forked from TykTechnologies/tyk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth_manager.go
104 lines (86 loc) · 3.24 KB
/
auth_manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package main
import (
"encoding/json"
"time"
"github.com/nu7hatch/gouuid"
"strings"
"encoding/base64"
)
// AuthorisationHandler is used to validate a session key,
// implementing IsKeyAuthorised() to validate if a key exists or
// is valid in any way (e.g. cryptographic signing etc.). Returns
// a SessionState object (deserialised JSON)
type AuthorisationHandler interface {
IsKeyAuthorised(string) (bool, SessionState)
IsKeyExpired(SessionState) bool
}
// AuthorisationManager implements AuthorisationHandler,
// requires a StorageHandler to interact with key store
type AuthorisationManager struct {
Store StorageHandler
}
// IsKeyAuthorised checks if key exists and can be read into a SessionState object
func (b AuthorisationManager) IsKeyAuthorised(keyName string) (bool, SessionState) {
jsonKeyVal, err := b.Store.GetKey(keyName)
var newSession SessionState
if err != nil {
log.Warning("Invalid key detected, not found in storage engine")
return false, newSession
}
if marshalErr := json.Unmarshal([]byte(jsonKeyVal), &newSession); marshalErr != nil {
log.Error("Couldn't unmarshal session object")
log.Error(marshalErr)
return false, newSession
}
return true, newSession
}
// IsKeyExpired checks if a key has expired, if the value of SessionState.Expires is 0, it will be ignored
func (b AuthorisationManager) IsKeyExpired(newSession *SessionState) bool {
if newSession.Expires >= 1 {
diff := newSession.Expires - time.Now().Unix()
if diff > 0 {
return false
}
return true
}
return false
}
// UpdateSession updates the session state in the storage engine
func (b AuthorisationManager) UpdateSession(keyName string, session SessionState) {
v, _ := json.Marshal(session)
keyExp := (session.Expires - time.Now().Unix()) + 300 // Add 5 minutes to key expiry, just in case
b.Store.SetKey(keyName, string(v), keyExp)
}
// GetSessionDetail returns the session detail using the storage engine (either in memory or Redis)
func (b AuthorisationManager) GetSessionDetail(keyName string) (SessionState, bool) {
jsonKeyVal, err := b.Store.GetKey(keyName)
var thisSession SessionState
if err != nil {
log.Warning("Key does not exist")
return thisSession, false
}
if marshalErr := json.Unmarshal([]byte(jsonKeyVal), &thisSession); marshalErr != nil {
log.Error("Couldn't unmarshal session object")
log.Error(marshalErr)
return thisSession, false
}
return thisSession, true
}
// GetSessions returns all sessions in the key store that match a filter key (a prefix)
func (b AuthorisationManager) GetSessions(filter string) []string {
return b.Store.GetKeys(filter)
}
// GenerateAuthKey is a utility function for generating new auth keys. Returns the storage key name and the actual key
func (b AuthorisationManager) GenerateAuthKey(OrgID string) string {
u5, _ := uuid.NewV4()
cleanSting := strings.Replace(u5.String(), "-", "", -1)
newAuthKey := expandKey(OrgID, cleanSting)
return newAuthKey
}
// GenerateHMACSecret is a utility function for generating new auth keys. Returns the storage key name and the actual key
func (b AuthorisationManager) GenerateHMACSecret() string {
u5, _ := uuid.NewV4()
cleanSting := strings.Replace(u5.String(), "-", "", -1)
newSecret := base64.StdEncoding.EncodeToString([]byte(cleanSting))
return newSecret
}