authorizer/server/db/providers/cassandradb/provider.go

package cassandradb

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"strings"
	"time"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/crypto"
	"github.com/authorizerdev/authorizer/server/db/models"
	"github.com/authorizerdev/authorizer/server/memorystore"
	"github.com/gocql/gocql"
	cansandraDriver "github.com/gocql/gocql"
)

type provider struct {
	db *cansandraDriver.Session
}

// KeySpace for the cassandra database
var KeySpace string

// NewProvider to initialize arangodb connection
func NewProvider() (*provider, error) {
	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
	if dbURL == "" {
		dbHost := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseHost
		dbPort := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePort
		if dbPort != "" && dbHost != "" {
			dbURL = fmt.Sprintf("%s:%s", dbHost, dbPort)
		} else if dbHost != "" {
			dbURL = dbHost
		}
	}

	KeySpace = memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
	if KeySpace == "" {
		KeySpace = constants.EnvKeyDatabaseName
	}
	clusterURL := []string{}
	if strings.Contains(dbURL, ",") {
		clusterURL = strings.Split(dbURL, ",")
	} else {
		clusterURL = append(clusterURL, dbURL)
	}
	cassandraClient := cansandraDriver.NewCluster(clusterURL...)
	dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
	dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword

	if dbUsername != "" && dbPassword != "" {
		cassandraClient.Authenticator = &cansandraDriver.PasswordAuthenticator{
			Username: dbUsername,
			Password: dbPassword,
		}
	}

	dbCert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCert
	dbCACert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCACert
	dbCertKey := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCertKey
	if dbCert != "" && dbCACert != "" && dbCertKey != "" {
		certString, err := crypto.DecryptB64(dbCert)
		if err != nil {
			return nil, err
		}

		keyString, err := crypto.DecryptB64(dbCertKey)
		if err != nil {
			return nil, err
		}

		caString, err := crypto.DecryptB64(dbCACert)
		if err != nil {
			return nil, err
		}

		cert, err := tls.X509KeyPair([]byte(certString), []byte(keyString))
		if err != nil {
			return nil, err
		}

		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM([]byte(caString))

		cassandraClient.SslOpts = &cansandraDriver.SslOptions{
			Config: &tls.Config{
				Certificates:       []tls.Certificate{cert},
				RootCAs:            caCertPool,
				InsecureSkipVerify: true,
			},
			EnableHostVerification: false,
		}
	}

	cassandraClient.RetryPolicy = &cansandraDriver.SimpleRetryPolicy{
		NumRetries: 3,
	}
	cassandraClient.Consistency = gocql.LocalQuorum
	cassandraClient.ConnectTimeout = 10 * time.Second
	cassandraClient.ProtoVersion = 4

	session, err := cassandraClient.CreateSession()
	if err != nil {
		return nil, err
	}

	// Note for astra keyspaces can only be created from there console
	// https://docs.datastax.com/en/astra/docs/datastax-astra-faq.html#_i_am_trying_to_create_a_keyspace_in_the_cql_shell_and_i_am_running_into_an_error_how_do_i_fix_this
	getKeyspaceQuery := fmt.Sprintf("SELECT keyspace_name FROM system_schema.keyspaces;")
	scanner := session.Query(getKeyspaceQuery).Iter().Scanner()
	hasAuthorizerKeySpace := false
	for scanner.Next() {
		var keySpace string
		err := scanner.Scan(&keySpace)
		if err != nil {
			return nil, err
		}
		if keySpace == KeySpace {
			hasAuthorizerKeySpace = true
			break
		}
	}

	if !hasAuthorizerKeySpace {
		createKeySpaceQuery := fmt.Sprintf("CREATE KEYSPACE %s WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1};", KeySpace)
		err = session.Query(createKeySpaceQuery).Exec()
		if err != nil {
			return nil, err
		}
	}

