Mercurial > gemma
diff pkg/auth/session.go @ 447:62c909dd3098
Only allow log in if user has at least one of the roles 'sys_admin', 'waterway_admin', 'waterway_user'.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Tue, 21 Aug 2018 18:29:34 +0200 |
parents | c1047fd04a3a |
children | b2dc9c2f69e0 |
line wrap: on
line diff
--- a/pkg/auth/session.go Tue Aug 21 18:07:43 2018 +0200 +++ b/pkg/auth/session.go Tue Aug 21 18:29:34 2018 +0200 @@ -2,6 +2,7 @@ import ( "encoding/base64" + "errors" "io" "time" @@ -27,12 +28,21 @@ return false } +func (r Roles) HasAny(roles ...string) bool { + for _, y := range roles { + if r.Has(y) { + return true + } + } + return false +} + const ( sessionKeyLength = 20 maxTokenValid = time.Hour * 3 ) -func NewSession(user, password string, roles []string) *Session { +func NewSession(user, password string, roles Roles) *Session { // Create the Claims return &Session{ @@ -78,11 +88,16 @@ common.GenerateRandomKey(sessionKeyLength)) } +var ErrInvalidRole = errors.New("Invalid role") + func GenerateSession(user, password string) (string, *Session, error) { roles, err := AllOtherRoles(user, password) if err != nil { return "", nil, err } + if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { + return "", nil, ErrInvalidRole + } token := GenerateSessionKey() session := NewSession(user, password, roles) ConnPool.Add(token, session)