/
auth.go
98 lines (90 loc) · 3.68 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
//(C) Copyright [2020] Hewlett Packard Enterprise Development LP
//
//Licensed under the Apache License, Version 2.0 (the "License"); you may
//not use this file except in compliance with the License. You may obtain
//a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
//WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
//License for the specific language governing permissions and limitations
// under the License.
// Package auth ...
package auth
import (
"context"
"net/http"
"strconv"
"time"
"github.com/ODIM-Project/ODIM/lib-utilities/common"
customLogs "github.com/ODIM-Project/ODIM/lib-utilities/logs"
l "github.com/ODIM-Project/ODIM/lib-utilities/logs"
authproto "github.com/ODIM-Project/ODIM/lib-utilities/proto/auth"
"github.com/ODIM-Project/ODIM/lib-utilities/response"
)
// Auth functionality will do the following
// 1. It will check whether the session taken is valid
// 2. fetch the privileges from DB against session token
// and check the service has the previlege
func Auth(ctx context.Context, req *authproto.AuthRequest) (int32, string) {
var threadID int = 1
ctxt := context.WithValue(ctx, common.ThreadName, common.CheckAuth)
ctxt = context.WithValue(ctxt, common.ThreadID, strconv.Itoa(threadID))
go expiredSessionCleanUp(ctxt)
threadID++
if req.SessionToken == "" {
CustomAuthLog(ctx, "", "Invalid session token ", http.StatusUnauthorized)
return http.StatusUnauthorized, response.NoValidSession
}
if len(req.Privileges) == 0 {
CustomAuthLog(ctx, req.SessionToken, "Received empty privileges, unable to proceed ", http.StatusForbidden)
return http.StatusUnauthorized, response.NoValidSession
}
session, err := CheckSessionTimeOut(ctx, req.SessionToken)
if err != nil {
status, message := err.GetAuthStatusCodeAndMessage()
if status == http.StatusUnauthorized {
CustomAuthLog(ctx, "", "Received invalid session token "+req.SessionToken, http.StatusUnauthorized)
} else {
l.LogWithFields(ctx).Error("SessionToken validation failed, unable to proceed " + err.Error())
}
return status, message
}
session.LastUsedTime = time.Now()
// Update Session
if err = session.Update(); err != nil {
l.LogWithFields(ctx).Error("SessionToken update failed with error: " + err.Error())
return err.GetAuthStatusCodeAndMessage()
}
// if the service has all the privileges then return success
// if any of the privilege isn't assigned to service then return failure
for _, privilege := range req.Privileges {
if !session.Privileges[privilege] {
CustomAuthLog(ctx, req.SessionToken, "User does not have sufficient privileges", http.StatusForbidden)
return http.StatusForbidden, response.InsufficientPrivilege
}
}
// TODO: Need to check OEM Privileges
CustomAuthLog(ctx, req.SessionToken, "Authorization is successful", http.StatusOK)
return http.StatusOK, response.Success
}
// CustomAuthLog function takes session token, message and response status code
// Gets the user id and role id for the session token provided
// logs the messages in custom log format
func CustomAuthLog(ctx context.Context, sessionToken, msg string, respStatusCode int32) {
userID := ""
roleID := ""
if sessionToken != "" {
currentSession, err := CheckSessionTimeOut(ctx, sessionToken)
if err == nil {
userID = currentSession.UserName
roleID = currentSession.RoleID
}
}
ctx = context.WithValue(ctx, common.SessionUserID, userID)
ctx = context.WithValue(ctx, common.SessionRoleID, roleID)
ctx = context.WithValue(ctx, common.StatusCode, respStatusCode)
customLogs.AuthLog(ctx).Info(msg)
}