Merge pull request #146 from jlakkist/sticky-session

Cookie support
SSHcom · Mar 25, 2024 · 4208b8c · 4208b8c
2 parents 60980ce + aa77e36
commit 4208b8c
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 19 deletions.
diff --git a/oauth/authclient.go b/oauth/authclient.go
@@ -16,22 +16,21 @@ import (
 type tAuthPassword struct{ *tAuth }
 
 /*
-
 WithClientID executes OAuth2 Resource Owner Password Grant
 It uses access/secret key pair to authenticate client
 
-  auth := oauth2.WithClientID(
-		restapi.New(...),
-		oauth2.Access(...),
-		oauth2.Secret(...),
-	)
+	  auth := oauth2.WithClientID(
+			restapi.New(...),
+			oauth2.Access(...),
+			oauth2.Secret(...),
+		)
 
-	client := restapi.New(
-		restapi.Auth(auth),
-		restapi.Endpoint("https://privx.example.com"),
-	)
+		client := restapi.New(
+			restapi.Auth(auth),
+			restapi.Endpoint("https://privx.example.com"),
+		)
 
-	rolestore.New(client)
+		rolestore.New(client)
 */
 func WithClientID(client restapi.Connector, opts ...Option) restapi.Authorizer {
 	return &tAuthPassword{tAuth: newAuth(client, opts...)}
@@ -54,12 +53,16 @@ func (auth *tAuthPassword) grantPasswordCredentials() error {
 	}
 	var token AccessToken
 
-	_, err := auth.client.
+	header, err := auth.client.
 		URL("/auth/api/v1/oauth/token").
 		Header("Content-Type", "application/x-www-form-urlencoded").
 		Header("Authorization", "Basic "+auth.digest).
 		Post(request, &token)
 
+	if auth.useCookies && auth.cookie == "" {
+		auth.cookie = header.Get("Set-Cookie")
+	}
+
 	if err != nil {
 		token.notAfter = time.Now().Add(
 			time.Duration(token.ExpiresIn) * time.Second)

diff --git a/oauth/authtoken.go b/oauth/authtoken.go
@@ -21,3 +21,8 @@ func WithToken(token string) restapi.Authorizer {
 func (auth *tAuthExplicit) AccessToken() (string, error) {
 	return auth.string, nil
 }
+
+func (auth *tAuthExplicit) Cookie() string {
+	// Session cookies not suppoted for explicit auth
+	return ""
+}
diff --git a/oauth/opts.go b/oauth/opts.go
@@ -112,3 +112,10 @@ func UseEnvironment() Option {
 		return auth
 	}
 }
+
+func UseCookies() Option {
+	return func(auth *tAuth) *tAuth {
+		auth.useCookies = true
+		return auth
+	}
+}
diff --git a/oauth/types.go b/oauth/types.go
@@ -30,15 +30,16 @@ func (token *AccessToken) isInvalid() bool {
 // tAuth authorizer client
 type tAuth struct {
 	*sync.Cond
-	access  string
-	secret  string
-	digest  string
-	client  restapi.Connector
-	token   *AccessToken
-	pending bool
+	access     string
+	secret     string
+	digest     string
+	client     restapi.Connector
+	token      *AccessToken
+	useCookies bool
+	cookie     string
+	pending    bool
 }
 
-//
 func newAuth(client restapi.Connector, opts ...Option) *tAuth {
 	auth := &tAuth{
 		Cond:   sync.NewCond(new(sync.Mutex)),
@@ -72,6 +73,10 @@ func (auth *tAuth) synchronized(f func() error) (err error) {
 	return
 }
 
+func (auth *tAuth) Cookie() string {
+	return auth.cookie
+}
+
 // tClientID is a pair of unique client id and redirect uri
 type tClientID struct {
 	ID          string `json:"client_id"`

diff --git a/restapi/client.go b/restapi/client.go
@@ -85,6 +85,10 @@ func (client *tClient) do(req *http.Request) (*http.Response, error) {
 			return nil, err
 		}
 		req.Header.Set("Authorization", token)
+
+		if cookie := client.auth.Cookie(); cookie != "" {
+			req.Header.Set("Cookie", cookie)
+		}
 	}
 	req.Header.Set("User-Agent", UserAgent)
 

diff --git a/restapi/types.go b/restapi/types.go
@@ -38,6 +38,7 @@ type CURL interface {
 // Authorizer provides access token for REST API client
 type Authorizer interface {
 	AccessToken() (string, error)
+	Cookie() string
 }
 
 const (