gemma: pkg/auth/session.go annotate

annotate pkg/auth/session.go @ 5560:f2204f91d286

Join the log lines of imports to the log exports to recover data from them. Used in SR export to extract information that where in the meta json but now are only found in the log.

author	Sascha L. Teichmann <sascha.teichmann@intevation.de>
date	Wed, 09 Feb 2022 18:34:40 +0100
parents	91f4b3f56ce2
children	2dd155cc95ec

rev	line source
1017 a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	1 // This is Free Software under GNU Affero General Public License v >= 3.0
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	2 // without warranty, see README.md and license for details.
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	3 //
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	4 // SPDX-License-Identifier: AGPL-3.0-or-later
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	5 // License-Filename: LICENSES/AGPL-3.0.txt
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	6 //
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	7 // Copyright (C) 2018 by via donau
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	8 // – Österreichische Wasserstraßen-Gesellschaft mbH
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	9 // Software engineering by Intevation GmbH
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	10 //
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	11 // Author(s):
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de>
a244b18cb916 Added GNU Affero General Public License. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 510 diff changeset	13
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	14 package auth
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	15
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	16 import (
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	17 "encoding/base64"
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	18 "errors"
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	19 "io"
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	20 "sync"
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	21 "time"
339 33b59c848771 Factored out some miscellaneous code into own package. Sascha L. Teichmann <teichmann@intevation.de> parents: 337 diff changeset	22
414 c1047fd04a3a Moved project specific Go packages to new pkg folder. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 408 diff changeset	23 "gemma.intevation.de/gemma/pkg/common"
2639 0db742c7813d Make session timeout configurable Tom Gottfried <tom@intevation.de> parents: 1342 diff changeset	24 "gemma.intevation.de/gemma/pkg/config"
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	25 )
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	26
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	27 // Roles is a list of roles a logged in user has.
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	28 type Roles []string
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	29
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	30 // Session stores the informations about a logged in user.
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	31 type Session struct {
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	32 // ExpiresAt is a unix timestamp when the session
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	33 // of the user expires.
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	34 ExpiresAt int64 `json:"expires"`
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	35
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	36 // User is the login name of the user.
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	37 User string `json:"user"`
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	38
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	39 // Roles is the list of roles of the user.
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	40 Roles Roles `json:"roles"`
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	41
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	42 // private fields for managing expiration.
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	43 access time.Time
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	44 mu sync.Mutex
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	45 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	46
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	47 // Has checks if a certain role is amongst the roles.
326 a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	48 func (r Roles) Has(role string) bool {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	49 for _, x := range r {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	50 if x == role {
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	51 return true
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	52 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	53 }
a7b2db8b3d18 Added type for roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 215 diff changeset	54 return false
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	55 }
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	56
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	57 // HasAny checks if any of the given roles is in the role list.
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	58 func (r Roles) HasAny(roles ...string) bool {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	59 for _, y := range roles {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	60 if r.Has(y) {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	61 return true
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	62 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	63 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	64 return false
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	65 }
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	66
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	67 const (
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	68 sessionKeyLength = 20
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	69 )
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	70
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	71 // newSession creates a new session.
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	72 func newSession(user, password string, roles Roles) *Session {
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	73
29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	74 // Create the Claims
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	75 return &Session{
2639 0db742c7813d Make session timeout configurable Tom Gottfried <tom@intevation.de> parents: 1342 diff changeset	76 ExpiresAt: time.Now().Add(config.SessionTimeout()).Unix(),
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	77 User: user,
0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	78 Roles: roles,
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	79 }
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	80 }
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	81
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	82 func (s *Session) serialize(w io.Writer) error {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	83
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	84 access, err := s.last().MarshalText()
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	85 if err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	86 return err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	87 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	88
4169 91f4b3f56ce2 Moved binary session encoding/decoding into auth package as it is only used there. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 4160 diff changeset	89 wr := BinWriter{Writer: w, Err: nil}
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	90 wr.WriteBin(s.ExpiresAt)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	91 wr.WriteString(s.User)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	92 wr.WriteBin(uint32(len(s.Roles)))
