Mercurial > gemma
comparison pkg/auth/session.go @ 1342:20b9c3f261db
Added comments how to create a new session for a given user and password.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Mon, 26 Nov 2018 11:01:11 +0100 |
parents | ea2143adc6d3 |
children | 0db742c7813d |
comparison
equal
deleted
inserted
replaced
1341:a0892b578553 | 1342:20b9c3f261db |
---|---|
22 | 22 |
23 "gemma.intevation.de/gemma/pkg/common" | 23 "gemma.intevation.de/gemma/pkg/common" |
24 "gemma.intevation.de/gemma/pkg/misc" | 24 "gemma.intevation.de/gemma/pkg/misc" |
25 ) | 25 ) |
26 | 26 |
27 // Roles is a list of roles a logged in user has. | |
27 type Roles []string | 28 type Roles []string |
28 | 29 |
30 // Session stores the informations about a logged in user. | |
29 type Session struct { | 31 type Session struct { |
30 ExpiresAt int64 `json:"expires"` | 32 // ExpiresAt is a unix timestamp when the session |
31 User string `json:"user"` | 33 // of the user expires. |
32 Roles Roles `json:"roles"` | 34 ExpiresAt int64 `json:"expires"` |
35 | |
36 // User is the login name of the user. | |
37 User string `json:"user"` | |
38 | |
39 // Roles is the list of roles of the user. | |
40 Roles Roles `json:"roles"` | |
33 | 41 |
34 // private fields for managing expiration. | 42 // private fields for managing expiration. |
35 access time.Time | 43 access time.Time |
36 mu sync.Mutex | 44 mu sync.Mutex |
37 } | 45 } |
38 | 46 |
47 // Has checks if a certain role is amongst the roles. | |
39 func (r Roles) Has(role string) bool { | 48 func (r Roles) Has(role string) bool { |
40 for _, x := range r { | 49 for _, x := range r { |
41 if x == role { | 50 if x == role { |
42 return true | 51 return true |
43 } | 52 } |
44 } | 53 } |
45 return false | 54 return false |
46 } | 55 } |
47 | 56 |
57 // HasAny checks if any of the given roles is in the role list. | |
48 func (r Roles) HasAny(roles ...string) bool { | 58 func (r Roles) HasAny(roles ...string) bool { |
49 for _, y := range roles { | 59 for _, y := range roles { |
50 if r.Has(y) { | 60 if r.Has(y) { |
51 return true | 61 return true |
52 } | 62 } |
57 const ( | 67 const ( |
58 sessionKeyLength = 20 | 68 sessionKeyLength = 20 |
59 maxTokenValid = time.Hour * 3 | 69 maxTokenValid = time.Hour * 3 |
60 ) | 70 ) |
61 | 71 |
62 func NewSession(user, password string, roles Roles) *Session { | 72 // newSession creates a new session. |
73 func newSession(user, password string, roles Roles) *Session { | |
63 | 74 |
64 // Create the Claims | 75 // Create the Claims |
65 return &Session{ | 76 return &Session{ |
66 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), | 77 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), |
67 User: user, | 78 User: user, |
135 access := s.access | 146 access := s.access |
136 s.mu.Unlock() | 147 s.mu.Unlock() |
137 return access | 148 return access |
138 } | 149 } |
139 | 150 |
140 func GenerateSessionKey() string { | 151 func generateSessionKey() string { |
141 return base64.URLEncoding.EncodeToString( | 152 return base64.URLEncoding.EncodeToString( |
142 common.GenerateRandomKey(sessionKeyLength)) | 153 common.GenerateRandomKey(sessionKeyLength)) |
143 } | 154 } |
144 | 155 |
156 // ErrInvalidRole is returned if a given role does not exsist in this system. | |
145 var ErrInvalidRole = errors.New("Invalid role") | 157 var ErrInvalidRole = errors.New("Invalid role") |
146 | 158 |
159 // GenerateSession creates a new session for a given user and password | |
160 // backed by the roles of this user in the database. | |
147 func GenerateSession(user, password string) (string, *Session, error) { | 161 func GenerateSession(user, password string) (string, *Session, error) { |
148 roles, err := AllOtherRoles(user, password) | 162 roles, err := AllOtherRoles(user, password) |
149 if err != nil { | 163 if err != nil { |
150 return "", nil, err | 164 return "", nil, err |
151 } | 165 } |
166 // TODO: Make this a configuration. | |
152 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { | 167 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { |
153 return "", nil, ErrInvalidRole | 168 return "", nil, ErrInvalidRole |
154 } | 169 } |
155 token := GenerateSessionKey() | 170 token := generateSessionKey() |
156 session := NewSession(user, password, roles) | 171 session := newSession(user, password, roles) |
157 Sessions.Add(token, session) | 172 Sessions.Add(token, session) |
158 return token, session, nil | 173 return token, session, nil |
159 } | 174 } |