telebit/mplexer/mgmt/authstore/authstore.go

package authstore

import (
	"crypto/rand"
	"crypto/sha256"
	"encoding/base64"
	"errors"
	"time"

	jwt "github.com/dgrijalva/jwt-go"
)

var ErrExists = errors.New("token already exists")

type Authorization struct {
	ID string `db:"id,omitempty" json:"-"`

	MachinePPID string `db:"machine_ppid,omitempty" json:"machine_ppid,omitempty"`
	PublicKey   string `db:"public_key,omitempty" json:"public_key,omitempty"`
	SharedKey   string `db:"shared_key,omitempty" json:"shared_key"`
	Slug        string `db:"slug,omitempty" json:"slug"`

	CreatedAt time.Time `db:"created_at,omitempty" json:"created_at,omitempty"`
	UpdatedAt time.Time `db:"updated_at,omitempty" json:"updated_at,omitempty"`
	DeletedAt time.Time `db:"deleted_at,omitempty" json:"-"`
}

type Store interface {
	SetMaster(secret string) error
	Add(auth *Authorization) error
	Set(auth *Authorization) error
	Active() ([]Authorization, error)
	Inactive() ([]Authorization, error)
	Touch(id string) error
	Get(id string) (*Authorization, error)
	GetBySlug(id string) (*Authorization, error)
	GetByPub(id string) (*Authorization, error)
	Delete(auth *Authorization) error
	Close() error
}

func ToPublicKeyString(secret string) string {
	pubBytes := sha256.Sum256([]byte(secret))
	pub := base64.RawURLEncoding.EncodeToString(pubBytes[:])
	if len(pub) > 24 {
		pub = pub[:24]
	}
	return pub
}

func HMACToken(secret string) (token string, err error) {
	keyID := ToPublicKeyString(secret)

	b := make([]byte, 16)
	_, _ = rand.Read(b)
	claims := &jwt.StandardClaims{
		Id:        base64.RawURLEncoding.EncodeToString(b),
		IssuedAt:  time.Now().Unix(),
		ExpiresAt: time.Now().Add(5 * time.Minute).Unix(),
	}

	jwtToken := &jwt.Token{
		Header: map[string]interface{}{
			"kid": keyID,
			"typ": "JWT",
			"alg": jwt.SigningMethodHS256.Alg(),
		},
		Claims: claims,
		Method: jwt.SigningMethodHS256,
	}

	if token, err = jwtToken.SignedString([]byte(secret)); err != nil {
		return "", err
	}
	return token, nil
}
WIP: authenticated management routes 2020-05-30 23:14:40 +00:00			`package authstore`

			`import (`
enable auth checking 2020-06-01 07:38:18 +00:00			`"crypto/rand"`
WIP: auth flow 2020-05-31 12:19:41 +00:00			`"crypto/sha256"`
			`"encoding/base64"`
			`"errors"`
WIP: authenticated management routes 2020-05-30 23:14:40 +00:00			`"time"`
enable auth checking 2020-06-01 07:38:18 +00:00
			`jwt "github.com/dgrijalva/jwt-go"`
WIP: authenticated management routes 2020-05-30 23:14:40 +00:00			`)`

WIP: auth flow 2020-05-31 12:19:41 +00:00			`var ErrExists = errors.New("token already exists")`

WIP: authenticated management routes 2020-05-30 23:14:40 +00:00			`type Authorization struct {`
			ID string `db:"id,omitempty" json:"-"`

			MachinePPID string `db:"machine_ppid,omitempty" json:"machine_ppid,omitempty"`
			PublicKey string `db:"public_key,omitempty" json:"public_key,omitempty"`
			SharedKey string `db:"shared_key,omitempty" json:"shared_key"`
			Slug string `db:"slug,omitempty" json:"slug"`

			CreatedAt time.Time `db:"created_at,omitempty" json:"created_at,omitempty"`
			UpdatedAt time.Time `db:"updated_at,omitempty" json:"updated_at,omitempty"`
			DeletedAt time.Time `db:"deleted_at,omitempty" json:"-"`
			`}`

			`type Store interface {`
WIP: authorize routes 2020-05-30 23:45:36 +00:00			`SetMaster(secret string) error`
WIP: authenticated management routes 2020-05-30 23:14:40 +00:00			`Add(auth *Authorization) error`
			`Set(auth *Authorization) error`
add client pinging, and server recent pings 2020-06-01 08:39:35 +00:00			`Active() ([]Authorization, error)`
add list of inactives 2020-06-01 08:48:05 +00:00			`Inactive() ([]Authorization, error)`
WIP: auth flow 2020-05-31 12:19:41 +00:00			`Touch(id string) error`
WIP: authenticated management routes 2020-05-30 23:14:40 +00:00			`Get(id string) (*Authorization, error)`
			`GetBySlug(id string) (*Authorization, error)`
			`GetByPub(id string) (*Authorization, error)`
			`Delete(auth *Authorization) error`
			`Close() error`
			`}`
WIP: auth flow 2020-05-31 12:19:41 +00:00
			`func ToPublicKeyString(secret string) string {`
			`pubBytes := sha256.Sum256([]byte(secret))`
			`pub := base64.RawURLEncoding.EncodeToString(pubBytes[:])`
			`if len(pub) > 24 {`
			`pub = pub[:24]`
			`}`
			`return pub`
			`}`
enable auth checking 2020-06-01 07:38:18 +00:00
			`func HMACToken(secret string) (token string, err error) {`
			`keyID := ToPublicKeyString(secret)`

			`b := make([]byte, 16)`
			`_, _ = rand.Read(b)`
			`claims := &jwt.StandardClaims{`
			`Id: base64.RawURLEncoding.EncodeToString(b),`
			`IssuedAt: time.Now().Unix(),`
			`ExpiresAt: time.Now().Add(5 * time.Minute).Unix(),`
			`}`

			`jwtToken := &jwt.Token{`
			`Header: map[string]interface{}{`
			`"kid": keyID,`
			`"typ": "JWT",`
			`"alg": jwt.SigningMethodHS256.Alg(),`
			`},`
			`Claims: claims,`
			`Method: jwt.SigningMethodHS256,`
			`}`

			`if token, err = jwtToken.SignedString([]byte(secret)); err != nil {`
			`return "", err`
			`}`
			`return token, nil`
			`}`