auth
auth/token.go
Make static error messages HTML safe. We may, at some point, want to use links or HTML elements in these static error messages. Since they're hardcoded, let's pass them as safe HTML strings.
1 package auth
3 import (
4 "errors"
5 "time"
7 "code.secondbit.org/uuid"
8 )
10 var (
11 // ErrNoTokenStore is returned when a Context tries to act on a tokenStore without setting one first.
12 ErrNoTokenStore = errors.New("no tokenStore was specified for the Context")
13 // ErrTokenNotFound is returned when a Token is requested but not found in a tokenStore.
14 ErrTokenNotFound = errors.New("token not found in tokenStore")
15 // ErrTokenAlreadyExists is returned when a Token is added to a tokenStore, but another Token with
16 // the same AccessToken property already exists in the tokenStore.
17 ErrTokenAlreadyExists = errors.New("token already exists in tokenStore")
18 )
20 // Token represents an access and/or refresh token that the Client can use to access user data
21 // or obtain a new access token.
22 type Token struct {
23 AccessToken string
24 RefreshToken string
25 Created time.Time
26 ExpiresIn int32
27 TokenType string
28 Scope string
29 ProfileID uuid.ID
30 }
32 type tokenStore interface {
33 getToken(token string, refresh bool) (Token, error)
34 saveToken(token Token) error
35 removeToken(token string) error
36 getTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error)
37 }
39 func (m *memstore) getToken(token string, refresh bool) (Token, error) {
40 if refresh {
41 t, err := m.lookupTokenByRefresh(token)
42 if err != nil {
43 return Token{}, err
44 }
45 token = t
46 }
47 m.tokenLock.RLock()
48 defer m.tokenLock.RUnlock()
49 result, ok := m.tokens[token]
50 if !ok {
51 return Token{}, ErrTokenNotFound
52 }
53 return result, nil
54 }
56 func (m *memstore) saveToken(token Token) error {
57 m.tokenLock.Lock()
58 defer m.tokenLock.Unlock()
59 _, ok := m.tokens[token.AccessToken]
60 if ok {
61 return ErrTokenAlreadyExists
62 }
63 m.tokens[token.AccessToken] = token
64 if token.RefreshToken != "" {
65 m.refreshTokenLookup[token.RefreshToken] = token.AccessToken
66 }
67 if _, ok = m.profileTokenLookup[token.ProfileID.String()]; ok {
68 m.profileTokenLookup[token.ProfileID.String()] = append(m.profileTokenLookup[token.ProfileID.String()], token.AccessToken)
69 } else {
70 m.profileTokenLookup[token.ProfileID.String()] = []string{token.AccessToken}
71 }
72 return nil
73 }
75 func (m *memstore) removeToken(token string) error {
76 m.tokenLock.Lock()
77 defer m.tokenLock.Unlock()
78 t, ok := m.tokens[token]
79 if !ok {
80 return ErrTokenNotFound
81 }
82 delete(m.tokens, token)
83 if t.RefreshToken != "" {
84 delete(m.refreshTokenLookup, t.RefreshToken)
85 }
86 pos := -1
87 for p, item := range m.profileTokenLookup[t.ProfileID.String()] {
88 if item == token {
89 pos = p
90 break
91 }
92 }
93 if pos >= 0 {
94 m.profileTokenLookup[t.ProfileID.String()] = append(m.profileTokenLookup[t.ProfileID.String()][:pos], m.profileTokenLookup[t.ProfileID.String()][pos+1:]...)
95 }
96 return nil
97 }
99 func (m *memstore) getTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) {
100 ids, err := m.lookupTokensByProfileID(profileID.String())
101 if err != nil {
102 return []Token{}, err
103 }
104 if len(ids) > num+offset {
105 ids = ids[offset : num+offset]
106 } else if len(ids) > offset {
107 ids = ids[offset:]
108 } else {
109 return []Token{}, nil
110 }
111 tokens := []Token{}
112 for _, id := range ids {
113 token, err := m.getToken(id, false)
114 if err != nil {
115 return []Token{}, err
116 }
117 tokens = append(tokens, token)
118 }
119 return tokens, nil
120 }