2020-05-30 09:52:27 +00:00
|
|
|
package authstore
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2020-05-30 23:45:36 +00:00
|
|
|
"crypto/sha256"
|
2020-05-30 09:52:27 +00:00
|
|
|
"database/sql"
|
2020-05-30 23:45:36 +00:00
|
|
|
"encoding/base64"
|
2020-05-30 09:52:27 +00:00
|
|
|
"fmt"
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/jmoiron/sqlx"
|
|
|
|
|
_ "github.com/lib/pq"
|
|
|
|
|
)
|
|
|
|
|
|
2020-05-30 23:14:40 +00:00
|
|
|
func NewStore(pgURL, initSQL string) (Store, error) {
|
2020-05-30 09:52:27 +00:00
|
|
|
// https://godoc.org/github.com/lib/pq
|
|
|
|
|
|
|
|
|
|
dbtype := "postgres"
|
2020-05-30 23:14:40 +00:00
|
|
|
sqlBytes, err := ioutil.ReadFile(initSQL)
|
2020-05-30 09:52:27 +00:00
|
|
|
if nil != err {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
2020-05-30 23:14:40 +00:00
|
|
|
db, err := sql.Open(dbtype, pgURL)
|
2020-05-30 09:52:27 +00:00
|
|
|
if err := db.PingContext(ctx); nil != err {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if _, err := db.ExecContext(ctx, string(sqlBytes)); nil != err {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dbx := sqlx.NewDb(db, dbtype)
|
|
|
|
|
|
|
|
|
|
return &PGStore{
|
|
|
|
|
dbx: dbx,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type PGStore struct {
|
|
|
|
|
dbx *sqlx.DB
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-30 23:45:36 +00:00
|
|
|
func (s *PGStore) SetMaster(secret string) error {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
|
|
|
|
|
pubBytes := sha256.Sum256([]byte(secret))
|
2020-05-31 12:19:41 +00:00
|
|
|
pub := base64.RawURLEncoding.EncodeToString(pubBytes[:])
|
|
|
|
|
pub = pub[:24]
|
2020-05-30 23:45:36 +00:00
|
|
|
auth := &Authorization{
|
|
|
|
|
Slug: "*",
|
|
|
|
|
SharedKey: secret,
|
|
|
|
|
MachinePPID: secret,
|
2020-05-31 12:19:41 +00:00
|
|
|
PublicKey: pub,
|
2020-05-30 23:45:36 +00:00
|
|
|
}
|
|
|
|
|
err := s.Add(auth)
|
|
|
|
|
|
|
|
|
|
query := `
|
|
|
|
|
UPDATE authorizations SET
|
|
|
|
|
machine_ppid=$1,
|
|
|
|
|
shared_key=$1,
|
|
|
|
|
public_key=$2,
|
|
|
|
|
deleted_at='1970-01-01 00:00:00'
|
|
|
|
|
WHERE slug = '*'
|
|
|
|
|
`
|
|
|
|
|
_, err = s.dbx.ExecContext(ctx, query, auth.MachinePPID, auth.PublicKey)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-30 09:52:27 +00:00
|
|
|
func (s *PGStore) Add(auth *Authorization) error {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
|
|
|
|
|
tx, err := s.dbx.DB.BeginTx(ctx, &sql.TxOptions{})
|
|
|
|
|
if nil != err {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
query1 := `LOCK TABLE authorizations IN SHARE ROW EXCLUSIVE MODE`
|
|
|
|
|
_, err = tx.ExecContext(ctx, query1)
|
|
|
|
|
if nil != err {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
query2 := `
|
|
|
|
|
INSERT INTO authorizations (slug, shared_key, public_key)
|
|
|
|
|
SELECT $1, $2, $3
|
|
|
|
|
WHERE NOT EXISTS (
|
|
|
|
|
SELECT slug FROM authorizations WHERE deleted_at = '1970-01-01 00:00:00' AND slug = $1
|
|
|
|
|
)
|
|
|
|
|
`
|
2020-05-31 12:19:41 +00:00
|
|
|
now := time.Now()
|
2020-05-30 09:52:27 +00:00
|
|
|
res, err := tx.ExecContext(ctx, query2, auth.Slug, auth.SharedKey, auth.PublicKey)
|
|
|
|
|
if nil != err {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PostgreSQL does support RowsAffected(), but not LastInsertId()
|
|
|
|
|
if count, _ := res.RowsAffected(); count != 1 {
|
2020-05-31 12:19:41 +00:00
|
|
|
// TODO be more sure?
