devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity
authorizer/server/utils/auth_token.go

161 lines
4.1 KiB
Go
Raw Normal View History

Implement login resolver (#15) * add sign_up_method to users table * add session store * implement login resolver
2021-07-14 18:43:19 +00:00
package utils
import (
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
2021-09-20 05:06:26 +00:00
"encoding/json"
Add resolver to update profile Resolves #12 #11
2021-07-18 03:55:20 +00:00
"fmt"
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
"log"
feat: add _update_config mutation
2021-12-31 11:33:37 +00:00
"net/url"
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
"os"
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
"strings"
Implement login resolver (#15) * add sign_up_method to users table * add session store * implement login resolver
2021-07-14 18:43:19 +00:00
"time"
chore: rename project
2021-07-23 16:27:44 +00:00
"github.com/authorizerdev/authorizer/server/constants"
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
2021-09-20 05:06:26 +00:00
"github.com/authorizerdev/authorizer/server/db"
chore: rename project
2021-07-23 16:27:44 +00:00
"github.com/authorizerdev/authorizer/server/enum"
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
"github.com/gin-gonic/gin"
Implement login resolver (#15) * add sign_up_method to users table * add session store * implement login resolver
2021-07-14 18:43:19 +00:00
"github.com/golang-jwt/jwt"
fix: use otto instead of v8go
2021-10-29 16:11:47 +00:00
"github.com/robertkrimen/otto"
feat: add admin session api
2021-12-31 08:58:00 +00:00
"golang.org/x/crypto/bcrypt"
Implement login resolver (#15) * add sign_up_method to users table * add session store * implement login resolver
2021-07-14 18:43:19 +00:00
)
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app
2021-10-13 16:41:41 +00:00
func CreateAuthToken(user db.User, tokenType enum.TokenType, roles []string) (string, int64, error) {
feat: persist encrypted env
2021-12-31 08:22:10 +00:00
t := jwt.New(jwt.GetSigningMethod(constants.EnvData.JWT_TYPE))
Implement login resolver (#15) * add sign_up_method to users table * add session store * implement login resolver
2021-07-14 18:43:19 +00:00
expiryBound := time.Hour
if tokenType == enum.RefreshToken {
Add query to get token Resolves #16
2021-07-15 12:02:55 +00:00
// expires in 1 year
expiryBound = time.Hour * 8760
Implement login resolver (#15) * add sign_up_method to users table * add session store * implement login resolver
2021-07-14 18:43:19 +00:00
}
Add query to get token Resolves #16
2021-07-15 12:02:55 +00:00
expiresAt := time.Now().Add(expiryBound).Unix()
fix: rename getresuser util
2021-12-24 01:05:02 +00:00
resUser := GetResponseUserData(user)
fix: refactor schema for open id claim standards
2021-12-22 05:21:12 +00:00
userBytes, _ := json.Marshal(&resUser)
var userMap map[string]interface{}
json.Unmarshal(userBytes, &userMap)
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
customClaims := jwt.MapClaims{
feat: persist encrypted env
2021-12-31 08:22:10 +00:00
"exp": expiresAt,
"iat": time.Now().Unix(),
"token_type": tokenType.String(),
"allowed_roles": strings.Split(user.Roles, ","),
constants.EnvData.JWT_ROLE_CLAIM: roles,
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
2021-09-20 05:06:26 +00:00
}
fix: refactor schema for open id claim standards
2021-12-22 05:21:12 +00:00
for k, v := range userMap {
if k != "roles" {
customClaims[k] = v
}
}
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
fix: refactor schema for open id claim standards
2021-12-22 05:21:12 +00:00
// check for the extra access token script
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
accessTokenScript := os.Getenv("CUSTOM_ACCESS_TOKEN_SCRIPT")
if accessTokenScript != "" {
fix: use otto instead of v8go
2021-10-29 16:11:47 +00:00
vm := otto.New()
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
fix: refactor schema for open id claim standards
2021-12-22 05:21:12 +00:00
claimBytes, _ := json.Marshal(customClaims)
fix: use otto instead of v8go
2021-10-29 16:11:47 +00:00
vm.Run(fmt.Sprintf(`
var user = %s;
var tokenPayload = %s;
var customFunction = %s;
var functionRes = JSON.stringify(customFunction(user, tokenPayload));
`, string(userBytes), string(claimBytes), accessTokenScript))
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
fix: use otto instead of v8go
2021-10-29 16:11:47 +00:00
val, err := vm.Get("functionRes")
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
if err != nil {
feat/add arangodb support (#80) *feat: add arangodb init * fix: dao for sql + arangodb * fix: update error logs * fix: use db name dynamically
2021-12-17 15:55:07 +00:00
log.Println("error getting custom access token script:", err)
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
} else {
