forked from SkygearIO/skygear-server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
authtoken.go
185 lines (164 loc) · 4.87 KB
/
authtoken.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
// Copyright 2015-present Oursky Ltd.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package authtoken
import (
"encoding/json"
"errors"
"fmt"
"path/filepath"
"time"
"github.com/skygeario/skygear-server/pkg/server/uuid"
)
// Token is an expiry access token associated to a AuthInfo.
type Token struct {
AccessToken string `json:"accessToken" redis:"accessToken"`
ExpiredAt time.Time `json:"expiredAt" redis:"expiredAt"`
AppName string `json:"appName" redis:"appName"`
AuthInfoID string `json:"authInfoID" redis:"authInfoID"`
issuedAt time.Time `json:"issuedAt" redis:"issuedAt"`
}
// MarshalJSON implements the json.Marshaler interface.
func (t Token) MarshalJSON() ([]byte, error) {
var expireAt, issuedAt jsonStamp
if !t.ExpiredAt.IsZero() {
expireAt = jsonStamp(t.ExpiredAt)
}
if !t.issuedAt.IsZero() {
issuedAt = jsonStamp(t.issuedAt)
}
return json.Marshal(&jsonToken{
t.AccessToken,
expireAt,
t.AppName,
t.AuthInfoID,
issuedAt,
})
}
// UnmarshalJSON implements the json.Unmarshaler interface.
func (t *Token) UnmarshalJSON(data []byte) (err error) {
token := jsonToken{}
if err := json.Unmarshal(data, &token); err != nil {
return err
}
var expireAt, issuedAt time.Time
if !time.Time(token.ExpiredAt).IsZero() {
expireAt = time.Time(token.ExpiredAt)
}
if !time.Time(token.issuedAt).IsZero() {
issuedAt = time.Time(token.issuedAt)
}
t.AccessToken = token.AccessToken
t.ExpiredAt = expireAt
t.AppName = token.AppName
t.AuthInfoID = token.AuthInfoID
t.issuedAt = issuedAt
return nil
}
func (t Token) IssuedAt() time.Time {
return t.issuedAt
}
type jsonToken struct {
AccessToken string `json:"accessToken"`
ExpiredAt jsonStamp `json:"expiredAt"`
AppName string `json:"appName"`
AuthInfoID string `json:"authInfoID"`
issuedAt jsonStamp `json:"issuedAt"`
}
type jsonStamp time.Time
// MarshalJSON implements the json.Marshaler interface.
func (t jsonStamp) MarshalJSON() ([]byte, error) {
tt := time.Time(t)
if tt.IsZero() {
return json.Marshal(0)
}
return json.Marshal(tt.UnixNano())
}
// UnmarshalJSON implements the json.Unmarshaler interface.
func (t *jsonStamp) UnmarshalJSON(data []byte) (err error) {
var i int64
if err := json.Unmarshal(data, &i); err != nil {
return err
}
if i == 0 {
*t = jsonStamp{}
return nil
}
*t = jsonStamp(time.Unix(0, i))
return nil
}
// New creates a new Token ready for use given a authInfoID and
// expiredAt date. If expiredAt is passed an empty Time, the token
// does not expire.
func New(appName string, authInfoID string, expiredAt time.Time) Token {
return Token{
// NOTE(limouren): I am not sure if it is good to use UUID
// as access token.
AccessToken: uuid.New(),
ExpiredAt: expiredAt,
AppName: appName,
AuthInfoID: authInfoID,
issuedAt: time.Now(),
}
}
// IsExpired determines whether the Token has expired now or not.
func (t *Token) IsExpired() bool {
return !t.ExpiredAt.IsZero() && t.ExpiredAt.Before(time.Now())
}
// NotFoundError is the error returned by Get if a TokenStore
// cannot find the requested token or the fetched token is expired.
type NotFoundError struct {
AccessToken string
Err error
}
func (e *NotFoundError) Error() string {
return fmt.Sprintf("get %#v: %v", e.AccessToken, e.Err)
}
// Store represents a persistent storage for Token.
type Store interface {
NewToken(appName string, authInfoID string) (Token, error)
Get(accessToken string, token *Token) error
Put(token *Token) error
Delete(accessToken string) error
}
var errInvalidToken = errors.New("invalid access token")
func validateToken(base string) error {
b := filepath.Base(base)
if b != base || b == "." || b == "/" {
return errInvalidToken
}
return nil
}
// Configuration encapsulates arguments to initialize a token store
type Configuration struct {
Implementation string
Path string
Prefix string
Expiry int64
Secret string
}
// InitTokenStore accept a implementation and path string. Return a Store.
func InitTokenStore(config Configuration) Store {
var store Store
switch config.Implementation {
default:
panic("unrecgonized token store implementation: " + config.Implementation)
case "fs":
store = NewFileStore(config.Path, config.Expiry)
case "redis":
store = NewRedisStore(config.Path, config.Prefix, config.Expiry)
case "jwt":
store = NewJWTStore(config.Secret, config.Expiry)
}
return store
}