gemma: pkg/auth/session.go annotate

annotate pkg/auth/session.go @ 942:912d016275ee

client: add arrow to drawn linesegment * Add styling function that will place an icon png image at the end of each drawn line segment, in the right rotation. Note that this does not look perfectly centered, see comment in the code.

author	Bernhard Reiter <bernhard@intevation.de>
date	Tue, 09 Oct 2018 18:39:01 +0200
parents	e1466e65bc35
children	a244b18cb916

rev	line source
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	1 package auth
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	2
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	3 import (
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	4 "encoding/base64"
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	5 "errors"
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	6 "io"
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	7 "sync"
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	8 "time"
339 33b59c848771 Factored out some miscellaneous code into own package. Sascha L. Teichmann <teichmann@intevation.de> parents: 337 diff changeset	9
414 c1047fd04a3a Moved project specific Go packages to new pkg folder. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 408 diff changeset	10 "gemma.intevation.de/gemma/pkg/common"
c1047fd04a3a Moved project specific Go packages to new pkg folder. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 408 diff changeset	11 "gemma.intevation.de/gemma/pkg/misc"
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	12 )
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	13
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	14 type Roles []string
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	15
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	16 type Session struct {
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	17 ExpiresAt int64 `json:"expires"`
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	18 User string `json:"user"`
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	19 Roles Roles `json:"roles"`
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	20
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	21 // private fields for managing expiration.
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	22 access time.Time
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	23 mu sync.Mutex
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	24 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	25
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	26 func (r Roles) Has(role string) bool {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	27 for _, x := range r {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	28 if x == role {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	29 return true
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	30 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	31 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	32 return false
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	33 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	34
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	35 func (r Roles) HasAny(roles ...string) bool {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	36 for _, y := range roles {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	37 if r.Has(y) {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	38 return true
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	39 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	40 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	41 return false
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	42 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	43
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	44 const (
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	45 sessionKeyLength = 20
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	46 maxTokenValid = time.Hour * 3
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	47 )
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	48
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	49 func NewSession(user, password string, roles Roles) *Session {
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	50
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	51 // Create the Claims
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	52 return &Session{
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	53 ExpiresAt: time.Now().Add(maxTokenValid).Unix(),
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	54 User: user,
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	55 Roles: roles,
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	56 }
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	57 }
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	58
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	59 func (s *Session) serialize(w io.Writer) error {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	60
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	61 access, err := s.last().MarshalText()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	62 if err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	63 return err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	64 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	65
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	66 wr := misc.BinWriter{w, nil}
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	67 wr.WriteBin(s.ExpiresAt)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	68 wr.WriteString(s.User)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	69 wr.WriteBin(uint32(len(s.Roles)))
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	70 for _, role := range s.Roles {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	71 wr.WriteString(role)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	72 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	73 wr.WriteBin(uint32(len(access)))
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	74 wr.WriteBin(access)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	75 return wr.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	76 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	77
197 e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit. Sascha L. Teichmann <teichmann@intevation.de> parents: 193 diff changeset	78 func (s *Session) deserialize(r io.Reader) error {
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	79
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	80 var session Session
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	81
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	82 var n uint32
340 4c211ad5349e Embed Reader and Writer in BinReader and BinWriter to make API more distinct. Sascha L. Teichmann <teichmann@intevation.de> parents: 339 diff changeset	83 rd := misc.BinReader{r, nil}
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	84 rd.ReadBin(&session.ExpiresAt)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	85 rd.ReadString(&session.User)
340 4c211ad5349e Embed Reader and Writer in BinReader and BinWriter to make API more distinct. Sascha L. Teichmann <teichmann@intevation.de> parents: 339 diff changeset	86 rd.ReadBin(&n)
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	87 session.Roles = make(Roles, n)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	88
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	89 for i := uint32(0); n > 0 && i < n; i++ {
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	90 rd.ReadString(&session.Roles[i])
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	91 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	92
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	93 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	94 return rd.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	95 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	96
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	97 var l uint32
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	98 rd.ReadBin(&l)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	99 access := make([]byte, l)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	100 rd.ReadBin(access)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	101
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	102 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	103 return rd.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	104 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	105
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	106 var t time.Time
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	107 if err := t.UnmarshalText(access); err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	108 return err
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	109 }
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	110
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	111 session.access = t
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	112
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	113 *s = session
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	114
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	115 return nil
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	116 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	117
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	118 func (c *Session) touch() {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	119 c.mu.Lock()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	120 c.access = time.Now()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	121 c.mu.Unlock()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	122 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	123
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	124 func (c *Session) last() time.Time {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	125 c.mu.Lock()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	126 access := c.access
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	127 c.mu.Unlock()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	128 return access
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	129 }
1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	130
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	131 func GenerateSessionKey() string {
339 33b59c848771 Factored out some miscellaneous code into own package. Sascha L. Teichmann <teichmann@intevation.de> parents: 337 diff changeset	132 return base64.URLEncoding.EncodeToString(
408 ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 340 diff changeset	133 common.GenerateRandomKey(sessionKeyLength))
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	134 }
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	135
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	136 var ErrInvalidRole = errors.New("Invalid role")
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	137
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	138 func GenerateSession(user, password string) (string, *Session, error) {
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	139 roles, err := AllOtherRoles(user, password)
bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	140 if err != nil {
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	141 return "", nil, err
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	142 }
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	143 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	144 return "", nil, ErrInvalidRole
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	145 }
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	146 token := GenerateSessionKey()
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	147 session := NewSession(user, password, roles)
493 8a0737aa6ab6 The connection pool is now only a session store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 486 diff changeset	148 Sessions.Add(token, session)
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	149 return token, session, nil
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	150 }

Mercurial > gemma

annotate pkg/auth/session.go @ 942:912d016275ee