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	93 for _, role := range s.Roles {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	94 wr.WriteString(role)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	95 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	96 wr.WriteBin(uint32(len(access)))
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	97 wr.WriteBin(access)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	98 return wr.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	99 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	100
197 e85413e5befa Cleaned up serialisation/deserilisation of sessions a bit. Sascha L. Teichmann <teichmann@intevation.de> parents: 193 diff changeset	101 func (s *Session) deserialize(r io.Reader) error {
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	102
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	103 var n uint32
4169 91f4b3f56ce2 Moved binary session encoding/decoding into auth package as it is only used there. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 4160 diff changeset	104 rd := BinReader{Reader: r, Err: nil}
1323 3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	105 rd.ReadBin(&s.ExpiresAt)
3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	106 rd.ReadString(&s.User)
340 4c211ad5349e Embed Reader and Writer in BinReader and BinWriter to make API more distinct. Sascha L. Teichmann <teichmann@intevation.de> parents: 339 diff changeset	107 rd.ReadBin(&n)
1323 3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	108 s.Roles = make(Roles, n)
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	109
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	110 for i := uint32(0); n > 0 && i < n; i++ {
1323 3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	111 rd.ReadString(&s.Roles[i])
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	112 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	113
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	114 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	115 return rd.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	116 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	117
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	118 var l uint32
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	119 rd.ReadBin(&l)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	120 access := make([]byte, l)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	121 rd.ReadBin(access)
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	122
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	123 if rd.Err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	124 return rd.Err
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	125 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	126
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	127 var t time.Time
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	128 if err := t.UnmarshalText(access); err != nil {
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	129 return err
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	130 }
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	131
1323 3c914bc670a2 Avoid copying session data while deserializing from store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1322 diff changeset	132 s.access = t
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	133
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	134 return nil
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	135 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	136
1329 ea2143adc6d3 Named method recievers consistently to make golint happy. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1323 diff changeset	137 func (s *Session) touch() {
ea2143adc6d3 Named method recievers consistently to make golint happy. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1323 diff changeset	138 s.mu.Lock()
ea2143adc6d3 Named method recievers consistently to make golint happy. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1323 diff changeset	139 s.access = time.Now()
ea2143adc6d3 Named method recievers consistently to make golint happy. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1323 diff changeset	140 s.mu.Unlock()
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	141 }
22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	142
1329 ea2143adc6d3 Named method recievers consistently to make golint happy. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1323 diff changeset	143 func (s *Session) last() time.Time {
ea2143adc6d3 Named method recievers consistently to make golint happy. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1323 diff changeset	144 s.mu.Lock()
ea2143adc6d3 Named method recievers consistently to make golint happy. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1323 diff changeset	145 access := s.access
ea2143adc6d3 Named method recievers consistently to make golint happy. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1323 diff changeset	146 s.mu.Unlock()
498 22e1bf563a04 Throw away the connection level for sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 493 diff changeset	147 return access
193 1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	148 }
1585c334e8a7 More on persisting sessions. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 149 diff changeset	149
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	150 func generateSessionKey() string {
339 33b59c848771 Factored out some miscellaneous code into own package. Sascha L. Teichmann <teichmann@intevation.de> parents: 337 diff changeset	151 return base64.URLEncoding.EncodeToString(
408 ac23905e64b1 Improve WFS proxy a lot. It now generates signed re-writings. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 340 diff changeset	152 common.GenerateRandomKey(sessionKeyLength))
119 29e56c342c9f Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: diff changeset	153 }
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	154
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	155 // ErrInvalidRole is returned if a given role does not exsist in this system.
4160 7cccf7fef3e8 Made 'golint' and 'staticcheck' happy with auth package. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 2639 diff changeset	156 var ErrInvalidRole = errors.New("invalid role")
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	157
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	158 // GenerateSession creates a new session for a given user and password
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	159 // backed by the roles of this user in the database.
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	160 func GenerateSession(user, password string) (string, *Session, error) {
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	161 roles, err := AllOtherRoles(user, password)
bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	162 if err != nil {
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	163 return "", nil, err
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	164 }
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	165 // TODO: Make this a configuration.
447 62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	166 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") {
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	167 return "", nil, ErrInvalidRole
62c909dd3098 Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 414 diff changeset	168 }
1342 20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	169 token := generateSessionKey()
20b9c3f261db Added comments how to create a new session for a given user and password. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 1329 diff changeset	170 session := newSession(user, password, roles)
493 8a0737aa6ab6 The connection pool is now only a session store. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 486 diff changeset	171 Sessions.Add(token, session)
134 0c56c56a1c44 Removed the JWT layer from the session management. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 124 diff changeset	172 return token, session, nil
124 bb9120d28950 Generate JWT from database roles. Sascha L. Teichmann <sascha.teichmann@intevation.de> parents: 119 diff changeset	173 }

Mercurial > gemma

annotate pkg/auth/session.go @ 5560:f2204f91d286