	// make sure collections are present
	envCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, env text, hash text, updated_at bigint, created_at bigint, PRIMARY KEY (id))",
		KeySpace, models.Collections.Env)
	err = session.Query(envCollectionQuery).Exec()
	if err != nil {
		return nil, err
	}

	sessionCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, user_id text, user_agent text, ip text, updated_at bigint, created_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.Session)
	err = session.Query(sessionCollectionQuery).Exec()
	if err != nil {
		return nil, err
	}
	sessionIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_session_user_id ON %s.%s (user_id)", KeySpace, models.Collections.Session)
	err = session.Query(sessionIndexQuery).Exec()
	if err != nil {
		return nil, err
	}

	userCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, email text, email_verified_at bigint, password text, signup_methods text, given_name text, family_name text, middle_name text, nickname text, gender text, birthdate text, phone_number text, phone_number_verified_at bigint, picture text, roles text, updated_at bigint, created_at bigint, revoked_timestamp bigint, PRIMARY KEY (id))", KeySpace, models.Collections.User)
	err = session.Query(userCollectionQuery).Exec()
	if err != nil {
		return nil, err
	}
	userIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_user_email ON %s.%s (email)", KeySpace, models.Collections.User)
	err = session.Query(userIndexQuery).Exec()
	if err != nil {
		return nil, err
	}

	// token is reserved keyword in cassandra, hence we need to use jwt_token
	verificationRequestCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, jwt_token text, identifier text, expires_at bigint, email text, nonce text, redirect_uri text, created_at bigint, updated_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.VerificationRequest)
	err = session.Query(verificationRequestCollectionQuery).Exec()
	if err != nil {
		return nil, err
	}
	verificationRequestIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_verification_request_email ON %s.%s (email)", KeySpace, models.Collections.VerificationRequest)
	err = session.Query(verificationRequestIndexQuery).Exec()
	if err != nil {
		return nil, err
	}
	verificationRequestIndexQuery = fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_verification_request_identifier ON %s.%s (identifier)", KeySpace, models.Collections.VerificationRequest)
	err = session.Query(verificationRequestIndexQuery).Exec()
	if err != nil {
		return nil, err
	}
	verificationRequestIndexQuery = fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_verification_request_jwt_token ON %s.%s (jwt_token)", KeySpace, models.Collections.VerificationRequest)
	err = session.Query(verificationRequestIndexQuery).Exec()
	if err != nil {
		return nil, err
	}

	webhookCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, event_name text, endpoint text, enabled boolean, headers text, updated_at bigint, created_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.Webhook)
	err = session.Query(webhookCollectionQuery).Exec()
	if err != nil {
		return nil, err
	}
	webhookIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_webhook_event_name ON %s.%s (event_name)", KeySpace, models.Collections.Webhook)
	err = session.Query(webhookIndexQuery).Exec()
	if err != nil {
		return nil, err
	}

	webhookLogCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, http_status bigint, response text, request text, webhook_id text,updated_at bigint, created_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.WebhookLog)
	err = session.Query(webhookLogCollectionQuery).Exec()
	if err != nil {
		return nil, err
	}
	webhookLogIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_webhook_log_webhook_id ON %s.%s (webhook_id)", KeySpace, models.Collections.WebhookLog)
	err = session.Query(webhookLogIndexQuery).Exec()
	if err != nil {
		return nil, err
	}

	return &provider{
		db: session,
	}, err
}
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`package cassandradb`

			`import (`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`"crypto/tls"`
			`"crypto/x509"`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`"fmt"`
feat: add support for db username, password, host, port 2022-04-22 15:54:39 +00:00			`"strings"`
feat: add support for scylladb Resolves #177 2022-07-04 16:27:14 +00:00			`"time"`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00
			`"github.com/authorizerdev/authorizer/server/constants"`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`"github.com/authorizerdev/authorizer/server/crypto"`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`"github.com/authorizerdev/authorizer/server/db/models"`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`"github.com/authorizerdev/authorizer/server/memorystore"`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`"github.com/gocql/gocql"`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`cansandraDriver "github.com/gocql/gocql"`
			`)`

