Mercurial > gemma

annotate pkg/auth/session.go @ 5415:4ad68ab239b7 marking-single-beam

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Factored creation of default class breaks in SR import to be reused with markings, too.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Wed, 07 Jul 2021 12:01:28 +0200
parents 91f4b3f56ce2
children 2dd155cc95ec
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1017
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
1 // This is Free Software under GNU Affero General Public License v >= 3.0
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
2 // without warranty, see README.md and license for details.
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
3 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
4 // SPDX-License-Identifier: AGPL-3.0-or-later
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
5 // License-Filename: LICENSES/AGPL-3.0.txt
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
6 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
7 // Copyright (C) 2018 by via donau
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
8 // – Österreichische Wasserstraßen-Gesellschaft mbH
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
9 // Software engineering by Intevation GmbH
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
10 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
11 // Author(s):
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de>
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
13
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
14 package auth
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
15
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
16 import (
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
17 "encoding/base64"
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
18 "errors"
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
19 "io"
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
20 "sync"
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
21 "time"
339
33b59c848771 Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 337
diff changeset
22
414
c1047fd04a3a Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 408
diff changeset
23 "gemma.intevation.de/gemma/pkg/common"
2639
0db742c7813d Make session timeout configurable
Tom Gottfried <tom@intevation.de>
parents: 1342
diff changeset
24 "gemma.intevation.de/gemma/pkg/config"
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
25 )
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
26
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
27 // Roles is a list of roles a logged in user has.
326
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
28 type Roles []string
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
29
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
30 // Session stores the informations about a logged in user.
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
31 type Session struct {
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
32 // ExpiresAt is a unix timestamp when the session
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
33 // of the user expires.
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
34 ExpiresAt int64 `json:"expires"`
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
35
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
36 // User is the login name of the user.
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
37 User string `json:"user"`
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
38
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
39 // Roles is the list of roles of the user.
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
40 Roles Roles `json:"roles"`
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
41
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
42 // private fields for managing expiration.
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
43 access time.Time
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
44 mu sync.Mutex
326
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
45 }
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
46
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
47 // Has checks if a certain role is amongst the roles.
326
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
48 func (r Roles) Has(role string) bool {
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
49 for _, x := range r {
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
50 if x == role {
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
51 return true
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
52 }
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
53 }
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
54 return false
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
55 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
56
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
57 // HasAny checks if any of the given roles is in the role list.
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
58 func (r Roles) HasAny(roles ...string) bool {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
59 for _, y := range roles {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
60 if r.Has(y) {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
61 return true
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
62 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
63 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
64 return false
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
65 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
66
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
67 const (
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
68 sessionKeyLength = 20
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
69 )
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
70
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
71 // newSession creates a new session.
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
72 func newSession(user, password string, roles Roles) *Session {
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
73
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
74 // Create the Claims
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
75 return &Session{
2639
0db742c7813d Make session timeout configurable
Tom Gottfried <tom@intevation.de>
parents: 1342
diff changeset
76 ExpiresAt: time.Now().Add(config.SessionTimeout()).Unix(),
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
77 User: user,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
78 Roles: roles,
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
79 }
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
80 }
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
81
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
82 func (s *Session) serialize(w io.Writer) error {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
83
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
84 access, err := s.last().MarshalText()
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
85 if err != nil {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
86 return err
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
87 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
88
4169
91f4b3f56ce2 Moved binary session encoding/decoding into auth package as it is only used there.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 4160
diff changeset
89 wr := BinWriter{Writer: w, Err: nil}
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
90 wr.WriteBin(s.ExpiresAt)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
91 wr.WriteString(s.User)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
92 wr.WriteBin(uint32(len(s.Roles)))
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
93 for _, role := range s.Roles {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
94 wr.WriteString(role)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
95 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
96 wr.WriteBin(uint32(len(access)))
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
97 wr.WriteBin(access)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
98 return wr.Err
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
99 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
100
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
101 func (s *Session) deserialize(r io.Reader) error {
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
102
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
103 var n uint32
4169
91f4b3f56ce2 Moved binary session encoding/decoding into auth package as it is only used there.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 4160
diff changeset
104 rd := BinReader{Reader: r, Err: nil}
1323
3c914bc670a2 Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1322
diff changeset
105 rd.ReadBin(&s.ExpiresAt)
3c914bc670a2 Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1322
diff changeset
106 rd.ReadString(&s.User)
340
4c211ad5349e Embed Reader and Writer in BinReader and BinWriter to make API more distinct.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 339
diff changeset
107 rd.ReadBin(&n)
1323
3c914bc670a2 Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1322
diff changeset
108 s.Roles = make(Roles, n)
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
109
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
110 for i := uint32(0); n > 0 && i < n; i++ {
1323
3c914bc670a2 Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1322
diff changeset
111 rd.ReadString(&s.Roles[i])
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
112 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
113
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
114 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
115 return rd.Err
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
116 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
117
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
118 var l uint32
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
119 rd.ReadBin(&l)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
120 access := make([]byte, l)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
121 rd.ReadBin(access)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
122
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
123 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
124 return rd.Err
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
125 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
126
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
127 var t time.Time
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
128 if err := t.UnmarshalText(access); err != nil {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
129 return err
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
130 }
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
131
1323
3c914bc670a2 Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1322
diff changeset
132 s.access = t
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
133
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
134 return nil
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
135 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
136
1329
ea2143adc6d3 Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1323
diff changeset
137 func (s *Session) touch() {
ea2143adc6d3 Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1323
diff changeset
138 s.mu.Lock()
ea2143adc6d3 Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1323
diff changeset
139 s.access = time.Now()
ea2143adc6d3 Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1323
diff changeset
140 s.mu.Unlock()
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
141 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
142
1329
ea2143adc6d3 Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1323
diff changeset
143 func (s *Session) last() time.Time {
ea2143adc6d3 Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1323
diff changeset
144 s.mu.Lock()
ea2143adc6d3 Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1323
diff changeset
145 access := s.access
ea2143adc6d3 Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1323
diff changeset
146 s.mu.Unlock()
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
147 return access
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
148 }
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
149
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
150 func generateSessionKey() string {
339
33b59c848771 Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 337
diff changeset
151 return base64.URLEncoding.EncodeToString(
408
ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 340
diff changeset
152 common.GenerateRandomKey(sessionKeyLength))
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
153 }
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
154
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
155 // ErrInvalidRole is returned if a given role does not exsist in this system.
4160
7cccf7fef3e8 Made 'golint' and 'staticcheck' happy with auth package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 2639
diff changeset
156 var ErrInvalidRole = errors.New("invalid role")
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
157
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
158 // GenerateSession creates a new session for a given user and password
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
159 // backed by the roles of this user in the database.
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
160 func GenerateSession(user, password string) (string, *Session, error) {
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
161 roles, err := AllOtherRoles(user, password)
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
162 if err != nil {
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
163 return "", nil, err
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
164 }
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
165 // TODO: Make this a configuration.
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
166 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
167 return "", nil, ErrInvalidRole
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
168 }
1342
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
169 token := generateSessionKey()
20b9c3f261db Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 1329
diff changeset
170 session := newSession(user, password, roles)
493
8a0737aa6ab6 The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
171 Sessions.Add(token, session)
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
172 return token, session, nil
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
173 }