Mercurial > gemma
changeset 124:bb9120d28950
Generate JWT from database roles.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Thu, 28 Jun 2018 11:34:57 +0200 |
parents | 92e0c636e67c |
children | a98a282f00e1 |
files | auth/opendb.go auth/token.go |
diffstat | 2 files changed, 48 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/auth/opendb.go Wed Jun 27 12:59:06 2018 +0200 +++ b/auth/opendb.go Thu Jun 28 11:34:57 2018 +0200 @@ -31,3 +31,38 @@ user, password, config.Config.DBSSLMode)) } + +const allRoles = ` +WITH RECURSIVE cte AS ( + SELECT oid FROM pg_roles WHERE rolname = current_user + UNION ALL + SELECT m.roleid + FROM cte + JOIN pg_auth_members m ON m.member = cte.oid +) +SELECT rolname FROM pg_roles +WHERE oid IN (SELECT oid FROM cte) AND rolname <> current_user` + +func AllOtherRoles(user, password string) ([]string, error) { + db, err := opendb(user, password) + if err != nil { + return nil, err + } + defer db.Close() + rows, err := db.Query(allRoles) + if err != nil { + return nil, err + } + defer rows.Close() + + roles := []string{} // explicit empty by intention. + + for rows.Next() { + var role string + if err := rows.Scan(&role); err != nil { + return nil, err + } + roles = append(roles, role) + } + return roles, rows.Err() +}
--- a/auth/token.go Wed Jun 27 12:59:06 2018 +0200 +++ b/auth/token.go Thu Jun 28 11:34:57 2018 +0200 @@ -38,3 +38,16 @@ func(*jwt.Token) (interface{}, error) { return config.Config.JWTSignKey, nil }) return claims, err } + +func GenerateToken(user, password string) (string, error) { + roles, err := AllOtherRoles(user, password) + if err != nil { + return "", err + } + token, err := NewToken(user, roles) + if err != nil { + return "", err + } + ConnPool.Add(token, user, password) + return token, nil +}