amigan/blasphem
amigan/blasphem
1
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity
blasphem/pkg/auth/session.go
Daniel Ponte 25c3e9421f fix now
2022-11-12 17:42:36 -05:00

176 lines
3.7 KiB
Go
Raw Blame History

package auth
import (
"encoding/json"
"net/http"
"time"
"github.com/labstack/echo/v4"
"dynatron.me/x/blasphem/pkg/auth/provider"
)
type SessionStore struct {
s map[TokenID]*Token
lastCull time.Time
}
type TokenID string
func (t *TokenID) IsValid() bool {
// TODO: more validation than this
return *t != ""
}
type Token struct { // TODO: jwt bro
ID TokenID
Ctime time.Time
Expires time.Time
Addr string
user provider.ProviderUser `json:"-"`
}
func (ss *SessionStore) init() {
ss.s = make(map[TokenID]*Token)
}
const cullInterval = 5 * time.Minute
func (ss *SessionStore) cull() {
if now := time.Now(); now.Sub(ss.lastCull) > cullInterval {
for k, v := range ss.s {
if now.After(v.Expires) {
delete(ss.s, k)
}
}
}
}
func (ss *SessionStore) register(t *Token) {
ss.cull()
ss.s[t.ID] = t
}
func (ss *SessionStore) verify(tr *TokenRequest, r *http.Request) (provider.ProviderUser, bool) {
if t, hasToken := ss.s[tr.Code]; hasToken {
// TODO: JWT
if t.Expires.After(time.Now()) {
return t.user, true
} else {
delete(ss.s, t.ID)
}
}
return nil, false
}
type Credential struct {
ID CredID `json:"id"`
UserID UserID `json:"user_id"`
AuthProviderType string `json:"auth_provider_type"`
AuthProviderID *string `json:"auth_provider_id"`
DataRaw json.RawMessage `json:"data,omitempty"`
user provider.ProviderUser
}
func (cred *Credential) MarshalJSON() ([]byte, error) {
rm := map[string]interface{}{
"id": cred.ID,
"user_id": cred.UserID,
"auth_provider_type": cred.user.ProviderType(),
"auth_provider_id": cred.user.ProviderID(),
}
providerData := cred.user.ProviderUserData()
if providerData != nil {
rm["data"] = providerData
}
return json.Marshal(rm)
}
func (ss *SessionStore) verifyAndGetCredential(tr *TokenRequest, r *http.Request) *Credential {
user, success := ss.verify(tr, r)
if !success {
return nil
}
return &Credential{user: user}
}
const defaultExpiration = 2 * time.Hour
func (a *Authenticator) NewToken(r *http.Request, user provider.ProviderUser, f *Flow) TokenID {
id := TokenID(genUUID())
now := time.Now()
t := &Token{
ID: id,
Ctime: now,
Expires: now.Add(defaultExpiration),
Addr: r.RemoteAddr,
user: user,
}
a.sessions.register(t)
return id
}
type GrantType string
const (
GTAuthorizationCode GrantType = "authorization_code"
GTRefreshToken GrantType = "refresh_token"
)
type ClientID string
func (c *ClientID) IsValid() bool {
// TODO: || !indieauth.VerifyClientID(rq.ClientID)?
return *c != ""
}
type TokenRequest struct {
ClientID ClientID `form:"client_id"`
Code TokenID `form:"code"`
GrantType GrantType `form:"grant_type"`
}
func (a *Authenticator) TokenHandler(c echo.Context) error {
rq := new(TokenRequest)
err := c.Bind(rq)
if err != nil {
return err
}
switch rq.GrantType {
case GTAuthorizationCode:
if !rq.ClientID.IsValid() {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid client ID"})
}
if !rq.Code.IsValid() {
return c.JSON(http.StatusBadRequest, AuthError{Error: "invalid_request", Description: "invalid code"})
}
if cred := a.sessions.verifyAndGetCredential(rq, c.Request()); cred != nil {
// TODO: success
user, err := a.getOrCreateUser(cred)
if err != nil {
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: "bad user"})
}
if err := user.allowedToAuth(); err != nil {
return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: err.Error()})
}
return c.String(http.StatusOK, "token good I guess")
}
case GTRefreshToken:
return c.String(http.StatusNotImplemented, "not implemented")
}
return c.String(http.StatusUnauthorized, "token bad I guess")
}
Reference in a new issue View git blame Copy permalink