Mercurial > gemma

annotate auth/session.go @ 271:02aaff4b4a66

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merged.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Mon, 30 Jul 2018 12:32:11 +0200
parents f345edb409b2
children a7b2db8b3d18
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
1 package auth
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
2
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
3 import (
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
4 "crypto/rand"
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
5 "encoding/base64"
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
6 "io"
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
7 "time"
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
8 )
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
9
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
10 type Session struct {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
11 ExpiresAt int64 `json:"expires"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
12 User string `json:"user"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
13 Password string `json:"password"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
14 Roles []string `json:"roles"`
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
15 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
16
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
17 const (
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
18 sessionKeyLength = 20
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
19 maxTokenValid = time.Hour * 3
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
20 )
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
21
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
22 func NewSession(user, password string, roles []string) *Session {
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
23
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
24 // Create the Claims
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
25 return &Session{
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
26 ExpiresAt: time.Now().Add(maxTokenValid).Unix(),
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
27 User: user,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
28 Password: password,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
29 Roles: roles,
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
30 }
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
31 }
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
32
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
33 func (s *Session) serialize(w io.Writer) error {
215
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
34 wr := binWriter{w: w}
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
35 wr.write(s.ExpiresAt)
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
36 wr.writeString(s.User)
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
37 wr.writeString(s.Password)
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
38 wr.write(uint32(len(s.Roles)))
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
39 for _, role := range s.Roles {
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
40 wr.writeString(role)
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
41 }
215
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
42 return wr.err
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
43 }
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
44
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
45 func (s *Session) deserialize(r io.Reader) error {
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
46 var x Session
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
47 var n uint32
215
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
48 rd := binReader{r: r}
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
49 rd.read(&x.ExpiresAt)
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
50 rd.readString(&x.User)
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
51 rd.readString(&x.Password)
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
52 rd.read(&n)
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
53 x.Roles = make([]string, n)
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
54 for i := uint32(0); n > 0 && i < n; i++ {
215
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
55 rd.readString(&x.Roles[i])
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
56 }
215
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
57 if rd.err == nil {
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
58 *s = x
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
59 }
215
f345edb409b2 Made serialisation and deserialisation of sessions more robust (fixed a small bug on the way).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 197
diff changeset
60 return rd.err
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
61 }
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
62
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
63 func GenerateSessionKey() string {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
64 return base64.URLEncoding.EncodeToString(GenerateRandomKey(sessionKeyLength))
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
65 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
66
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
67 func GenerateRandomKey(length int) []byte {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
68 k := make([]byte, length)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
69 if _, err := io.ReadFull(rand.Reader, k); err != nil {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
70 return nil
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
71 }
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
72 return k
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
73 }
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
74
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
75 func GenerateSession(user, password string) (string, *Session, error) {
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
76 roles, err := AllOtherRoles(user, password)
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
77 if err != nil {
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
78 return "", nil, err
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
79 }
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
80 token := GenerateSessionKey()
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
81 session := NewSession(user, password, roles)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
82 ConnPool.Add(token, session)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
83 return token, session, nil
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
84 }