Mercurial > gemma

changeset 124:bb9120d28950

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Generate JWT from database roles.
author Sascha L. Teichmann <sascha.teichmann@intevation.de>
date Thu, 28 Jun 2018 11:34:57 +0200
parents 92e0c636e67c
children a98a282f00e1
files auth/opendb.go auth/token.go
diffstat 2 files changed, 48 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/auth/opendb.go	Wed Jun 27 12:59:06 2018 +0200
+++ b/auth/opendb.go	Thu Jun 28 11:34:57 2018 +0200
@@ -31,3 +31,38 @@
 		user, password,
 		config.Config.DBSSLMode))
 }
+
+const allRoles = `
+WITH RECURSIVE cte AS (
+   SELECT oid FROM pg_roles WHERE rolname = current_user
+   UNION ALL
+   SELECT m.roleid
+   FROM   cte
+   JOIN   pg_auth_members m ON m.member = cte.oid
+)
+SELECT rolname FROM pg_roles
+WHERE oid IN (SELECT oid FROM cte) AND rolname <> current_user`
+
+func AllOtherRoles(user, password string) ([]string, error) {
+	db, err := opendb(user, password)
+	if err != nil {
+		return nil, err
+	}
+	defer db.Close()
+	rows, err := db.Query(allRoles)
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	roles := []string{} // explicit empty by intention.
+
+	for rows.Next() {
+		var role string
+		if err := rows.Scan(&role); err != nil {
+			return nil, err
+		}
+		roles = append(roles, role)
+	}
+	return roles, rows.Err()
+}
--- a/auth/token.go	Wed Jun 27 12:59:06 2018 +0200
+++ b/auth/token.go	Thu Jun 28 11:34:57 2018 +0200
@@ -38,3 +38,16 @@
 		func(*jwt.Token) (interface{}, error) { return config.Config.JWTSignKey, nil })
 	return claims, err
 }
+
+func GenerateToken(user, password string) (string, error) {
+	roles, err := AllOtherRoles(user, password)
+	if err != nil {
+		return "", err
+	}
+	token, err := NewToken(user, roles)
+	if err != nil {
+		return "", err
+	}
+	ConnPool.Add(token, user, password)
+	return token, nil
+}