2024-02-20 13:46:15 +00:00
|
|
|
package services
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2024-03-22 16:28:27 +00:00
|
|
|
"time"
|
2024-03-20 12:56:43 +00:00
|
|
|
|
2024-04-13 05:48:19 +00:00
|
|
|
"git.solsynth.dev/hydrogen/passport/pkg/models"
|
2024-02-20 13:46:15 +00:00
|
|
|
"github.com/gofiber/fiber/v2"
|
2024-03-22 16:28:27 +00:00
|
|
|
"github.com/rs/zerolog/log"
|
2024-02-20 13:46:15 +00:00
|
|
|
)
|
|
|
|
|
2024-05-17 11:37:58 +00:00
|
|
|
var authContextCache = make(map[string]models.AuthContext)
|
2024-03-22 16:28:27 +00:00
|
|
|
|
2024-05-17 09:13:11 +00:00
|
|
|
func Authenticate(access, refresh string, depth int) (user models.Account, perms map[string]any, newAccess, newRefresh string, err error) {
|
2024-04-20 11:04:33 +00:00
|
|
|
var claims PayloadClaims
|
|
|
|
claims, err = DecodeJwt(access)
|
2024-02-20 13:46:15 +00:00
|
|
|
if err != nil {
|
|
|
|
if len(refresh) > 0 && depth < 1 {
|
|
|
|
// Auto refresh and retry
|
2024-04-20 11:04:33 +00:00
|
|
|
newAccess, newRefresh, err = RefreshToken(refresh)
|
2024-02-20 13:46:15 +00:00
|
|
|
if err == nil {
|
2024-03-23 02:15:25 +00:00
|
|
|
return Authenticate(newAccess, newRefresh, depth+1)
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|
|
|
|
}
|
2024-03-23 02:15:25 +00:00
|
|
|
err = fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))
|
|
|
|
return
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|
|
|
|
|
2024-03-23 02:15:25 +00:00
|
|
|
newAccess = access
|
|
|
|
newRefresh = refresh
|
|
|
|
|
2024-03-22 16:28:27 +00:00
|
|
|
var ctx models.AuthContext
|
|
|
|
|
|
|
|
ctx, lookupErr := GetAuthContext(claims.ID)
|
|
|
|
if lookupErr == nil {
|
|
|
|
log.Debug().Str("jti", claims.ID).Msg("Hit auth context cache once!")
|
2024-05-17 09:13:11 +00:00
|
|
|
perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
2024-03-23 02:15:25 +00:00
|
|
|
user = ctx.Account
|
|
|
|
return
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ctx, err = GrantAuthContext(claims.ID)
|
|
|
|
if err == nil {
|
2024-05-17 11:37:58 +00:00
|
|
|
|
2024-05-17 09:13:11 +00:00
|
|
|
perms = FilterPermNodes(ctx.Account.PermNodes, ctx.Ticket.Claims)
|
2024-03-23 02:15:25 +00:00
|
|
|
user = ctx.Account
|
|
|
|
return
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
|
|
|
|
2024-03-23 02:15:25 +00:00
|
|
|
err = fiber.NewError(fiber.StatusUnauthorized, err.Error())
|
|
|
|
return
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func GetAuthContext(jti string) (models.AuthContext, error) {
|
|
|
|
var err error
|
|
|
|
var ctx models.AuthContext
|
|
|
|
|
2024-05-17 11:37:58 +00:00
|
|
|
if val, ok := authContextCache[jti]; ok {
|
|
|
|
ctx = val
|
|
|
|
ctx.LastUsedAt = time.Now()
|
|
|
|
authContextCache[jti] = ctx
|
|
|
|
log.Debug().Str("jti", jti).Msg("Used an auth context cache")
|
|
|
|
} else {
|
|
|
|
ctx, err = GrantAuthContext(jti)
|
|
|
|
log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return ctx, err
|
|
|
|
}
|
|
|
|
|
|
|
|
func GrantAuthContext(jti string) (models.AuthContext, error) {
|
|
|
|
var ctx models.AuthContext
|
|
|
|
|
|
|
|
// Query data from primary database
|
2024-04-21 04:20:06 +00:00
|
|
|
ticket, err := GetTicketWithToken(jti)
|
2024-02-20 13:46:15 +00:00
|
|
|
if err != nil {
|
2024-04-21 04:20:06 +00:00
|
|
|
return ctx, fmt.Errorf("invalid auth ticket: %v", err)
|
|
|
|
} else if err := ticket.IsAvailable(); err != nil {
|
|
|
|
return ctx, fmt.Errorf("unavailable auth ticket: %v", err)
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|
|
|
|
|
2024-04-21 04:20:06 +00:00
|
|
|
user, err := GetAccount(ticket.AccountID)
|
2024-02-20 13:46:15 +00:00
|
|
|
if err != nil {
|
2024-03-22 16:28:27 +00:00
|
|
|
return ctx, fmt.Errorf("invalid account: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx = models.AuthContext{
|
2024-05-17 11:37:58 +00:00
|
|
|
Ticket: ticket,
|
|
|
|
Account: user,
|
|
|
|
LastUsedAt: time.Now(),
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|
|
|
|
|
2024-05-17 11:37:58 +00:00
|
|
|
// Put the data into memory for cache
|
|
|
|
authContextCache[jti] = ctx
|
2024-03-22 16:28:27 +00:00
|
|
|
|
2024-05-17 11:37:58 +00:00
|
|
|
return ctx, nil
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
|
|
|
|
2024-05-17 11:37:58 +00:00
|
|
|
func RecycleAuthContext() {
|
|
|
|
if len(authContextCache) == 0 {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
affected := 0
|
|
|
|
for key, val := range authContextCache {
|
|
|
|
if val.LastUsedAt.Add(60*time.Second).Unix() < time.Now().Unix() {
|
|
|
|
affected++
|
|
|
|
delete(authContextCache, key)
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
2024-05-17 11:37:58 +00:00
|
|
|
}
|
|
|
|
log.Debug().Int("affected", affected).Msg("Recycled auth context...")
|
|
|
|
}
|
2024-03-22 16:28:27 +00:00
|
|
|
|
2024-05-17 11:37:58 +00:00
|
|
|
func InvalidAuthCacheWithUser(userId uint) {
|
|
|
|
for key, val := range authContextCache {
|
|
|
|
if val.Account.ID == userId {
|
|
|
|
delete(authContextCache, key)
|
|
|
|
}
|
|
|
|
}
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|