auth

Paddy 2015-04-11 Parent:de5e09680f6b Child:cf6c1f05eb21

157:202e991accc2 Go to Latest

auth/context.go

Wire up the postgres database for authd. Have authd use the AUTH_PG_DB environment variable to detect support for the postgres *Stores, and if postgres is supported, use it. If postgres isn't supported, fall back on the in-memory store. Also create-if-not-exists the test scopes, instead of panicking when the scope already exists.

Download raw file
View source Diff to previous Annotate
History
paddy@50 1 package auth
paddy@50 2
paddy@50 3 import (
paddy@50 4 "html/template"
paddy@50 5 "io"
paddy@55 6 "log"
paddy@77 7 "net/url"
paddy@50 8 "time"
paddy@50 9
paddy@107 10 "code.secondbit.org/uuid.hg"
paddy@50 11 )
paddy@50 12
paddy@57 13 // Context wraps the different storage interfaces and should
paddy@57 14 // be used as the main point of interaction for the data storage
paddy@57 15 // layer.
paddy@50 16 type Context struct {
paddy@87 17 template *template.Template
paddy@87 18 loginURI *url.URL
paddy@87 19 clients clientStore
paddy@87 20 authCodes authorizationCodeStore
paddy@87 21 profiles profileStore
paddy@87 22 tokens tokenStore
paddy@87 23 sessions sessionStore
paddy@134 24 scopes scopeStore
paddy@96 25 config Config
paddy@96 26 }
paddy@96 27
paddy@96 28 // NewContext takes a Config instance and uses it to bootstrap a Context
paddy@96 29 // using the information provided in the Config variable.
paddy@96 30 func NewContext(config Config) (Context, error) {
paddy@102 31 if config.iterations == 0 {
paddy@102 32 return Context{}, ErrConfigNotInitialized
paddy@102 33 }
paddy@96 34 context := Context{
paddy@96 35 clients: config.ClientStore,
paddy@96 36 authCodes: config.AuthCodeStore,
paddy@96 37 profiles: config.ProfileStore,
paddy@96 38 tokens: config.TokenStore,
paddy@96 39 sessions: config.SessionStore,
paddy@134 40 scopes: config.ScopeStore,
paddy@96 41 template: config.Template,
paddy@96 42 config: config,
paddy@96 43 }
paddy@96 44 var err error
paddy@96 45 context.loginURI, err = url.Parse(config.LoginURI)
paddy@96 46 if err != nil {
paddy@96 47 log.Println(err)
paddy@96 48 return Context{}, ErrInvalidLoginURI
paddy@96 49 }
paddy@96 50 return context, nil
paddy@50 51 }
paddy@50 52
paddy@57 53 // Render uses the HTML templates associated with the Context to render the
paddy@57 54 // template specified by name to out using data to fill any template variables.
paddy@55 55 func (c Context) Render(out io.Writer, name string, data interface{}) {
paddy@50 56 if c.template == nil {
paddy@57 57 log.Println("No template set on Context, can't render anything!")
paddy@57 58 return
paddy@50 59 }
paddy@55 60 err := c.template.ExecuteTemplate(out, name, data)
paddy@55 61 if err != nil {
paddy@55 62 log.Println("Error executing template", name, ":", err)
paddy@55 63 }
paddy@50 64 }
paddy@50 65
paddy@57 66 // GetClient returns a single Client by its ID from the
paddy@57 67 // clientStore associated with the Context.
paddy@50 68 func (c Context) GetClient(id uuid.ID) (Client, error) {
paddy@50 69 if c.clients == nil {
paddy@50 70 return Client{}, ErrNoClientStore
paddy@50 71 }
paddy@57 72 return c.clients.getClient(id)
paddy@50 73 }
paddy@50 74
paddy@57 75 // SaveClient stores the passed Client in the clientStore
paddy@57 76 // associated with the Context.
paddy@50 77 func (c Context) SaveClient(client Client) error {
paddy@50 78 if c.clients == nil {
paddy@50 79 return ErrNoClientStore
paddy@50 80 }
paddy@57 81 return c.clients.saveClient(client)
paddy@50 82 }
paddy@50 83
paddy@57 84 // UpdateClient applies the specified ClientChange to the Client
paddy@57 85 // with the specified ID in the clientStore associated with the
paddy@57 86 // Context.
