auth
28:75cf37088852 Browse Files
Rough out tokens and begin the memstore. Rough out the Token type for working with OAuth2 access and refresh tokens. Rough out the TokenStore interface that dictates how Tokens will be stored and retrieved. Write tests for the successful (in the working-as-intended sense) calls to TokenStore. Begin a Memstore type that stores data in memory. Implement the TokenStore interface for Memstore.
memstore.go token.go token_test.go
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/memstore.go Mon Sep 01 09:21:31 2014 -0400 1.3 @@ -0,0 +1,34 @@ 1.4 +package auth 1.5 + 1.6 +import "sync" 1.7 + 1.8 +type Memstore struct { 1.9 + tokens map[string]Token 1.10 + refreshTokenLookup map[string]string 1.11 + profileTokenLookup map[string][]string 1.12 + tokenLock sync.RWMutex 1.13 +} 1.14 + 1.15 +func NewMemstore() *Memstore { 1.16 + return &Memstore{ 1.17 + tokens: map[string]Token{}, 1.18 + refreshTokenLookup: map[string]string{}, 1.19 + profileTokenLookup: map[string][]string{}, 1.20 + } 1.21 +} 1.22 + 1.23 +func (m *Memstore) lookupTokenByRefresh(token string) (string, error) { 1.24 + m.tokenLock.RLock() 1.25 + defer m.tokenLock.RUnlock() 1.26 + t, ok := m.refreshTokenLookup[token] 1.27 + if !ok { 1.28 + return "", ErrTokenNotFound 1.29 + } 1.30 + return t, nil 1.31 +} 1.32 + 1.33 +func (m *Memstore) lookupTokensByProfileID(id string) ([]string, error) { 1.34 + m.tokenLock.RLock() 1.35 + defer m.tokenLock.RUnlock() 1.36 + return m.profileTokenLookup[id], nil 1.37 +}
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/token.go Mon Sep 01 09:21:31 2014 -0400 2.3 @@ -0,0 +1,113 @@ 2.4 +package auth 2.5 + 2.6 +import ( 2.7 + "errors" 2.8 + "time" 2.9 + 2.10 + "secondbit.org/uuid" 2.11 +) 2.12 + 2.13 +var ( 2.14 + ErrTokenNotFound = errors.New("Token not found in TokenStore.") 2.15 + ErrTokenAlreadyExists = errors.New("Token already exists in TokenStore.") 2.16 +) 2.17 + 2.18 +type Token struct { 2.19 + AccessToken string 2.20 + RefreshToken string 2.21 + Created time.Time 2.22 + ExpiresIn int32 2.23 + TokenType string 2.24 + Scope string 2.25 + ProfileID uuid.ID 2.26 +} 2.27 + 2.28 +type TokenStore interface { 2.29 + GetToken(token string, refresh bool) (Token, error) 2.30 + SaveToken(token Token) error 2.31 + RemoveToken(token string) error 2.32 + GetTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) 2.33 +} 2.34 + 2.35 +func (m *Memstore) GetToken(token string, refresh bool) (Token, error) { 2.36 + if refresh { 2.37 + t, err := m.lookupTokenByRefresh(token) 2.38 + if err != nil { 2.39 + return Token{}, err 2.40 + } 2.41 + token = t 2.42 + } 2.43 + m.tokenLock.RLock() 2.44 + defer m.tokenLock.RUnlock() 2.45 + result, ok := m.tokens[token] 2.46 + if !ok { 2.47 + return Token{}, ErrTokenNotFound 2.48 + } 2.49 + return result, nil 2.50 +} 2.51 + 2.52 +func (m *Memstore) SaveToken(token Token) error { 2.53 + m.tokenLock.Lock() 2.54 + defer m.tokenLock.Unlock() 2.55 + _, ok := m.tokens[token.AccessToken] 2.56 + if ok { 2.57 + return ErrTokenAlreadyExists 2.58 + } 2.59 + m.tokens[token.AccessToken] = token 2.60 + if token.RefreshToken != "" { 2.61 + m.refreshTokenLookup[token.RefreshToken] = token.AccessToken 2.62 + } 2.63 + if _, ok = m.profileTokenLookup[token.ProfileID.String()]; ok { 2.64 + m.profileTokenLookup[token.ProfileID.String()] = append(m.profileTokenLookup[token.ProfileID.String()], token.AccessToken) 2.65 + } else { 2.66 + m.profileTokenLookup[token.ProfileID.String()] = []string{token.AccessToken} 2.67 + } 2.68 + return nil 2.69 +} 2.70 + 2.71 +func (m *Memstore) RemoveToken(token string) error { 2.72 + m.tokenLock.Lock() 2.73 + defer m.tokenLock.Unlock() 2.74 + t, ok := m.tokens[token] 2.75 + if !ok { 2.76 + return ErrTokenNotFound 2.77 + } 2.78 + delete(m.tokens, token) 2.79 + if t.RefreshToken != "" { 2.80 + delete(m.refreshTokenLookup, t.RefreshToken) 2.81 + } 2.82 + pos := -1 2.83 + for p, item := range m.profileTokenLookup[t.ProfileID.String()] { 2.84 + if item == token { 2.85 + pos = p 2.86 + break 2.87 + } 2.88 + } 2.89 + if pos >= 0 { 2.90 + m.profileTokenLookup[t.ProfileID.String()] = append(m.profileTokenLookup[t.ProfileID.String()][:pos], m.profileTokenLookup[t.ProfileID.String()][pos+1:]...) 