Mercurial > gemma
changeset 1342:20b9c3f261db
Added comments how to create a new session for a given user and password.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Mon, 26 Nov 2018 11:01:11 +0100 |
parents | a0892b578553 |
children | 9e0beb373690 |
files | pkg/auth/session.go pkg/auth/store.go |
diffstat | 2 files changed, 23 insertions(+), 8 deletions(-) [+] |
line wrap: on
line diff
--- a/pkg/auth/session.go Mon Nov 26 10:45:51 2018 +0100 +++ b/pkg/auth/session.go Mon Nov 26 11:01:11 2018 +0100 @@ -24,18 +24,27 @@ "gemma.intevation.de/gemma/pkg/misc" ) +// Roles is a list of roles a logged in user has. type Roles []string +// Session stores the informations about a logged in user. type Session struct { - ExpiresAt int64 `json:"expires"` - User string `json:"user"` - Roles Roles `json:"roles"` + // ExpiresAt is a unix timestamp when the session + // of the user expires. + ExpiresAt int64 `json:"expires"` + + // User is the login name of the user. + User string `json:"user"` + + // Roles is the list of roles of the user. + Roles Roles `json:"roles"` // private fields for managing expiration. access time.Time mu sync.Mutex } +// Has checks if a certain role is amongst the roles. func (r Roles) Has(role string) bool { for _, x := range r { if x == role { @@ -45,6 +54,7 @@ return false } +// HasAny checks if any of the given roles is in the role list. func (r Roles) HasAny(roles ...string) bool { for _, y := range roles { if r.Has(y) { @@ -59,7 +69,8 @@ maxTokenValid = time.Hour * 3 ) -func NewSession(user, password string, roles Roles) *Session { +// newSession creates a new session. +func newSession(user, password string, roles Roles) *Session { // Create the Claims return &Session{ @@ -137,23 +148,27 @@ return access } -func GenerateSessionKey() string { +func generateSessionKey() string { return base64.URLEncoding.EncodeToString( common.GenerateRandomKey(sessionKeyLength)) } +// ErrInvalidRole is returned if a given role does not exsist in this system. var ErrInvalidRole = errors.New("Invalid role") +// GenerateSession creates a new session for a given user and password +// backed by the roles of this user in the database. func GenerateSession(user, password string) (string, *Session, error) { roles, err := AllOtherRoles(user, password) if err != nil { return "", nil, err } + // TODO: Make this a configuration. if !roles.HasAny("sys_admin", "waterway_admin", "waterway_user") { return "", nil, ErrInvalidRole } - token := GenerateSessionKey() - session := NewSession(user, password, roles) + token := generateSessionKey() + session := newSession(user, password, roles) Sessions.Add(token, session) return token, session, nil }
--- a/pkg/auth/store.go Mon Nov 26 10:45:51 2018 +0100 +++ b/pkg/auth/store.go Mon Nov 26 11:01:11 2018 +0100 @@ -189,7 +189,7 @@ } else { delete(ss.sessions, token) ss.remove(token) - newToken := GenerateSessionKey() + newToken := generateSessionKey() // TODO: Ensure that this is not racy! session.ExpiresAt = time.Now().Add(maxTokenValid).Unix() ss.sessions[newToken] = session