auth

Paddy 2015-04-07 Parent:d103a598548c Child:b7e685839a1b

155:762953f6a7f2 Go to Latest

auth/memstore.go

Implement postgres version of the tokenStore. Create a postgres implementation for the tokenStore. Note that because pq doesn't support Postgres' array types (see https://github.com/lib/pq/issues/49), we couldn't just store the token.Scopes field as a Postgres array of varchars, which would have been the ideal. Instead, we need a many-to-many table that maps tokens to scopes. This meant we needed a special tokenScope type for our database mapping, and we needed to complicate the token storage/retrieval functions a little bit. It's kind of ugly, I'm not a huge fan of it, and I'd much rather be using the Postgres array types, but... well, here we are. We also added the postgres tokenStore to our slice of tokenStores to test when the correct environment variables are present. We wrote initialization SQL for the tables required by the postgres tokenStore. Also, added a helper script for emptying the test database, because I got tired of doing it by hand. We should be doing that in an automated fashion in the tests themselves, but that would mean extending the *Store interfaces.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "sync"
5
6 "code.secondbit.org/uuid.hg"
7 )
8
9 type memstore struct {
10 tokens map[string]Token
11 refreshTokenLookup map[string]string
12 profileTokenLookup map[string][]string
13 tokenLock sync.RWMutex
14
15 authCodes map[string]AuthorizationCode
16 authCodeLock sync.RWMutex
17
18 clients map[string]Client
19 profileClientLookup map[string][]uuid.ID
20 clientLock sync.RWMutex
21
22 endpoints map[string][]Endpoint
23 endpointLock sync.RWMutex
24
25 profiles map[string]Profile
26 profileLock sync.RWMutex
27
28 logins map[string]Login
29 profileLoginLookup map[string][]string
30 loginLock sync.RWMutex
31
32 sessions map[string]Session
33 sessionLock sync.RWMutex
34
35 scopes map[string]Scope
36 scopeLock sync.RWMutex
37 }
38
39 // NewMemstore returns an in-memory version of our datastores,
40 // which is handy for tests. Though the implementation is concurrency-safe,
41 // if makes no attempt to persist the data, and therefore it is inadvisable
42 // to use it in a production setting.
43 func NewMemstore() *memstore {
44 return &memstore{
45 tokens: map[string]Token{},
46 refreshTokenLookup: map[string]string{},
47 profileTokenLookup: map[string][]string{},
48 authCodes: map[string]AuthorizationCode{},
49 clients: map[string]Client{},
50 profileClientLookup: map[string][]uuid.ID{},
51 endpoints: map[string][]Endpoint{},
52 profiles: map[string]Profile{},
53 logins: map[string]Login{},
54 profileLoginLookup: map[string][]string{},
55 sessions: map[string]Session{},
56 scopes: map[string]Scope{},
57 }
58 }
59
60 func (m *memstore) lookupTokenByRefresh(token string) (string, error) {
61 m.tokenLock.RLock()
62 defer m.tokenLock.RUnlock()
63 t, ok := m.refreshTokenLookup[token]
64 if !ok {
65 return "", ErrTokenNotFound
66 }
67 return t, nil
68 }
69
70 func (m *memstore) lookupTokensByProfileID(id string) ([]string, error) {
71 m.tokenLock.RLock()
72 defer m.tokenLock.RUnlock()
73 return m.profileTokenLookup[id], nil
74 }
75
76 func (m *memstore) lookupClientsByProfileID(id string) []uuid.ID {
77 m.clientLock.RLock()
78 defer m.clientLock.RUnlock()
79 c, ok := m.profileClientLookup[id]
80 if !ok {
81 return []uuid.ID{}
82 }
83 return c
84 }