Passport/pkg/internal/services/auth.go

package services

import (
	"context"
	"fmt"
	"time"

	"github.com/eko/gocache/lib/v4/cache"
	"github.com/eko/gocache/lib/v4/marshaler"
	"github.com/eko/gocache/lib/v4/store"
	jsoniter "github.com/json-iterator/go"

	localCache "git.solsynth.dev/hydrogen/passport/pkg/internal/cache"
	"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
	"github.com/gofiber/fiber/v2"
	"github.com/rs/zerolog/log"
)

func Authenticate(atk, rtk string, rty int) (ctx models.AuthContext, perms map[string]any, newAtk, newRtk string, err error) {
	var claims PayloadClaims
	claims, err = DecodeJwt(atk)
	if err != nil {
		if len(rtk) > 0 && rty < 1 {
			// Auto refresh and retry
			newAtk, newRtk, err = RefreshToken(rtk)
			if err == nil {
				return Authenticate(newAtk, newRtk, rty+1)
			}
		}
		err = fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))
		return
	}

	newAtk = atk
	newRtk = rtk

	if ctx, err = GetAuthContext(claims.ID); err == nil {
		var heldPerms map[string]any
		rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes)
		_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)

		perms = FilterPermNodes(heldPerms, ctx.Ticket.Claims)
		return
	}

	err = fiber.NewError(fiber.StatusUnauthorized, err.Error())
	return
}

func GetAuthContextCacheKey(jti string) string {
	return fmt.Sprintf("auth-context#%s", jti)
}

func GetAuthContext(jti string) (models.AuthContext, error) {
	var err error
	var ctx models.AuthContext

	cacheManager := cache.New[any](localCache.S)
	marshal := marshaler.New(cacheManager)
	contx := context.Background()

	if val, err := marshal.Get(contx, GetAuthContextCacheKey(jti), new(models.AuthContext)); err == nil {
		ctx = val.(models.AuthContext)
	} else {
		ctx, err = CacheAuthContext(jti)
		log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
	}

	return ctx, err
}

func CacheAuthContext(jti string) (models.AuthContext, error) {
	var ctx models.AuthContext

	// Query data from primary database
	ticket, err := GetTicketWithToken(jti)
	if err != nil {
		return ctx, fmt.Errorf("invalid auth ticket: %v", err)
	} else if err := ticket.IsAvailable(); err != nil {
		return ctx, fmt.Errorf("unavailable auth ticket: %v", err)
	}

	user, err := GetAccount(ticket.AccountID)
	if err != nil {
		return ctx, fmt.Errorf("invalid account: %v", err)
	}
	groups, err := GetUserAccountGroup(user)
	if err != nil {
		return ctx, fmt.Errorf("unable to get account groups: %v", err)
	}

	for _, group := range groups {
		for k, v := range group.PermNodes {
			if _, ok := user.PermNodes[k]; !ok {
				user.PermNodes[k] = v
			}
		}
	}

	ctx = models.AuthContext{
		Ticket:  ticket,
		Account: user,
	}

	// Put the data into cache
	cacheManager := cache.New[any](localCache.S)
	marshal := marshaler.New(cacheManager)
	contx := context.Background()

	marshal.Set(
		contx,
		GetAuthContextCacheKey(jti),
		ctx,
		store.WithExpiration(3*time.Minute),
		store.WithTags([]string{"auth-context", fmt.Sprintf("user#%d", user.ID)}),
	)

	return ctx, nil
}

func InvalidAuthCacheWithUser(userId uint) {
	cacheManager := cache.New[any](localCache.S)
	contx := context.Background()

	cacheManager.Invalidate(
		contx,
		store.WithInvalidateTags([]string{"auth-context", fmt.Sprintf("user#%d", userId)}),
	)
}
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`package services`

			`import (`
:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`"context"`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`"fmt"`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`"time"`
:truck: Update domain 2024-03-20 12:56:43 +00:00
:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`"github.com/eko/gocache/lib/v4/cache"`
			`"github.com/eko/gocache/lib/v4/marshaler"`
			`"github.com/eko/gocache/lib/v4/store"`
:ambulance: Fix write map panic with mutex 2024-05-27 15:00:49 +00:00			`jsoniter "github.com/json-iterator/go"`

:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`localCache "git.solsynth.dev/hydrogen/passport/pkg/internal/cache"`
:bug: Bug fixes on connection and package naming 2024-06-17 14:21:34 +00:00			`"git.solsynth.dev/hydrogen/passport/pkg/internal/models"`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`"github.com/gofiber/fiber/v2"`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`"github.com/rs/zerolog/log"`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`)`

:recycle: Improve code structure and much easier to read :bug: Fix auth middleware 2024-06-22 05:04:21 +00:00			`func Authenticate(atk, rtk string, rty int) (ctx models.AuthContext, perms map[string]any, newAtk, newRtk string, err error) {`
:sparkles: New ticket ways 2024-04-20 11:04:33 +00:00			`var claims PayloadClaims`
:recycle: Improve code structure and much easier to read :bug: Fix auth middleware 2024-06-22 05:04:21 +00:00			`claims, err = DecodeJwt(atk)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`if err != nil {`
:recycle: Improve code structure and much easier to read :bug: Fix auth middleware 2024-06-22 05:04:21 +00:00			`if len(rtk) > 0 && rty < 1 {`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`// Auto refresh and retry`
:recycle: Improve code structure and much easier to read :bug: Fix auth middleware 2024-06-22 05:04:21 +00:00			`newAtk, newRtk, err = RefreshToken(rtk)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`if err == nil {`
:recycle: Improve code structure and much easier to read :bug: Fix auth middleware 2024-06-22 05:04:21 +00:00			`return Authenticate(newAtk, newRtk, rty+1)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`
			`}`
:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00			`err = fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))`
			`return`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`