paddy@50 87 func (c Context) UpdateClient(id uuid.ID, change ClientChange) error {
paddy@50 88 if c.clients == nil {
paddy@50 89 return ErrNoClientStore
paddy@50 90 }
paddy@57 91 return c.clients.updateClient(id, change)
paddy@50 92 }
paddy@50 93
paddy@57 94 // ListClientsByOwner returns a slice of up to num Clients, starting at offset (inclusive)
paddy@57 95 // that have the specified OwnerID in the clientStore associated with the Context.
paddy@50 96 func (c Context) ListClientsByOwner(ownerID uuid.ID, num, offset int) ([]Client, error) {
paddy@50 97 if c.clients == nil {
paddy@50 98 return []Client{}, ErrNoClientStore
paddy@50 99 }
paddy@57 100 return c.clients.listClientsByOwner(ownerID, num, offset)
paddy@50 101 }
paddy@50 102
paddy@151 103 // AddEndpoints stores the specified Endpoints in the clientStore associated with the Context.
paddy@151 104 func (c Context) AddEndpoints(endpoints []Endpoint) error {
paddy@50 105 if c.clients == nil {
paddy@50 106 return ErrNoClientStore
paddy@50 107 }
paddy@116 108 for pos, endpoint := range endpoints {
paddy@116 109 u, err := normalizeURIString(endpoint.URI)
paddy@116 110 if err != nil {
paddy@116 111 return err
paddy@116 112 }
paddy@116 113 endpoint.NormalizedURI = u
paddy@116 114 endpoints[pos] = endpoint
paddy@116 115 }
paddy@151 116 return c.clients.addEndpoints(endpoints)
paddy@50 117 }
paddy@50 118
paddy@143 119 // GetEndpoint retrieves the Endpoint with the specified ID from the clientStore associated
paddy@143 120 // with the Context, if and only if it belongs to the Client with the specified ID.
paddy@143 121 func (c Context) GetEndpoint(client, endpoint uuid.ID) (Endpoint, error) {
paddy@143 122 if c.clients == nil {
paddy@143 123 return Endpoint{}, ErrNoClientStore
paddy@143 124 }
paddy@143 125 return c.clients.getEndpoint(client, endpoint)
paddy@143 126 }
paddy@143 127
paddy@57 128 // RemoveEndpoint deletes the Endpoint with the specified ID from the clientStore associated
paddy@57 129 // with the Context, and disassociates the Endpoint from the specified Client.
paddy@50 130 func (c Context) RemoveEndpoint(client, endpoint uuid.ID) error {
paddy@50 131 if c.clients == nil {
paddy@50 132 return ErrNoClientStore
paddy@50 133 }
paddy@57 134 return c.clients.removeEndpoint(client, endpoint)
paddy@50 135 }
paddy@50 136
paddy@57 137 // CheckEndpoint finds Endpoints in the clientStore associated with the Context that belong
paddy@58 138 // to the Client specified by the passed ID and match the URI passed. URI matches must be
paddy@58 139 // performed according to RFC 3986 Section 6.
paddy@58 140 func (c Context) CheckEndpoint(client uuid.ID, URI string) (bool, error) {
paddy@50 141 if c.clients == nil {
paddy@50 142 return false, ErrNoClientStore
paddy@50 143 }
paddy@116 144 u, err := normalizeURIString(URI)
paddy@116 145 if err != nil {
paddy@116 146 return false, err
paddy@116 147 }
paddy@116 148 return c.clients.checkEndpoint(client, u)
paddy@50 149 }
paddy@50 150
paddy@57 151 // ListEndpoints finds Endpoints in the clientStore associated with the Context that belong
paddy@57 152 // to the Client specified by the passed ID. It returns up to num endpoints, starting at offset,
paddy@57 153 // exclusive.
paddy@50 154 func (c Context) ListEndpoints(client uuid.ID, num, offset int) ([]Endpoint, error) {
paddy@50 155 if c.clients == nil {
paddy@50 156 return []Endpoint{}, ErrNoClientStore
paddy@50 157 }
paddy@57 158 return c.clients.listEndpoints(client, num, offset)
paddy@50 159 }
paddy@50 160
paddy@57 161 // CountEndpoints returns the number of Endpoints the are associated with the Client specified by the
paddy@57 162 // passed ID in the clientStore associated with the Context.
