softplayer/softplayer-backend
5
0
Fork 0
Code Pull Requests 2 Packages Releases Activity
Files
a534a4b92e1ba3de6757e04ec89656314c7cf467
softplayer-backend/internal/controllers/tokens.go
Nikolai Rodionov a534a4b92e
Some checks failed
ci/woodpecker/push/build Pipeline failed
Details
WIP: Almost full token controller 
Signed-off-by: Nikolai Rodionov <allanger@badhouseplants.net>
2026-05-14 14:30:09 +02:00

224 lines
5.5 KiB
Go
Raw Blame History

package controllers
import (
"context"
"database/sql"
"encoding/json"
"errors"
"regexp"
"time"
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/hash"
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/logger"
"gitea.badhouseplants.net/softplayer/softplayer-backend/internal/helpers/token"
"github.com/google/uuid"
"google.golang.org/grpc"
)
type TokenController struct {
DB *sql.DB
HashCost int16
ServiceInfo map[string]grpc.ServiceInfo
rules []rule
}
// Services that are not available for tokens
var DisabledServicesRegex = []string{".*Accounts.*", ".*Tokens.*"}
// Errors
var (
ErrServerError = errors.New("internal server error")
)
type TokenData struct {
UUID string
Name string
UserID string
CreatedAt time.Time
LastUserAt time.Time
RevokedAt time.Time
ExpiredAt time.Time
Scopes map[string][]string
}
type Scopes struct{}
// Set the grpc info, must happen after all the service are initialized
func (ctrl *TokenController) SetGRPCInfo(info map[string]grpc.ServiceInfo) {
ctrl.ServiceInfo = info
}
func (ctrl *TokenController) SetRules() {
rules := []rule{
{re: regexp.MustCompile(`.*Tokens.*`)},
{re: regexp.MustCompile(`.*Accounts.*`)},
{re: regexp.MustCompile(`.*Reflection.*`)},
}
ctrl.rules = rules
}
// Create a new token, store its hash in the database and return the token value
func (ctrl *TokenController) Create(ctx context.Context, data *TokenData) (string, error) {
id := uuid.NewString()
log := logger.FromContext(ctx).WithValues("uuid", id)
log.V(2).Info("Creating a new token")
tokenValue, err := token.GenerateToken()
if err != nil {
log.Error(err, "Couldn't create a token")
return "", ErrServerError
}
tokenHash, err := hash.HashPassword(tokenValue, int(ctrl.HashCost))
if err != nil {
log.Error(err, "Couldn't calculate token hash")
return "", ErrServerError
}
scopesJson, err := json.Marshal(data.Scopes)
if err != nil {
log.Error(err, "Couldn't marshal permissions into json")
return "", ErrServerError
}
query := `
INSERT INTO tokens (uuid, token_hash, user_id, scopes, created_at, generated_at, expires_at)
VALUES ($1, $2, $3, $4, $5, $6, $7)`
if _, err := ctrl.DB.Query(
query,
id,
tokenHash,
data.UserID,
scopesJson,
time.Now(),
time.Now(),
data.ExpiredAt,
); err != nil {
log.Error(err, "Couldn't insert a token in the database")
return "", ErrServerError
}
return tokenValue, nil
}
// Update token name or permissions, other changes are ignored by this method
func (ctrl *TokenController) Update(ctx context.Context, data *TokenData) error {
log := logger.FromContext(ctx).WithValues("uuid", data.UUID)
log.V(2).Info("Updating a token")
scopesJson, err := json.Marshal(data.Scopes)
if err != nil {
log.Error(err, "Couldn't marshal permissions into json")
return ErrServerError
}
query := "UPDATE tokens SET name = $1, scopes = $2 WHERE uuid = $3;"
if _, err := ctrl.DB.Query(query, data.Name, scopesJson, data.UUID); err != nil {
log.Error(err, "Couldn't update a token in the database")
return ErrServerError
}
return nil
}
// ForceExpiration of a token, so it can no longer be used
func (ctrl *TokenController) ForceExpiration(ctx context.Context, id string) error {
log := logger.FromContext(ctx).WithValues("uuid", id)
log.V(2).Info("Forcing a token expiration")
query := "UPDATE tokens SET revoked_at = $1 WHERE uuid = $2;"
if _, err := ctrl.DB.Query(query, time.Now(), id); err != nil {
log.Error(err, "Couldn't update a token in the database")
return ErrServerError
}
return nil
}
// Regenerate a token and get a new value
func (ctrl *TokenController) Regenerate(ctx context.Context, id string) (string, error) {
log := logger.FromContext(ctx).WithValues("uuid", id)
log.V(2).Info("Regenerating a token")
tokenValue, err := token.GenerateToken()
if err != nil {
log.Error(err, "Couldn't create a token")
return "", ErrServerError
}
tokenHash, err := hash.HashPassword(tokenValue, int(ctrl.HashCost))
if err != nil {
log.Error(err, "Couldn't calculate token hash")
return "", ErrServerError
}
query := `
UPDATE tokens
SET
token_hash = $1,
generated_at = $2,
expires_at = NOW() + (expires_at - generated_at),
WHERE uuid = $3;`
if _, err := ctrl.DB.Query(query, tokenHash, time.Now(), data.UUID); err != nil {
log.Error(err, "Couldn't insert a token in the database")
return "", ErrServerError
}
return "", nil
}
// Get an existing token data
func (ctrl *TokenController) Get(ctx context.Context, uuid string) error {
return nil
}
// List all available token
func (ctrl *TokenController) List(ctx context.Context, userID string) error {
query := `
SELECT id, name, generated_at, expires_at
FROM tokens
WHERE user_id = $1`
err := ctrl.DB.QueryRowContext(ctx, query, userID).Scan(
&t.ID,
&t.UserID,
&t.Name,
&scopes,
&t.GeneratedAt,
&t.ExpiresAt,
)
if err != nil {
return nil, err
}
}
// Lis all available permissions
func (ctrl *TokenController) ListPermissions(ctx context.Context) (result map[string][]string) {
result = map[string][]string{}
for key, val := range ctrl.ServiceInfo {
if shouldSkip(key, ctrl.rules) {
continue
}
var services []string
for _, svc := range val.Methods {
services = append(services, svc.Name)
}
result[key] = services
}
return
}
type rule struct {
re *regexp.Regexp
}
func shouldSkip(s string, rules []rule) bool {
for _, r := range rules {
if r.re.MatchString(s) {
return true
}
}
return false
}
View Git Blame Copy Permalink