Mercurial > gemma
annotate pkg/auth/session.go @ 2549:9bf6b767a56a
client: refactored and improved splitscreen for diagrams
To make different diagrams possible, the splitscreen view needed to be decoupled from the cross profiles.
Also the style has changed to make it more consistent with the rest of the app. The standard box header
is now used and there are collapse and expand animations.
| author | Markus Kottlaender <markus@intevation.de> |
|---|---|
| date | Fri, 08 Mar 2019 08:50:47 +0100 |
| parents | 20b9c3f261db |
| children | 0db742c7813d |
| rev | line source |
|---|---|
|
1017
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
1 // This is Free Software under GNU Affero General Public License v >= 3.0 |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
2 // without warranty, see README.md and license for details. |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
3 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
4 // SPDX-License-Identifier: AGPL-3.0-or-later |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
5 // License-Filename: LICENSES/AGPL-3.0.txt |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
6 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
7 // Copyright (C) 2018 by via donau |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
8 // – Österreichische Wasserstraßen-Gesellschaft mbH |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
9 // Software engineering by Intevation GmbH |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
10 // |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
11 // Author(s): |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
13 |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 package auth |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 import ( |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
17 "encoding/base64" |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
18 "errors" |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
19 "io" |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
20 "sync" |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 "time" |
|
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
22 |
|
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
23 "gemma.intevation.de/gemma/pkg/common" |
|
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
24 "gemma.intevation.de/gemma/pkg/misc" |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
25 ) |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
27 // Roles is a list of roles a logged in user has. |
|
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
28 type Roles []string |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
29 |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
30 // Session stores the informations about a logged in user. |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
31 type Session struct { |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
32 // ExpiresAt is a unix timestamp when the session |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
33 // of the user expires. |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
34 ExpiresAt int64 `json:"expires"` |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
35 |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
36 // User is the login name of the user. |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
37 User string `json:"user"` |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
38 |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
39 // Roles is the list of roles of the user. |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
40 Roles Roles `json:"roles"` |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
41 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
42 // private fields for managing expiration. |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
43 access time.Time |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
44 mu sync.Mutex |
|
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
45 } |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
46 |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
47 // Has checks if a certain role is amongst the roles. |
|
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
48 func (r Roles) Has(role string) bool { |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
49 for _, x := range r { |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
50 if x == role { |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
51 return true |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
52 } |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
53 } |
|
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
54 return false |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
55 } |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
56 |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
57 // HasAny checks if any of the given roles is in the role list. |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
58 func (r Roles) HasAny(roles ...string) bool { |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
59 for _, y := range roles { |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
60 if r.Has(y) { |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
61 return true |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
62 } |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
63 } |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
64 return false |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
65 } |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
66 |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
67 const ( |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
68 sessionKeyLength = 20 |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
69 maxTokenValid = time.Hour * 3 |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
70 ) |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
71 |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
72 // newSession creates a new session. |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
73 func newSession(user, password string, roles Roles) *Session { |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
74 |
|
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
75 // Create the Claims |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
76 return &Session{ |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
77 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
78 User: user, |
|
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
79 Roles: roles, |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
80 } |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
81 } |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
82 |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
83 func (s *Session) serialize(w io.Writer) error { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
84 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
85 access, err := s.last().MarshalText() |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
86 if err != nil { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
87 return err |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
88 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
89 |
|
1322
176c42053562
Use more keyed initializers to make 'go vet' happier.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
90 wr := misc.BinWriter{Writer: w, Err: nil} |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
91 wr.WriteBin(s.ExpiresAt) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
92 wr.WriteString(s.User) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
93 wr.WriteBin(uint32(len(s.Roles))) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
94 for _, role := range s.Roles { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
95 wr.WriteString(role) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
96 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
97 wr.WriteBin(uint32(len(access))) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
98 wr.WriteBin(access) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
99 return wr.Err |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
100 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
101 |
|
197
e85413e5befa
Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
193
diff
changeset
|
102 func (s *Session) deserialize(r io.Reader) error { |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
103 |
|
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
104 var n uint32 |
|
1322
176c42053562
Use more keyed initializers to make 'go vet' happier.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
105 rd := misc.BinReader{Reader: r, Err: nil} |
|
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
106 rd.ReadBin(&s.ExpiresAt) |
|
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
107 rd.ReadString(&s.User) |
|
340
4c211ad5349e
Embed Reader and Writer in BinReader and BinWriter to make API more distinct.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
339
diff
changeset
|
108 rd.ReadBin(&n) |
|
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
109 s.Roles = make(Roles, n) |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
110 |
|
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
111 for i := uint32(0); n > 0 && i < n; i++ { |
|
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
112 rd.ReadString(&s.Roles[i]) |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
113 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
114 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
115 if rd.Err != nil { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
116 return rd.Err |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
117 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
118 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
119 var l uint32 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
120 rd.ReadBin(&l) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
121 access := make([]byte, l) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
122 rd.ReadBin(access) |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
123 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
124 if rd.Err != nil { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
125 return rd.Err |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
126 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
127 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
128 var t time.Time |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
129 if err := t.UnmarshalText(access); err != nil { |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
130 return err |
|
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
131 } |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
132 |
|
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
133 s.access = t |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
134 |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
135 return nil |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
136 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
137 |
|
1329
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
138 func (s *Session) touch() { |
|
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
139 s.mu.Lock() |
|
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
140 s.access = time.Now() |
|
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
141 s.mu.Unlock() |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
142 } |
|
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
143 |
|
1329
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
144 func (s *Session) last() time.Time { |
|
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
145 s.mu.Lock() |
|
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
146 access := s.access |
|
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
147 s.mu.Unlock() |
|
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
148 return access |
|
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
149 } |
|
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
150 |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
151 func generateSessionKey() string { |
|
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
152 return base64.URLEncoding.EncodeToString( |
|
408
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
340
diff
changeset
|
153 common.GenerateRandomKey(sessionKeyLength)) |
|
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
154 } |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
155 |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
156 // ErrInvalidRole is returned if a given role does not exsist in this system. |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
157 var ErrInvalidRole = errors.New("Invalid role") |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
158 |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
159 // GenerateSession creates a new session for a given user and password |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
160 // backed by the roles of this user in the database. |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
161 func GenerateSession(user, password string) (string, *Session, error) { |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
162 roles, err := AllOtherRoles(user, password) |
|
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
163 if err != nil { |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
164 return "", nil, err |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
165 } |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
166 // TODO: Make this a configuration. |
|
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
167 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
168 return "", nil, ErrInvalidRole |
|
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
169 } |
|
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
170 token := generateSessionKey() |
|
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
171 session := newSession(user, password, roles) |
|
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
172 Sessions.Add(token, session) |
|
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
173 return token, session, nil |
|
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
174 } |