Mercurial > gemma
comparison pkg/auth/session.go @ 1342:20b9c3f261db
Added comments how to create a new session for a given user and password.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Mon, 26 Nov 2018 11:01:11 +0100 |
| parents | ea2143adc6d3 |
| children | 0db742c7813d |
comparison
equal
deleted
inserted
replaced
| 1341:a0892b578553 | 1342:20b9c3f261db |
|---|---|
| 22 | 22 |
| 23 "gemma.intevation.de/gemma/pkg/common" | 23 "gemma.intevation.de/gemma/pkg/common" |
| 24 "gemma.intevation.de/gemma/pkg/misc" | 24 "gemma.intevation.de/gemma/pkg/misc" |
| 25 ) | 25 ) |
| 26 | 26 |
| 27 // Roles is a list of roles a logged in user has. | |
| 27 type Roles []string | 28 type Roles []string |
| 28 | 29 |
| 30 // Session stores the informations about a logged in user. | |
| 29 type Session struct { | 31 type Session struct { |
| 30 ExpiresAt int64 `json:"expires"` | 32 // ExpiresAt is a unix timestamp when the session |
| 31 User string `json:"user"` | 33 // of the user expires. |
| 32 Roles Roles `json:"roles"` | 34 ExpiresAt int64 `json:"expires"` |
| 35 | |
| 36 // User is the login name of the user. | |
| 37 User string `json:"user"` | |
| 38 | |
| 39 // Roles is the list of roles of the user. | |
| 40 Roles Roles `json:"roles"` | |
| 33 | 41 |
| 34 // private fields for managing expiration. | 42 // private fields for managing expiration. |
| 35 access time.Time | 43 access time.Time |
| 36 mu sync.Mutex | 44 mu sync.Mutex |
| 37 } | 45 } |
| 38 | 46 |
| 47 // Has checks if a certain role is amongst the roles. | |
| 39 func (r Roles) Has(role string) bool { | 48 func (r Roles) Has(role string) bool { |
| 40 for _, x := range r { | 49 for _, x := range r { |
| 41 if x == role { | 50 if x == role { |
| 42 return true | 51 return true |
| 43 } | 52 } |
| 44 } | 53 } |
| 45 return false | 54 return false |
| 46 } | 55 } |
| 47 | 56 |
| 57 // HasAny checks if any of the given roles is in the role list. | |
| 48 func (r Roles) HasAny(roles ...string) bool { | 58 func (r Roles) HasAny(roles ...string) bool { |
| 49 for _, y := range roles { | 59 for _, y := range roles { |
| 50 if r.Has(y) { | 60 if r.Has(y) { |
| 51 return true | 61 return true |
| 52 } | 62 } |
| 57 const ( | 67 const ( |
| 58 sessionKeyLength = 20 | 68 sessionKeyLength = 20 |
| 59 maxTokenValid = time.Hour * 3 | 69 maxTokenValid = time.Hour * 3 |
| 60 ) | 70 ) |
| 61 | 71 |
| 62 func NewSession(user, password string, roles Roles) *Session { | 72 // newSession creates a new session. |
| 73 func newSession(user, password string, roles Roles) *Session { | |
| 63 | 74 |
| 64 // Create the Claims | 75 // Create the Claims |
| 65 return &Session{ | 76 return &Session{ |
| 66 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), | 77 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), |
| 67 User: user, | 78 User: user, |
| 135 access := s.access | 146 access := s.access |
| 136 s.mu.Unlock() | 147 s.mu.Unlock() |
| 137 return access | 148 return access |
| 138 } | 149 } |
| 139 | 150 |
| 140 func GenerateSessionKey() string { | 151 func generateSessionKey() string { |
| 141 return base64.URLEncoding.EncodeToString( | 152 return base64.URLEncoding.EncodeToString( |
| 142 common.GenerateRandomKey(sessionKeyLength)) | 153 common.GenerateRandomKey(sessionKeyLength)) |
| 143 } | 154 } |
| 144 | 155 |
| 156 // ErrInvalidRole is returned if a given role does not exsist in this system. | |
| 145 var ErrInvalidRole = errors.New("Invalid role") | 157 var ErrInvalidRole = errors.New("Invalid role") |
| 146 | 158 |
| 159 // GenerateSession creates a new session for a given user and password | |
| 160 // backed by the roles of this user in the database. | |
| 147 func GenerateSession(user, password string) (string, *Session, error) { | 161 func GenerateSession(user, password string) (string, *Session, error) { |
| 148 roles, err := AllOtherRoles(user, password) | 162 roles, err := AllOtherRoles(user, password) |
| 149 if err != nil { | 163 if err != nil { |
| 150 return "", nil, err | 164 return "", nil, err |
| 151 } | 165 } |
| 166 // TODO: Make this a configuration. | |
| 152 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { | 167 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { |
| 153 return "", nil, ErrInvalidRole | 168 return "", nil, ErrInvalidRole |
| 154 } | 169 } |
| 155 token := GenerateSessionKey() | 170 token := generateSessionKey() |
| 156 session := NewSession(user, password, roles) | 171 session := newSession(user, password, roles) |
| 157 Sessions.Add(token, session) | 172 Sessions.Add(token, session) |
| 158 return token, session, nil | 173 return token, session, nil |
| 159 } | 174 } |