package services import ( "context" "fmt" "git.solsynth.dev/hypernet/passport/pkg/authkit/models" "git.solsynth.dev/hypernet/passport/pkg/internal/database" "time" "github.com/eko/gocache/lib/v4/cache" "github.com/eko/gocache/lib/v4/marshaler" "github.com/eko/gocache/lib/v4/store" jsoniter "github.com/json-iterator/go" localCache "git.solsynth.dev/hypernet/passport/pkg/internal/cache" "github.com/gofiber/fiber/v2" "github.com/rs/zerolog/log" ) func Authenticate(sessionId uint) (ctx models.AuthTicket, perms map[string]any, err error) { if ctx, err = GetAuthContext(sessionId); err == nil { var heldPerms map[string]any rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes) _ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms) perms = FilterPermNodes(heldPerms, ctx.Claims) ctx.Account.PermNodes = perms return } err = fiber.NewError(fiber.StatusUnauthorized, err.Error()) return } func GetAuthContextCacheKey(sessionId uint) string { return fmt.Sprintf("auth-context#%d", sessionId) } func GetAuthContext(sessionId uint) (models.AuthTicket, error) { var err error var ctx models.AuthTicket cacheManager := cache.New[any](localCache.S) marshal := marshaler.New(cacheManager) key := GetAuthContextCacheKey(sessionId) if val, err := marshal.Get(context.Background(), key, new(models.AuthTicket)); err == nil { ctx = *val.(*models.AuthTicket) } else { ctx, err = CacheAuthContext(sessionId) log.Debug().Uint("session", sessionId).Msg("Created a new auth context cache") } return ctx, err } func CacheAuthContext(sessionId uint) (models.AuthTicket, error) { // Query data from primary database var ticket models.AuthTicket if err := database.C. Where("id = ?", sessionId). Preload("Account"). First(&ticket).Error; err != nil { return ticket, fmt.Errorf("invalid auth ticket: %v", err) } else if err := ticket.IsAvailable(); err != nil { return ticket, fmt.Errorf("unavailable auth ticket: %v", err) } user, err := GetAccount(ticket.AccountID) if err != nil { return ticket, fmt.Errorf("invalid account: %v", err) } groups, err := GetUserAccountGroup(user) if err != nil { return ticket, fmt.Errorf("unable to get account groups: %v", err) } for _, group := range groups { for k, v := range group.PermNodes { if _, ok := user.PermNodes[k]; !ok { user.PermNodes[k] = v } } } ticket.Account = user // Put the data into the cache cacheManager := cache.New[any](localCache.S) marshal := marshaler.New(cacheManager) key := GetAuthContextCacheKey(sessionId) err = marshal.Set( context.Background(), key, ticket, store.WithExpiration(10*time.Minute), store.WithTags([]string{"auth-context", fmt.Sprintf("user#%d", user.ID)}), ) return ticket, nil } func InvalidAuthCacheWithUser(userId uint) { cacheManager := cache.New[any](localCache.S) ctx := context.Background() cacheManager.Invalidate( ctx, store.WithInvalidateTags([]string{"auth-context", fmt.Sprintf("user#%d", userId)}), ) }