From bb96127a71d3d22825a35ffc6b6c8bea0590f202 Mon Sep 17 00:00:00 2001 From: Mike Crute Date: Wed, 24 Nov 2021 10:56:43 -0800 Subject: Use x/oauth2 instead of custom token --- app/controllers/api_user.go | 9 --------- app/middleware/auth.go | 6 +++--- app/models/user.go | 28 ++++++++++------------------ go.mod | 2 ++ go.sum | 2 ++ 5 files changed, 17 insertions(+), 30 deletions(-) diff --git a/app/controllers/api_user.go b/app/controllers/api_user.go index f265f26..e55d88d 100644 --- a/app/controllers/api_user.go +++ b/app/controllers/api_user.go @@ -82,15 +82,6 @@ func validateKeysAndTokens(in *models.User) error { } } - for k, v := range in.AuthTokens { - if k != v.Kind { - return &echo.HTTPError{ - Code: http.StatusBadRequest, - Message: "Token kind must match hash key.", - } - } - } - return nil } diff --git a/app/middleware/auth.go b/app/middleware/auth.go index 7cef4d7..5a3c2f6 100644 --- a/app/middleware/auth.go +++ b/app/middleware/auth.go @@ -15,6 +15,7 @@ import ( "github.com/labstack/echo/v4" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" + "golang.org/x/oauth2" ) // apiKeyRequests tracks the number of requests made with the legacy X-API-Key @@ -202,9 +203,8 @@ func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error { dbUser.AddKey(sk) dbUser.GCKeys() // This is a convenient place to do it - dbUser.AddToken(&models.AuthToken{ - Kind: "github", - Token: token.AccessToken, + dbUser.AddToken("github", &oauth2.Token{ + AccessToken: token.AccessToken, RefreshToken: token.RefreshToken, }) diff --git a/app/models/user.go b/app/models/user.go index 4e37377..eb0ccbf 100644 --- a/app/models/user.go +++ b/app/models/user.go @@ -7,6 +7,7 @@ import ( "code.crute.us/mcrute/golib/db/mongodb" "go.mongodb.org/mongo-driver/bson" "go.mongodb.org/mongo-driver/bson/primitive" + "golang.org/x/oauth2" ) const userCol = "users" @@ -18,22 +19,13 @@ type UserStore interface { Delete(context.Context, *User) error } -type AuthToken struct { - Kind string `json:"kind"` - Token string `json:"token"` - - // Do not expose refresh tokens in JSON as they are long-lived tokens that - // are harder to invalidate and thus rather security sensitive. - RefreshToken string `json:"-"` -} - type User struct { - Username string `bson:"_id" json:"username"` - IsAdmin bool `json:"is_admin"` - IsService bool `json:"is_service"` - Keys map[string]*SessionKey `json:"keys,omitempty"` // kid -> key - AuthTokens map[string]*AuthToken `json:"auth_tokens,omitempty"` // kind -> token - Deleted *time.Time `json:"deleted,omitempty"` + Username string `bson:"_id" json:"username"` + IsAdmin bool `json:"is_admin"` + IsService bool `json:"is_service"` + Keys map[string]*SessionKey `json:"keys,omitempty"` // kid -> key + AuthTokens map[string]*oauth2.Token `json:"auth_tokens,omitempty"` // kind -> token + Deleted *time.Time `json:"deleted,omitempty"` } // GCKeys garbage collects keys that are no longer valid @@ -62,11 +54,11 @@ func (u *User) AddKey(k *SessionKey) { u.Keys[k.KeyId] = k } -func (u *User) AddToken(t *AuthToken) { +func (u *User) AddToken(name string, t *oauth2.Token) { if u.AuthTokens == nil { - u.AuthTokens = map[string]*AuthToken{} + u.AuthTokens = map[string]*oauth2.Token{} } - u.AuthTokens[t.Kind] = t + u.AuthTokens[name] = t } type MongoDbUserStore struct { diff --git a/go.mod b/go.mod index df20f18..b6e4841 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ require ( github.com/prometheus/client_golang v1.11.0 github.com/spf13/cobra v1.2.1 go.mongodb.org/mongo-driver v1.7.4 + golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 gopkg.in/square/go-jose.v2 v2.5.1 ) @@ -80,6 +81,7 @@ require ( golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect golang.org/x/sys v0.0.0-20211103235746-7861aae1554b // indirect golang.org/x/text v0.3.7 // indirect + google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect google.golang.org/grpc v1.41.0 // indirect google.golang.org/protobuf v1.26.0 // indirect diff --git a/go.sum b/go.sum index 3f63d02..0f8b967 100644 --- a/go.sum +++ b/go.sum @@ -605,6 +605,7 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -787,6 +788,7 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -- cgit v1.2.3