|
|
|
|
|
return ErrExists // fmt.Errorf("record not added (probably exists)")
|
2020-05-30 09:52:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := tx.Commit(); nil != err {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-31 12:19:41 +00:00
|
|
|
auth.CreatedAt = now
|
|
|
|
|
auth.UpdatedAt = now
|
2020-05-30 09:52:27 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *PGStore) Set(auth *Authorization) error {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
query := `
|
|
|
|
|
UPDATE authorizations SET
|
2020-05-31 12:19:41 +00:00
|
|
|
machine_ppid = $1,
|
|
|
|
|
shared_key = $2,
|
|
|
|
|
public_key = $3,
|
|
|
|
|
updated_at = 'now'
|
2020-05-30 09:52:27 +00:00
|
|
|
WHERE
|
|
|
|
|
deleted_at = '1970-01-01 00:00:00'
|
|
|
|
|
AND shared_key = $2
|
|
|
|
|
AND machine_ppid= ''
|
|
|
|
|
`
|
|
|
|
|
row, err := s.dbx.ExecContext(ctx, query, auth.MachinePPID, auth.SharedKey, auth.PublicKey)
|
|
|
|
|
if nil != err {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// PostgreSQL does support RowsAffected()
|
|
|
|
|
if count, _ := row.RowsAffected(); count != 1 {
|
|
|
|
|
return fmt.Errorf("record exists")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-31 12:19:41 +00:00
|
|
|
func (s *PGStore) Touch(pub string) error {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
query := `
|
|
|
|
|
UPDATE authorizations SET
|
|
|
|
|
updated_at = 'now'
|
|
|
|
|
WHERE deleted_at = '1970-01-01 00:00:00'
|
|
|
|
|
AND (public_key = $1 OR slug = $1)
|
|
|
|
|
`
|
|
|
|
|
row, err := s.dbx.ExecContext(ctx, query, pub)
|
|
|
|
|
if nil != err {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// PostgreSQL does support RowsAffected()
|
|
|
|
|
if count, _ := row.RowsAffected(); count != 1 {
|
|
|
|
|
return fmt.Errorf("record was not updated")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-01 08:39:35 +00:00
|
|
|
func (s *PGStore) Active() ([]Authorization, error) {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
|
|
|
|
|
auths := []Authorization{}
|
|
|
|
|
query := `
|
|
|
|
|
SELECT * FROM authorizations
|
|
|
|
|
WHERE deleted_at = '1970-01-01 00:00:00'
|
|
|
|
|
AND updated_at > $1
|
|
|
|
|
`
|
|
|
|
|
ago15Min := time.Now().Add(-15 * time.Minute)
|
|
|
|
|
err := s.dbx.SelectContext(ctx, &auths, query, ago15Min)
|
|
|
|
|
if nil != err {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return auths, nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-01 08:48:05 +00:00
|
|
|
func (s *PGStore) Inactive() ([]Authorization, error) {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
|
|
|
|
|
auths := []Authorization{}
|
|
|
|
|
query := `
|
|
|
|
|
SELECT * FROM authorizations
|
|
|
|
|
WHERE deleted_at = '1970-01-01 00:00:00'
|
|
|
|
|
AND updated_at <= $1
|
|
|
|
|
AND slug != '*'
|
|
|
|
|
`
|
|
|
|
|
ago15Min := time.Now().Add(-15 * time.Minute)
|
|
|
|
|
err := s.dbx.SelectContext(ctx, &auths, query, ago15Min)
|
|
|
|
|
if nil != err {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return auths, nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-30 09:52:27 +00:00
|
|
|
func (s *PGStore) Get(id string) (*Authorization, error) {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
2020-05-30 23:14:40 +00:00
|
|
|
query := `
|
2020-05-31 12:19:41 +00:00
|
|
|
SELECT * FROM authorizations
|
|
|
|
|
WHERE deleted_at = '1970-01-01 00:00:00'
|
|
|
|
|
AND (slug = $1 OR public_key = $1 OR shared_key = $1)
|
|
|
|
|
`
|
2020-05-30 09:52:27 +00:00
|
|
|
row := s.dbx.QueryRowxContext(ctx, query, id)
|
|
|
|
|
if nil != row {
|
|
|
|
|
auth := &Authorization{}
|
|
|
|
|
if err := row.StructScan(auth); nil != err {
|
|
|
|
|
fmt.Println("what's wrong here", err)
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return auth, nil
|
|
|
|
|
}
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *PGStore) GetBySlug(id string) (*Authorization, error) {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
query := `SELECT * FROM authorizations WHERE deleted_at = '1970-01-01 00:00:00' AND slug = $1`
|
|
|
|
|
row := s.dbx.QueryRowxContext(ctx, query, id)
|
|
|
|
|
if nil != row {
|
|
|
|
|
auth := &Authorization{}
|
|
|
|
|
if err := row.StructScan(auth); nil != err {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return auth, nil
|
|
|
|
|
}
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *PGStore) GetByPub(id string) (*Authorization, error) {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
query := `SELECT * FROM authorizations WHERE deleted_at = '1970-01-01 00:00:00' AND public_key = $1`
|
|
|
|
|
row := s.dbx.QueryRowxContext(ctx, query, id)
|
|
|
|
|
if nil != row {
|
|
|
|
|
auth := &Authorization{}
|
|
|
|
|
if err := row.StructScan(auth); nil != err {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return auth, nil
|
|
|
|
|
}
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *PGStore) Delete(auth *Authorization) error {
|
|
|
|
|
ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
|
|
|
|
|
defer done()
|
|
|
|
|
query := `
|
|
|
|
|
UPDATE authorizations SET deleted_at = 'now'
|
|
|
|
|
WHERE deleted_at = '1970-01-01 00:00:00' AND slug = $1
|
|
|
|
|
`
|
|
|
|
|
row, err := s.dbx.ExecContext(ctx, query, auth.Slug)
|
|
|
|
|
if nil != err {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// PostgreSQL does support RowsAffected()
|
|
|
|
|
if count, _ := row.RowsAffected(); count != 1 {
|
2020-05-31 12:19:41 +00:00
|
|
|
return fmt.Errorf("record does not exist")
|
2020-05-30 09:52:27 +00:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *PGStore) Close() error {
|
|
|
|
|
return s.dbx.DB.Close()
|
|
|
|
|
}
|