			`type provider struct {`
			`db *cansandraDriver.Session`
			`}`

feat: add env queries 2022-04-21 12:24:33 +00:00			`// KeySpace for the cassandra database`
			`var KeySpace string`

feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`// NewProvider to initialize arangodb connection`
			`func NewProvider() (*provider, error) {`
fix: slice envs 2022-05-31 02:44:03 +00:00			`dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`if dbURL == "" {`
fix: slice envs 2022-05-31 02:44:03 +00:00			`dbHost := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseHost`
			`dbPort := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePort`
			`if dbPort != "" && dbHost != "" {`
			`dbURL = fmt.Sprintf("%s:%s", dbHost, dbPort)`
fix: allow setting host for cassandradb without prot 2022-06-05 06:43:55 +00:00			`} else if dbHost != "" {`
			`dbURL = dbHost`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`}`
			`}`

fix: slice envs 2022-05-31 02:44:03 +00:00			`KeySpace = memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName`
			`if KeySpace == "" {`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`KeySpace = constants.EnvKeyDatabaseName`
			`}`
feat: add support for db username, password, host, port 2022-04-22 15:54:39 +00:00			`clusterURL := []string{}`
			`if strings.Contains(dbURL, ",") {`
			`clusterURL = strings.Split(dbURL, ",")`
			`} else {`
			`clusterURL = append(clusterURL, dbURL)`
			`}`
			`cassandraClient := cansandraDriver.NewCluster(clusterURL...)`
fix: slice envs 2022-05-31 02:44:03 +00:00			`dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername`
			`dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00
			`if dbUsername != "" && dbPassword != "" {`
feat: add support for db username, password, host, port 2022-04-22 15:54:39 +00:00			`cassandraClient.Authenticator = &cansandraDriver.PasswordAuthenticator{`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`Username: dbUsername,`
			`Password: dbPassword,`
feat: add support for db username, password, host, port 2022-04-22 15:54:39 +00:00			`}`
			`}`
feat: add env queries 2022-04-21 12:24:33 +00:00
fix: slice envs 2022-05-31 02:44:03 +00:00			`dbCert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCert`
			`dbCACert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCACert`
			`dbCertKey := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCertKey`
fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`if dbCert != "" && dbCACert != "" && dbCertKey != "" {`
			`certString, err := crypto.DecryptB64(dbCert)`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`if err != nil {`
			`return nil, err`
			`}`

fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`keyString, err := crypto.DecryptB64(dbCertKey)`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`if err != nil {`
			`return nil, err`
			`}`

fix: update store method till handlers 2022-05-29 11:52:46 +00:00			`caString, err := crypto.DecryptB64(dbCACert)`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`cert, err := tls.X509KeyPair([]byte(certString), []byte(keyString))`
			`if err != nil {`
			`return nil, err`
			`}`

			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM([]byte(caString))`

			`cassandraClient.SslOpts = &cansandraDriver.SslOptions{`
			`Config: &tls.Config{`
			`Certificates: []tls.Certificate{cert},`
			`RootCAs: caCertPool,`
			`InsecureSkipVerify: true,`
			`},`
			`EnableHostVerification: false,`
			`}`
			`}`

feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`cassandraClient.RetryPolicy = &cansandraDriver.SimpleRetryPolicy{`
			`NumRetries: 3,`
			`}`
feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`cassandraClient.Consistency = gocql.LocalQuorum`
feat: add support for scylladb Resolves #177 2022-07-04 16:27:14 +00:00			`cassandraClient.ConnectTimeout = 10 * time.Second`
			`cassandraClient.ProtoVersion = 4`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00
			`session, err := cassandraClient.CreateSession()`
			`if err != nil {`
			`return nil, err`
			`}`

feat: add support for database cert, key, ca-cert 2022-04-23 12:22:02 +00:00			`// Note for astra keyspaces can only be created from there console`
			`// https://docs.datastax.com/en/astra/docs/datastax-astra-faq.html#_i_am_trying_to_create_a_keyspace_in_the_cql_shell_and_i_am_running_into_an_error_how_do_i_fix_this`
			`getKeyspaceQuery := fmt.Sprintf("SELECT keyspace_name FROM system_schema.keyspaces;")`
			`scanner := session.Query(getKeyspaceQuery).Iter().Scanner()`
			`hasAuthorizerKeySpace := false`
			`for scanner.Next() {`
			`var keySpace string`
			`err := scanner.Scan(&keySpace)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if keySpace == KeySpace {`
			`hasAuthorizerKeySpace = true`
			`break`
			`}`
			`}`

