Mercurial > gemma

annotate cmd/tokenserver/main.go @ 134:0c56c56a1c44 remove-jwt

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Removed the JWT layer from the session management.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Fri, 29 Jun 2018 17:17:20 +0200
parents 441a8ee637c5
children 3349bfc2a047
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
1 package main
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
2
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
3 import (
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
4 "encoding/json"
1
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
5 "flag"
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
6 "fmt"
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
7 "log"
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
8 "net/http"
3
1597506a2241 merge with vue-cli
Thomas Junk <thomas.junk@intevation.de>
parents: 2
diff changeset
9 "path/filepath"
2
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
10
125
a98a282f00e1 Wired token generator and connection pool to token server.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 15
diff changeset
11 "gemma.intevation.de/gemma/auth"
1
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
12 )
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
13
128
441a8ee637c5 Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 127
diff changeset
14 func sysAdmin(rw http.ResponseWriter, req *http.Request) {
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
15 session, _ := auth.GetSession(req)
128
441a8ee637c5 Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 127
diff changeset
16 rw.Header().Set("Content-Type", "text/plain")
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
17 fmt.Fprintf(rw, "%s is a sys_admin\n", session.User)
128
441a8ee637c5 Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 127
diff changeset
18 }
441a8ee637c5 Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 127
diff changeset
19
127
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
20 func renew(rw http.ResponseWriter, req *http.Request) {
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
21 token, _ := auth.GetToken(req)
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
22 newToken, err := auth.ConnPool.Renew(token)
127
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
23 switch {
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
24 case err == auth.ErrNoSuchToken:
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
25 http.NotFound(rw, req)
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
26 return
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
27 case err != nil:
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
28 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError)
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
29 return
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
30 }
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
31
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
32 session, _ := auth.GetSession(req)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
33
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
34 var result = struct {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
35 Token string `json:"token"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
36 Expires int64 `json:"expires"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
37 User string `json:"user"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
38 Roles []string `json:"roles"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
39 }{
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
40 Token: newToken,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
41 Expires: session.ExpiresAt,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
42 User: session.User,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
43 Roles: session.Roles,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
44 }
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
45
127
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
46 rw.Header().Set("Content-Type", "text/plain")
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
47 if err := json.NewEncoder(rw).Encode(&result); err != nil {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
48 log.Printf("error: %v\n", err)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
49 }
127
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
50 }
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
51
126
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
52 func logout(rw http.ResponseWriter, req *http.Request) {
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
53 token, _ := auth.GetToken(req)
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
54 deleted := auth.ConnPool.Delete(token)
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
55 if !deleted {
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
56 http.NotFound(rw, req)
127
44794c641277 Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 126
diff changeset
57 return
126
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
58 }
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
59 rw.Header().Set("Content-Type", "text/plain")
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
60 fmt.Fprintln(rw, "token deleted")
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
61 }
89cf2e7672ff Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 125
diff changeset
62
2
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
63 func token(rw http.ResponseWriter, req *http.Request) {
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
64 user := req.FormValue("user")
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
65 password := req.FormValue("password")
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
66
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
67 token, session, err := auth.GenerateSession(user, password)
2
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
68
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
69 if err != nil {
125
a98a282f00e1 Wired token generator and connection pool to token server.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 15
diff changeset
70 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError)
2
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
71 return
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
72 }
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
73
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
74 var result = struct {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
75 Token string `json:"token"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
76 Expires int64 `json:"expires"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
77 User string `json:"user"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
78 Roles []string `json:"roles"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
79 }{
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
80 Token: token,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
81 Expires: session.ExpiresAt,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
82 User: session.User,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
83 Roles: session.Roles,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
84 }
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
85
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
86 rw.Header().Set("Content-Type", "application/json")
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
87 if err := json.NewEncoder(rw).Encode(&result); err != nil {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
88 log.Printf("error: %v\n", err)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
89 }
2
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
90 }
9c6f68a8e8b2 Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1
diff changeset
91
1
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
92 func main() {
3
1597506a2241 merge with vue-cli
Thomas Junk <thomas.junk@intevation.de>
parents: 2
diff changeset
93 port := flag.Int("port", 8000, "port to listen at.")
1
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
94 host := flag.String("host", "localhost", "host to listen at.")
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
95 flag.Parse()
3
1597506a2241 merge with vue-cli
Thomas Junk <thomas.junk@intevation.de>
parents: 2
diff changeset
96 p, _ := filepath.Abs("./web")
1
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
97 mux := http.NewServeMux()
3
1597506a2241 merge with vue-cli
Thomas Junk <thomas.junk@intevation.de>
parents: 2
diff changeset
98 mux.Handle("/", http.StripPrefix("/", http.FileServer(http.Dir(p))))
15
05d828374256 Reverted to previous setup of /api prefixing only the token route
Thomas Junk <thomas.junk@intevation.de>
parents: 14
diff changeset
99 mux.HandleFunc("/api/token", token)
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
100 mux.Handle("/api/logout", auth.SessionMiddleware(http.HandlerFunc(token)))
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
101 mux.Handle("/api/renew", auth.SessionMiddleware(http.HandlerFunc(renew)))
128
441a8ee637c5 Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 127
diff changeset
102 mux.Handle("/api/sys_admin",
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
103 auth.SessionMiddleware(
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 128
diff changeset
104 auth.SessionChecker(http.HandlerFunc(sysAdmin), auth.HasRole("sys_admin"))))
1
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
105
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
106 addr := fmt.Sprintf("%s:%d", *host, *port)
15
05d828374256 Reverted to previous setup of /api prefixing only the token route
Thomas Junk <thomas.junk@intevation.de>
parents: 14
diff changeset
107 log.Fatalln(http.ListenAndServe(addr, mux))
1
0e1d0c00bc74 Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
108 }