Mercurial > gemma
annotate pkg/auth/session.go @ 1322:176c42053562
Use more keyed initializers to make 'go vet' happier.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Sat, 24 Nov 2018 16:55:40 +0100 |
| parents | a244b18cb916 |
| children | 3c914bc670a2 |
| rev | line source |
|---|---|
|
1017
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
1 // This is Free Software under GNU Affero General Public License v >= 3.0 |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
2 // without warranty, see README.md and license for details. |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
3 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
4 // SPDX-License-Identifier: AGPL-3.0-or-later |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
5 // License-Filename: LICENSES/AGPL-3.0.txt |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
6 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
7 // Copyright (C) 2018 by via donau |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
8 // – Österreichische Wasserstraßen-Gesellschaft mbH |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
9 // Software engineering by Intevation GmbH |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
10 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
11 // Author(s): |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
13 |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 package auth |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 import ( |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
17 "encoding/base64" |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
18 "errors" |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
19 "io" |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
20 "sync" |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 "time" |
|
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
22 |
|
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
23 "gemma.intevation.de/gemma/pkg/common" |
|
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
24 "gemma.intevation.de/gemma/pkg/misc" |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
25 ) |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 |
|
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
27 type Roles []string |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
28 |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
29 type Session struct { |
|
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
30 ExpiresAt int64 `json:"expires"` |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
31 User string `json:"user"` |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
32 Roles Roles `json:"roles"` |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
33 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
34 // private fields for managing expiration. |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
35 access time.Time |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
36 mu sync.Mutex |
|
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
37 } |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
38 |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
39 func (r Roles) Has(role string) bool { |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
40 for _, x := range r { |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
41 if x == role { |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
42 return true |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
43 } |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
44 } |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
45 return false |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
46 } |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
47 |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
48 func (r Roles) HasAny(roles ...string) bool { |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
49 for _, y := range roles { |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
50 if r.Has(y) { |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
51 return true |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
52 } |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
53 } |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
54 return false |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
55 } |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
56 |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
57 const ( |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
58 sessionKeyLength = 20 |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
59 maxTokenValid = time.Hour * 3 |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
60 ) |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
61 |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
62 func NewSession(user, password string, roles Roles) *Session { |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
63 |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
64 // Create the Claims |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
65 return &Session{ |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
66 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
67 User: user, |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
68 Roles: roles, |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
69 } |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
70 } |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
71 |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
72 func (s *Session) serialize(w io.Writer) error { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
73 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
74 access, err := s.last().MarshalText() |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
75 if err != nil { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
76 return err |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
77 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
78 |
|
1322
176c42053562
Use more keyed initializers to make 'go vet' happier.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
79 wr := misc.BinWriter{Writer: w, Err: nil} |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
80 wr.WriteBin(s.ExpiresAt) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
81 wr.WriteString(s.User) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
82 wr.WriteBin(uint32(len(s.Roles))) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
83 for _, role := range s.Roles { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
84 wr.WriteString(role) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
85 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
86 wr.WriteBin(uint32(len(access))) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
87 wr.WriteBin(access) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
88 return wr.Err |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
89 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
90 |
|
197
e85413e5befa
Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
193
diff
changeset
|
91 func (s *Session) deserialize(r io.Reader) error { |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
92 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
93 var session Session |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
94 |
|
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
95 var n uint32 |
|
1322
176c42053562
Use more keyed initializers to make 'go vet' happier.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
96 rd := misc.BinReader{Reader: r, Err: nil} |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
97 rd.ReadBin(&session.ExpiresAt) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
98 rd.ReadString(&session.User) |
|
340
4c211ad5349e
Embed Reader and Writer in BinReader and BinWriter to make API more distinct.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
339
diff
changeset
|
99 rd.ReadBin(&n) |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
100 session.Roles = make(Roles, n) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
101 |
|
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
102 for i := uint32(0); n > 0 && i < n; i++ { |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
103 rd.ReadString(&session.Roles[i]) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
104 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
105 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
106 if rd.Err != nil { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
107 return rd.Err |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
108 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
109 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
110 var l uint32 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
111 rd.ReadBin(&l) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
112 access := make([]byte, l) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
113 rd.ReadBin(access) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
114 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
115 if rd.Err != nil { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
116 return rd.Err |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
117 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
118 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
119 var t time.Time |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
120 if err := t.UnmarshalText(access); err != nil { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
121 return err |
|
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
122 } |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
123 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
124 session.access = t |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
125 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
126 *s = session |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
127 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
128 return nil |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
129 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
130 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
131 func (c *Session) touch() { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
132 c.mu.Lock() |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
133 c.access = time.Now() |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
134 c.mu.Unlock() |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
135 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
136 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
137 func (c *Session) last() time.Time { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
138 c.mu.Lock() |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
139 access := c.access |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
140 c.mu.Unlock() |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
141 return access |
|
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
142 } |
|
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
143 |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
144 func GenerateSessionKey() string { |
|
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
145 return base64.URLEncoding.EncodeToString( |
|
408
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
340
diff
changeset
|
146 common.GenerateRandomKey(sessionKeyLength)) |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
147 } |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
148 |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
149 var ErrInvalidRole = errors.New("Invalid role") |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
150 |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
151 func GenerateSession(user, password string) (string, *Session, error) { |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
152 roles, err := AllOtherRoles(user, password) |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
153 if err != nil { |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
154 return "", nil, err |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
155 } |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
156 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
157 return "", nil, ErrInvalidRole |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
158 } |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
159 token := GenerateSessionKey() |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
160 session := NewSession(user, password, roles) |
|
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
161 Sessions.Add(token, session) |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
162 return token, session, nil |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
163 } |