auth
auth/context.go
Introduced scopes. Created a Scope type and a scopeStore interface, along with the memstore methods for the scopeStore. This will allow applications to define access with granularity, so users can grant access to some data, not _all_ data. We're operating on the assumption that there won't be an unreasonable number of scopes defined, so there is no paging operation included for the ListScopes method. This is a decision that may have to be revisited in the future, depending on usecases.
1 package auth
3 import (
4 "html/template"
5 "io"
6 "log"
7 "net/url"
8 "time"
10 "code.secondbit.org/uuid.hg"
11 )
13 // Context wraps the different storage interfaces and should
14 // be used as the main point of interaction for the data storage
15 // layer.
16 type Context struct {
17 template *template.Template
18 loginURI *url.URL
19 clients clientStore
20 authCodes authorizationCodeStore
21 profiles profileStore
22 tokens tokenStore
23 sessions sessionStore
24 scopes scopeStore
25 config Config
26 }
28 // NewContext takes a Config instance and uses it to bootstrap a Context
29 // using the information provided in the Config variable.
30 func NewContext(config Config) (Context, error) {
31 if config.iterations == 0 {
32 return Context{}, ErrConfigNotInitialized
33 }
34 context := Context{
35 clients: config.ClientStore,
36 authCodes: config.AuthCodeStore,
37 profiles: config.ProfileStore,
38 tokens: config.TokenStore,
39 sessions: config.SessionStore,
40 scopes: config.ScopeStore,
41 template: config.Template,
42 config: config,
43 }
44 var err error
45 context.loginURI, err = url.Parse(config.LoginURI)
46 if err != nil {
47 log.Println(err)
48 return Context{}, ErrInvalidLoginURI
49 }
50 return context, nil
51 }
53 // Render uses the HTML templates associated with the Context to render the
54 // template specified by name to out using data to fill any template variables.
55 func (c Context) Render(out io.Writer, name string, data interface{}) {
56 if c.template == nil {
57 log.Println("No template set on Context, can't render anything!")
58 return
59 }
60 err := c.template.ExecuteTemplate(out, name, data)
61 if err != nil {
62 log.Println("Error executing template", name, ":", err)
63 }
64 }
66 // GetClient returns a single Client by its ID from the
67 // clientStore associated with the Context.
68 func (c Context) GetClient(id uuid.ID) (Client, error) {
69 if c.clients == nil {
70 return Client{}, ErrNoClientStore
71 }
72 return c.clients.getClient(id)
73 }
75 // SaveClient stores the passed Client in the clientStore
76 // associated with the Context.
77 func (c Context) SaveClient(client Client) error {
78 if c.clients == nil {
79 return ErrNoClientStore
80 }
81 return c.clients.saveClient(client)
82 }
84 // UpdateClient applies the specified ClientChange to the Client
85 // with the specified ID in the clientStore associated with the
86 // Context.
87 func (c Context) UpdateClient(id uuid.ID, change ClientChange) error {
88 if c.clients == nil {
89 return ErrNoClientStore
90 }
91 return c.clients.updateClient(id, change)
92 }
94 // DeleteClient removes the client with the specified ID from the
95 // clientStore associated with the Context.
96 func (c Context) DeleteClient(id uuid.ID) error {
97 if c.clients == nil {
98 return ErrNoClientStore
99 }
100 return c.clients.deleteClient(id)
101 }
103 // ListClientsByOwner returns a slice of up to num Clients, starting at offset (inclusive)
104 // that have the specified OwnerID in the clientStore associated with the Context.
105 func (c Context) ListClientsByOwner(ownerID uuid.ID, num, offset int) ([]Client, error) {
106 if c.clients == nil {
107 return []Client{}, ErrNoClientStore
108 }
109 return c.clients.listClientsByOwner(ownerID, num, offset)
110 }
112 // AddEndpoints stores the specified Endpoints in the clientStore associated with the Context,
113 // and associates the newly-stored Endpoints with the Client specified by the passed ID.
114 func (c Context) AddEndpoints(client uuid.ID, endpoints []Endpoint) error {
115 if c.clients == nil {
116 return ErrNoClientStore
117 }
118 for pos, endpoint := range endpoints {
119 u, err := normalizeURIString(endpoint.URI)
120 if err != nil {
121 return err
122 }
123 endpoint.NormalizedURI = u
124 endpoints[pos] = endpoint
125 }
126 return c.clients.addEndpoints(client, endpoints)
127 }
129 // RemoveEndpoint deletes the Endpoint with the specified ID from the clientStore associated
130 // with the Context, and disassociates the Endpoint from the specified Client.
131 func (c Context) RemoveEndpoint(client, endpoint uuid.ID) error {
132 if c.clients == nil {
133 return ErrNoClientStore
134 }
135 return c.clients.removeEndpoint(client, endpoint)
136 }
138 // CheckEndpoint finds Endpoints in the clientStore associated with the Context that belong
139 // to the Client specified by the passed ID and match the URI passed. URI matches must be
140 // performed according to RFC 3986 Section 6.