paddy@55 163 func (c Context) CountEndpoints(client uuid.ID) (int64, error) {
paddy@55 164 if c.clients == nil {
paddy@55 165 return 0, ErrNoClientStore
paddy@55 166 }
paddy@57 167 return c.clients.countEndpoints(client)
paddy@55 168 }
paddy@55 169
paddy@87 170 // GetAuthorizationCode returns the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with the
paddy@57 171 // Context.
paddy@87 172 func (c Context) GetAuthorizationCode(code string) (AuthorizationCode, error) {
paddy@87 173 if c.authCodes == nil {
paddy@87 174 return AuthorizationCode{}, ErrNoAuthorizationCodeStore
paddy@50 175 }
paddy@87 176 return c.authCodes.getAuthorizationCode(code)
paddy@50 177 }
paddy@50 178
paddy@87 179 // SaveAuthorizationCode stores the passed AuthorizationCode in the authorizationCodeStore associated with the Context.
paddy@87 180 func (c Context) SaveAuthorizationCode(authCode AuthorizationCode) error {
paddy@87 181 if c.authCodes == nil {
paddy@87 182 return ErrNoAuthorizationCodeStore
paddy@50 183 }
paddy@87 184 return c.authCodes.saveAuthorizationCode(authCode)
paddy@50 185 }
paddy@50 186
paddy@87 187 // DeleteAuthorizationCode removes the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with
paddy@57 188 // the Context.
paddy@87 189 func (c Context) DeleteAuthorizationCode(code string) error {
paddy@87 190 if c.authCodes == nil {
paddy@87 191 return ErrNoAuthorizationCodeStore
paddy@50 192 }
paddy@87 193 return c.authCodes.deleteAuthorizationCode(code)
paddy@50 194 }
paddy@50 195
paddy@94 196 // UseAuthorizationCode marks the AuthorizationCode specified by the provided code as used in the authorizationCodeStore associated with
paddy@94 197 // the Context. Once an AuthorizationCode is marked as used, its Used property will be set to true when retrieved from the authorizationCodeStore.
paddy@94 198 func (c Context) UseAuthorizationCode(code string) error {
paddy@94 199 if c.authCodes == nil {
paddy@94 200 return ErrNoAuthorizationCodeStore
paddy@94 201 }
paddy@94 202 return c.authCodes.useAuthorizationCode(code)
paddy@94 203 }
paddy@94 204
paddy@57 205 // GetProfileByID returns the Profile specified by the provided ID from the profileStore associated with
paddy@57 206 // the Context.
paddy@50 207 func (c Context) GetProfileByID(id uuid.ID) (Profile, error) {
paddy@50 208 if c.profiles == nil {
paddy@50 209 return Profile{}, ErrNoProfileStore
paddy@50 210 }
paddy@57 211 return c.profiles.getProfileByID(id)
paddy@50 212 }
paddy@50 213
paddy@57 214 // GetProfileByLogin returns the Profile associated with the specified Login from the profileStore associated
paddy@57 215 // with the Context.
paddy@69 216 func (c Context) GetProfileByLogin(value string) (Profile, error) {
paddy@50 217 if c.profiles == nil {
paddy@50 218 return Profile{}, ErrNoProfileStore
paddy@50 219 }
paddy@69 220 return c.profiles.getProfileByLogin(value)
paddy@50 221 }
paddy@50 222
paddy@57 223 // SaveProfile inserts the passed Profile into the profileStore associated with the Context.
paddy@50 224 func (c Context) SaveProfile(profile Profile) error {
paddy@50 225 if c.profiles == nil {
paddy@50 226 return ErrNoProfileStore
paddy@50 227 }
paddy@57 228 return c.profiles.saveProfile(profile)
paddy@50 229 }
paddy@50 230
paddy@57 231 // UpdateProfile applies the supplied ProfileChange to the Profile that matches the specified ID
paddy@57 232 // in the profileStore associated with the Context.
