gemma: pkg/auth/session.go annotate

annotate pkg/auth/session.go @ 1323:3c914bc670a2

Avoid copying session data while deserializing from store. This involed copying a mutex which would technical be not correct if the mutex would be used at this time, which it is not. go vet was not happy about this even if its not a problem. Not copying the data makes it a bit faster, though.

author	Sascha L. Teichmann <sascha.teichmann@intevation.de>
date	Sat, 24 Nov 2018 17:08:56 +0100
parents	176c42053562
children	ea2143adc6d3

rev	line source
1017 a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	1 // This is Free Software under GNU Affero General Public License v >= 3.0
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	2 // without warranty, see README.md and license for details.
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	3 //
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	4 // SPDX-License-Identifier: AGPL-3.0-or-later
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	5 // License-Filename: LICENSES/AGPL-3.0.txt
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	6 //
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	7 // Copyright (C) 2018 by via donau
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	8 // – Österreichische Wasserstraßen-Gesellschaft mbH
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	9 // Software engineering by Intevation GmbH
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	10 //
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	11 // Author(s):
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de>
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	13
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	14 package auth
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	15
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	16 import (
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	17 "encoding/base64"
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	18 "errors"
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	19 "io"
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	20 "sync"
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	21 "time"
339 33b59c848771 Factored out some miscellaneous code into own package. Sascha L. Teichmann <teichmann@intevation.de> parents: 337 diff changeset	22
414 c1047fd04a3a Moved project specific Go packages to new pkg folder. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 408 diff changeset	23 "gemma.intevation.de/gemma/pkg/common"
c1047fd04a3a Moved project specific Go packages to new pkg folder. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 408 diff changeset	24 "gemma.intevation.de/gemma/pkg/misc"
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	25 )
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	26
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	27 type Roles []string
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	28
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	29 type Session struct {
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	30 ExpiresAt int64 `json:"expires"`
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	31 User string `json:"user"`
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	32 Roles Roles `json:"roles"`
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	33
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	34 // private fields for managing expiration.
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	35 access time.Time
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	36 mu sync.Mutex
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	37 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	38
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	39 func (r Roles) Has(role string) bool {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	40 for _, x := range r {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	41 if x == role {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	42 return true
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	43 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	44 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	45 return false
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	46 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	47
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	48 func (r Roles) HasAny(roles ...string) bool {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	49 for _, y := range roles {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	50 if r.Has(y) {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	51 return true
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	52 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	53 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	54 return false
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	55 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	56
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	57 const (
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	58 sessionKeyLength = 20
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	59 maxTokenValid = time.Hour * 3
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	60 )
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	61
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	62 func NewSession(user, password string, roles Roles) *Session {
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	63
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	64 // Create the Claims
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	65 return &Session{
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	66 ExpiresAt: time.Now().Add(maxTokenValid).Unix(),
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	67 User: user,
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	68 Roles: roles,
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	69 }
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	70 }
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	71
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	72 func (s *Session) serialize(w io.Writer) error {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	73
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	74 access, err := s.last().MarshalText()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	75 if err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	76 return err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	77 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	78
1322 176c42053562 Use more keyed initializers to make 'go vet' happier. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1017 diff changeset	79 wr := misc.BinWriter{Writer: w, Err: nil}
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	80 wr.WriteBin(s.ExpiresAt)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	81 wr.WriteString(s.User)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	82 wr.WriteBin(uint32(len(s.Roles)))
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	83 for _, role := range s.Roles {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	84 wr.WriteString(role)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	85 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	86 wr.WriteBin(uint32(len(access)))
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	87 wr.WriteBin(access)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	88 return wr.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	89 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	90
197 e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit. Sascha L. Teichmann <teichmann@intevation.de> parents: 193 diff changeset	91 func (s *Session) deserialize(r io.Reader) error {
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	92
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	93 var n uint32
1322 176c42053562 Use more keyed initializers to make 'go vet' happier. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1017 diff changeset	94 rd := misc.BinReader{Reader: r, Err: nil}
1323 3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	95 rd.ReadBin(&s.ExpiresAt)
3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	96 rd.ReadString(&s.User)
340 4c211ad5349e Embed Reader and Writer in BinReader and BinWriter to make API more distinct. Sascha L. Teichmann <teichmann@intevation.de> parents: 339 diff changeset	97 rd.ReadBin(&n)
1323 3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	98 s.Roles = make(Roles, n)
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	99
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	100 for i := uint32(0); n > 0 && i < n; i++ {
1323 3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	101 rd.ReadString(&s.Roles[i])
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	102 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	103
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	104 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	105 return rd.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	106 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	107
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	108 var l uint32
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	109 rd.ReadBin(&l)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	110 access := make([]byte, l)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	111 rd.ReadBin(access)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	112
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	113 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	114 return rd.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	115 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	116
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	117 var t time.Time
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	118 if err := t.UnmarshalText(access); err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	119 return err
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	120 }
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	121
1323 3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	122 s.access = t
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	123
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	124 return nil
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	125 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	126
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	127 func (c *Session) touch() {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	128 c.mu.Lock()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	129 c.access = time.Now()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	130 c.mu.Unlock()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	131 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	132
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	133 func (c *Session) last() time.Time {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	134 c.mu.Lock()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	135 access := c.access
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	136 c.mu.Unlock()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	137 return access
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	138 }
1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	139
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	140 func GenerateSessionKey() string {
339 33b59c848771 Factored out some miscellaneous code into own package. Sascha L. Teichmann <teichmann@intevation.de> parents: 337 diff changeset	141 return base64.URLEncoding.EncodeToString(
408 ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 340 diff changeset	142 common.GenerateRandomKey(sessionKeyLength))
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	143 }
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	144
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	145 var ErrInvalidRole = errors.New("Invalid role")
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	146
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	147 func GenerateSession(user, password string) (string, *Session, error) {
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	148 roles, err := AllOtherRoles(user, password)
bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	149 if err != nil {
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	150 return "", nil, err
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	151 }
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	152 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	153 return "", nil, ErrInvalidRole
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	154 }
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	155 token := GenerateSessionKey()
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	156 session := NewSession(user, password, roles)
493 8a0737aa6ab6 The connection pool is now only a session store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 486 diff changeset	157 Sessions.Add(token, session)
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	158 return token, session, nil
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	159 }

Mercurial > gemma

annotate pkg/auth/session.go @ 1323:3c914bc670a2