2024-02-20 13:46:15 +00:00
|
|
|
package services
|
|
|
|
|
|
|
|
import (
|
2024-09-22 05:13:05 +00:00
|
|
|
"context"
|
2024-02-20 13:46:15 +00:00
|
|
|
"fmt"
|
2024-03-22 16:28:27 +00:00
|
|
|
"time"
|
2024-03-20 12:56:43 +00:00
|
|
|
|
2024-09-22 05:13:05 +00:00
|
|
|
"github.com/eko/gocache/lib/v4/cache"
|
|
|
|
"github.com/eko/gocache/lib/v4/marshaler"
|
|
|
|
"github.com/eko/gocache/lib/v4/store"
|
2024-05-27 15:00:49 +00:00
|
|
|
jsoniter "github.com/json-iterator/go"
|
|
|
|
|
2024-09-22 05:13:05 +00:00
|
|
|
localCache "git.solsynth.dev/hydrogen/passport/pkg/internal/cache"
|
2024-06-17 14:21:34 +00:00
|
|
|
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
2024-02-20 13:46:15 +00:00
|
|
|
"github.com/gofiber/fiber/v2"
|
2024-03-22 16:28:27 +00:00
|
|
|
"github.com/rs/zerolog/log"
|
2024-02-20 13:46:15 +00:00
|
|
|
)
|
|
|
|
|
2024-06-22 05:04:21 +00:00
|
|
|
func Authenticate(atk, rtk string, rty int) (ctx models.AuthContext, perms map[string]any, newAtk, newRtk string, err error) {
|
2024-04-20 11:04:33 +00:00
|
|
|
var claims PayloadClaims
|
2024-06-22 05:04:21 +00:00
|
|
|
claims, err = DecodeJwt(atk)
|
2024-02-20 13:46:15 +00:00
|
|
|
if err != nil {
|
2024-06-22 05:04:21 +00:00
|
|
|
if len(rtk) > 0 && rty < 1 {
|
2024-02-20 13:46:15 +00:00
|
|
|
// Auto refresh and retry
|
2024-06-22 05:04:21 +00:00
|
|
|
newAtk, newRtk, err = RefreshToken(rtk)
|
2024-02-20 13:46:15 +00:00
|
|
|
if err == nil {
|
2024-06-22 05:04:21 +00:00
|
|
|
return Authenticate(newAtk, newRtk, rty+1)
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|
|
|
|
}
|
2024-03-23 02:15:25 +00:00
|
|
|
err = fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))
|
|
|
|
return
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|
|
|
|
|
2024-06-22 05:04:21 +00:00
|
|
|
newAtk = atk
|
|
|
|
newRtk = rtk
|
2024-03-23 02:15:25 +00:00
|
|
|
|
2024-05-17 11:53:47 +00:00
|
|
|
if ctx, err = GetAuthContext(claims.ID); err == nil {
|
2024-05-17 12:34:34 +00:00
|
|
|
var heldPerms map[string]any
|
|
|
|
rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes)
|
|
|
|
_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)
|
|
|
|
|
|
|
|
perms = FilterPermNodes(heldPerms, ctx.Ticket.Claims)
|
2024-03-23 02:15:25 +00:00
|
|
|
return
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
|
|
|
|
2024-03-23 02:15:25 +00:00
|
|
|
err = fiber.NewError(fiber.StatusUnauthorized, err.Error())
|
|
|
|
return
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
|
|
|
|
2024-09-22 05:13:05 +00:00
|
|
|
func GetAuthContextCacheKey(jti string) string {
|
|
|
|
return fmt.Sprintf("auth-context#%s", jti)
|
|
|
|
}
|
|
|
|
|
2024-03-22 16:28:27 +00:00
|
|
|
func GetAuthContext(jti string) (models.AuthContext, error) {
|
|
|
|
var err error
|
|
|
|
var ctx models.AuthContext
|
|
|
|
|
2024-09-22 05:13:05 +00:00
|
|
|
cacheManager := cache.New[any](localCache.S)
|
|
|
|
marshal := marshaler.New(cacheManager)
|
|
|
|
contx := context.Background()
|
|
|
|
|
2024-09-22 06:32:55 +00:00
