auth
auth/context.go
Attach our Scope type to AuthCodes and Tokens. When obtaining an AuthorizationCode or Token, attach a slice of strings, each one a Scope ID, instead of just attaching the encoded string the user passes in. This will allow us to change our Scope encoding down the line, and is more conceptually faithful. Also, if an authorization request is made with an invalid scope, return the invalid_scope error.
1 package auth
3 import (
4 "html/template"
5 "io"
6 "log"
7 "net/url"
8 "time"
10 "code.secondbit.org/uuid.hg"
11 )
13 // Context wraps the different storage interfaces and should
14 // be used as the main point of interaction for the data storage
15 // layer.
16 type Context struct {
17 template *template.Template
18 loginURI *url.URL
19 clients clientStore
20 authCodes authorizationCodeStore
21 profiles profileStore
22 tokens tokenStore
23 sessions sessionStore
24 scopes scopeStore
25 config Config
26 }
28 // NewContext takes a Config instance and uses it to bootstrap a Context
29 // using the information provided in the Config variable.
30 func NewContext(config Config) (Context, error) {
31 if config.iterations == 0 {
32 return Context{}, ErrConfigNotInitialized
33 }
34 context := Context{
35 clients: config.ClientStore,
36 authCodes: config.AuthCodeStore,
37 profiles: config.ProfileStore,
38 tokens: config.TokenStore,
39 sessions: config.SessionStore,
40 scopes: config.ScopeStore,
41 template: config.Template,
42 config: config,
43 }
44 var err error
45 context.loginURI, err = url.Parse(config.LoginURI)
46 if err != nil {
47 log.Println(err)
48 return Context{}, ErrInvalidLoginURI
49 }
50 return context, nil
51 }
53 // Render uses the HTML templates associated with the Context to render the
54 // template specified by name to out using data to fill any template variables.
55 func (c Context) Render(out io.Writer, name string, data interface{}) {
56 if c.template == nil {
57 log.Println("No template set on Context, can't render anything!")
58 return
59 }
60 err := c.template.ExecuteTemplate(out, name, data)
61 if err != nil {
62 log.Println("Error executing template", name, ":", err)
63 }
64 }
66 // GetClient returns a single Client by its ID from the
67 // clientStore associated with the Context.
68 func (c Context) GetClient(id uuid.ID) (Client, error) {
69 if c.clients == nil {
70 return Client{}, ErrNoClientStore
71 }
72 return c.clients.getClient(id)
73 }
75 // SaveClient stores the passed Client in the clientStore
76 // associated with the Context.
77 func (c Context) SaveClient(client Client) error {
78 if c.clients == nil {
79 return ErrNoClientStore
80 }
81 return c.clients.saveClient(client)
82 }
84 // UpdateClient applies the specified ClientChange to the Client
85 // with the specified ID in the clientStore associated with the
86 // Context.
87 func (c Context) UpdateClient(id uuid.ID, change ClientChange) error {
88 if c.clients == nil {
89 return ErrNoClientStore
90 }
91 return c.clients.updateClient(id, change)
92 }
94 // DeleteClient removes the client with the specified ID from the
95 // clientStore associated with the Context.
96 func (c Context) DeleteClient(id uuid.ID) error {
97 if c.clients == nil {
98 return ErrNoClientStore
99 }
100 return c.clients.deleteClient(id)
101 }
103 // ListClientsByOwner returns a slice of up to num Clients, starting at offset (inclusive)
104 // that have the specified OwnerID in the clientStore associated with the Context.
105 func (c Context) ListClientsByOwner(ownerID uuid.ID, num, offset int) ([]Client, error) {
106 if c.clients == nil {
107 return []Client{}, ErrNoClientStore
108 }
109 return c.clients.listClientsByOwner(ownerID, num, offset)
110 }
112 // AddEndpoints stores the specified Endpoints in the clientStore associated with the Context,
113 // and associates the newly-stored Endpoints with the Client specified by the passed ID.
114 func (c Context) AddEndpoints(client uuid.ID, endpoints []Endpoint) error {
115 if c.clients == nil {
116 return ErrNoClientStore
117 }
118 for pos, endpoint := range endpoints {
119 u, err := normalizeURIString(endpoint.URI)
120 if err != nil {
121 return err
122 }
123 endpoint.NormalizedURI = u
124 endpoints[pos] = endpoint
125 }
126 return c.clients.addEndpoints(client, endpoints)
127 }
129 // RemoveEndpoint deletes the Endpoint with the specified ID from the clientStore associated
130 // with the Context, and disassociates the Endpoint from the specified Client.
131 func (c Context) RemoveEndpoint(client, endpoint uuid.ID) error {
132 if c.clients == nil {
133 return ErrNoClientStore
134 }
135 return c.clients.removeEndpoint(client, endpoint)
136 }
138 // CheckEndpoint finds Endpoints in the clientStore associated with the Context that belong
139 // to the Client specified by the passed ID and match the URI passed. URI matches must be
140 // performed according to RFC 3986 Section 6.