2.91 + } 2.92 + return nil 2.93 +} 2.94 + 2.95 +func (m *Memstore) GetTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) { 2.96 + ids, err := m.lookupTokensByProfileID(profileID.String()) 2.97 + if err != nil { 2.98 + return []Token{}, err 2.99 + } 2.100 + if len(ids) > num+offset { 2.101 + ids = ids[offset : num+offset] 2.102 + } else if len(ids) > offset { 2.103 + ids = ids[offset:] 2.104 + } else { 2.105 + return []Token{}, nil 2.106 + } 2.107 + tokens := []Token{} 2.108 + for _, id := range ids { 2.109 + token, err := m.GetToken(id, false) 2.110 + if err != nil { 2.111 + return []Token{}, err 2.112 + } 2.113 + tokens = append(tokens, token) 2.114 + } 2.115 + return tokens, nil 2.116 +}
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/token_test.go Mon Sep 01 09:21:31 2014 -0400 3.3 @@ -0,0 +1,67 @@ 3.4 +package auth 3.5 + 3.6 +import ( 3.7 + "testing" 3.8 + "time" 3.9 + 3.10 + "secondbit.org/uuid" 3.11 +) 3.12 + 3.13 +var tokenStores = []TokenStore{NewMemstore()} 3.14 + 3.15 +func TestTokenStoreSuccess(t *testing.T) { 3.16 + token := Token{ 3.17 + AccessToken: "access", 3.18 + RefreshToken: "refresh", 3.19 + Created: time.Now(), 3.20 + ExpiresIn: 3600, 3.21 + TokenType: "bearer", 3.22 + Scope: "scope", 3.23 + ProfileID: uuid.NewID(), 3.24 + } 3.25 + for pos, store := range tokenStores { 3.26 + err := store.SaveToken(token) 3.27 + if err != nil { 3.28 + t.Errorf("Error saving token in TokenStore #%d: %s", pos, err) 3.29 + } 3.30 + retrievedAccess, err := store.GetToken(token.AccessToken, false) 3.31 + if err != nil { 3.32 + t.Errorf("Error retrieving token in TokenStore #%d: %s", pos, err) 3.33 + } 3.34 + t.Log(retrievedAccess) 3.35 + // TODO: compare retrievedAccess to token 3.36 + retrievedRefresh, err := store.GetToken(token.RefreshToken, true) 3.37 + if err != nil { 3.38 + t.Errorf("Error retrieving refresh token in TokenStore #%d: %s", pos, err) 3.39 + } 3.40 + t.Log(retrievedRefresh) 3.41 + // TODO: compare retrievedRefresh to token 3.42 + retrievedProfile, err := store.GetTokensByProfileID(token.ProfileID, 25, 0) 3.43 + if err != nil { 3.44 + t.Errorf("Error retrieving token by profile in TokenStore #%d: %s", pos, err) 3.45 + } 3.46 + if len(retrievedProfile) != 1 { 3.47 + t.Errorf("Expected 1 token retrieved by profile ID from TokenStore #%d, got %+v", pos, retrievedProfile) 3.48 + } 3.49 + // TODO: compare retrievedProfile to token 3.50 + err = store.RemoveToken(token.AccessToken) 3.51 + if err != nil { 3.52 + t.Errorf("Error removing token in TokenStore #%d: %s", pos, err) 3.53 + } 3.54 + _, err = store.GetToken(token.AccessToken, false) 3.55 + if err != ErrTokenNotFound { 3.56 + t.Errorf("Expected ErrTokenNotFound from TokenStore #%d, got %s", pos, err) 3.57 + } 3.58 + _, err = store.GetToken(token.RefreshToken, true) 3.59 + if err != ErrTokenNotFound { 3.60 + t.Errorf("Expected ErrTokenNotFound from TokenStore #%d, got %s", pos, err) 3.61 + } 3.62 + retrievedProfile, err = store.GetTokensByProfileID(token.ProfileID, 25, 0) 3.63 + if err != nil { 3.64 + t.Errorf("Error retrieving token by profile in TokenStore #%d: %s", pos, err) 3.65 + } 3.66 + if len(retrievedProfile) != 0 { 3.67 + t.Errorf("Expected list of 0 tokens from TokenStore #%d, got %+v", pos, retrievedProfile) 3.68 + } 3.69 + } 3.70 +}