2018-09-25 19:18:05 +00:00
|
|
|
package http
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"net/http"
|
|
|
|
|
2019-11-25 14:22:19 +00:00
|
|
|
"github.com/influxdata/httprouter"
|
2020-04-03 17:39:20 +00:00
|
|
|
platform "github.com/influxdata/influxdb/v2"
|
2018-09-25 19:18:05 +00:00
|
|
|
"go.uber.org/zap"
|
|
|
|
)
|
|
|
|
|
2019-12-09 23:54:16 +00:00
|
|
|
const (
|
|
|
|
prefixSignIn = "/api/v2/signin"
|
|
|
|
prefixSignOut = "/api/v2/signout"
|
|
|
|
)
|
|
|
|
|
2018-12-29 03:41:06 +00:00
|
|
|
// SessionBackend is all services and associated parameters required to construct
|
|
|
|
// the SessionHandler.
|
|
|
|
type SessionBackend struct {
|
2019-12-04 23:10:23 +00:00
|
|
|
log *zap.Logger
|
2019-06-27 01:33:20 +00:00
|
|
|
platform.HTTPErrorHandler
|
2018-12-29 03:41:06 +00:00
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
PasswordsService platform.PasswordsService
|
2018-12-29 03:41:06 +00:00
|
|
|
SessionService platform.SessionService
|
2019-11-19 20:24:57 +00:00
|
|
|
UserService platform.UserService
|
2018-12-29 03:41:06 +00:00
|
|
|
}
|
|
|
|
|
2020-05-18 17:50:22 +00:00
|
|
|
// NewSessionBackend creates a new SessionBackend with associated logger.
|
|
|
|
func NewSessionBackend(log *zap.Logger, b *APIBackend) *SessionBackend {
|
2018-12-29 03:41:06 +00:00
|
|
|
return &SessionBackend{
|
2019-06-27 01:33:20 +00:00
|
|
|
HTTPErrorHandler: b.HTTPErrorHandler,
|
2019-12-04 23:10:23 +00:00
|
|
|
log: log,
|
2018-12-29 03:41:06 +00:00
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
PasswordsService: b.PasswordsService,
|
2018-12-29 03:41:06 +00:00
|
|
|
SessionService: b.SessionService,
|
2019-11-19 20:24:57 +00:00
|
|
|
UserService: b.UserService,
|
2018-12-29 03:41:06 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-09-26 18:17:03 +00:00
|
|
|
// SessionHandler represents an HTTP API handler for authorizations.
|
|
|
|
type SessionHandler struct {
|
2018-09-25 19:18:05 +00:00
|
|
|
*httprouter.Router
|
2019-06-27 01:33:20 +00:00
|
|
|
platform.HTTPErrorHandler
|
2019-12-04 23:10:23 +00:00
|
|
|
log *zap.Logger
|
2018-09-25 19:18:05 +00:00
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
PasswordsService platform.PasswordsService
|
2018-09-25 19:18:05 +00:00
|
|
|
SessionService platform.SessionService
|
2019-11-19 20:24:57 +00:00
|
|
|
UserService platform.UserService
|
2018-09-25 19:18:05 +00:00
|
|
|
}
|
|
|
|
|
2018-09-26 18:17:03 +00:00
|
|
|
// NewSessionHandler returns a new instance of SessionHandler.
|
2019-12-04 23:10:23 +00:00
|
|
|
func NewSessionHandler(log *zap.Logger, b *SessionBackend) *SessionHandler {
|
2018-09-26 18:17:03 +00:00
|
|
|
h := &SessionHandler{
|
2019-06-27 01:33:20 +00:00
|
|
|
Router: NewRouter(b.HTTPErrorHandler),
|
|
|
|
HTTPErrorHandler: b.HTTPErrorHandler,
|
2019-12-04 23:10:23 +00:00
|
|
|
log: log,
|
2018-12-29 03:41:06 +00:00
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
PasswordsService: b.PasswordsService,
|
2018-12-29 03:41:06 +00:00
|
|
|
SessionService: b.SessionService,
|
2019-11-19 20:24:57 +00:00
|
|
|
UserService: b.UserService,
|
2018-09-25 19:18:05 +00:00
|
|
|
}
|
|
|
|
|
2019-12-09 23:54:16 +00:00
|
|
|
h.HandlerFunc("POST", prefixSignIn, h.handleSignin)
|
|
|
|
h.HandlerFunc("POST", prefixSignOut, h.handleSignout)
|
2018-09-25 19:18:05 +00:00
|
|
|
return h
|
|
|
|
}
|
|
|
|
|
|
|
|
// handleSignin is the HTTP handler for the POST /signin route.