|
|
|
if val, err := marshal.Get(contx, GetAuthContextCacheKey(jti), new(models.AuthContext)); err == nil {
|
2024-07-17 05:27:16 +00:00
|
|
|
ctx = val.(models.AuthContext)
|
2024-05-17 11:37:58 +00:00
|
|
|
} else {
|
2024-05-17 11:53:47 +00:00
|
|
|
ctx, err = CacheAuthContext(jti)
|
2024-05-17 11:37:58 +00:00
|
|
|
log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
|
2024-03-22 16:28:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return ctx, err
|
|
|
|
}
|
|
|
|
|
2024-05-17 11:53:47 +00:00
|
|
|
func CacheAuthContext(jti string) (models.AuthContext, error) {
|
2024-03-22 16:28:27 +00:00
|
|
|
var ctx models.AuthContext
|
|
|
|
|
|
|
|
// Query data from primary database
|
2024-04-21 04:20:06 +00:00
|
|
|
ticket, err := GetTicketWithToken(jti)
|
2024-02-20 13:46:15 +00:00
|
|
|
if err != nil {
|
2024-04-21 04:20:06 +00:00
|
|
|
return ctx, fmt.Errorf("invalid auth ticket: %v", err)
|
|
|
|
} else if err := ticket.IsAvailable(); err != nil {
|
|
|
|
return ctx, fmt.Errorf("unavailable auth ticket: %v", err)
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|
|
|
|
|
2024-04-21 04:20:06 +00:00
|
|
|
user, err := GetAccount(ticket.AccountID)
|
2024-02-20 13:46:15 +00:00
|
|
|
if err != nil {
|
2024-03-22 16:28:27 +00:00
|
|
|
return ctx, fmt.Errorf("invalid account: %v", err)
|
|
|
|
}
|
2024-07-24 09:23:44 +00:00
|
|
|
groups, err := GetUserAccountGroup(user)
|
|
|
|
if err != nil {
|
|
|
|
return ctx, fmt.Errorf("unable to get account groups: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, group := range groups {
|
|
|
|
for k, v := range group.PermNodes {
|
|
|
|
if _, ok := user.PermNodes[k]; !ok {
|
|
|
|
user.PermNodes[k] = v
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2024-03-22 16:28:27 +00:00
|
|
|
|
|
|
|
ctx = models.AuthContext{
|
2024-09-22 05:13:05 +00:00
|
|
|
Ticket: ticket,
|
|
|
|
Account: user,
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|
|
|
|
|
2024-09-22 05:13:05 +00:00
|
|
|
// Put the data into cache
|
|
|
|
cacheManager := cache.New[any](localCache.S)
|
|
|
|
marshal := marshaler.New(cacheManager)
|
|
|
|
contx := context.Background()
|
2024-07-17 05:27:16 +00:00
|
|
|
|
2024-09-22 05:13:05 +00:00
|
|
|
marshal.Set(
|
|
|
|
contx,
|
|
|
|
GetAuthContextCacheKey(jti),
|
|
|
|
ctx,
|
|
|
|
store.WithExpiration(3*time.Minute),
|
|
|
|
store.WithTags([]string{"auth-context", fmt.Sprintf("user#%d", user.ID)}),
|
|
|
|
)
|
2024-07-17 05:27:16 +00:00
|
|
|
|
2024-09-22 05:13:05 +00:00
|
|
|
return ctx, nil
|
2024-05-17 11:37:58 +00:00
|
|
|
}
|
2024-03-22 16:28:27 +00:00
|
|
|
|
2024-05-17 11:37:58 +00:00
|
|
|
func InvalidAuthCacheWithUser(userId uint) {
|
2024-09-22 05:13:05 +00:00
|
|
|
cacheManager := cache.New[any](localCache.S)
|
|
|
|
contx := context.Background()
|
|
|
|
|
|
|
|
cacheManager.Invalidate(
|
|
|
|
contx,
|
|
|
|
store.WithInvalidateTags([]string{"auth-context", fmt.Sprintf("user#%d", userId)}),
|
|
|
|
)
|
2024-02-20 13:46:15 +00:00
|
|
|
}
|