auth
auth/memstore.go
Update CheckEndpoints for strict checking, add CountEndpoints. Create a "strict" mode for CheckEndpoints that will only return true on an exact match, and update the memstore implementation accordingly. Add tests to make sure that the strict mode is adhered to. We need this mode because in certain situations (e.g., the client has more than one endpoint registered), the spec demands a full-string comparison. Add a CountEndpoints method to the ClientStore that will return the number of endpoints registered for a specific client. As we just mentioned, the rules for how a redirect URI is validated depend upon the number of endpoints a client has registered, so we need to be able to get at that number.
| paddy@28 | 1 package auth |
| paddy@28 | 2 |
| paddy@31 | 3 import ( |
| paddy@31 | 4 "sync" |
| paddy@31 | 5 |
| paddy@45 | 6 "code.secondbit.org/uuid" |
| paddy@31 | 7 ) |
| paddy@28 | 8 |
| paddy@28 | 9 type Memstore struct { |
| paddy@28 | 10 tokens map[string]Token |
| paddy@28 | 11 refreshTokenLookup map[string]string |
| paddy@28 | 12 profileTokenLookup map[string][]string |
| paddy@28 | 13 tokenLock sync.RWMutex |
| paddy@29 | 14 |
| paddy@29 | 15 grants map[string]Grant |
| paddy@29 | 16 grantLock sync.RWMutex |
| paddy@31 | 17 |
| paddy@31 | 18 clients map[string]Client |
| paddy@31 | 19 profileClientLookup map[string][]uuid.ID |
| paddy@31 | 20 clientLock sync.RWMutex |
| paddy@38 | 21 |
| paddy@41 | 22 endpoints map[string][]Endpoint |
| paddy@41 | 23 endpointLock sync.RWMutex |
| paddy@41 | 24 |
| paddy@38 | 25 profiles map[string]Profile |
| paddy@38 | 26 profileLock sync.RWMutex |
| paddy@44 | 27 |
| paddy@44 | 28 logins map[string]Login |
| paddy@44 | 29 profileLoginLookup map[string][]string |
| paddy@44 | 30 loginLock sync.RWMutex |
| paddy@28 | 31 } |
| paddy@28 | 32 |
| paddy@28 | 33 func NewMemstore() *Memstore { |
| paddy@28 | 34 return &Memstore{ |
| paddy@31 | 35 tokens: map[string]Token{}, |
| paddy@31 | 36 refreshTokenLookup: map[string]string{}, |
| paddy@31 | 37 profileTokenLookup: map[string][]string{}, |
| paddy@31 | 38 grants: map[string]Grant{}, |
| paddy@31 | 39 clients: map[string]Client{}, |
| paddy@31 | 40 profileClientLookup: map[string][]uuid.ID{}, |
| paddy@41 | 41 endpoints: map[string][]Endpoint{}, |
| paddy@38 | 42 profiles: map[string]Profile{}, |
| paddy@44 | 43 logins: map[string]Login{}, |
| paddy@44 | 44 profileLoginLookup: map[string][]string{}, |
| paddy@28 | 45 } |
| paddy@28 | 46 } |
| paddy@28 | 47 |
| paddy@28 | 48 func (m *Memstore) lookupTokenByRefresh(token string) (string, error) { |
| paddy@28 | 49 m.tokenLock.RLock() |
| paddy@28 | 50 defer m.tokenLock.RUnlock() |
| paddy@28 | 51 t, ok := m.refreshTokenLookup[token] |
| paddy@28 | 52 if !ok { |
| paddy@28 | 53 return "", ErrTokenNotFound |
| paddy@28 | 54 } |
| paddy@28 | 55 return t, nil |
| paddy@28 | 56 } |
| paddy@28 | 57 |
| paddy@28 | 58 func (m *Memstore) lookupTokensByProfileID(id string) ([]string, error) { |
| paddy@28 | 59 m.tokenLock.RLock() |
| paddy@28 | 60 defer m.tokenLock.RUnlock() |
| paddy@28 | 61 return m.profileTokenLookup[id], nil |
| paddy@28 | 62 } |
| paddy@31 | 63 |
| paddy@33 | 64 func (m *Memstore) lookupClientsByProfileID(id string) []uuid.ID { |
| paddy@31 | 65 m.clientLock.RLock() |
| paddy@31 | 66 defer m.clientLock.RUnlock() |
| paddy@33 | 67 c, ok := m.profileClientLookup[id] |
| paddy@33 | 68 if !ok { |
| paddy@33 | 69 return []uuid.ID{} |
| paddy@33 | 70 } |
| paddy@33 | 71 return c |
| paddy@31 | 72 } |