Mercurial > gemma

comparison pkg/auth/session.go @ 447:62c909dd3098

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Tue, 21 Aug 2018 18:29:34 +0200
parents c1047fd04a3a
children b2dc9c2f69e0
comparison
equal deleted inserted replaced
446:659c04feb2dc 447:62c909dd3098
1 package auth 1 package auth
2 2
3 import ( 3 import (
4 "encoding/base64" 4 "encoding/base64"
5 "errors"
5 "io" 6 "io"
6 "time" 7 "time"
7 8
8 "gemma.intevation.de/gemma/pkg/common" 9 "gemma.intevation.de/gemma/pkg/common"
9 "gemma.intevation.de/gemma/pkg/misc" 10 "gemma.intevation.de/gemma/pkg/misc"
25 } 26 }
26 } 27 }
27 return false 28 return false
28 } 29 }
29 30
31 func (r Roles) HasAny(roles ...string) bool {
32 for _, y := range roles {
33 if r.Has(y) {
34 return true
35 }
36 }
37 return false
38 }
39
30 const ( 40 const (
31 sessionKeyLength = 20 41 sessionKeyLength = 20
32 maxTokenValid = time.Hour * 3 42 maxTokenValid = time.Hour * 3
33 ) 43 )
34 44
35 func NewSession(user, password string, roles []string) *Session { 45 func NewSession(user, password string, roles Roles) *Session {
36 46
37 // Create the Claims 47 // Create the Claims
38 return &Session{ 48 return &Session{
39 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), 49 ExpiresAt: time.Now().Add(maxTokenValid).Unix(),
40 User: user, 50 User: user,
76 func GenerateSessionKey() string { 86 func GenerateSessionKey() string {
77 return base64.URLEncoding.EncodeToString( 87 return base64.URLEncoding.EncodeToString(
78 common.GenerateRandomKey(sessionKeyLength)) 88 common.GenerateRandomKey(sessionKeyLength))
79 } 89 }
80 90
91 var ErrInvalidRole = errors.New("Invalid role")
92
81 func GenerateSession(user, password string) (string, *Session, error) { 93 func GenerateSession(user, password string) (string, *Session, error) {
82 roles, err := AllOtherRoles(user, password) 94 roles, err := AllOtherRoles(user, password)
83 if err != nil { 95 if err != nil {
84 return "", nil, err 96 return "", nil, err
97 }
98 if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") {
99 return "", nil, ErrInvalidRole
85 } 100 }
86 token := GenerateSessionKey() 101 token := GenerateSessionKey()
87 session := NewSession(user, password, roles) 102 session := NewSession(user, password, roles)
88 ConnPool.Add(token, session) 103 ConnPool.Add(token, session)
89 return token, session, nil 104 return token, session, nil