Mercurial > gemma

annotate auth/session.go @ 201:80dc7bbe97db

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Persistent session store: Implemented Do.
author Sascha L. Teichmann <teichmann@intevation.de>
date Sun, 22 Jul 2018 09:34:45 +0200
parents e85413e5befa
children f345edb409b2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
1 package auth
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
2
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
3 import (
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
4 "crypto/rand"
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
5 "encoding/base64"
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
6 "encoding/binary"
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
7 "io"
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
8 "time"
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
9 )
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
10
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
11 type Session struct {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
12 ExpiresAt int64 `json:"expires"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
13 User string `json:"user"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
14 Password string `json:"password"`
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
15 Roles []string `json:"roles"`
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
16 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
17
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
18 const (
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
19 sessionKeyLength = 20
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
20 maxTokenValid = time.Hour * 3
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
21 )
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
22
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
23 func NewSession(user, password string, roles []string) *Session {
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
24
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
25 // Create the Claims
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
26 return &Session{
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
27 ExpiresAt: time.Now().Add(maxTokenValid).Unix(),
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
28 User: user,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
29 Password: password,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
30 Roles: roles,
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
31 }
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
32 }
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
33
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
34 func (s *Session) serialize(w io.Writer) error {
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
35 var err error
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
36 write := func(data interface{}) {
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
37 if err == nil {
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
38 err = binary.Write(w, binary.BigEndian, data)
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
39 }
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
40 }
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
41 write(s.ExpiresAt)
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
42 write(s.User)
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
43 write(s.Password)
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
44 write(uint32(len(s.Roles)))
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
45 for _, role := range s.Roles {
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
46 write(role)
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
47 }
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
48 return err
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
49 }
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
50
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
51 func (s *Session) deserialize(r io.Reader) error {
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
52 var err error
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
53 read := func(data interface{}) {
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
54 if err == nil {
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
55 err = binary.Read(r, binary.BigEndian, data)
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
56 }
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
57 }
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
58 var x Session
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
59 var n uint32
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
60 read(&x.ExpiresAt)
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
61 read(&x.User)
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
62 read(&x.Password)
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
63 read(&n)
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
64 x.Roles = make([]string, n)
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
65 for i := uint32(0); n > 0 && i < n; i++ {
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
66 read(&x.Roles[i])
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
67 }
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
68 if err == nil {
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
69 *s = x
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
70 }
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
71 return err
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
72 }
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
73
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
74 func GenerateSessionKey() string {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
75 return base64.URLEncoding.EncodeToString(GenerateRandomKey(sessionKeyLength))
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
76 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
77
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
78 func GenerateRandomKey(length int) []byte {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
79 k := make([]byte, length)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
80 if _, err := io.ReadFull(rand.Reader, k); err != nil {
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
81 return nil
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
82 }
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
83 return k
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
84 }
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
85
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
86 func GenerateSession(user, password string) (string, *Session, error) {
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
87 roles, err := AllOtherRoles(user, password)
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
88 if err != nil {
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
89 return "", nil, err
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
90 }
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
91 token := GenerateSessionKey()
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
92 session := NewSession(user, password, roles)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
93 ConnPool.Add(token, session)
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
94 return token, session, nil
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
95 }