Mercurial > gemma
annotate pkg/auth/session.go @ 5133:38491057807b queued-stage-done
Move schema versions beyond what is in default branch
author | Tom Gottfried <tom@intevation.de> |
---|---|
date | Fri, 27 Mar 2020 15:31:03 +0100 |
parents | 91f4b3f56ce2 |
children | 2dd155cc95ec |
rev | line source |
---|---|
1017
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
1 // This is Free Software under GNU Affero General Public License v >= 3.0 |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
2 // without warranty, see README.md and license for details. |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
3 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
4 // SPDX-License-Identifier: AGPL-3.0-or-later |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
5 // License-Filename: LICENSES/AGPL-3.0.txt |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
6 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
7 // Copyright (C) 2018 by via donau |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
8 // – Österreichische Wasserstraßen-Gesellschaft mbH |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
9 // Software engineering by Intevation GmbH |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
10 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
11 // Author(s): |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de> |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
13 |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 package auth |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 import ( |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
17 "encoding/base64" |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
18 "errors" |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
19 "io" |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
20 "sync" |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 "time" |
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
22 |
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
23 "gemma.intevation.de/gemma/pkg/common" |
2639
0db742c7813d
Make session timeout configurable
Tom Gottfried <tom@intevation.de>
parents:
1342
diff
changeset
|
24 "gemma.intevation.de/gemma/pkg/config" |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
25 ) |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
27 // Roles is a list of roles a logged in user has. |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
28 type Roles []string |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
29 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
30 // Session stores the informations about a logged in user. |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
31 type Session struct { |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
32 // ExpiresAt is a unix timestamp when the session |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
33 // of the user expires. |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
34 ExpiresAt int64 `json:"expires"` |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
35 |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
36 // User is the login name of the user. |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
37 User string `json:"user"` |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
38 |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
39 // Roles is the list of roles of the user. |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
40 Roles Roles `json:"roles"` |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
41 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
42 // private fields for managing expiration. |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
43 access time.Time |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
44 mu sync.Mutex |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
45 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
46 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
47 // Has checks if a certain role is amongst the roles. |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
48 func (r Roles) Has(role string) bool { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
49 for _, x := range r { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
50 if x == role { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
51 return true |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
52 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
53 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
54 return false |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
55 } |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
56 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
57 // HasAny checks if any of the given roles is in the role list. |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
58 func (r Roles) HasAny(roles ...string) bool { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
59 for _, y := range roles { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
60 if r.Has(y) { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
61 return true |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
62 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
63 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
64 return false |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
65 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
66 |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
67 const ( |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
68 sessionKeyLength = 20 |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
69 ) |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
70 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
71 // newSession creates a new session. |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
72 func newSession(user, password string, roles Roles) *Session { |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
73 |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
74 // Create the Claims |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
75 return &Session{ |
2639
0db742c7813d
Make session timeout configurable
Tom Gottfried <tom@intevation.de>
parents:
1342
diff
changeset
|
76 ExpiresAt: time.Now().Add(config.SessionTimeout()).Unix(), |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
77 User: user, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
78 Roles: roles, |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
79 } |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
80 } |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
81 |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
82 func (s *Session) serialize(w io.Writer) error { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
83 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
84 access, err := s.last().MarshalText() |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
85 if err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
86 return err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
87 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
88 |
4169
91f4b3f56ce2
Moved binary session encoding/decoding into auth package as it is only used there.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
4160
diff
changeset
|
89 wr := BinWriter{Writer: w, Err: nil} |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
90 wr.WriteBin(s.ExpiresAt) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
91 wr.WriteString(s.User) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
92 wr.WriteBin(uint32(len(s.Roles))) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
93 for _, role := range s.Roles { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
94 wr.WriteString(role) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
95 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
96 wr.WriteBin(uint32(len(access))) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
97 wr.WriteBin(access) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
98 return wr.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
99 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
100 |
197
e85413e5befa
Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
193
diff
changeset
|
101 func (s *Session) deserialize(r io.Reader) error { |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
102 |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
103 var n uint32 |
4169
91f4b3f56ce2
Moved binary session encoding/decoding into auth package as it is only used there.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
4160
diff
changeset
|
104 rd := BinReader{Reader: r, Err: nil} |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
105 rd.ReadBin(&s.ExpiresAt) |
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
106 rd.ReadString(&s.User) |
340
4c211ad5349e
Embed Reader and Writer in BinReader and BinWriter to make API more distinct.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
339
diff
changeset
|
107 rd.ReadBin(&n) |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
108 s.Roles = make(Roles, n) |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
109 |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
110 for i := uint32(0); n > 0 && i < n; i++ { |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
111 rd.ReadString(&s.Roles[i]) |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
112 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
113 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
114 if rd.Err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
115 return rd.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
116 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
117 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
118 var l uint32 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
119 rd.ReadBin(&l) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
120 access := make([]byte, l) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
121 rd.ReadBin(access) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
122 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
123 if rd.Err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
124 return rd.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
125 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
126 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
127 var t time.Time |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
128 if err := t.UnmarshalText(access); err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
129 return err |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
130 } |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
131 |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
132 s.access = t |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
133 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
134 return nil |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
135 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
136 |
1329
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
137 func (s *Session) touch() { |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
138 s.mu.Lock() |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
139 s.access = time.Now() |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
140 s.mu.Unlock() |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
141 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
142 |
1329
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
143 func (s *Session) last() time.Time { |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
144 s.mu.Lock() |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
145 access := s.access |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
146 s.mu.Unlock() |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
147 return access |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
148 } |
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
149 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
150 func generateSessionKey() string { |
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
151 return base64.URLEncoding.EncodeToString( |
408
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
340
diff
changeset
|
152 common.GenerateRandomKey(sessionKeyLength)) |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
153 } |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
154 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
155 // ErrInvalidRole is returned if a given role does not exsist in this system. |
4160
7cccf7fef3e8
Made 'golint' and 'staticcheck' happy with auth package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
2639
diff
changeset
|
156 var ErrInvalidRole = errors.New("invalid role") |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
157 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
158 // GenerateSession creates a new session for a given user and password |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
159 // backed by the roles of this user in the database. |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
160 func GenerateSession(user, password string) (string, *Session, error) { |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
161 roles, err := AllOtherRoles(user, password) |
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
162 if err != nil { |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
163 return "", nil, err |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
164 } |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
165 // TODO: Make this a configuration. |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
166 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
167 return "", nil, ErrInvalidRole |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
168 } |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
169 token := generateSessionKey() |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
170 session := newSession(user, password, roles) |
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
171 Sessions.Add(token, session) |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
172 return token, session, nil |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
173 } |