|
2018-09-26 18:17:03 +00:00
|
|
|
func (h *SessionHandler) handleSignin(w http.ResponseWriter, r *http.Request) {
|
2018-09-25 19:18:05 +00:00
|
|
|
ctx := r.Context()
|
|
|
|
|
2019-11-19 20:24:57 +00:00
|
|
|
req, decErr := decodeSigninRequest(ctx, r)
|
|
|
|
if decErr != nil {
|
|
|
|
UnauthorizedError(ctx, h, w)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
u, err := h.UserService.FindUser(ctx, platform.UserFilter{
|
|
|
|
Name: &req.Username,
|
|
|
|
})
|
2018-09-25 19:18:05 +00:00
|
|
|
if err != nil {
|
2019-06-27 01:33:20 +00:00
|
|
|
UnauthorizedError(ctx, h, w)
|
2018-09-25 19:18:05 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-11-19 20:24:57 +00:00
|
|
|
if err := h.PasswordsService.ComparePassword(ctx, u.ID, req.Password); err != nil {
|
2018-09-25 19:18:05 +00:00
|
|
|
// Don't log here, it should already be handled by the service
|
2019-06-27 01:33:20 +00:00
|
|
|
UnauthorizedError(ctx, h, w)
|
2018-09-25 19:18:05 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2018-12-19 16:41:11 +00:00
|
|
|
s, e := h.SessionService.CreateSession(ctx, req.Username)
|
|
|
|
if e != nil {
|
2019-06-27 01:33:20 +00:00
|
|
|
UnauthorizedError(ctx, h, w)
|
2018-09-25 19:18:05 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
encodeCookieSession(w, s)
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
}
|
|
|
|
|
|
|
|
type signinRequest struct {
|
|
|
|
Username string
|
|
|
|
Password string
|
|
|
|
}
|
|
|
|
|
2018-12-19 16:41:11 +00:00
|
|
|
func decodeSigninRequest(ctx context.Context, r *http.Request) (*signinRequest, *platform.Error) {
|
2018-09-25 19:18:05 +00:00
|
|
|
u, p, ok := r.BasicAuth()
|
|
|
|
if !ok {
|
2018-12-19 16:41:11 +00:00
|
|
|
return nil, &platform.Error{
|
|
|
|
Code: platform.EInvalid,
|
|
|
|
Msg: "invalid basic auth",
|
|
|
|
}
|
2018-09-25 19:18:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return &signinRequest{
|
|
|
|
Username: u,
|
|
|
|
Password: p,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// handleSignout is the HTTP handler for the POST /signout route.
|
2018-09-26 18:17:03 +00:00
|
|
|
func (h *SessionHandler) handleSignout(w http.ResponseWriter, r *http.Request) {
|
2018-09-25 19:18:05 +00:00
|
|
|
ctx := r.Context()
|
|
|
|
|
|
|
|
req, err := decodeSignoutRequest(ctx, r)
|
|
|
|
if err != nil {
|
2019-06-27 01:33:20 +00:00
|
|
|
UnauthorizedError(ctx, h, w)
|
2018-09-25 19:18:05 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := h.SessionService.ExpireSession(ctx, req.Key); err != nil {
|
2019-06-27 01:33:20 +00:00
|
|
|
UnauthorizedError(ctx, h, w)
|
2018-09-25 19:18:05 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO(desa): not sure what to do here maybe redirect?
|
|
|
|
w.WriteHeader(http.StatusNoContent)
|
|
|
|
}
|
|
|
|
|
|
|
|
type signoutRequest struct {
|
|
|
|
Key string
|
|
|
|
}
|
|
|
|
|
2019-09-12 18:39:24 +00:00
|
|
|
func decodeSignoutRequest(ctx context.Context, r *http.Request) (*signoutRequest, error) {
|
2018-09-25 19:18:05 +00:00
|
|
|
key, err := decodeCookieSession(ctx, r)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return &signoutRequest{
|
|
|
|
Key: key,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
const cookieSessionName = "session"
|
|
|
|
|
|
|
|
func encodeCookieSession(w http.ResponseWriter, s *platform.Session) {
|
|
|
|
c := &http.Cookie{
|
|
|
|
Name: cookieSessionName,
|
|
|
|
Value: s.Key,
|
|
|
|
}
|
|
|
|
|
|
|
|
http.SetCookie(w, c)
|
|
|
|
}
|
2019-09-12 18:39:24 +00:00
|
|
|
func decodeCookieSession(ctx context.Context, r *http.Request) (string, error) {
|
2018-09-25 19:18:05 +00:00
|
|
|
c, err := r.Cookie(cookieSessionName)
|
|
|
|
if err != nil {
|
2018-12-19 16:41:11 +00:00
|
|
|
return "", &platform.Error{
|
|
|
|
Code: platform.EInvalid,
|
2019-09-12 18:39:24 +00:00
|
|
|
Err: err,
|
2018-12-19 16:41:11 +00:00
|
|
|
}
|
2018-09-25 19:18:05 +00:00
|
|
|
}
|
|
|
|
return c.Value, nil
|
|
|
|
}
|
2018-10-01 20:04:43 +00:00
|
|
|
|
|
|
|
// SetCookieSession adds a cookie for the session to an http request
|
|
|
|
func SetCookieSession(key string, r *http.Request) {
|
|
|
|
c := &http.Cookie{
|
2020-02-25 22:37:11 +00:00
|
|
|
Name: cookieSessionName,
|
|
|
|
Value: key,
|
|
|
|
Secure: true,
|
2018-10-01 20:04:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
r.AddCookie(c)
|
|
|
|
}
|