paddy@50 233 func (c Context) UpdateProfile(id uuid.ID, change ProfileChange) error {
paddy@50 234 if c.profiles == nil {
paddy@50 235 return ErrNoProfileStore
paddy@50 236 }
paddy@57 237 return c.profiles.updateProfile(id, change)
paddy@50 238 }
paddy@50 239
paddy@57 240 // UpdateProfiles applies the supplied BulkProfileChange to every Profile that matches one of the
paddy@57 241 // specified IDs in the profileStore associated with the Context.
paddy@50 242 func (c Context) UpdateProfiles(ids []uuid.ID, change BulkProfileChange) error {
paddy@50 243 if c.profiles == nil {
paddy@50 244 return ErrNoProfileStore
paddy@50 245 }
paddy@57 246 return c.profiles.updateProfiles(ids, change)
paddy@50 247 }
paddy@50 248
paddy@57 249 // AddLogin stores the passed Login in the profileStore associated with the Context. It also associates
paddy@57 250 // the newly-created Login with the Orofile in login.ProfileID.
paddy@50 251 func (c Context) AddLogin(login Login) error {
paddy@50 252 if c.profiles == nil {
paddy@50 253 return ErrNoProfileStore
paddy@50 254 }
paddy@57 255 return c.profiles.addLogin(login)
paddy@50 256 }
paddy@50 257
paddy@57 258 // RemoveLogin removes the specified Login from the profileStore associated with the Context, provided
paddy@57 259 // the Login has a ProfileID property that matches the profile ID passed in. It also disassociates the
paddy@57 260 // deleted Login from the Profile in login.ProfileID.
paddy@69 261 func (c Context) RemoveLogin(value string, profile uuid.ID) error {
paddy@50 262 if c.profiles == nil {
paddy@50 263 return ErrNoProfileStore
paddy@50 264 }
paddy@69 265 return c.profiles.removeLogin(value, profile)
paddy@50 266 }
paddy@50 267
paddy@57 268 // RecordLoginUse sets the LastUsed property of the Login specified in the profileStore associated with
paddy@57 269 // the Context to the value passed in as when.
paddy@69 270 func (c Context) RecordLoginUse(value string, when time.Time) error {
paddy@50 271 if c.profiles == nil {
paddy@50 272 return ErrNoProfileStore
paddy@50 273 }
paddy@69 274 return c.profiles.recordLoginUse(value, when)
paddy@50 275 }
paddy@50 276
paddy@57 277 // ListLogins returns a slice of up to num Logins associated with the specified Profile from the profileStore
paddy@57 278 // associated with the Context, skipping offset Profiles.
paddy@50 279 func (c Context) ListLogins(profile uuid.ID, num, offset int) ([]Login, error) {
paddy@50 280 if c.profiles == nil {
paddy@50 281 return []Login{}, ErrNoProfileStore
paddy@50 282 }
paddy@57 283 return c.profiles.listLogins(profile, num, offset)
paddy@50 284 }
paddy@50 285
paddy@57 286 // GetToken returns the Token specified from the tokenStore associated with the Context.
paddy@57 287 // If refresh is true, the token input should be compared against the refresh tokens, not the
paddy@57 288 // access tokens.
paddy@50 289 func (c Context) GetToken(token string, refresh bool) (Token, error) {
paddy@50 290 if c.tokens == nil {
paddy@50 291 return Token{}, ErrNoTokenStore
paddy@50 292 }
paddy@57 293 return c.tokens.getToken(token, refresh)
paddy@50 294 }
paddy@50 295
paddy@57 296 // SaveToken stores the passed Token in the tokenStore associated with the Context.
paddy@50 297 func (c Context) SaveToken(token Token) error {
paddy@50 298 if c.tokens == nil {
paddy@50 299 return ErrNoTokenStore
paddy@50 300 }
paddy@57 301 return c.tokens.saveToken(token)
paddy@50 302 }
paddy@50 303
paddy@93 304 // RevokeToken revokes the Token identfied by the passed token string from the tokenStore associated
paddy@93 305 // with the context. If refresh is true, the token input should be compared against the refresh tokens,
paddy@93 306 // not the access tokens.