141 func (c Context) CheckEndpoint(client uuid.ID, URI string) (bool, error) {
142 if c.clients == nil {
143 return false, ErrNoClientStore
144 }
145 u, err := normalizeURIString(URI)
146 if err != nil {
147 return false, err
148 }
149 return c.clients.checkEndpoint(client, u)
150 }
152 // ListEndpoints finds Endpoints in the clientStore associated with the Context that belong
153 // to the Client specified by the passed ID. It returns up to num endpoints, starting at offset,
154 // exclusive.
155 func (c Context) ListEndpoints(client uuid.ID, num, offset int) ([]Endpoint, error) {
156 if c.clients == nil {
157 return []Endpoint{}, ErrNoClientStore
158 }
159 return c.clients.listEndpoints(client, num, offset)
160 }
162 // CountEndpoints returns the number of Endpoints the are associated with the Client specified by the
163 // passed ID in the clientStore associated with the Context.
164 func (c Context) CountEndpoints(client uuid.ID) (int64, error) {
165 if c.clients == nil {
166 return 0, ErrNoClientStore
167 }
168 return c.clients.countEndpoints(client)
169 }
171 // GetAuthorizationCode returns the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with the
172 // Context.
173 func (c Context) GetAuthorizationCode(code string) (AuthorizationCode, error) {
174 if c.authCodes == nil {
175 return AuthorizationCode{}, ErrNoAuthorizationCodeStore
176 }
177 return c.authCodes.getAuthorizationCode(code)
178 }
180 // SaveAuthorizationCode stores the passed AuthorizationCode in the authorizationCodeStore associated with the Context.
181 func (c Context) SaveAuthorizationCode(authCode AuthorizationCode) error {
182 if c.authCodes == nil {
183 return ErrNoAuthorizationCodeStore
184 }
185 return c.authCodes.saveAuthorizationCode(authCode)
186 }
188 // DeleteAuthorizationCode removes the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with
189 // the Context.
190 func (c Context) DeleteAuthorizationCode(code string) error {
191 if c.authCodes == nil {
192 return ErrNoAuthorizationCodeStore
193 }
194 return c.authCodes.deleteAuthorizationCode(code)
195 }
197 // UseAuthorizationCode marks the AuthorizationCode specified by the provided code as used in the authorizationCodeStore associated with
198 // the Context. Once an AuthorizationCode is marked as used, its Used property will be set to true when retrieved from the authorizationCodeStore.
199 func (c Context) UseAuthorizationCode(code string) error {
200 if c.authCodes == nil {
201 return ErrNoAuthorizationCodeStore
202 }
203 return c.authCodes.useAuthorizationCode(code)
204 }
206 // GetProfileByID returns the Profile specified by the provided ID from the profileStore associated with
207 // the Context.
208 func (c Context) GetProfileByID(id uuid.ID) (Profile, error) {
209 if c.profiles == nil {
210 return Profile{}, ErrNoProfileStore
211 }
212 return c.profiles.getProfileByID(id)
213 }
215 // GetProfileByLogin returns the Profile associated with the specified Login from the profileStore associated
216 // with the Context.
217 func (c Context) GetProfileByLogin(value string) (Profile, error) {
218 if c.profiles == nil {
219 return Profile{}, ErrNoProfileStore
220 }
221 return c.profiles.getProfileByLogin(value)
222 }
224 // SaveProfile inserts the passed Profile into the profileStore associated with the Context.
225 func (c Context) SaveProfile(profile Profile) error {
226 if c.profiles == nil {
227 return ErrNoProfileStore
228 }
229 return c.profiles.saveProfile(profile)
230 }
232 // UpdateProfile applies the supplied ProfileChange to the Profile that matches the specified ID
233 // in the profileStore associated with the Context.
234 func (c Context) UpdateProfile(id uuid.ID, change ProfileChange) error {
235 if c.profiles == nil {
236 return ErrNoProfileStore
237 }
238 return c.profiles.updateProfile(id, change)
239 }
241 // UpdateProfiles applies the supplied BulkProfileChange to every Profile that matches one of the
242 // specified IDs in the profileStore associated with the Context.
243 func (c Context) UpdateProfiles(ids []uuid.ID, change BulkProfileChange) error {
244 if c.profiles == nil {
245 return ErrNoProfileStore
246 }
247 return c.profiles.updateProfiles(ids, change)
248 }
250 // DeleteProfile removes the Profile specified by the passed ID from the profileStore associated
251 // with the Context.
252 func (c Context) DeleteProfile(id uuid.ID) error {
253 if c.profiles == nil {
254 return ErrNoProfileStore
255 }
256 return c.profiles.deleteProfile(id)
257 }
259 // AddLogin stores the passed Login in the profileStore associated with the Context. It also associates
260 // the newly-created Login with the Orofile in login.ProfileID.
261 func (c Context) AddLogin(login Login) error {
262 if c.profiles == nil {
263 return ErrNoProfileStore
264 }
265 return c.profiles.addLogin(login)
266 }
268 // RemoveLogin removes the specified Login from the profileStore associated with the Context, provided
269 // the Login has a ProfileID property that matches the profile ID passed in. It also disassociates the
270 // deleted Login from the Profile in login.ProfileID.
