125 lines
3.3 KiB
Go
125 lines
3.3 KiB
Go
/*
|
|
ekster - microsub server
|
|
Copyright (C) 2018 Peter Stuifzand
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"regexp"
|
|
"time"
|
|
|
|
"github.com/gomodule/redigo/redis"
|
|
"p83.nl/go/ekster/pkg/auth"
|
|
)
|
|
|
|
var authHeaderRegex = regexp.MustCompile("^Bearer (.+)$")
|
|
|
|
func (b *memoryBackend) cachedCheckAuthToken(conn redis.Conn, header string, r *auth.TokenResponse) bool {
|
|
log.Println("Cached checking Auth Token")
|
|
|
|
tokens := authHeaderRegex.FindStringSubmatch(header)
|
|
|
|
if len(tokens) != 2 {
|
|
log.Println("No token found in the header")
|
|
return false
|
|
}
|
|
|
|
key := fmt.Sprintf("token:%s", tokens[1])
|
|
|
|
authorized, err := getCachedValue(conn, key, r)
|
|
if err != nil {
|
|
log.Println(err)
|
|
}
|
|
|
|
if authorized {
|
|
return true
|
|
}
|
|
|
|
authorized = b.checkAuthToken(header, r)
|
|
if authorized {
|
|
fmt.Printf("Token response: %#v\n", r)
|
|
setCachedTokenResponseValue(conn, key, r)
|
|
return true
|
|
}
|
|
|
|
return authorized
|
|
}
|
|
|
|
func (b *memoryBackend) checkAuthToken(header string, token *auth.TokenResponse) bool {
|
|
log.Println("Checking auth token")
|
|
|
|
tokenEndpoint := b.TokenEndpoint
|
|
|
|
req, err := buildValidateAuthTokenRequest(tokenEndpoint, header)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
client := http.Client{}
|
|
res, err := client.Do(req)
|
|
if err != nil {
|
|
log.Println(err)
|
|
return false
|
|
}
|
|
defer res.Body.Close()
|
|
|
|
if res.StatusCode < 200 || res.StatusCode >= 300 {
|
|
log.Printf("HTTP StatusCode when verifying token: %d\n", res.StatusCode)
|
|
return false
|
|
}
|
|
|
|
dec := json.NewDecoder(res.Body)
|
|
err = dec.Decode(&token)
|
|
if err != nil {
|
|
log.Printf("Error in json object: %v", err)
|
|
return false
|
|
}
|
|
|
|
log.Println("Auth Token: Success")
|
|
return true
|
|
}
|
|
|
|
func buildValidateAuthTokenRequest(tokenEndpoint string, header string) (*http.Request, error) {
|
|
req, err := http.NewRequest("GET", tokenEndpoint, nil)
|
|
req.Header.Add("Authorization", header)
|
|
req.Header.Add("Accept", "application/json")
|
|
return req, err
|
|
}
|
|
|
|
// setCachedTokenResponseValue remembers the value of the auth token response in redis
|
|
func setCachedTokenResponseValue(conn redis.Conn, key string, r *auth.TokenResponse) error {
|
|
_, err := conn.Do("HMSET", redis.Args{}.Add(key).AddFlat(r)...)
|
|
if err != nil {
|
|
return fmt.Errorf("error while setting token: %v", err)
|
|
}
|
|
conn.Do("EXPIRE", key, uint64(10*time.Minute/time.Second))
|
|
}
|
|
|
|
// getCachedValue gets the cached value from Redis
|
|
func getCachedValue(conn redis.Conn, key string, r *auth.TokenResponse) (bool, error) {
|
|
values, err := redis.Values(conn.Do("HGETALL", key))
|
|
if err == nil && len(values) > 0 {
|
|
if err = redis.ScanStruct(values, r); err == nil {
|
|
return true, nil
|
|
}
|
|
}
|
|
return false, fmt.Errorf("error while getting value from backend: %v", err)
|
|
}
|