Bot token aka. API token

This commit is contained in:
2024-08-24 20:28:10 +08:00
parent 516f5593de
commit 8f61253bd3
12 changed files with 248 additions and 55 deletions

View File

@ -0,0 +1,53 @@
package services
import (
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
"github.com/google/uuid"
"github.com/samber/lo"
"time"
)
func NewApiKey(user models.Account, key models.ApiKey, ip, ua string, claims []string) (models.ApiKey, error) {
var expiredAt *time.Time
if key.Lifecycle != nil {
expiredAt = lo.ToPtr(time.Now().Add(time.Duration(*key.Lifecycle) * time.Second))
}
key.Ticket = models.AuthTicket{
IpAddress: ip,
UserAgent: ua,
RequireMFA: false,
RequireAuthenticate: false,
Claims: claims,
Audiences: []string{InternalTokenAudience},
GrantToken: lo.ToPtr(uuid.NewString()),
AccessToken: lo.ToPtr(uuid.NewString()),
RefreshToken: lo.ToPtr(uuid.NewString()),
AvailableAt: lo.ToPtr(time.Now()),
ExpiredAt: expiredAt,
Account: user,
AccountID: user.ID,
}
if err := database.C.Save(&key).Error; err != nil {
return key, err
}
return key, nil
}
func RollApiKey(key models.ApiKey) (models.ApiKey, error) {
var ticket models.AuthTicket
if err := database.C.Where("ticket_id = ?", key.TicketID).First(&ticket).Error; err != nil {
return key, err
}
ticket, err := RotateTicket(ticket)
if err != nil {
return key, err
} else {
key.Ticket = ticket
}
return key, nil
}

View File

@ -1,18 +0,0 @@
package services
import (
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
"github.com/nicksnyder/go-i18n/v2/i18n"
)
func GetFactorName(w models.AuthFactorType, localizer *i18n.Localizer) string {
unknown, _ := localizer.LocalizeMessage(&i18n.Message{ID: "unknown"})
mfaEmail, _ := localizer.LocalizeMessage(&i18n.Message{ID: "mfaFactorEmail"})
switch w {
case models.EmailPasswordFactor:
return mfaEmail
default:
return unknown
}
}

View File

@ -1,24 +0,0 @@
package services
import (
"time"
"git.solsynth.dev/hydrogen/passport/pkg/internal/database"
"git.solsynth.dev/hydrogen/passport/pkg/internal/models"
"github.com/rs/zerolog/log"
)
func DoAutoSignoff() {
duration := 7 * 24 * time.Hour
deadline := time.Now().Add(-duration)
log.Debug().Time("before", deadline).Msg("Now signing off tickets...")
if tx := database.C.
Where("last_grant_at < ?", deadline).
Delete(&models.AuthTicket{}); tx.Error != nil {
log.Error().Err(tx.Error).Msg("An error occurred when running auto sign off...")
} else {
log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
}
}

View File

@ -2,6 +2,7 @@ package services
import (
"fmt"
"github.com/rs/zerolog/log"
"time"
"github.com/google/uuid"
@ -146,10 +147,25 @@ func ActiveTicketWithMFA(ticket models.AuthTicket, factor models.AuthFactor, cod
return ticket, nil
}
func RegenSession(ticket models.AuthTicket) (models.AuthTicket, error) {
func RotateTicket(ticket models.AuthTicket) (models.AuthTicket, error) {
ticket.GrantToken = lo.ToPtr(uuid.NewString())
ticket.AccessToken = lo.ToPtr(uuid.NewString())
ticket.RefreshToken = lo.ToPtr(uuid.NewString())
err := database.C.Save(&ticket).Error
return ticket, err
}
func DoAutoSignoff() {
duration := 7 * 24 * time.Hour
deadline := time.Now().Add(-duration)
log.Debug().Time("before", deadline).Msg("Now signing off tickets...")
if tx := database.C.
Where("last_grant_at < ?", deadline).
Delete(&models.AuthTicket{}); tx.Error != nil {
log.Error().Err(tx.Error).Msg("An error occurred when running auto sign off...")
} else {
log.Debug().Int64("affected", tx.RowsAffected).Msg("Auto sign off accomplished.")
}
}

View File

@ -113,7 +113,7 @@ func RefreshToken(token string) (atk, rtk string, err error) {
return
}
if ticket, err = RegenSession(ticket); err != nil {
if ticket, err = RotateTicket(ticket); err != nil {
return
} else {
return GetToken(ticket)