271 func (c Context) RemoveLogin(value string, profile uuid.ID) error {
272 if c.profiles == nil {
273 return ErrNoProfileStore
274 }
275 return c.profiles.removeLogin(value, profile)
276 }
278 // RecordLoginUse sets the LastUsed property of the Login specified in the profileStore associated with
279 // the Context to the value passed in as when.
280 func (c Context) RecordLoginUse(value string, when time.Time) error {
281 if c.profiles == nil {
282 return ErrNoProfileStore
283 }
284 return c.profiles.recordLoginUse(value, when)
285 }
287 // ListLogins returns a slice of up to num Logins associated with the specified Profile from the profileStore
288 // associated with the Context, skipping offset Profiles.
289 func (c Context) ListLogins(profile uuid.ID, num, offset int) ([]Login, error) {
290 if c.profiles == nil {
291 return []Login{}, ErrNoProfileStore
292 }
293 return c.profiles.listLogins(profile, num, offset)
294 }
296 // GetToken returns the Token specified from the tokenStore associated with the Context.
297 // If refresh is true, the token input should be compared against the refresh tokens, not the
298 // access tokens.
299 func (c Context) GetToken(token string, refresh bool) (Token, error) {
300 if c.tokens == nil {
301 return Token{}, ErrNoTokenStore
302 }
303 return c.tokens.getToken(token, refresh)
304 }
306 // SaveToken stores the passed Token in the tokenStore associated with the Context.
307 func (c Context) SaveToken(token Token) error {
308 if c.tokens == nil {
309 return ErrNoTokenStore
310 }
311 return c.tokens.saveToken(token)
312 }
314 // RevokeToken revokes the Token identfied by the passed token string from the tokenStore associated
315 // with the context. If refresh is true, the token input should be compared against the refresh tokens,
316 // not the access tokens.
317 func (c Context) RevokeToken(token string, refresh bool) error {
318 if c.tokens == nil {
319 return ErrNoTokenStore
320 }
321 return c.tokens.revokeToken(token, refresh)
322 }
324 // GetTokensByProfileID returns a slice of up to num Tokens with a ProfileID that matches the specified
325 // profileID from the tokenStore associated with the Context, skipping offset Tokens.
326 func (c Context) GetTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) {
327 if c.tokens == nil {
328 return []Token{}, ErrNoTokenStore
329 }
330 return c.tokens.getTokensByProfileID(profileID, num, offset)
331 }
333 // CreateSession stores the passed Session in the sessionStore associated with the Context.
334 func (c Context) CreateSession(session Session) error {
335 if c.sessions == nil {
336 return ErrNoSessionStore
337 }
338 return c.sessions.createSession(session)
339 }
341 // GetSession returns the Session specified from the sessionStore associated with the Context.
342 func (c Context) GetSession(id string) (Session, error) {
343 if c.sessions == nil {
344 return Session{}, ErrNoSessionStore
345 }
346 return c.sessions.getSession(id)
347 }
349 // RemoveSession removes the Session identified by the passed ID from the sessionStore associated with
350 // the Context.
351 func (c Context) RemoveSession(id string) error {
352 if c.sessions == nil {
353 return ErrNoSessionStore
354 }
355 return c.sessions.removeSession(id)
356 }
358 // ListSessions returns a slice of up to num Sessions from the sessionStore associated with the Context,
359 // ordered by the date they were created, descending. If before.IsZero() returns false, only Sessions
360 // that were created before that time will be returned. If profile is not nil, only Sessions belonging to
361 // that Profile will be returned.
362 func (c Context) ListSessions(profile uuid.ID, before time.Time, num int64) ([]Session, error) {
363 if c.sessions == nil {
364 return []Session{}, ErrNoSessionStore
365 }
366 return c.sessions.listSessions(profile, before, num)
367 }
369 func (c Context) CreateScopes(scopes []Scope) error {
370 if c.scopes == nil {
371 return ErrNoScopeStore
372 }
373 return c.scopes.createScopes(scopes)
374 }
376 func (c Context) GetScopes(ids []string) ([]Scope, error) {
377 if c.scopes == nil {
378 return []Scope{}, ErrNoScopeStore
379 }
380 return c.scopes.getScopes(ids)
381 }
383 func (c Context) UpdateScopes(changes []ScopeChange) ([]Scope, error) {
384 if c.scopes == nil {
385 return []Scope{}, ErrNoScopeStore
386 }
387 return c.scopes.updateScopes(changes)
388 }
390 func (c Context) RemoveScopes(ids []string) error {
391 if c.scopes == nil {
392 return ErrNoScopeStore
393 }
394 return c.scopes.removeScopes(ids)
395 }
397 func (c Context) ListScopes() ([]Scope, error) {
398 if c.scopes == nil {
399 return []Scope{}, ErrNoScopeStore
400 }
401 return c.scopes.listScopes()
402 }