Mercurial > gemma

annotate pkg/auth/session.go @ 1133:dd4071019676

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Delete contour lines with their sounding result Contour lines are no independent data sets and thus can safely be deleted with sounding results. In passing, name the primary key as such.
author Tom Gottfried <tom@intevation.de>
date Wed, 07 Nov 2018 18:13:02 +0100
parents a244b18cb916
children 176c42053562
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1017
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
1 // This is Free Software under GNU Affero General Public License v >= 3.0
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
2 // without warranty, see README.md and license for details.
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
3 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
4 // SPDX-License-Identifier: AGPL-3.0-or-later
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
5 // License-Filename: LICENSES/AGPL-3.0.txt
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
6 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
7 // Copyright (C) 2018 by via donau
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
8 // – Österreichische Wasserstraßen-Gesellschaft mbH
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
9 // Software engineering by Intevation GmbH
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
10 //
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
11 // Author(s):
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de>
a244b18cb916 Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 510
diff changeset
13
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
14 package auth
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
15
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
16 import (
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
17 "encoding/base64"
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
18 "errors"
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
19 "io"
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
20 "sync"
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
21 "time"
339
33b59c848771 Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 337
diff changeset
22
414
c1047fd04a3a Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 408
diff changeset
23 "gemma.intevation.de/gemma/pkg/common"
c1047fd04a3a Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 408
diff changeset
24 "gemma.intevation.de/gemma/pkg/misc"
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
25 )
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
26
326
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
27 type Roles []string
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
28
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
29 type Session struct {
326
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
30 ExpiresAt int64 `json:"expires"`
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
31 User string `json:"user"`
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
32 Roles Roles `json:"roles"`
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
33
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
34 // private fields for managing expiration.
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
35 access time.Time
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
36 mu sync.Mutex
326
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
37 }
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
38
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
39 func (r Roles) Has(role string) bool {
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
40 for _, x := range r {
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
41 if x == role {
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
42 return true
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
43 }
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
44 }
a7b2db8b3d18 Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 215
diff changeset
45 return false
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
46 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
47
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
48 func (r Roles) HasAny(roles ...string) bool {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
49 for _, y := range roles {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
50 if r.Has(y) {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
51 return true
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
52 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
53 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
54 return false
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
55 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
56
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
57 const (
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
58 sessionKeyLength = 20
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
59 maxTokenValid = time.Hour * 3
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
60 )
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
61
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
62 func NewSession(user, password string, roles Roles) *Session {
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
63
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
64 // Create the Claims
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
65 return &Session{
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
66 ExpiresAt: time.Now().Add(maxTokenValid).Unix(),
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
67 User: user,
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
68 Roles: roles,
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
69 }
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
70 }
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
71
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
72 func (s *Session) serialize(w io.Writer) error {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
73
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
74 access, err := s.last().MarshalText()
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
75 if err != nil {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
76 return err
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
77 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
78
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
79 wr := misc.BinWriter{w, nil}
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
80 wr.WriteBin(s.ExpiresAt)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
81 wr.WriteString(s.User)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
82 wr.WriteBin(uint32(len(s.Roles)))
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
83 for _, role := range s.Roles {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
84 wr.WriteString(role)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
85 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
86 wr.WriteBin(uint32(len(access)))
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
87 wr.WriteBin(access)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
88 return wr.Err
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
89 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
90
197
e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 193
diff changeset
91 func (s *Session) deserialize(r io.Reader) error {
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
92
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
93 var session Session
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
94
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
95 var n uint32
340
4c211ad5349e Embed Reader and Writer in BinReader and BinWriter to make API more distinct.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 339
diff changeset
96 rd := misc.BinReader{r, nil}
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
97 rd.ReadBin(&session.ExpiresAt)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
98 rd.ReadString(&session.User)
340
4c211ad5349e Embed Reader and Writer in BinReader and BinWriter to make API more distinct.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 339
diff changeset
99 rd.ReadBin(&n)
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
100 session.Roles = make(Roles, n)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
101
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
102 for i := uint32(0); n > 0 && i < n; i++ {
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
103 rd.ReadString(&session.Roles[i])
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
104 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
105
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
106 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
107 return rd.Err
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
108 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
109
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
110 var l uint32
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
111 rd.ReadBin(&l)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
112 access := make([]byte, l)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
113 rd.ReadBin(access)
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
114
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
115 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
116 return rd.Err
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
117 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
118
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
119 var t time.Time
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
120 if err := t.UnmarshalText(access); err != nil {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
121 return err
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
122 }
498
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
123
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
124 session.access = t
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
125
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
126 *s = session
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
127
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
128 return nil
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
129 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
130
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
131 func (c *Session) touch() {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
132 c.mu.Lock()
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
133 c.access = time.Now()
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
134 c.mu.Unlock()
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
135 }
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
136
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
137 func (c *Session) last() time.Time {
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
138 c.mu.Lock()
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
139 access := c.access
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
140 c.mu.Unlock()
22e1bf563a04 Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 493
diff changeset
141 return access
193
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
142 }
1585c334e8a7 More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 149
diff changeset
143
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
144 func GenerateSessionKey() string {
339
33b59c848771 Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents: 337
diff changeset
145 return base64.URLEncoding.EncodeToString(
408
ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 340
diff changeset
146 common.GenerateRandomKey(sessionKeyLength))
119
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff changeset
147 }
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
148
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
149 var ErrInvalidRole = errors.New("Invalid role")
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
150
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
151 func GenerateSession(user, password string) (string, *Session, error) {
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
152 roles, err := AllOtherRoles(user, password)
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
153 if err != nil {
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
154 return "", nil, err
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
155 }
447
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
156 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
157 return "", nil, ErrInvalidRole
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 414
diff changeset
158 }
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
159 token := GenerateSessionKey()
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
160 session := NewSession(user, password, roles)
493
8a0737aa6ab6 The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 486
diff changeset
161 Sessions.Add(token, session)
134
0c56c56a1c44 Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 124
diff changeset
162 return token, session, nil
124
bb9120d28950 Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents: 119
diff changeset
163 }