141 func (c Context) CheckEndpoint(client uuid.ID, URI string) (bool, error) {
142 if c.clients == nil {
143 return false, ErrNoClientStore
144 }
145 u, err := normalizeURIString(URI)
146 if err != nil {
147 return false, err
148 }
149 return c.clients.checkEndpoint(client, u)
150 }
152 // ListEndpoints finds Endpoints in the clientStore associated with the Context that belong
153 // to the Client specified by the passed ID. It returns up to num endpoints, starting at offset,
154 // exclusive.
155 func (c Context) ListEndpoints(client uuid.ID, num, offset int) ([]Endpoint, error) {
156 if c.clients == nil {
157 return []Endpoint{}, ErrNoClientStore
158 }
159 return c.clients.listEndpoints(client, num, offset)
160 }
162 // CountEndpoints returns the number of Endpoints the are associated with the Client specified by the
163 // passed ID in the clientStore associated with the Context.
164 func (c Context) CountEndpoints(client uuid.ID) (int64, error) {
165 if c.clients == nil {
166 return 0, ErrNoClientStore
167 }
168 return c.clients.countEndpoints(client)
169 }
171 // GetAuthorizationCode returns the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with the
172 // Context.
173 func (c Context) GetAuthorizationCode(code string) (AuthorizationCode, error) {
174 if c.authCodes == nil {
175 return AuthorizationCode{}, ErrNoAuthorizationCodeStore
176 }
177 return c.authCodes.getAuthorizationCode(code)
178 }
180 // SaveAuthorizationCode stores the passed AuthorizationCode in the authorizationCodeStore associated with the Context.
181 func (c Context) SaveAuthorizationCode(authCode AuthorizationCode) error {
182 if c.authCodes == nil {
183 return ErrNoAuthorizationCodeStore
184 }
185 return c.authCodes.saveAuthorizationCode(authCode)
186 }
188 // DeleteAuthorizationCode removes the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with
189 // the Context.
190 func (c Context) DeleteAuthorizationCode(code string) error {
191 if c.authCodes == nil {
192 return ErrNoAuthorizationCodeStore
193 }
194 return c.authCodes.deleteAuthorizationCode(code)
195 }
197 // UseAuthorizationCode marks the AuthorizationCode specified by the provided code as used in the authorizationCodeStore associated with
198 // the Context. Once an AuthorizationCode is marked as used, its Used property will be set to true when retrieved from the authorizationCodeStore.
199 func (c Context) UseAuthorizationCode(code string) error {
200 if c.authCodes == nil {
201 return ErrNoAuthorizationCodeStore
202 }
203 return c.authCodes.useAuthorizationCode(code)
204 }
206 // GetProfileByID returns the Profile specified by the provided ID from the profileStore associated with
207 // the Context.
208 func (c Context) GetProfileByID(id uuid.ID) (Profile, error) {
209 if c.profiles == nil {
210 return Profile{}, ErrNoProfileStore
211 }
212 return c.profiles.getProfileByID(id)
213 }
215 // GetProfileByLogin returns the Profile associated with the specified Login from the profileStore associated
216 // with the Context.
217 func (c Context) GetProfileByLogin(value string) (Profile, error) {
218 if c.profiles == nil {
219 return Profile{}, ErrNoProfileStore
220 }
221 return c.profiles.getProfileByLogin(value)
222 }
224 // SaveProfile inserts the passed Profile into the profileStore associated with the Context.
225 func (c Context) SaveProfile(profile Profile) error {
226 if c.profiles == nil {
227 return ErrNoProfileStore
228 }
229 return c.profiles.saveProfile(profile)
230 }
232 // UpdateProfile applies the supplied ProfileChange to the Profile that matches the specified ID
233 // in the profileStore associated with the Context.
234 func (c Context) UpdateProfile(id uuid.ID, change ProfileChange) error {
235 if c.profiles == nil {
236 return ErrNoProfileStore
237 }
238 return c.profiles.updateProfile(id, change)
239 }
241 // UpdateProfiles applies the supplied BulkProfileChange to every Profile that matches one of the
242 // specified IDs in the profileStore associated with the Context.
243 func (c Context) UpdateProfiles(ids []uuid.ID, change BulkProfileChange) error {
244 if c.profiles == nil {
245 return ErrNoProfileStore
246 }
247 return c.profiles.updateProfiles(ids, change)
248 }
250 // DeleteProfile removes the Profile specified by the passed ID from the profileStore associated
251 // with the Context.
252 func (c Context) DeleteProfile(id uuid.ID) error {
253 if c.profiles == nil {
254 return ErrNoProfileStore
255 }
256 return c.profiles.deleteProfile(id)
257 }
259 // AddLogin stores the passed Login in the profileStore associated with the Context. It also associates
260 // the newly-created Login with the Orofile in login.ProfileID.
261 func (c Context) AddLogin(login Login) error {
262 if c.profiles == nil {
263 return ErrNoProfileStore
264 }
265 return c.profiles.addLogin(login)
266 }
268 // RemoveLogin removes the specified Login from the profileStore associated with the Context, provided
269 // the Login has a ProfileID property that matches the profile ID passed in. It also disassociates the
270 // deleted Login from the Profile in login.ProfileID.
