auth

Paddy 2014-12-14 Parent:1fb166575e69 Child:c03b5eb3179e

99:5bccbed6631b Go to Latest

auth/memstore.go

Add an endpoint to validate and register profiles. Add a newProfileRequest object that defines the user-specified properties of a new Profile. Add a helper that validates a newProfileRequest and modifies it for sanitization, mostly just removing leading and trailing whitespace. Add MaxNameLength, MaxUsernameLength, and MaxEmailLength constants to hold the maximum length for those properties. Add errors to be returned when a users attempts to log in with a profile that is compromised or locked. Add the bare bones of a CreateProfileHandler that validates a profile registration request adn uses it to create a Profile and at least one Login. Create a requestError struct that is used for returning API errors, along with constants for the slugs we'll use to signal those errors.

Download raw file
View source Diff to previous Annotate
History
paddy@28 1 package auth
paddy@28 2
paddy@31 3 import (
paddy@31 4 "sync"
paddy@31 5
paddy@45 6 "code.secondbit.org/uuid"
paddy@31 7 )
paddy@28 8
paddy@57 9 type memstore struct {
paddy@28 10 tokens map[string]Token
paddy@28 11 refreshTokenLookup map[string]string
paddy@28 12 profileTokenLookup map[string][]string
paddy@28 13 tokenLock sync.RWMutex
paddy@29 14
paddy@87 15 authCodes map[string]AuthorizationCode
paddy@87 16 authCodeLock sync.RWMutex
paddy@31 17
paddy@31 18 clients map[string]Client
paddy@31 19 profileClientLookup map[string][]uuid.ID
paddy@31 20 clientLock sync.RWMutex
paddy@38 21
paddy@41 22 endpoints map[string][]Endpoint
paddy@41 23 endpointLock sync.RWMutex
paddy@41 24
paddy@38 25 profiles map[string]Profile
paddy@38 26 profileLock sync.RWMutex
paddy@44 27
paddy@44 28 logins map[string]Login
paddy@44 29 profileLoginLookup map[string][]string
paddy@44 30 loginLock sync.RWMutex
paddy@77 31
paddy@77 32 sessions map[string]Session
paddy@77 33 sessionLock sync.RWMutex
paddy@28 34 }
paddy@28 35
paddy@57 36 // NewMemstore returns an in-memory version of our datastores,
paddy@57 37 // which is handy for tests. Though the implementation is concurrency-safe,
paddy@57 38 // if makes no attempt to persist the data, and therefore it is inadvisable
paddy@57 39 // to use it in a production setting.
paddy@57 40 func NewMemstore() *memstore {
paddy@57 41 return &memstore{
paddy@31 42 tokens: map[string]Token{},
paddy@31 43 refreshTokenLookup: map[string]string{},
paddy@31 44 profileTokenLookup: map[string][]string{},
paddy@87 45 authCodes: map[string]AuthorizationCode{},
paddy@31 46 clients: map[string]Client{},
paddy@31 47 profileClientLookup: map[string][]uuid.ID{},
paddy@41 48 endpoints: map[string][]Endpoint{},
paddy@38 49 profiles: map[string]Profile{},
paddy@44 50 logins: map[string]Login{},
paddy@44 51 profileLoginLookup: map[string][]string{},
paddy@77 52 sessions: map[string]Session{},
paddy@28 53 }
paddy@28 54 }
paddy@28 55
paddy@57 56 func (m *memstore) lookupTokenByRefresh(token string) (string, error) {
paddy@28 57 m.tokenLock.RLock()
paddy@28 58 defer m.tokenLock.RUnlock()
paddy@28 59 t, ok := m.refreshTokenLookup[token]
paddy@28 60 if !ok {
paddy@28 61 return "", ErrTokenNotFound
paddy@28 62 }
paddy@28 63 return t, nil
paddy@28 64 }
paddy@28 65
paddy@57 66 func (m *memstore) lookupTokensByProfileID(id string) ([]string, error) {
paddy@28 67 m.tokenLock.RLock()
paddy@28 68 defer m.tokenLock.RUnlock()
paddy@28 69 return m.profileTokenLookup[id], nil
paddy@28 70 }
paddy@31 71
paddy@57 72 func (m *memstore) lookupClientsByProfileID(id string) []uuid.ID {
paddy@31 73 m.clientLock.RLock()
paddy@31 74 defer m.clientLock.RUnlock()
paddy@33 75 c, ok := m.profileClientLookup[id]
paddy@33 76 if !ok {
paddy@33 77 return []uuid.ID{}
paddy@33 78 }
paddy@33 79 return c
paddy@31 80 }