authorizer/server/token/admin_token.go

package token

import (
	"fmt"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/cookie"
	"github.com/authorizerdev/authorizer/server/crypto"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/gin-gonic/gin"
	"golang.org/x/crypto/bcrypt"
)

// CreateAdminAuthToken creates the admin token based on secret key
func CreateAdminAuthToken(tokenType string, c *gin.Context) (string, error) {
	adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
	if err != nil {
		return "", err
	}
	return crypto.EncryptPassword(adminSecret)
}

// GetAdminAuthToken helps in getting the admin token from the request cookie
func GetAdminAuthToken(gc *gin.Context) (string, error) {
	token, err := cookie.GetAdminCookie(gc)
	if err != nil || token == "" {
		return "", fmt.Errorf("unauthorized")
	}

	adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
	if err != nil {
		return "", err
	}
	err = bcrypt.CompareHashAndPassword([]byte(token), []byte(adminSecret))

	if err != nil {
		return "", fmt.Errorf(`unauthorized`)
	}

	return token, nil
}

// IsSuperAdmin checks if user is super admin
func IsSuperAdmin(gc *gin.Context) bool {
	token, err := GetAdminAuthToken(gc)
	if err != nil {
		secret := gc.Request.Header.Get("x-authorizer-admin-secret")
		if secret == "" {
			return false
		}
		adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
		if err != nil {
			return false
		}
		return secret == adminSecret
	}

	return token != ""
}
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`package token`

			`import (`
			`"fmt"`

			`"github.com/authorizerdev/authorizer/server/constants"`
			`"github.com/authorizerdev/authorizer/server/cookie"`
feat: add session token 2022-02-28 15:56:49 +00:00			`"github.com/authorizerdev/authorizer/server/crypto"`
fix: memory store upgrade in resolvers 2022-05-30 03:49:55 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`"github.com/gin-gonic/gin"`
			`"golang.org/x/crypto/bcrypt"`
			`)`

			`// CreateAdminAuthToken creates the admin token based on secret key`
			`func CreateAdminAuthToken(tokenType string, c *gin.Context) (string, error) {`
fix: memory store upgrade in token helpers 2022-05-30 05:30:00 +00:00			`adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)`
			`if err != nil {`
			`return "", err`
			`}`
			`return crypto.EncryptPassword(adminSecret)`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`}`

			`// GetAdminAuthToken helps in getting the admin token from the request cookie`
			`func GetAdminAuthToken(gc *gin.Context) (string, error) {`
			`token, err := cookie.GetAdminCookie(gc)`
			`if err != nil \|\| token == "" {`
			`return "", fmt.Errorf("unauthorized")`
			`}`

fix: memory store upgrade in token helpers 2022-05-30 05:30:00 +00:00			`adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)`
			`if err != nil {`
			`return "", err`
			`}`
			`err = bcrypt.CompareHashAndPassword([]byte(token), []byte(adminSecret))`
fix: bug with authorizer url 2022-01-31 06:05:24 +00:00
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`if err != nil {`
			return "", fmt.Errorf(`unauthorized`)
			`}`

			`return token, nil`
			`}`

			`// IsSuperAdmin checks if user is super admin`
			`func IsSuperAdmin(gc *gin.Context) bool {`
			`token, err := GetAdminAuthToken(gc)`
			`if err != nil {`
			`secret := gc.Request.Header.Get("x-authorizer-admin-secret")`
			`if secret == "" {`
			`return false`
			`}`
fix: memory store upgrade in token helpers 2022-05-30 05:30:00 +00:00			`adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)`
			`if err != nil {`
			`return false`
			`}`
			`return secret == adminSecret`
Implement refresh token logic with fingerprint + rotation 2022-01-22 19:54:41 +00:00			`}`

			`return token != ""`
			`}`