271 func (c Context) RemoveLogin(value string, profile uuid.ID) error {
272 if c.profiles == nil {
273 return ErrNoProfileStore
274 }
275 return c.profiles.removeLogin(value, profile)
276 }
278 // RecordLoginUse sets the LastUsed property of the Login specified in the profileStore associated with
279 // the Context to the value passed in as when.
280 func (c Context) RecordLoginUse(value string, when time.Time) error {
281 if c.profiles == nil {
282 return ErrNoProfileStore
283 }
284 return c.profiles.recordLoginUse(value, when)
285 }
287 // ListLogins returns a slice of up to num Logins associated with the specified Profile from the profileStore
288 // associated with the Context, skipping offset Profiles.
289 func (c Context) ListLogins(profile uuid.ID, num, offset int) ([]Login, error) {
290 if c.profiles == nil {
291 return []Login{}, ErrNoProfileStore
292 }
293 return c.profiles.listLogins(profile, num, offset)
294 }
296 // GetToken returns the Token specified from the tokenStore associated with the Context.
297 // If refresh is true, the token input should be compared against the refresh tokens, not the
298 // access tokens.
299 func (c Context) GetToken(token string, refresh bool) (Token, error) {
300 if c.tokens == nil {
301 return Token{}, ErrNoTokenStore
302 }
303 return c.tokens.getToken(token, refresh)
304 }
306 // SaveToken stores the passed Token in the tokenStore associated with the Context.
307 func (c Context) SaveToken(token Token) error {
308 if c.tokens == nil {
309 return ErrNoTokenStore
310 }
311 return c.tokens.saveToken(token)
312 }
314 // RevokeToken revokes the Token identfied by the passed token string from the tokenStore associated
315 // with the context. If refresh is true, the token input should be compared against the refresh tokens,
316 // not the access tokens.
317 func (c Context) RevokeToken(token string, refresh bool) error {
318 if c.tokens == nil {
319 return ErrNoTokenStore
320 }
321 return c.tokens.revokeToken(token, refresh)
322 }
324 // GetTokensByProfileID returns a slice of up to num Tokens with a ProfileID that matches the specified
325 // profileID from the tokenStore associated with the Context, skipping offset Tokens.
326 func (c Context) GetTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) {
327 if c.tokens == nil {
328 return []Token{}, ErrNoTokenStore
329 }
330 return c.tokens.getTokensByProfileID(profileID, num, offset)
331 }
333 // CreateSession stores the passed Session in the sessionStore associated with the Context.
334 func (c Context) CreateSession(session Session) error {
335 if c.sessions == nil {
336 return ErrNoSessionStore
337 }
338 return c.sessions.createSession(session)
339 }
341 // GetSession returns the Session specified from the sessionStore associated with the Context.
342 func (c Context) GetSession(id string) (Session, error) {
343 if c.sessions == nil {
344 return Session{}, ErrNoSessionStore
345 }
346 return c.sessions.getSession(id)
347 }
349 // RemoveSession removes the Session identified by the passed ID from the sessionStore associated with
350 // the Context.
351 func (c Context) RemoveSession(id string) error {
352 if c.sessions == nil {
353 return ErrNoSessionStore
354 }
355 return c.sessions.removeSession(id)
356 }
358 // ListSessions returns a slice of up to num Sessions from the sessionStore associated with the Context,
359 // ordered by the date they were created, descending. If before.IsZero() returns false, only Sessions
360 // that were created before that time will be returned. If profile is not nil, only Sessions belonging to
361 // that Profile will be returned.
362 func (c Context) ListSessions(profile uuid.ID, before time.Time, num int64) ([]Session, error) {
363 if c.sessions == nil {
364 return []Session{}, ErrNoSessionStore
365 }
366 return c.sessions.listSessions(profile, before, num)
367 }
369 func (c Context) CreateScopes(scopes []Scope) error {
370 if c.scopes == nil {
371 return ErrNoScopeStore
372 }
373 return c.scopes.createScopes(scopes)
374 }
376 func (c Context) GetScopes(ids []string) ([]Scope, error) {
377 if c.scopes == nil {
378 return []Scope{}, ErrNoScopeStore
379 }
380 return c.scopes.getScopes(ids)
381 }
383 func (c Context) UpdateScopes(changes []ScopeChange) ([]Scope, error) {
384 if c.scopes == nil {
385 return []Scope{}, ErrNoScopeStore
386 }
387 return c.scopes.updateScopes(changes)
388 }
390 func (c Context) RemoveScopes(ids []string) error {
391 if c.scopes == nil {
392 return ErrNoScopeStore
393 }
394 return c.scopes.removeScopes(ids)
395 }
397 func (c Context) ListScopes() ([]Scope, error) {
398 if c.scopes == nil {
399 return []Scope{}, ErrNoScopeStore
400 }
401 return c.scopes.listScopes()
402 }