Mercurial > gemma
annotate cmd/tokenserver/main.go @ 134:0c56c56a1c44 remove-jwt
Removed the JWT layer from the session management.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Fri, 29 Jun 2018 17:17:20 +0200 |
parents | 441a8ee637c5 |
children | 3349bfc2a047 |
rev | line source |
---|---|
1
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
1 package main |
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
2 |
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
3 import ( |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
4 "encoding/json" |
1
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
5 "flag" |
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
6 "fmt" |
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
7 "log" |
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
8 "net/http" |
3 | 9 "path/filepath" |
2
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
10 |
125
a98a282f00e1
Wired token generator and connection pool to token server.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
15
diff
changeset
|
11 "gemma.intevation.de/gemma/auth" |
1
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
12 ) |
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
13 |
128
441a8ee637c5
Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
127
diff
changeset
|
14 func sysAdmin(rw http.ResponseWriter, req *http.Request) { |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
15 session, _ := auth.GetSession(req) |
128
441a8ee637c5
Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
127
diff
changeset
|
16 rw.Header().Set("Content-Type", "text/plain") |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
17 fmt.Fprintf(rw, "%s is a sys_admin\n", session.User) |
128
441a8ee637c5
Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
127
diff
changeset
|
18 } |
441a8ee637c5
Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
127
diff
changeset
|
19 |
127
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
20 func renew(rw http.ResponseWriter, req *http.Request) { |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
21 token, _ := auth.GetToken(req) |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
22 newToken, err := auth.ConnPool.Renew(token) |
127
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
23 switch { |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
24 case err == auth.ErrNoSuchToken: |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
25 http.NotFound(rw, req) |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
26 return |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
27 case err != nil: |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
28 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
29 return |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
30 } |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
31 |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
32 session, _ := auth.GetSession(req) |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
33 |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
34 var result = struct { |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
35 Token string `json:"token"` |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
36 Expires int64 `json:"expires"` |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
37 User string `json:"user"` |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
38 Roles []string `json:"roles"` |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
39 }{ |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
40 Token: newToken, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
41 Expires: session.ExpiresAt, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
42 User: session.User, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
43 Roles: session.Roles, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
44 } |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
45 |
127
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
46 rw.Header().Set("Content-Type", "text/plain") |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
47 if err := json.NewEncoder(rw).Encode(&result); err != nil { |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
48 log.Printf("error: %v\n", err) |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
49 } |
127
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
50 } |
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
51 |
126
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
52 func logout(rw http.ResponseWriter, req *http.Request) { |
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
53 token, _ := auth.GetToken(req) |
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
54 deleted := auth.ConnPool.Delete(token) |
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
55 if !deleted { |
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
56 http.NotFound(rw, req) |
127
44794c641277
Implemented explicit token renewal under endpoint /api/renew.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
126
diff
changeset
|
57 return |
126
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
58 } |
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
59 rw.Header().Set("Content-Type", "text/plain") |
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
60 fmt.Fprintln(rw, "token deleted") |
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
61 } |
89cf2e7672ff
Implemented an explicit token deletion under endpoint /api/logout.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
125
diff
changeset
|
62 |
2
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
63 func token(rw http.ResponseWriter, req *http.Request) { |
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
64 user := req.FormValue("user") |
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
65 password := req.FormValue("password") |
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
66 |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
67 token, session, err := auth.GenerateSession(user, password) |
2
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
68 |
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
69 if err != nil { |
125
a98a282f00e1
Wired token generator and connection pool to token server.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
15
diff
changeset
|
70 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) |
2
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
71 return |
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
72 } |
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
73 |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
74 var result = struct { |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
75 Token string `json:"token"` |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
76 Expires int64 `json:"expires"` |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
77 User string `json:"user"` |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
78 Roles []string `json:"roles"` |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
79 }{ |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
80 Token: token, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
81 Expires: session.ExpiresAt, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
82 User: session.User, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
83 Roles: session.Roles, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
84 } |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
85 |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
86 rw.Header().Set("Content-Type", "application/json") |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
87 if err := json.NewEncoder(rw).Encode(&result); err != nil { |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
88 log.Printf("error: %v\n", err) |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
89 } |
2
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
90 } |
9c6f68a8e8b2
Demo generation of tokens.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1
diff
changeset
|
91 |
1
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
92 func main() { |
3 | 93 port := flag.Int("port", 8000, "port to listen at.") |
1
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
94 host := flag.String("host", "localhost", "host to listen at.") |
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
95 flag.Parse() |
3 | 96 p, _ := filepath.Abs("./web") |
1
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
97 mux := http.NewServeMux() |
3 | 98 mux.Handle("/", http.StripPrefix("/", http.FileServer(http.Dir(p)))) |
15
05d828374256
Reverted to previous setup of /api prefixing only the token route
Thomas Junk <thomas.junk@intevation.de>
parents:
14
diff
changeset
|
99 mux.HandleFunc("/api/token", token) |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
100 mux.Handle("/api/logout", auth.SessionMiddleware(http.HandlerFunc(token))) |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
101 mux.Handle("/api/renew", auth.SessionMiddleware(http.HandlerFunc(renew))) |
128
441a8ee637c5
Added claims checker + example.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
127
diff
changeset
|
102 mux.Handle("/api/sys_admin", |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
103 auth.SessionMiddleware( |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
128
diff
changeset
|
104 auth.SessionChecker(http.HandlerFunc(sysAdmin), auth.HasRole("sys_admin")))) |
1
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
105 |
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
106 addr := fmt.Sprintf("%s:%d", *host, *port) |
15
05d828374256
Reverted to previous setup of /api prefixing only the token route
Thomas Junk <thomas.junk@intevation.de>
parents:
14
diff
changeset
|
107 log.Fatalln(http.ListenAndServe(addr, mux)) |
1
0e1d0c00bc74
Useless webserver to test go-gettablity.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
108 } |