✨ Bot token aka. API token
This commit is contained in:
53
pkg/internal/services/bot_token.go
Normal file
53
pkg/internal/services/bot_token.go
Normal file
@ -0,0 +1,53 @@
|
||||
package services
|
||||
|
||||
import (
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||
"github.com/google/uuid"
|
||||
"github.com/samber/lo"
|
||||
"time"
|
||||
)
|
||||
|
||||
func NewApiKey(user models.Account, key models.ApiKey, ip, ua string, claims []string) (models.ApiKey, error) {
|
||||
var expiredAt *time.Time
|
||||
if key.Lifecycle != nil {
|
||||
expiredAt = lo.ToPtr(time.Now().Add(time.Duration(*key.Lifecycle) * time.Second))
|
||||
}
|
||||
|
||||
key.Ticket = models.AuthTicket{
|
||||
IpAddress: ip,
|
||||
UserAgent: ua,
|
||||
RequireMFA: false,
|
||||
RequireAuthenticate: false,
|
||||
Claims: claims,
|
||||
Audiences: []string{InternalTokenAudience},
|
||||
GrantToken: lo.ToPtr(uuid.NewString()),
|
||||
AccessToken: lo.ToPtr(uuid.NewString()),
|
||||
RefreshToken: lo.ToPtr(uuid.NewString()),
|
||||
AvailableAt: lo.ToPtr(time.Now()),
|
||||
ExpiredAt: expiredAt,
|
||||
Account: user,
|
||||
AccountID: user.ID,
|
||||
}
|
||||
|
||||
if err := database.C.Save(&key).Error; err != nil {
|
||||
return key, err
|
||||
}
|
||||
return key, nil
|
||||
}
|
||||
|
||||
func RollApiKey(key models.ApiKey) (models.ApiKey, error) {
|
||||
var ticket models.AuthTicket
|
||||
if err := database.C.Where("ticket_id = ?", key.TicketID).First(&ticket).Error; err != nil {
|
||||
return key, err
|
||||
}
|
||||
|
||||
ticket, err := RotateTicket(ticket)
|
||||
if err != nil {
|
||||
return key, err
|
||||
} else {
|
||||
key.Ticket = ticket
|
||||
}
|
||||
|
||||
return key, nil
|
||||
}
|
@ -1,18 +0,0 @@
|
||||
package services
|
||||
|
||||
import (
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||
"github.com/nicksnyder/go-i18n/v2/i18n"
|
||||
)
|
||||
|
||||
func GetFactorName(w models.AuthFactorType, localizer *i18n.Localizer) string {
|
||||
unknown, _ := localizer.LocalizeMessage(&i18n.Message{ID: "unknown"})
|
||||
mfaEmail, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaFactorEmail"})
|
||||
|
||||
switch w {
|
||||
case models.EmailPasswordFactor:
|
||||
return mfaEmail
|
||||
default:
|
||||
return unknown
|
||||
}
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
package services
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
|
||||
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
func DoAutoSignoff() {
|
||||
duration := 7 * 24 * time.Hour
|
||||
deadline := time.Now().Add(-duration)
|
||||
|
||||
log.Debug().Time("before", deadline).Msg("Now signing off tickets...")
|
||||
|
||||
if tx := database.C.
|
||||
Where("last_grant_at < ?", deadline).
|
||||
Delete(&models.AuthTicket{}); tx.Error != nil {
|
||||
log.Error().Err(tx.Error).Msg("An error occurred when running auto sign off...")
|
||||
} else {
|
||||
log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
|
||||
}
|
||||
}
|
@ -2,6 +2,7 @@ package services
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/rs/zerolog/log"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
@ -146,10 +147,25 @@ func ActiveTicketWithMFA(ticket models.AuthTicket, factor models.AuthFactor, cod
|
||||
return ticket, nil
|
||||
}
|
||||
|
||||
func RegenSession(ticket models.AuthTicket) (models.AuthTicket, error) {
|
||||
func RotateTicket(ticket models.AuthTicket) (models.AuthTicket, error) {
|
||||
ticket.GrantToken = lo.ToPtr(uuid.NewString())
|
||||
ticket.AccessToken = lo.ToPtr(uuid.NewString())
|
||||
ticket.RefreshToken = lo.ToPtr(uuid.NewString())
|
||||
err := database.C.Save(&ticket).Error
|
||||
return ticket, err
|
||||
}
|
||||
|
||||
func DoAutoSignoff() {
|
||||
duration := 7 * 24 * time.Hour
|
||||
deadline := time.Now().Add(-duration)
|
||||
|
||||
log.Debug().Time("before", deadline).Msg("Now signing off tickets...")
|
||||
|
||||
if tx := database.C.
|
||||
Where("last_grant_at < ?", deadline).
|
||||
Delete(&models.AuthTicket{}); tx.Error != nil {
|
||||
log.Error().Err(tx.Error).Msg("An error occurred when running auto sign off...")
|
||||
} else {
|
||||
log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
|
||||
}
|
||||
}
|
||||
|
@ -113,7 +113,7 @@ func RefreshToken(token string) (atk, rtk string, err error) {
|
||||
return
|
||||
}
|
||||
|
||||
if ticket, err = RegenSession(ticket); err != nil {
|
||||
if ticket, err = RotateTicket(ticket); err != nil {
|
||||
return
|
||||
} else {
|
||||
return GetToken(ticket)
|
||||
|
Reference in New Issue
Block a user