Passport/pkg/services/auth.go

package services

import (
	"fmt"
	"time"

	"git.solsynth.dev/hydrogen/passport/pkg/models"
	"github.com/gofiber/fiber/v2"
	"github.com/rs/zerolog/log"
)

var authContextCache = make(map[string]models.AuthContext)

func Authenticate(access, refresh string, depth int) (user models.Account, perms map[string]any, newAccess, newRefresh string, err error) {
	var claims PayloadClaims
	claims, err = DecodeJwt(access)
	if err != nil {
		if len(refresh) > 0 && depth < 1 {
			// Auto refresh and retry
			newAccess, newRefresh, err = RefreshToken(refresh)
			if err == nil {
				return Authenticate(newAccess, newRefresh, depth+1)
			}
		}
		err = fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))
		return
	}

	newAccess = access
	newRefresh = refresh

	var ctx models.AuthContext
	if ctx, err = GetAuthContext(claims.ID); err == nil {
		perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
		user = ctx.Account
		return
	}

	err = fiber.NewError(fiber.StatusUnauthorized, err.Error())
	return
}

func GetAuthContext(jti string) (models.AuthContext, error) {
	var err error
	var ctx models.AuthContext

	if val, ok := authContextCache[jti]; ok {
		ctx = val
		ctx.LastUsedAt = time.Now()
		authContextCache[jti] = ctx
		log.Debug().Str("jti", jti).Msg("Used an auth context cache")
	} else {
		ctx, err = CacheAuthContext(jti)
		log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
	}

	return ctx, err
}

func CacheAuthContext(jti string) (models.AuthContext, error) {
	var ctx models.AuthContext

	// Query data from primary database
	ticket, err := GetTicketWithToken(jti)
	if err != nil {
		return ctx, fmt.Errorf("invalid auth ticket: %v", err)
	} else if err := ticket.IsAvailable(); err != nil {
		return ctx, fmt.Errorf("unavailable auth ticket: %v", err)
	}

	user, err := GetAccount(ticket.AccountID)
	if err != nil {
		return ctx, fmt.Errorf("invalid account: %v", err)
	}

	ctx = models.AuthContext{
		Ticket:     ticket,
		Account:    user,
		LastUsedAt: time.Now(),
	}

	// Put the data into memory for cache
	authContextCache[jti] = ctx

	return ctx, nil
}

func RecycleAuthContext() {
	if len(authContextCache) == 0 {
		return
	}

	affected := 0
	for key, val := range authContextCache {
		if val.LastUsedAt.Add(60*time.Second).Unix() < time.Now().Unix() {
			affected++
			delete(authContextCache, key)
		}
	}
	log.Debug().Int("affected", affected).Msg("Recycled auth context...")
}

func InvalidAuthCacheWithUser(userId uint) {
	for key, val := range authContextCache {
		if val.Account.ID == userId {
			delete(authContextCache, key)
		}
	}
}
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`package services`

			`import (`
			`"fmt"`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`"time"`
:truck: Update domain 2024-03-20 12:56:43 +00:00
:truck: Rename package 2024-04-13 05:48:19 +00:00			`"git.solsynth.dev/hydrogen/passport/pkg/models"`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`"github.com/gofiber/fiber/v2"`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`"github.com/rs/zerolog/log"`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`)`

:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`var authContextCache = make(map[string]models.AuthContext)`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00
:sparkles: Basis perm nodes feature 2024-05-17 09:13:11 +00:00			`func Authenticate(access, refresh string, depth int) (user models.Account, perms map[string]any, newAccess, newRefresh string, err error) {`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`var claims PayloadClaims`
			`claims, err = DecodeJwt(access)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`if err != nil {`
			`if len(refresh) > 0 && depth < 1 {`
			`// Auto refresh and retry`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`newAccess, newRefresh, err = RefreshToken(refresh)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`if err == nil {`
:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00			`return Authenticate(newAccess, newRefresh, depth+1)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`
			`}`
:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00			`err = fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))`
			`return`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`

:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00			`newAccess = access`
			`newRefresh = refresh`

:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`var ctx models.AuthContext`
:sparkles: Bug fixes of permission check 2024-05-17 11:53:47 +00:00			`if ctx, err = GetAuthContext(claims.ID); err == nil {`
:sparkles: Basis perm nodes feature 2024-05-17 09:13:11 +00:00			`perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)`
:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00			`user = ctx.Account`
			`return`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`}`

:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00			`err = fiber.NewError(fiber.StatusUnauthorized, err.Error())`
			`return`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`}`

			`func GetAuthContext(jti string) (models.AuthContext, error) {`
			`var err error`
			`var ctx models.AuthContext`

:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`if val, ok := authContextCache[jti]; ok {`
			`ctx = val`
			`ctx.LastUsedAt = time.Now()`
			`authContextCache[jti] = ctx`
			`log.Debug().Str("jti", jti).Msg("Used an auth context cache")`
			`} else {`
:sparkles: Bug fixes of permission check 2024-05-17 11:53:47 +00:00			`ctx, err = CacheAuthContext(jti)`
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`log.Debug().Str("jti", jti).Msg("Created a new auth context cache")`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`}`

			`return ctx, err`
			`}`

:sparkles: Bug fixes of permission check 2024-05-17 11:53:47 +00:00			`func CacheAuthContext(jti string) (models.AuthContext, error) {`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`var ctx models.AuthContext`

			`// Query data from primary database`
:sparkles: User center page 2024-04-21 04:20:06 +00:00			`ticket, err := GetTicketWithToken(jti)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`if err != nil {`
:sparkles: User center page 2024-04-21 04:20:06 +00:00			`return ctx, fmt.Errorf("invalid auth ticket: %v", err)`
			`} else if err := ticket.IsAvailable(); err != nil {`
			`return ctx, fmt.Errorf("unavailable auth ticket: %v", err)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`

:sparkles: User center page 2024-04-21 04:20:06 +00:00			`user, err := GetAccount(ticket.AccountID)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`if err != nil {`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`return ctx, fmt.Errorf("invalid account: %v", err)`
			`}`

			`ctx = models.AuthContext{`
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`Ticket: ticket,`
			`Account: user,`
			`LastUsedAt: time.Now(),`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`

:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`// Put the data into memory for cache`
			`authContextCache[jti] = ctx`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`return ctx, nil`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`}`

:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`func RecycleAuthContext() {`
			`if len(authContextCache) == 0 {`
			`return`
			`}`

			`affected := 0`
			`for key, val := range authContextCache {`
			`if val.LastUsedAt.Add(60*time.Second).Unix() < time.Now().Unix() {`
			`affected++`
			`delete(authContextCache, key)`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`}`
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`}`
			`log.Debug().Int("affected", affected).Msg("Recycled auth context...")`
			`}`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`func InvalidAuthCacheWithUser(userId uint) {`
			`for key, val := range authContextCache {`
			`if val.Account.ID == userId {`
			`delete(authContextCache, key)`
			`}`
			`}`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`