diff options
author | Mike Crute <mike@crute.us> | 2021-11-24 10:56:43 -0800 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2021-11-24 10:56:43 -0800 |
commit | bb96127a71d3d22825a35ffc6b6c8bea0590f202 (patch) | |
tree | 65f2c31b618ff913e08bc2d8fea7f896a01323d2 /app | |
parent | ff05652956161dd94aa109e2c5d40bd82d4cfd5d (diff) | |
download | cloud-identity-broker-bb96127a71d3d22825a35ffc6b6c8bea0590f202.tar.bz2 cloud-identity-broker-bb96127a71d3d22825a35ffc6b6c8bea0590f202.tar.xz cloud-identity-broker-bb96127a71d3d22825a35ffc6b6c8bea0590f202.zip |
Use x/oauth2 instead of custom token
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/api_user.go | 9 | ||||
-rw-r--r-- | app/middleware/auth.go | 6 | ||||
-rw-r--r-- | app/models/user.go | 28 |
3 files changed, 13 insertions, 30 deletions
diff --git a/app/controllers/api_user.go b/app/controllers/api_user.go index f265f26..e55d88d 100644 --- a/app/controllers/api_user.go +++ b/app/controllers/api_user.go | |||
@@ -82,15 +82,6 @@ func validateKeysAndTokens(in *models.User) error { | |||
82 | } | 82 | } |
83 | } | 83 | } |
84 | 84 | ||
85 | for k, v := range in.AuthTokens { | ||
86 | if k != v.Kind { | ||
87 | return &echo.HTTPError{ | ||
88 | Code: http.StatusBadRequest, | ||
89 | Message: "Token kind must match hash key.", | ||
90 | } | ||
91 | } | ||
92 | } | ||
93 | |||
94 | return nil | 85 | return nil |
95 | } | 86 | } |
96 | 87 | ||
diff --git a/app/middleware/auth.go b/app/middleware/auth.go index 7cef4d7..5a3c2f6 100644 --- a/app/middleware/auth.go +++ b/app/middleware/auth.go | |||
@@ -15,6 +15,7 @@ import ( | |||
15 | "github.com/labstack/echo/v4" | 15 | "github.com/labstack/echo/v4" |
16 | "github.com/prometheus/client_golang/prometheus" | 16 | "github.com/prometheus/client_golang/prometheus" |
17 | "github.com/prometheus/client_golang/prometheus/promauto" | 17 | "github.com/prometheus/client_golang/prometheus/promauto" |
18 | "golang.org/x/oauth2" | ||
18 | ) | 19 | ) |
19 | 20 | ||
20 | // apiKeyRequests tracks the number of requests made with the legacy X-API-Key | 21 | // apiKeyRequests tracks the number of requests made with the legacy X-API-Key |
@@ -202,9 +203,8 @@ func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error { | |||
202 | dbUser.AddKey(sk) | 203 | dbUser.AddKey(sk) |
203 | dbUser.GCKeys() // This is a convenient place to do it | 204 | dbUser.GCKeys() // This is a convenient place to do it |
204 | 205 | ||
205 | dbUser.AddToken(&models.AuthToken{ | 206 | dbUser.AddToken("github", &oauth2.Token{ |
206 | Kind: "github", | 207 | AccessToken: token.AccessToken, |
207 | Token: token.AccessToken, | ||
208 | RefreshToken: token.RefreshToken, | 208 | RefreshToken: token.RefreshToken, |
209 | }) | 209 | }) |
210 | 210 | ||
diff --git a/app/models/user.go b/app/models/user.go index 4e37377..eb0ccbf 100644 --- a/app/models/user.go +++ b/app/models/user.go | |||
@@ -7,6 +7,7 @@ import ( | |||
7 | "code.crute.us/mcrute/golib/db/mongodb" | 7 | "code.crute.us/mcrute/golib/db/mongodb" |
8 | "go.mongodb.org/mongo-driver/bson" | 8 | "go.mongodb.org/mongo-driver/bson" |
9 | "go.mongodb.org/mongo-driver/bson/primitive" | 9 | "go.mongodb.org/mongo-driver/bson/primitive" |
10 | "golang.org/x/oauth2" | ||
10 | ) | 11 | ) |
11 | 12 | ||
12 | const userCol = "users" | 13 | const userCol = "users" |
@@ -18,22 +19,13 @@ type UserStore interface { | |||
18 | Delete(context.Context, *User) error | 19 | Delete(context.Context, *User) error |
19 | } | 20 | } |
20 | 21 | ||
21 | type AuthToken struct { | ||
22 | Kind string `json:"kind"` | ||
23 | Token string `json:"token"` | ||
24 | |||
25 | // Do not expose refresh tokens in JSON as they are long-lived tokens that | ||
26 | // are harder to invalidate and thus rather security sensitive. | ||
27 | RefreshToken string `json:"-"` | ||
28 | } | ||
29 | |||
30 | type User struct { | 22 | type User struct { |
31 | Username string `bson:"_id" json:"username"` | 23 | Username string `bson:"_id" json:"username"` |
32 | IsAdmin bool `json:"is_admin"` | 24 | IsAdmin bool `json:"is_admin"` |
33 | IsService bool `json:"is_service"` | 25 | IsService bool `json:"is_service"` |
34 | Keys map[string]*SessionKey `json:"keys,omitempty"` // kid -> key | 26 | Keys map[string]*SessionKey `json:"keys,omitempty"` // kid -> key |
35 | AuthTokens map[string]*AuthToken `json:"auth_tokens,omitempty"` // kind -> token | 27 | AuthTokens map[string]*oauth2.Token `json:"auth_tokens,omitempty"` // kind -> token |
36 | Deleted *time.Time `json:"deleted,omitempty"` | 28 | Deleted *time.Time `json:"deleted,omitempty"` |
37 | } | 29 | } |
38 | 30 | ||
39 | // GCKeys garbage collects keys that are no longer valid | 31 | // GCKeys garbage collects keys that are no longer valid |
@@ -62,11 +54,11 @@ func (u *User) AddKey(k *SessionKey) { | |||
62 | u.Keys[k.KeyId] = k | 54 | u.Keys[k.KeyId] = k |
63 | } | 55 | } |
64 | 56 | ||
65 | func (u *User) AddToken(t *AuthToken) { | 57 | func (u *User) AddToken(name string, t *oauth2.Token) { |
66 | if u.AuthTokens == nil { | 58 | if u.AuthTokens == nil { |
67 | u.AuthTokens = map[string]*AuthToken{} | 59 | u.AuthTokens = map[string]*oauth2.Token{} |
68 | } | 60 | } |
69 | u.AuthTokens[t.Kind] = t | 61 | u.AuthTokens[name] = t |
70 | } | 62 | } |
71 | 63 | ||
72 | type MongoDbUserStore struct { | 64 | type MongoDbUserStore struct { |