auth

Paddy 2015-04-11 Parent:5f670aba87b4 Child:6f473576c6ae

159:cf6c1f05eb21 Go to Latest

auth/session_postgres.go

Enable terminating sessions through the API. Add a terminateSession method to the sessionStore that sets the Active property of the Session to false. Create a Context.TerminateSession wrapper for the terminateSession method on the sessionStore. Add a Sessions property to our response type so we can return a []Session in API responses. Use the URL-safe encoding when base64 encoding our session ID and CSRFToken, so the ID can be passed in the URL and so our encodings are consistent. Add a TerminateSessionHandler function that will extract a Session ID from the request URL, authenticate the user, check that the authenticated user owns the session in question, and terminate the session. Add implementations for our new terminateSession method for the memstore and postgres types. Test both the memstore and postgres implementation of our terminateSession helper in session_test.go.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "time"
5
6 "code.secondbit.org/uuid.hg"
7
8 "github.com/lib/pq"
9 "github.com/secondbit/pan"
10 )
11
12 func (s Session) GetSQLTableName() string {
13 return "sessions"
14 }
15
16 func (p *postgres) createSessionSQL(session Session) *pan.Query {
17 fields, values := pan.GetFields(session)
18 query := pan.New(pan.POSTGRES, "INSERT INTO "+pan.GetTableName(session))
19 query.Include("(" + pan.QueryList(fields) + ")")
20 query.Include("VALUES")
21 query.Include("("+pan.VariableList(len(values))+")", values...)
22 return query.FlushExpressions(" ")
23 }
24
25 func (p *postgres) createSession(session Session) error {
26 query := p.createSessionSQL(session)
27 _, err := p.db.Exec(query.String(), query.Args...)
28 if e, ok := err.(*pq.Error); ok && e.Constraint == "sessions_pkey" {
29 err = ErrSessionAlreadyExists
30 }
31 return err
32 }
33
34 func (p *postgres) getSessionSQL(id string) *pan.Query {
35 var session Session
36 fields, _ := pan.GetFields(session)
37 query := pan.New(pan.POSTGRES, "SELECT "+pan.QueryList(fields)+" FROM "+pan.GetTableName(session))
38 query.IncludeWhere()
39 query.Include(pan.GetUnquotedColumn(session, "ID")+" = ?", id)
40 return query.FlushExpressions(" ")
41 }
42
43 func (p *postgres) getSession(id string) (Session, error) {
44 query := p.getSessionSQL(id)
45 rows, err := p.db.Query(query.String(), query.Args...)
46 if err != nil {
47 return Session{}, err
48 }
49 var session Session
50 var found bool
51 for rows.Next() {
52 err := pan.Unmarshal(rows, &session)
53 if err != nil {
54 return session, err
55 }
56 found = true
57 }
58 if err = rows.Err(); err != nil {
59 return session, err
60 }
61 if !found {
62 return session, ErrSessionNotFound
63 }
64 return session, nil
65 }
66
67 func (p *postgres) terminateSessionSQL(id string) *pan.Query {
68 var session Session
69 query := pan.New(pan.POSTGRES, "UPDATE "+pan.GetTableName(session)+" SET")
70 query.Include(pan.GetUnquotedColumn(session, "Active")+" = ?", false)
71 query.IncludeWhere()
72 query.Include(pan.GetUnquotedColumn(session, "ID")+" = ?", id)
73 return query.FlushExpressions(" ")
74 }
75
76 func (p *postgres) terminateSession(id string) error {
77 query := p.terminateSessionSQL(id)
78 res, err := p.db.Exec(query.String(), query.Args...)
79 if err != nil {
80 return err
81 }
82 rows, err := res.RowsAffected()
83 if err != nil {
84 return err
85 }
86 if rows < 1 {
87 return ErrSessionNotFound
88 }
89 return nil
90 }
91
92 func (p *postgres) removeSessionSQL(id string) *pan.Query {
93 var session Session
94 query := pan.New(pan.POSTGRES, "DELETE FROM "+pan.GetTableName(session))
95 query.IncludeWhere()
96 query.Include(pan.GetUnquotedColumn(session, "ID")+" = ?", id)
97 return query.FlushExpressions(" ")
98 }
99
100 func (p *postgres) removeSession(id string) error {
101 query := p.removeSessionSQL(id)
102 res, err := p.db.Exec(query.String(), query.Args...)
103 if err != nil {
104 return err
105 }
106 rows, err := res.RowsAffected()
107 if err != nil {
108 return err
109 }
110 if rows < 1 {
111 return ErrSessionNotFound
112 }
113 return nil
114 }
115
116 func (p *postgres) listSessionsSQL(profile uuid.ID, before time.Time, num int64) *pan.Query {
117 var session Session
118 fields, _ := pan.GetFields(session)
119 query := pan.New(pan.POSTGRES, "SELECT "+pan.QueryList(fields)+" FROM "+pan.GetTableName(session))
120 query.IncludeWhere()
121 query.Include(pan.GetUnquotedColumn(session, "ProfileID")+" = ?", profile)
122 if !before.IsZero() {
123 query.Include(pan.GetUnquotedColumn(session, "Created")+" < ?", before)
124 }
125 query.FlushExpressions(" AND ")
126 if num > 0 {
127 query.IncludeLimit(num)
128 }
129 return query.FlushExpressions(" ")
130 }
131
132 func (p *postgres) listSessions(profile uuid.ID, before time.Time, num int64) ([]Session, error) {
133 query := p.listSessionsSQL(profile, before, num)
134 rows, err := p.db.Query(query.String(), query.Args...)
135 if err != nil {
136 return []Session{}, err
137 }
138 var sessions []Session
139 for rows.Next() {
140 var session Session
141 err := pan.Unmarshal(rows, &session)
142 if err != nil {
143 return sessions, err
144 }
145 sessions = append(sessions, session)
146 }
147 if err = rows.Err(); err != nil {
148 return sessions, err
149 }
150 return sessions, nil
151 }