Mercurial > gemma
annotate pkg/auth/session.go @ 5560:f2204f91d286
Join the log lines of imports to the log exports to recover data from them.
Used in SR export to extract information that where in the meta json
but now are only found in the log.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Wed, 09 Feb 2022 18:34:40 +0100 |
parents | 91f4b3f56ce2 |
children | 2dd155cc95ec |
rev | line source |
---|---|
1017
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
1 // This is Free Software under GNU Affero General Public License v >= 3.0 |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
2 // without warranty, see README.md and license for details. |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
3 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
4 // SPDX-License-Identifier: AGPL-3.0-or-later |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
5 // License-Filename: LICENSES/AGPL-3.0.txt |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
6 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
7 // Copyright (C) 2018 by via donau |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
8 // – Österreichische Wasserstraßen-Gesellschaft mbH |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
9 // Software engineering by Intevation GmbH |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
10 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
11 // Author(s): |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de> |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
510
diff
changeset
|
13 |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
14 package auth |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 import ( |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
17 "encoding/base64" |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
18 "errors" |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
19 "io" |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
20 "sync" |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 "time" |
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
22 |
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
408
diff
changeset
|
23 "gemma.intevation.de/gemma/pkg/common" |
2639
0db742c7813d
Make session timeout configurable
Tom Gottfried <tom@intevation.de>
parents:
1342
diff
changeset
|
24 "gemma.intevation.de/gemma/pkg/config" |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
25 ) |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
27 // Roles is a list of roles a logged in user has. |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
28 type Roles []string |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
29 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
30 // Session stores the informations about a logged in user. |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
31 type Session struct { |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
32 // ExpiresAt is a unix timestamp when the session |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
33 // of the user expires. |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
34 ExpiresAt int64 `json:"expires"` |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
35 |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
36 // User is the login name of the user. |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
37 User string `json:"user"` |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
38 |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
39 // Roles is the list of roles of the user. |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
40 Roles Roles `json:"roles"` |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
41 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
42 // private fields for managing expiration. |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
43 access time.Time |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
44 mu sync.Mutex |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
45 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
46 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
47 // Has checks if a certain role is amongst the roles. |
326
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
48 func (r Roles) Has(role string) bool { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
49 for _, x := range r { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
50 if x == role { |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
51 return true |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
52 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
53 } |
a7b2db8b3d18
Added type for roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
215
diff
changeset
|
54 return false |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
55 } |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
56 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
57 // HasAny checks if any of the given roles is in the role list. |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
58 func (r Roles) HasAny(roles ...string) bool { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
59 for _, y := range roles { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
60 if r.Has(y) { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
61 return true |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
62 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
63 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
64 return false |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
65 } |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
66 |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
67 const ( |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
68 sessionKeyLength = 20 |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
69 ) |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
70 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
71 // newSession creates a new session. |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
72 func newSession(user, password string, roles Roles) *Session { |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
73 |
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
74 // Create the Claims |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
75 return &Session{ |
2639
0db742c7813d
Make session timeout configurable
Tom Gottfried <tom@intevation.de>
parents:
1342
diff
changeset
|
76 ExpiresAt: time.Now().Add(config.SessionTimeout()).Unix(), |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
77 User: user, |
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
78 Roles: roles, |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
79 } |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
80 } |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
81 |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
82 func (s *Session) serialize(w io.Writer) error { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
83 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
84 access, err := s.last().MarshalText() |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
85 if err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
86 return err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
87 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
88 |
4169
91f4b3f56ce2
Moved binary session encoding/decoding into auth package as it is only used there.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
4160
diff
changeset
|
89 wr := BinWriter{Writer: w, Err: nil} |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
90 wr.WriteBin(s.ExpiresAt) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
91 wr.WriteString(s.User) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