paddy@93 307 func (c Context) RevokeToken(token string, refresh bool) error {
paddy@93 308 if c.tokens == nil {
paddy@93 309 return ErrNoTokenStore
paddy@93 310 }
paddy@93 311 return c.tokens.revokeToken(token, refresh)
paddy@93 312 }
paddy@93 313
paddy@57 314 // GetTokensByProfileID returns a slice of up to num Tokens with a ProfileID that matches the specified
paddy@57 315 // profileID from the tokenStore associated with the Context, skipping offset Tokens.
paddy@50 316 func (c Context) GetTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) {
paddy@50 317 if c.tokens == nil {
paddy@50 318 return []Token{}, ErrNoTokenStore
paddy@50 319 }
paddy@57 320 return c.tokens.getTokensByProfileID(profileID, num, offset)
paddy@50 321 }
paddy@69 322
paddy@69 323 // CreateSession stores the passed Session in the sessionStore associated with the Context.
paddy@69 324 func (c Context) CreateSession(session Session) error {
paddy@69 325 if c.sessions == nil {
paddy@69 326 return ErrNoSessionStore
paddy@69 327 }
paddy@69 328 return c.sessions.createSession(session)
paddy@69 329 }
paddy@69 330
paddy@69 331 // GetSession returns the Session specified from the sessionStore associated with the Context.
paddy@69 332 func (c Context) GetSession(id string) (Session, error) {
paddy@69 333 if c.sessions == nil {
paddy@69 334 return Session{}, ErrNoSessionStore
paddy@69 335 }
paddy@69 336 return c.sessions.getSession(id)
paddy@69 337 }
paddy@69 338
paddy@69 339 // RemoveSession removes the Session identified by the passed ID from the sessionStore associated with
paddy@69 340 // the Context.
paddy@69 341 func (c Context) RemoveSession(id string) error {
paddy@69 342 if c.sessions == nil {
paddy@69 343 return ErrNoSessionStore
paddy@69 344 }
paddy@69 345 return c.sessions.removeSession(id)
paddy@69 346 }
paddy@69 347
paddy@69 348 // ListSessions returns a slice of up to num Sessions from the sessionStore associated with the Context,
paddy@69 349 // ordered by the date they were created, descending. If before.IsZero() returns false, only Sessions
paddy@69 350 // that were created before that time will be returned. If profile is not nil, only Sessions belonging to
paddy@69 351 // that Profile will be returned.
paddy@69 352 func (c Context) ListSessions(profile uuid.ID, before time.Time, num int64) ([]Session, error) {
paddy@116 353 if c.sessions == nil {
paddy@69 354 return []Session{}, ErrNoSessionStore
paddy@69 355 }
paddy@69 356 return c.sessions.listSessions(profile, before, num)
paddy@69 357 }
paddy@134 358
paddy@134 359 func (c Context) CreateScopes(scopes []Scope) error {
paddy@134 360 if c.scopes == nil {
paddy@134 361 return ErrNoScopeStore
paddy@134 362 }
paddy@134 363 return c.scopes.createScopes(scopes)
paddy@134 364 }
paddy@134 365
paddy@134 366 func (c Context) GetScopes(ids []string) ([]Scope, error) {
paddy@134 367 if c.scopes == nil {
paddy@134 368 return []Scope{}, ErrNoScopeStore
paddy@134 369 }
paddy@134 370 return c.scopes.getScopes(ids)
paddy@134 371 }
paddy@134 372
paddy@152 373 func (c Context) UpdateScope(id string, change ScopeChange) error {
paddy@134 374 if c.scopes == nil {
paddy@152 375 return ErrNoScopeStore
paddy@134 376 }
paddy@152 377 return c.scopes.updateScope(id, change)
paddy@134 378 }
paddy@134 379
paddy@134 380 func (c Context) RemoveScopes(ids []string) error {
paddy@134 381 if c.scopes == nil {
paddy@134 382 return ErrNoScopeStore
paddy@134 383 }
paddy@134 384 return c.scopes.removeScopes(ids)
paddy@134 385 }
paddy@134 386
paddy@134 387 func (c Context) ListScopes() ([]Scope, error) {
paddy@134 388 if c.scopes == nil {
paddy@134 389 return []Scope{}, ErrNoScopeStore
paddy@134 390 }
paddy@134 391 return c.scopes.listScopes()
paddy@134 392 }