auth
auth/scope.go
Attach our Scope type to AuthCodes and Tokens. When obtaining an AuthorizationCode or Token, attach a slice of strings, each one a Scope ID, instead of just attaching the encoded string the user passes in. This will allow us to change our Scope encoding down the line, and is more conceptually faithful. Also, if an authorization request is made with an invalid scope, return the invalid_scope error.
1 package auth
3 import (
4 "errors"
5 "fmt"
6 "sort"
7 )
9 var (
10 ErrNoScopeStore = errors.New("scopeStore not set in Context")
11 )
13 type ErrScopeNotFound struct {
14 Pos int
15 ID string
16 }
18 func (e ErrScopeNotFound) Error() string {
19 return fmt.Sprintf("scope %s couldn't be found", e.ID)
20 }
22 type ErrScopeAlreadyExists struct {
23 Pos int
24 ID string
25 }
27 func (e ErrScopeAlreadyExists) Error() string {
28 return fmt.Sprintf("scope %s already exists", e.ID)
29 }
31 // Scope represents a limit on the access that a grant provides.
32 type Scope struct {
33 ID string
34 Name string
35 Description string
36 }
38 func (s *Scope) ApplyChange(change ScopeChange) {
39 if change.Name != nil {
40 s.Name = *change.Name
41 }
42 if change.Description != nil {
43 s.Description = *change.Description
44 }
45 }
47 type sortedScopes []Scope
49 func (s sortedScopes) Len() int {
50 return len(s)
51 }
53 func (s sortedScopes) Swap(i, j int) {
54 s[i], s[j] = s[j], s[i]
55 }
57 func (s sortedScopes) Less(i, j int) bool {
58 return s[i].ID < s[j].ID
59 }
61 // ScopeChange represents a change to a Scope.
62 type ScopeChange struct {
63 ID string
64 Name *string
65 Description *string
66 }
68 type scopeStore interface {
69 createScopes(scopes []Scope) error
70 getScopes(ids []string) ([]Scope, error)
71 updateScopes(changes []ScopeChange) ([]Scope, error)
72 removeScopes(ids []string) error
73 listScopes() ([]Scope, error)
74 }
76 func (m *memstore) createScopes(scopes []Scope) error {
77 m.scopeLock.Lock()
78 defer m.scopeLock.Unlock()
80 for pos, scope := range scopes {
81 if _, ok := m.scopes[scope.ID]; ok {
82 return ErrScopeAlreadyExists{Pos: pos, ID: scope.ID}
83 }
84 }
85 for _, scope := range scopes {
86 m.scopes[scope.ID] = scope
87 }
88 return nil
89 }
91 func (m *memstore) getScopes(ids []string) ([]Scope, error) {
92 m.scopeLock.RLock()
93 defer m.scopeLock.RUnlock()
95 scopes := []Scope{}
96 for pos, id := range ids {
97 scope, ok := m.scopes[id]
98 if !ok {
99 return []Scope{}, ErrScopeNotFound{ID: id, Pos: pos}
100 }
101 scopes = append(scopes, scope)
102 }
103 sorted := sortedScopes(scopes)
104 sort.Sort(sorted)
105 scopes = sorted
106 return scopes, nil
107 }
109 func (m *memstore) updateScopes(changes []ScopeChange) ([]Scope, error) {
110 m.scopeLock.Lock()
111 defer m.scopeLock.Unlock()
113 scopes := []Scope{}
115 for pos, change := range changes {
116 if _, ok := m.scopes[change.ID]; !ok {
117 return []Scope{}, ErrScopeNotFound{Pos: pos, ID: change.ID}
118 }
119 }
120 for _, change := range changes {
121 scope := m.scopes[change.ID]
122 scope.ApplyChange(change)
123 m.scopes[change.ID] = scope
124 scopes = append(scopes, scope)
125 }
126 sorted := sortedScopes(scopes)
127 sort.Sort(sorted)
128 scopes = sorted
129 return scopes, nil
130 }
132 func (m *memstore) removeScopes(ids []string) error {
133 m.scopeLock.Lock()
134 defer m.scopeLock.Unlock()
136 for pos, id := range ids {
137 if _, ok := m.scopes[id]; !ok {
138 return ErrScopeNotFound{Pos: pos, ID: id}
139 }
140 }
141 for _, id := range ids {
142 delete(m.scopes, id)
143 }
144 return nil
145 }
147 func (m *memstore) listScopes() ([]Scope, error) {
148 m.scopeLock.RLock()
149 defer m.scopeLock.RUnlock()
151 scopes := []Scope{}
152 for _, scope := range m.scopes {
153 scopes = append(scopes, scope)
154 }
155 sorted := sortedScopes(scopes)
156 sort.Sort(sorted)
157 scopes = sorted
158 return scopes, nil
159 }