			`if !hasAuthorizerKeySpace {`
			`createKeySpaceQuery := fmt.Sprintf("CREATE KEYSPACE %s WITH REPLICATION = {'class': 'SimpleStrategy', 'replication_factor': 1};", KeySpace)`
			`err = session.Query(createKeySpaceQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`}`

			`// make sure collections are present`
			`envCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, env text, hash text, updated_at bigint, created_at bigint, PRIMARY KEY (id))",`
feat: add env queries 2022-04-21 12:24:33 +00:00			`KeySpace, models.Collections.Env)`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`err = session.Query(envCollectionQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`

feat: add env queries 2022-04-21 12:24:33 +00:00			`sessionCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, user_id text, user_agent text, ip text, updated_at bigint, created_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.Session)`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`err = session.Query(sessionCollectionQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
fix: cassandra + mongo + arangodb issues with webhook 2022-07-12 06:18:42 +00:00			`sessionIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_session_user_id ON %s.%s (user_id)", KeySpace, models.Collections.Session)`
			`err = session.Query(sessionIndexQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00
fix: tests 2022-04-22 14:26:55 +00:00			`userCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, email text, email_verified_at bigint, password text, signup_methods text, given_name text, family_name text, middle_name text, nickname text, gender text, birthdate text, phone_number text, phone_number_verified_at bigint, picture text, roles text, updated_at bigint, created_at bigint, revoked_timestamp bigint, PRIMARY KEY (id))", KeySpace, models.Collections.User)`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`err = session.Query(userCollectionQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
fix: tests 2022-04-22 14:26:55 +00:00			`userIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_user_email ON %s.%s (email)", KeySpace, models.Collections.User)`
			`err = session.Query(userIndexQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00
			`// token is reserved keyword in cassandra, hence we need to use jwt_token`
fix: tests 2022-04-22 14:26:55 +00:00			`verificationRequestCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, jwt_token text, identifier text, expires_at bigint, email text, nonce text, redirect_uri text, created_at bigint, updated_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.VerificationRequest)`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`err = session.Query(verificationRequestCollectionQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
fix: tests 2022-04-22 14:26:55 +00:00			`verificationRequestIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_verification_request_email ON %s.%s (email)", KeySpace, models.Collections.VerificationRequest)`
			`err = session.Query(verificationRequestIndexQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
			`verificationRequestIndexQuery = fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_verification_request_identifier ON %s.%s (identifier)", KeySpace, models.Collections.VerificationRequest)`
			`err = session.Query(verificationRequestIndexQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
			`verificationRequestIndexQuery = fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_verification_request_jwt_token ON %s.%s (jwt_token)", KeySpace, models.Collections.VerificationRequest)`
			`err = session.Query(verificationRequestIndexQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
feat: add casandradb provider 2022-04-21 07:06:22 +00:00
fix: cassandra + mongo + arangodb issues with webhook 2022-07-12 06:18:42 +00:00			`webhookCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, event_name text, endpoint text, enabled boolean, headers text, updated_at bigint, created_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.Webhook)`
feat: add database methods for webhookLog 2022-07-08 13:39:23 +00:00			`err = session.Query(webhookCollectionQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
			`webhookIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_webhook_event_name ON %s.%s (event_name)", KeySpace, models.Collections.Webhook)`
			`err = session.Query(webhookIndexQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`

			`webhookLogCollectionQuery := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, http_status bigint, response text, request text, webhook_id text,updated_at bigint, created_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.WebhookLog)`
			`err = session.Query(webhookLogCollectionQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`
			`webhookLogIndexQuery := fmt.Sprintf("CREATE INDEX IF NOT EXISTS authorizer_webhook_log_webhook_id ON %s.%s (webhook_id)", KeySpace, models.Collections.WebhookLog)`
			`err = session.Query(webhookLogIndexQuery).Exec()`
			`if err != nil {`
			`return nil, err`
			`}`

feat: add casandradb provider 2022-04-21 07:06:22 +00:00			`return &provider{`
			`db: session,`
			`}, err`
			`}`