extraPayload := make(map[string]interface{})
err = json.Unmarshal([]byte(fmt.Sprintf("%s", val)), &extraPayload)
if err != nil {
feat/add arangodb support (#80) *feat: add arangodb init * fix: dao for sql + arangodb * fix: update error logs * fix: use db name dynamically
2021-12-17 15:55:07 +00:00
log.Println("error converting accessTokenScript response to map:", err)
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
} else {
for k, v := range extraPayload {
customClaims[k] = v
}
}
}
Implement login resolver (#15) * add sign_up_method to users table * add session store * implement login resolver
2021-07-14 18:43:19 +00:00
}
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
t.Claims = customClaims
feat: persist encrypted env
2021-12-31 08:22:10 +00:00
token, err := t.SignedString([]byte(constants.EnvData.JWT_SECRET))
Add query to get token Resolves #16
2021-07-15 12:02:55 +00:00
if err != nil {
return "", 0, err
}
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
Add query to get token Resolves #16
2021-07-15 12:02:55 +00:00
return token, expiresAt, nil
Implement login resolver (#15) * add sign_up_method to users table * add session store * implement login resolver
2021-07-14 18:43:19 +00:00
}
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
func GetAuthToken(gc *gin.Context) (string, error) {
fix: update docker file
2021-07-27 12:16:02 +00:00
token, err := GetCookie(gc)
if err != nil || token == "" {
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
// try to check in auth header for cookie
auth := gc.Request.Header.Get("Authorization")
if auth == "" {
feat/add meta query (#38) * feat: add meta query * fix: readme
2021-07-28 07:55:52 +00:00
return "", fmt.Errorf(`unauthorized`)
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
}
token = strings.TrimPrefix(auth, "Bearer ")
}
return token, nil
}
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
2021-09-20 05:06:26 +00:00
func VerifyAuthToken(token string) (map[string]interface{}, error) {
var res map[string]interface{}
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
claims := jwt.MapClaims{}
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
2021-09-20 05:06:26 +00:00
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
_, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
feat: persist encrypted env
2021-12-31 08:22:10 +00:00
return []byte(constants.EnvData.JWT_SECRET), nil
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
})
if err != nil {
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
2021-09-20 05:06:26 +00:00
return res, err
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
}
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
// claim parses exp & iat into float 64 with e^10,
// but we expect it to be int64
// hence we need to assert interface and convert to int64
intExp := int64(claims["exp"].(float64))
intIat := int64(claims["iat"].(float64))
data, _ := json.Marshal(claims)
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
2021-09-20 05:06:26 +00:00
json.Unmarshal(data, &res)
feat: add ability to write custom script for access token (#63) Resolves #54
2021-10-24 00:54:12 +00:00
res["exp"] = intExp
res["iat"] = intIat
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token
2021-09-20 05:06:26 +00:00
return res, nil
Add logout resolver Resolves #8
2021-07-15 09:43:00 +00:00
}
feat: add api for admin login
2021-12-30 04:31:51 +00:00
feat: add admin session api
2021-12-31 08:58:00 +00:00
func CreateAdminAuthToken(tokenType enum.TokenType, c *gin.Context) (string, error) {
return HashPassword(constants.EnvData.ADMIN_SECRET)
feat: add api for admin login
2021-12-30 04:31:51 +00:00
}
feat: persist encrypted env
2021-12-31 08:22:10 +00:00
func GetAdminAuthToken(gc *gin.Context) (string, error) {
token, err := GetAdminCookie(gc)
if err != nil || token == "" {
// try to check in auth header for cookie
Add _admin_signup mutation
2022-01-09 12:05:37 +00:00
// auth := gc.Request.Header.Get("Authorization")
// if auth == "" {
// return "", fmt.Errorf(`unauthorized`)
// }
feat: add admin session api
2021-12-31 08:58:00 +00:00
Add _admin_signup mutation
2022-01-09 12:05:37 +00:00
// token = strings.TrimPrefix(auth, "Bearer ")
return "", fmt.Errorf("unauthorized")
feat: persist encrypted env
2021-12-31 08:22:10 +00:00
}
feat: add _update_config mutation
2021-12-31 11:33:37 +00:00
// cookie escapes special characters like $
// hence we need to unescape before comparing
decodedValue, err := url.QueryUnescape(token)
if err != nil {
return "", err
}
err = bcrypt.CompareHashAndPassword([]byte(decodedValue), []byte(constants.EnvData.ADMIN_SECRET))
log.Println("error comparing hash:", err)
if err != nil {
return "", fmt.Errorf(`unauthorized`)
}
feat: persist encrypted env
2021-12-31 08:22:10 +00:00
return token, nil
}
Copy Permalink