auth

Paddy 2015-03-20 Parent:d103a598548c Child:de5e09680f6b

147:7ae03163f578 Go to Latest

auth/scope.go

Randomly generate codes. We've been using our IDs for auth codes. But our IDs may at some point be non-random, for the purpose of optimising database performance, or some other perfectly valid reason. Auth codes we always want to be random, and have no relation to IDs, so why conflate them? Instead, we pull 16 random bytes out of crypto/rand.Reader and hex encode them.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "errors"
5 "fmt"
6 "sort"
7 )
8
9 var (
10 ErrNoScopeStore = errors.New("scopeStore not set in Context")
11 )
12
13 type ErrScopeNotFound struct {
14 Pos int
15 ID string
16 }
17
18 func (e ErrScopeNotFound) Error() string {
19 return fmt.Sprintf("scope %s couldn't be found", e.ID)
20 }
21
22 type ErrScopeAlreadyExists struct {
23 Pos int
24 ID string
25 }
26
27 func (e ErrScopeAlreadyExists) Error() string {
28 return fmt.Sprintf("scope %s already exists", e.ID)
29 }
30
31 // Scope represents a limit on the access that a grant provides.
32 type Scope struct {
33 ID string
34 Name string
35 Description string
36 }
37
38 func (s *Scope) ApplyChange(change ScopeChange) {
39 if change.Name != nil {
40 s.Name = *change.Name
41 }
42 if change.Description != nil {
43 s.Description = *change.Description
44 }
45 }
46
47 type sortedScopes []Scope
48
49 func (s sortedScopes) Len() int {
50 return len(s)
51 }
52
53 func (s sortedScopes) Swap(i, j int) {
54 s[i], s[j] = s[j], s[i]
55 }
56
57 func (s sortedScopes) Less(i, j int) bool {
58 return s[i].ID < s[j].ID
59 }
60
61 // ScopeChange represents a change to a Scope.
62 type ScopeChange struct {
63 ID string
64 Name *string
65 Description *string
66 }
67
68 type scopeStore interface {
69 createScopes(scopes []Scope) error
70 getScopes(ids []string) ([]Scope, error)
71 updateScopes(changes []ScopeChange) ([]Scope, error)
72 removeScopes(ids []string) error
73 listScopes() ([]Scope, error)
74 }
75
76 func (m *memstore) createScopes(scopes []Scope) error {
77 m.scopeLock.Lock()
78 defer m.scopeLock.Unlock()
79
80 for pos, scope := range scopes {
81 if _, ok := m.scopes[scope.ID]; ok {
82 return ErrScopeAlreadyExists{Pos: pos, ID: scope.ID}
83 }
84 }
85 for _, scope := range scopes {
86 m.scopes[scope.ID] = scope
87 }
88 return nil
89 }
90
91 func (m *memstore) getScopes(ids []string) ([]Scope, error) {
92 m.scopeLock.RLock()
93 defer m.scopeLock.RUnlock()
94
95 scopes := []Scope{}
96 for pos, id := range ids {
97 scope, ok := m.scopes[id]
98 if !ok {
99 return []Scope{}, ErrScopeNotFound{ID: id, Pos: pos}
100 }
101 scopes = append(scopes, scope)
102 }
103 sorted := sortedScopes(scopes)
104 sort.Sort(sorted)
105 scopes = sorted
106 return scopes, nil
107 }
108
109 func (m *memstore) updateScopes(changes []ScopeChange) ([]Scope, error) {
110 m.scopeLock.Lock()
111 defer m.scopeLock.Unlock()
112
113 scopes := []Scope{}
114
115 for pos, change := range changes {
116 if _, ok := m.scopes[change.ID]; !ok {
117 return []Scope{}, ErrScopeNotFound{Pos: pos, ID: change.ID}
118 }
119 }
120 for _, change := range changes {
121 scope := m.scopes[change.ID]
122 scope.ApplyChange(change)
123 m.scopes[change.ID] = scope
124 scopes = append(scopes, scope)
125 }
126 sorted := sortedScopes(scopes)
127 sort.Sort(sorted)
128 scopes = sorted
129 return scopes, nil
130 }
131
132 func (m *memstore) removeScopes(ids []string) error {
133 m.scopeLock.Lock()
134 defer m.scopeLock.Unlock()
135
136 for pos, id := range ids {
137 if _, ok := m.scopes[id]; !ok {
138 return ErrScopeNotFound{Pos: pos, ID: id}
139 }
140 }
141 for _, id := range ids {
142 delete(m.scopes, id)
143 }
144 return nil
145 }
146
147 func (m *memstore) listScopes() ([]Scope, error) {
148 m.scopeLock.RLock()
149 defer m.scopeLock.RUnlock()
150
151 scopes := []Scope{}
152 for _, scope := range m.scopes {
153 scopes = append(scopes, scope)
154 }
155 sorted := sortedScopes(scopes)
156 sort.Sort(sorted)
157 scopes = sorted
158 return scopes, nil
159 }