-
Notifications
You must be signed in to change notification settings - Fork 0
/
account.go
197 lines (168 loc) · 5.07 KB
/
account.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
// Copyright © 2017 The Things Network
// Use of this source code is governed by the MIT license that can be found in the LICENSE file.
package util
import (
"encoding/json"
"fmt"
"os"
"path"
"runtime"
"strings"
"time"
"github.com/TheThingsNetwork/go-account-lib/account"
"github.com/TheThingsNetwork/go-account-lib/cache"
"github.com/TheThingsNetwork/go-account-lib/oauth"
"github.com/TheThingsNetwork/go-account-lib/tokens"
ttnlog "github.com/TheThingsNetwork/go-utils/log"
"github.com/spf13/viper"
"golang.org/x/oauth2"
)
var tokenSource oauth2.TokenSource
func tokenFile() string {
return getServerKey() + ".token"
}
func derivedTokenFile() string {
return getServerKey() + ".derived-tokens"
}
func tokenName() string {
return viper.GetString("auth-server")
}
func getServerKey() string {
replacer := strings.NewReplacer("https:", "", "http:", "", "/", "", ".", "")
return replacer.Replace(viper.GetString("auth-server"))
}
func tokenFilename(name string) string {
return tokenFile()
}
// GetCache get's the cache that will store our tokens
func GetTokenCache() cache.Cache {
return cache.FileCacheWithNameFn(GetDataDir(), tokenFilename)
}
func GetUserAgent() string {
return fmt.Sprintf(
"ttnctl/%s-%s (%s-%s) (%s)",
viper.GetString("version"),
viper.GetString("gitCommit"),
runtime.GOOS,
runtime.GOARCH,
GetID(),
)
}
// getOAuth gets the OAuth client
func getOAuth() *oauth.Config {
return oauth.OAuth(viper.GetString("auth-server"), &oauth.Client{
ID: "ttnctl",
Secret: "ttnctl",
ExtraHeaders: map[string]string{
"User-Agent": GetUserAgent(),
},
})
}
func getAccountServerTokenSource(token *oauth2.Token) oauth2.TokenSource {
return getOAuth().TokenSource(token)
}
func getStoredToken(ctx ttnlog.Interface) *oauth2.Token {
tokenCache := GetTokenCache()
data, err := tokenCache.Get(tokenName())
if err != nil {
ctx.WithError(err).Fatal("Could not read stored token")
}
if data == nil {
ctx.Fatal("No account information found. Please login with ttnctl user login [access code]")
}
token := &oauth2.Token{}
err = json.Unmarshal(data, token)
if err != nil {
ctx.Fatal("Account information invalid. Please login with ttnctl user login [access code]")
}
return token
}
func saveToken(ctx ttnlog.Interface, token *oauth2.Token) {
data, err := json.Marshal(token)
if err != nil {
ctx.WithError(err).Fatal("Could not save access token")
}
err = GetTokenCache().Set(tokenName(), data)
if err != nil {
ctx.WithError(err).Fatal("Could not save access token")
}
}
type ttnctlTokenSource struct {
ctx ttnlog.Interface
source oauth2.TokenSource
}
func (s *ttnctlTokenSource) Token() (*oauth2.Token, error) {
token, err := s.source.Token()
if err != nil {
return nil, err
}
saveToken(s.ctx, token)
return token, nil
}
// ForceRefreshToken forces a refresh of the access token
func ForceRefreshToken(ctx ttnlog.Interface) {
tokenSource := GetTokenSource(ctx).(*ttnctlTokenSource)
token, err := tokenSource.Token()
if err != nil {
ctx.WithError(err).Fatal("Could not get access token")
}
token.Expiry = time.Now().Add(-1 * time.Second)
tokenSource.source = oauth2.ReuseTokenSource(token, getAccountServerTokenSource(token))
tokenSource.Token()
}
// GetTokenSource builds a new oauth2.TokenSource that uses the ttnctl config to store the token
func GetTokenSource(ctx ttnlog.Interface) oauth2.TokenSource {
if tokenSource != nil {
return tokenSource
}
token := getStoredToken(ctx)
source := oauth2.ReuseTokenSource(token, getAccountServerTokenSource(token))
tokenSource = &ttnctlTokenSource{ctx, source}
return tokenSource
}
func GetTokenManager(accessToken string) tokens.Manager {
server := viper.GetString("auth-server")
return tokens.HTTPManager(server, accessToken, tokens.FileStore(path.Join(GetDataDir(), derivedTokenFile())))
}
// GetAccount gets a new Account server client for ttnctl
func GetAccount(ctx ttnlog.Interface) *account.Account {
token, err := GetTokenSource(ctx).Token()
if err != nil {
ctx.WithError(err).Fatal("Could not get access token")
}
server := viper.GetString("auth-server")
manager := GetTokenManager(token.AccessToken)
return account.NewWithManager(server, token.AccessToken, manager).WithHeader("User-Agent", GetUserAgent())
}
// Login does a login to the Account server with the given username and password
func Login(ctx ttnlog.Interface, code string) (*oauth2.Token, error) {
config := getOAuth()
token, err := config.Exchange(code)
if err != nil {
return nil, err
}
saveToken(ctx, token)
return token, nil
}
func TokenForScope(ctx ttnlog.Interface, scope string) string {
token, err := GetTokenSource(ctx).Token()
if err != nil {
ctx.WithError(err).Fatal("Could not get token")
}
restricted, err := GetTokenManager(token.AccessToken).TokenForScope(scope)
if err != nil {
ctx.WithError(err).Fatal("Could not get correct rights")
}
return restricted
}
func Logout() error {
err := os.Remove(path.Join(GetDataDir(), tokenFile()))
if err != nil {
return err
}
err = os.Remove(path.Join(GetDataDir(), derivedTokenFile()))
if err != nil && !os.IsNotExist(err) {
return err
}
return nil
}