http"
 	"time"
 )
 
@@ -65,3 +68,17 @@ func NewLinkShareJWTAuthtoken(share *models.LinkSharing) (token string, err erro
 	// Generate encoded token and send it as response.
 	return t.SignedString([]byte(config.ServiceJWTSecret.GetString()))
 }
+
+// GetAuthFromClaims returns a web.Auth object from jwt claims
+func GetAuthFromClaims(c echo.Context) (a web.Auth, err error) {
+	jwtinf := c.Get("user").(*jwt.Token)
+	claims := jwtinf.Claims.(jwt.MapClaims)
+	typ := int(claims["type"].(float64))
+	if typ == AuthTypeLinkShare && config.ServiceEnableLinkSharing.GetBool() {
+		return models.GetLinkShareFromClaims(claims)
+	}
+	if typ == AuthTypeUser {
+		return models.GetUserFromClaims(claims)
+	}
+	return nil, echo.NewHTTPError(http.StatusBadRequest, models.Message{Message: "Invalid JWT token."})
+}

pkg/routes/rate_limit.go

@@ -20,8 +20,8 @@ package routes
 import (
 	"code.vikunja.io/api/pkg/config"
 	"code.vikunja.io/api/pkg/log"
-	"code.vikunja.io/api/pkg/models"
 	"code.vikunja.io/api/pkg/red"
+	apiv1 "code.vikunja.io/api/pkg/routes/api/v1"
 	"github.com/labstack/echo/v4"
 	"github.com/ulule/limiter/v3"
 	"github.com/ulule/limiter/v3/drivers/store/memory"
@@ -40,11 +40,11 @@ func RateLimit(rateLimiter *limiter.Limiter) echo.MiddlewareFunc {
 			case "ip":
 				rateLimitKey = c.RealIP()
 			case "user":
-				user, err := models.GetCurrentUser(c)
+				auth, err := apiv1.GetAuthFromClaims(c)
 				if err != nil {
-					log.Errorf("Error while getting the current user for rate limiting: %s", err)
+					log.Errorf("Error getting auth from jwt claims: %v", err)
 				}
-				rateLimitKey = "user_" + strconv.FormatInt(user.ID, 10)
+				rateLimitKey = "user_" + strconv.FormatInt(auth.GetID(), 10)
 			default:
 				log.Errorf("Unknown rate limit kind configured: %s", config.RateLimitKind.GetString())
 			}

pkg/routes/routes.go

@@ -48,11 +48,9 @@ import (
 	"code.vikunja.io/web"
 	"code.vikunja.io/web/handler"
 	"github.com/asaskevich/govalidator"
-	"github.com/dgrijalva/jwt-go"
 	"github.com/labstack/echo/v4"
 	"github.com/labstack/echo/v4/middleware"
 	elog "github.com/labstack/gommon/log"
-	"net/http"
 	"strings"
 )
 
@@ -109,18 +107,7 @@ func NewEcho() *echo.Echo {
 
 	// Handler config
 	handler.SetAuthProvider(&web.Auths{
-		AuthObject: func(c echo.Context) (web.Auth, error) {
+		AuthObject: apiv1.GetAuthFromClaims,
-			jwtinf := c.Get("user").(*jwt.Token)
-			claims := jwtinf.Claims.(jwt.MapClaims)
-			typ := int(claims["type"].(float64))
-			if typ == apiv1.AuthTypeLinkShare && config.ServiceEnableLinkSharing.GetBool() {
-				return models.GetLinkShareFromClaims(claims)
-			}
-			if typ == apiv1.AuthTypeUser {
-				return models.GetUserFromClaims(claims)
-			}
-			return nil, echo.NewHTTPError(http.StatusBadRequest, models.Message{Message: "Invalid JWT token."})
-		},
 	})
 	handler.SetLoggingProvider(log.GetLogger())