peter/ekster
1
0
Fork 0
Code Issues 3 Pull Requests Projects 3 Releases 1 Wiki Activity

Cache auth token verification for 10 minutes

Browse Source
This commit is contained in:
Peter Stuifzand 2018-03-28 12:42:41 +02:00
parent ce1463739c
commit 12190cbdf2
1 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
cmd/server/main.go
View File

@ -23,6 +23,7 @@ import (
"fmt" "fmt"
"log" "log"
"net/http" "net/http"
"regexp"
"strings" "strings"
"time" "time"
@ -43,6 +44,7 @@ func init() {
type microsubHandler struct { type microsubHandler struct {
Backend microsub.Microsub Backend microsub.Microsub
Redis redis.Conn
} }
func simplify(itemType string, item map[string][]interface{}) map[string]interface{} { func simplify(itemType string, item map[string][]interface{}) map[string]interface{} {
@ -160,6 +162,50 @@ type TokenResponse struct {
Nonce int64 `json:"nonce"` Nonce int64 `json:"nonce"`
} }
var authHeaderRegex = regexp.MustCompile("^Bearer (.+)$")
func (h *microsubHandler) cachedCheckAuthToken(header string, r *TokenResponse) bool {
token := authHeaderRegex.FindString(header)
if token == "" {
log.Println("Not token found in the header")
return false
}
key := fmt.Sprintf("token:%s", token)
var err error
values, err := redis.Values(h.Redis.Do("HGETALL", key))
if err == nil {
if err = redis.ScanStruct(values, r); err == nil {
return true
}
} else {
log.Printf("Error while HGETTALL %v\n", err)
}
authorized := h.checkAuthToken(header, r)
if authorized {
_, err = h.Redis.Do("HMSET", redis.Args{}.Add(key).AddFlat(r))
if err != nil {
log.Printf("Error while setting token: %v\n", err)
return authorized
}
_, err = h.Redis.Do("EXPIRE", key, uint64(10*time.Minute))
if err != nil {
log.Printf("Error while setting expire on token: %v\n", err)
log.Println("Deleting token")
_, err = h.Redis.Do("DEL", key)
if err != nil {
log.Printf("Deleting token failed: %v", err)
}
return authorized
}
}
return authorized
}
func (h *microsubHandler) checkAuthToken(header string, token *TokenResponse) bool { func (h *microsubHandler) checkAuthToken(header string, token *TokenResponse) bool {
req, err := http.NewRequest("GET", "https://publog.stuifzandapp.com/authtoken", nil) req, err := http.NewRequest("GET", "https://publog.stuifzandapp.com/authtoken", nil)
if err != nil { if err != nil {
@ -195,6 +241,9 @@ func (h *microsubHandler) checkAuthToken(header string, token *TokenResponse) bo
} }
func (h *microsubHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h *microsubHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
h.Redis = pool.Get()
defer h.Redis.Close()
r.ParseForm() r.ParseForm()
log.Printf("%s %s\n", r.Method, r.URL) log.Printf("%s %s\n", r.Method, r.URL)
log.Println(r.URL.Query()) log.Println(r.URL.Query())
@ -203,7 +252,7 @@ func (h *microsubHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
var token TokenResponse var token TokenResponse
if !h.checkAuthToken(authorization, &token) { if !h.cachedCheckAuthToken(authorization, &token) {
http.Error(w, "Can't validate token", 403) http.Error(w, "Can't validate token", 403)
return return
} }
@ -367,6 +416,6 @@ func main() {
backend = loadMemoryBackend(conn) backend = loadMemoryBackend(conn)
} }
http.Handle("/microsub", &microsubHandler{backend}) http.Handle("/microsub", &microsubHandler{backend, nil})
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil)) log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil))
} }