Mercurial > gemma
annotate pkg/auth/session.go @ 1323:3c914bc670a2
Avoid copying session data while deserializing from store.
This involed copying a mutex which would technical be not
correct if the mutex would be used at this time, which it is
not. go vet was not happy about this even if its not
a problem. Not copying the data makes it a bit faster, though.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Sat, 24 Nov 2018 17:08:56 +0100 |
parents | 176c42053562 |
children | ea2143adc6d3 |
rev | line source |
---|---|
1017
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
1 // This is Free Software under GNU Affero General Public License v >= 3.0 |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
2 // without warranty, see README.md and license for details. |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
3 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
4 // SPDX-License-Identifier: AGPL-3.0-or-later |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
5 // License-Filename: LICENSES/AGPL-3.0.txt |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
6 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
7 // Copyright (C) 2018 by via donau |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
8 // – Österreichische Wasserstraßen-Gesellschaft mbH |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
9 // Software engineering by Intevation GmbH |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
10 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
11 // Author(s): |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de> |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
13 |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 package auth |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 import ( |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
17 "encoding/base64" |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
18 "errors" |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
19 "io" |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
20 "sync" |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 "time" |
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
22 |
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
23 "gemma.intevation.de/gemma/pkg/common" |
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
24 "gemma.intevation.de/gemma/pkg/misc" |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
25 ) |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
27 type Roles []string |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
28 |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
29 type Session struct { |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
30 ExpiresAt int64 `json:"expires"` |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
31 User string `json:"user"` |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
32 Roles Roles `json:"roles"` |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
33 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
34 // private fields for managing expiration. |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
35 access time.Time |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
36 mu sync.Mutex |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
37 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
38 |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
39 func (r Roles) Has(role string) bool { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
40 for _, x := range r { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
41 if x == role { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
42 return true |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
43 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
44 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
45 return false |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
46 } |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
47 |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
48 func (r Roles) HasAny(roles ...string) bool { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
49 for _, y := range roles { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
50 if r.Has(y) { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
51 return true |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
52 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
53 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
54 return false |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
55 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
56 |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
57 const ( |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
58 sessionKeyLength = 20 |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
59 maxTokenValid = time.Hour * 3 |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
60 ) |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
61 |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
62 func NewSession(user, password string, roles Roles) *Session { |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
63 |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
64 // Create the Claims |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
65 return &Session{ |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
66 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
67 User: user, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
68 Roles: roles, |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
69 } |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
70 } |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
71 |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
72 func (s *Session) serialize(w io.Writer) error { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
73 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
74 access, err := s.last().MarshalText() |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
75 if err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
76 return err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
77 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
78 |
1322
176c42053562
Use more keyed initializers to make 'go vet' happier.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
79 wr := misc.BinWriter{Writer: w, Err: nil} |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
80 wr.WriteBin(s.ExpiresAt) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
81 wr.WriteString(s.User) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
82 wr.WriteBin(uint32(len(s.Roles))) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
83 for _, role := range s.Roles { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
84 wr.WriteString(role) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
85 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
86 wr.WriteBin(uint32(len(access))) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
87 wr.WriteBin(access) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
88 return wr.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
89 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
90 |
197
e85413e5befa
Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
193
diff
changeset
|
91 func (s *Session) deserialize(r io.Reader) error { |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
92 |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
93 var n uint32 |
1322
176c42053562
Use more keyed initializers to make 'go vet' happier.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
94 rd := misc.BinReader{Reader: r, Err: nil} |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
95 rd.ReadBin(&s.ExpiresAt) |
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
96 rd.ReadString(&s.User) |
340
4c211ad5349e
Embed Reader and Writer in BinReader and BinWriter to make API more distinct.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
339
diff
changeset
|
97 rd.ReadBin(&n) |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
98 s.Roles = make(Roles, n) |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
99 |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
100 for i := uint32(0); n > 0 && i < n; i++ { |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
101 rd.ReadString(&s.Roles[i]) |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
102 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
103 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
104 if rd.Err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
105 return rd.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
106 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
107 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
108 var l uint32 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
109 rd.ReadBin(&l) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
110 access := make([]byte, l) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
111 rd.ReadBin(access) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
112 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
113 if rd.Err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
114 return rd.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
115 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
116 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
117 var t time.Time |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
118 if err := t.UnmarshalText(access); err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
119 return err |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
120 } |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
121 |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
122 s.access = t |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
123 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
124 return nil |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
125 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
126 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
127 func (c *Session) touch() { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
128 c.mu.Lock() |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
129 c.access = time.Now() |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
130 c.mu.Unlock() |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
131 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
132 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
133 func (c *Session) last() time.Time { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
134 c.mu.Lock() |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
135 access := c.access |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
136 c.mu.Unlock() |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
137 return access |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
138 } |
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
139 |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
140 func GenerateSessionKey() string { |
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
141 return base64.URLEncoding.EncodeToString( |
408
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
340
diff
changeset
|
142 common.GenerateRandomKey(sessionKeyLength)) |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
143 } |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
144 |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
145 var ErrInvalidRole = errors.New("Invalid role") |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
146 |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
147 func GenerateSession(user, password string) (string, *Session, error) { |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
148 roles, err := AllOtherRoles(user, password) |
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
149 if err != nil { |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
150 return "", nil, err |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
151 } |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
152 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
153 return "", nil, ErrInvalidRole |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
154 } |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
155 token := GenerateSessionKey() |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
156 session := NewSession(user, password, roles) |
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
157 Sessions.Add(token, session) |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
158 return token, session, nil |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
159 } |