Mercurial > gemma

diff pkg/auth/session.go @ 1342:20b9c3f261db

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added comments how to create a new session for a given user and password.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Mon, 26 Nov 2018 11:01:11 +0100
parents ea2143adc6d3
children 0db742c7813d
line wrap: on
line diff
--- a/pkg/auth/session.go	Mon Nov 26 10:45:51 2018 +0100
+++ b/pkg/auth/session.go	Mon Nov 26 11:01:11 2018 +0100
@@ -24,18 +24,27 @@
 	"gemma.intevation.de/gemma/pkg/misc"
 )
 
+// Roles is a list of roles a logged in user has.
 type Roles []string
 
+// Session stores the informations about a logged in user.
 type Session struct {
-	ExpiresAt int64  `json:"expires"`
-	User      string `json:"user"`
-	Roles     Roles  `json:"roles"`
+	// ExpiresAt is a unix timestamp when the session
+	// of the user expires.
+	ExpiresAt int64 `json:"expires"`
+
+	// User is the login name of the user.
+	User string `json:"user"`
+
+	// Roles is the list of roles of the user.
+	Roles Roles `json:"roles"`
 
 	// private fields for managing expiration.
 	access time.Time
 	mu     sync.Mutex
 }
 
+// Has checks if a certain role is amongst the roles.
 func (r Roles) Has(role string) bool {
 	for _, x := range r {
 		if x == role {
@@ -45,6 +54,7 @@
 	return false
 }
 
+// HasAny checks if any of the given roles is in the role list.
 func (r Roles) HasAny(roles ...string) bool {
 	for _, y := range roles {
 		if r.Has(y) {
@@ -59,7 +69,8 @@
 	maxTokenValid    = time.Hour * 3
 )
 
-func NewSession(user, password string, roles Roles) *Session {
+// newSession creates a new session.
+func newSession(user, password string, roles Roles) *Session {
 
 	// Create the Claims
 	return &Session{
@@ -137,23 +148,27 @@
 	return access
 }
 
-func GenerateSessionKey() string {
+func generateSessionKey() string {
 	return base64.URLEncoding.EncodeToString(
 		common.GenerateRandomKey(sessionKeyLength))
 }
 
+// ErrInvalidRole is returned if a given role does not exsist in this system.
 var ErrInvalidRole = errors.New("Invalid role")
 
+// GenerateSession creates a new session for a given user and password
+// backed by the roles of this user in the database.
 func GenerateSession(user, password string) (string, *Session, error) {
 	roles, err := AllOtherRoles(user, password)
 	if err != nil {
 		return "", nil, err
 	}
+	// TODO: Make this a configuration.
 	if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") {
 		return "", nil, ErrInvalidRole
 	}
-	token := GenerateSessionKey()
-	session := NewSession(user, password, roles)
+	token := generateSessionKey()
+	session := newSession(user, password, roles)
 	Sessions.Add(token, session)
 	return token, session, nil
 }