:recycle: Improve code structure and much easier to read :bug: Fix auth middleware 2024-06-22 05:04:21 +00:00			`newAtk = atk`
			`newRtk = rtk`
:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00
:sparkles: Bug fixes of permission check 2024-05-17 11:53:47 +00:00			`if ctx, err = GetAuthContext(claims.ID); err == nil {`
:bug: Fix decoding permission nodes from db 2024-05-17 12:34:34 +00:00			`var heldPerms map[string]any`
			`rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes)`
			`_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)`

			`perms = FilterPermNodes(heldPerms, ctx.Ticket.Claims)`
:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00			`return`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`}`

:bug: Fix context return null on first time 2024-03-23 02:15:25 +00:00			`err = fiber.NewError(fiber.StatusUnauthorized, err.Error())`
			`return`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`}`

:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`func GetAuthContextCacheKey(jti string) string {`
			`return fmt.Sprintf("auth-context#%s", jti)`
			`}`

:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`func GetAuthContext(jti string) (models.AuthContext, error) {`
			`var err error`
			`var ctx models.AuthContext`

:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`cacheManager := cache.New[any](localCache.S)`
			`marshal := marshaler.New(cacheManager)`
			`contx := context.Background()`

:bug: Fix wrong condition on check auth context is cached 2024-09-22 06:32:55 +00:00			`if val, err := marshal.Get(contx, GetAuthContextCacheKey(jti), new(models.AuthContext)); err == nil {`
:bug: Fix concurrent write and read auth context cache 2024-07-17 05:27:16 +00:00			`ctx = val.(models.AuthContext)`
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`} else {`
:sparkles: Bug fixes of permission check 2024-05-17 11:53:47 +00:00			`ctx, err = CacheAuthContext(jti)`
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`log.Debug().Str("jti", jti).Msg("Created a new auth context cache")`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`}`

			`return ctx, err`
			`}`

:sparkles: Bug fixes of permission check 2024-05-17 11:53:47 +00:00			`func CacheAuthContext(jti string) (models.AuthContext, error) {`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`var ctx models.AuthContext`

			`// Query data from primary database`
:sparkles: User center page 2024-04-21 04:20:06 +00:00			`ticket, err := GetTicketWithToken(jti)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`if err != nil {`
:sparkles: User center page 2024-04-21 04:20:06 +00:00			`return ctx, fmt.Errorf("invalid auth ticket: %v", err)`
			`} else if err := ticket.IsAvailable(); err != nil {`
			`return ctx, fmt.Errorf("unavailable auth ticket: %v", err)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`

:sparkles: User center page 2024-04-21 04:20:06 +00:00			`user, err := GetAccount(ticket.AccountID)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`if err != nil {`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00			`return ctx, fmt.Errorf("invalid account: %v", err)`
			`}`
:sparkles: Account groups 2024-07-24 09:23:44 +00:00			`groups, err := GetUserAccountGroup(user)`
			`if err != nil {`
			`return ctx, fmt.Errorf("unable to get account groups: %v", err)`
			`}`

			`for _, group := range groups {`
			`for k, v := range group.PermNodes {`
			`if _, ok := user.PermNodes[k]; !ok {`
			`user.PermNodes[k] = v`
			`}`
			`}`
			`}`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00
			`ctx = models.AuthContext{`
:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`Ticket: ticket,`
			`Account: user,`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`

:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`// Put the data into cache`
			`cacheManager := cache.New[any](localCache.S)`
			`marshal := marshaler.New(cacheManager)`
			`contx := context.Background()`
:bug: Fix concurrent write and read auth context cache 2024-07-17 05:27:16 +00:00
:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`marshal.Set(`
			`contx,`
			`GetAuthContextCacheKey(jti),`
			`ctx,`
			`store.WithExpiration(3*time.Minute),`
			`store.WithTags([]string{"auth-context", fmt.Sprintf("user#%d", user.ID)}),`
			`)`
:bug: Fix concurrent write and read auth context cache 2024-07-17 05:27:16 +00:00
:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`return ctx, nil`
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`}`
:zap: Add a cache layer in auth to speed up auth 2024-03-22 16:28:27 +00:00
:zap: In memory auth context cache 2024-05-17 11:37:58 +00:00			`func InvalidAuthCacheWithUser(userId uint) {`
:recycle: Refactored cache system 2024-09-22 05:13:05 +00:00			`cacheManager := cache.New[any](localCache.S)`
			`contx := context.Background()`

			`cacheManager.Invalidate(`
			`contx,`
			`store.WithInvalidateTags([]string{"auth-context", fmt.Sprintf("user#%d", userId)}),`
			`)`
:sparkles: Grpc APIs 2024-02-20 13:46:15 +00:00			`}`