92 wr.WriteBin(uint32(len(s.Roles))) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
93 for _, role := range s.Roles { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
94 wr.WriteString(role) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
95 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
96 wr.WriteBin(uint32(len(access))) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
97 wr.WriteBin(access) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
98 return wr.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
99 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
100 |
197
e85413e5befa
Cleaned up serialisation/deserilisation of sessions a bit.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
193
diff
changeset
|
101 func (s *Session) deserialize(r io.Reader) error { |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
102 |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
103 var n uint32 |
4169
91f4b3f56ce2
Moved binary session encoding/decoding into auth package as it is only used there.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
4160
diff
changeset
|
104 rd := BinReader{Reader: r, Err: nil} |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
105 rd.ReadBin(&s.ExpiresAt) |
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
106 rd.ReadString(&s.User) |
340
4c211ad5349e
Embed Reader and Writer in BinReader and BinWriter to make API more distinct.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
339
diff
changeset
|
107 rd.ReadBin(&n) |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
108 s.Roles = make(Roles, n) |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
109 |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
110 for i := uint32(0); n > 0 && i < n; i++ { |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
111 rd.ReadString(&s.Roles[i]) |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
112 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
113 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
114 if rd.Err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
115 return rd.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
116 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
117 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
118 var l uint32 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
119 rd.ReadBin(&l) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
120 access := make([]byte, l) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
121 rd.ReadBin(access) |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
122 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
123 if rd.Err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
124 return rd.Err |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
125 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
126 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
127 var t time.Time |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
128 if err := t.UnmarshalText(access); err != nil { |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
129 return err |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
130 } |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
131 |
1323
3c914bc670a2
Avoid copying session data while deserializing from store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1322
diff
changeset
|
132 s.access = t |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
133 |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
134 return nil |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
135 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
136 |
1329
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
137 func (s *Session) touch() { |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
138 s.mu.Lock() |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
139 s.access = time.Now() |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
140 s.mu.Unlock() |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
141 } |
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
142 |
1329
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
143 func (s *Session) last() time.Time { |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
144 s.mu.Lock() |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
145 access := s.access |
ea2143adc6d3
Named method recievers consistently to make golint happy.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1323
diff
changeset
|
146 s.mu.Unlock() |
498
22e1bf563a04
Throw away the connection level for sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
147 return access |
193
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
148 } |
1585c334e8a7
More on persisting sessions.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
149
diff
changeset
|
149 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
150 func generateSessionKey() string { |
339
33b59c848771
Factored out some miscellaneous code into own package.
Sascha L. Teichmann <teichmann@intevation.de>
parents:
337
diff
changeset
|
151 return base64.URLEncoding.EncodeToString( |
408
ac23905e64b1
Improve WFS proxy a lot. It now generates signed re-writings.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
340
diff
changeset
|
152 common.GenerateRandomKey(sessionKeyLength)) |
119
29e56c342c9f
Added first middleware for JWT token extraction. TODO: Add second one to check against logged in users.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
153 } |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
154 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
155 // ErrInvalidRole is returned if a given role does not exsist in this system. |
4160
7cccf7fef3e8
Made 'golint' and 'staticcheck' happy with auth package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
2639
diff
changeset
|
156 var ErrInvalidRole = errors.New("invalid role") |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
157 |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
158 // GenerateSession creates a new session for a given user and password |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
159 // backed by the roles of this user in the database. |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
160 func GenerateSession(user, password string) (string, *Session, error) { |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
161 roles, err := AllOtherRoles(user, password) |
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
162 if err != nil { |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
163 return "", nil, err |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
164 } |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
165 // TODO: Make this a configuration. |
447
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
166 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
167 return "", nil, ErrInvalidRole |
62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
414
diff
changeset
|
168 } |
1342
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
169 token := generateSessionKey() |
20b9c3f261db
Added comments how to create a new session for a given user and password.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1329
diff
changeset
|
170 session := newSession(user, password, roles) |
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
486
diff
changeset
|
171 Sessions.Add(token, session) |
134
0c56c56a1c44
Removed the JWT layer from the session management.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
124
diff
changeset
|
172 return token, session, nil |
124
bb9120d28950
Generate JWT from database roles.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
119
diff
changeset
|
173 } |