From 44411fb99cadfbbab03a704328c96461320443b7 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 30 May 2020 03:52:27 -0600 Subject: [PATCH] WIP: auth storage --- mplexer/authstore/authstore_test.go | 59 ++++++++ mplexer/authstore/init.sql | 20 +++ mplexer/authstore/insert.sql | 10 ++ mplexer/authstore/postgresql.go | 205 ++++++++++++++++++++++++++++ mplexer/cmd/sqlstore/sqlstore.go | 59 ++++++++ 5 files changed, 353 insertions(+) create mode 100644 mplexer/authstore/authstore_test.go create mode 100644 mplexer/authstore/init.sql create mode 100644 mplexer/authstore/insert.sql create mode 100644 mplexer/authstore/postgresql.go create mode 100644 mplexer/cmd/sqlstore/sqlstore.go diff --git a/mplexer/authstore/authstore_test.go b/mplexer/authstore/authstore_test.go new file mode 100644 index 0000000..a17d790 --- /dev/null +++ b/mplexer/authstore/authstore_test.go @@ -0,0 +1,59 @@ +package authstore + +import ( + "fmt" + "testing" +) + +func TestStore(t *testing.T) { + // Note: output is cached + + store, err := NewStore(nil) + if nil != err { + t.Fatal("connection error", err) + return + } + + num := "8" + slug := num + "-xxx-client" + pubkey := num + "-somehash" + auth1 := &Authorization{ + Slug: slug, + SharedKey: "3-xxxx-zzzz-yyyy", + PublicKey: pubkey, + } + err = store.Add(auth1) + if nil != err { + t.Fatal("add error", err) + return + } + + auth, err := store.Get(slug) + if nil != err { + t.Fatal("get by slug error", err) + return + } + + auth, err = store.Get(pubkey) + if nil != err { + t.Fatal("get by pub error", err) + return + } + + auth1.MachinePPID = "a-secretish-id" + err = store.Set(auth1) + if nil != err { + t.Fatal("set machine id", err) + return + } + + err = store.Delete(auth1) + if nil != err { + t.Fatal("set machine id", err) + return + } + + store.Close() + + fmt.Printf("%#v\n", auth) +} diff --git a/mplexer/authstore/init.sql b/mplexer/authstore/init.sql new file mode 100644 index 0000000..8c7514e --- /dev/null +++ b/mplexer/authstore/init.sql @@ -0,0 +1,20 @@ +CREATE extension IF NOT EXISTS pgcrypto; +SET TIMEZONE='UTC'; + +--DROP TABLE IF EXISTS authorizations; +CREATE TABLE IF NOT EXISTS authorizations ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + slug TEXT NOT NULL, + shared_key TEXT NOT NULL, + public_key TEXT NOT NULL, + machine_ppid TEXT NOT NULL DEFAULT '', + created_at TIMESTAMP NOT NULL DEFAULT (now() AT TIME ZONE 'UTC'), + updated_at TIMESTAMP NOT NULL DEFAULT (now() AT TIME ZONE 'UTC'), + deleted_at TIMESTAMP NOT NULL DEFAULT ('epoch' AT TIME ZONE 'UTC') +); + +--CREATE INDEX CONCURRENTLY IF NOT EXISTS idx_slug ON authorizations (slug); +CREATE INDEX IF NOT EXISTS idx_slug ON authorizations (slug); +CREATE INDEX IF NOT EXISTS idx_machine_ppid ON authorizations (machine_ppid); +CREATE INDEX IF NOT EXISTS idx_public_key ON authorizations (public_key); + diff --git a/mplexer/authstore/insert.sql b/mplexer/authstore/insert.sql new file mode 100644 index 0000000..5b86db6 --- /dev/null +++ b/mplexer/authstore/insert.sql @@ -0,0 +1,10 @@ +BEGIN; +LOCK TABLE authorizations IN SHARE ROW EXCLUSIVE MODE; +INSERT INTO authorizations + (slug, shared_key, public_key) +SELECT 'xxx-client-1', 'xxxx-yyyy-zzzz', 'somehash' +WHERE + NOT EXISTS ( + SELECT slug FROM authorizations WHERE slug = 'xxx-client-1' + ); +COMMIT; diff --git a/mplexer/authstore/postgresql.go b/mplexer/authstore/postgresql.go new file mode 100644 index 0000000..fb0883c --- /dev/null +++ b/mplexer/authstore/postgresql.go @@ -0,0 +1,205 @@ +package authstore + +import ( + "context" + "database/sql" + "fmt" + "io/ioutil" + "strings" + "time" + + "github.com/jmoiron/sqlx" + _ "github.com/lib/pq" +) + +type Authorization struct { + ID string `db:"id,omitempty"` + Slug string `db:"slug,omitempty"` + MachinePPID string `db:"machine_ppid,omitempty"` + PublicKey string `db:"public_key,omitempty"` + SharedKey string `db:"shared_key,omitempty"` + CreatedAt time.Time `db:"created_at,omitempty"` + UpdatedAt time.Time `db:"updated_at,omitempty"` + DeletedAt time.Time `db:"deleted_at,omitempty"` +} + +type Store interface { + Add(auth *Authorization) error + Set(auth *Authorization) error + Get(id string) (*Authorization, error) + GetBySlug(id string) (*Authorization, error) + GetByPub(id string) (*Authorization, error) + Delete(auth *Authorization) error + Close() error +} + +type StoreConfig interface { + Type() string + URL() string +} + +func NewStore(c StoreConfig) (Store, error) { + // https://godoc.org/github.com/lib/pq + + connStr := "postgres://postgres:postgres@localhost/postgres" + if strings.Contains(connStr, "@localhost/") { + connStr += "?sslmode=disable" + } else { + connStr += "?sslmode=required" + } + // TODO url.Parse + dbtype := "postgres" + sqlBytes, err := ioutil.ReadFile("./init.sql") + if nil != err { + return nil, err + } + + ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second)) + defer done() + db, err := sql.Open(dbtype, connStr) + if err := db.PingContext(ctx); nil != err { + return nil, err + } + if _, err := db.ExecContext(ctx, string(sqlBytes)); nil != err { + return nil, err + } + + dbx := sqlx.NewDb(db, dbtype) + + return &PGStore{ + dbx: dbx, + }, nil +} + +type PGStore struct { + dbx *sqlx.DB +} + +func (s *PGStore) Add(auth *Authorization) error { + ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second)) + defer done() + + tx, err := s.dbx.DB.BeginTx(ctx, &sql.TxOptions{}) + if nil != err { + return err + } + query1 := `LOCK TABLE authorizations IN SHARE ROW EXCLUSIVE MODE` + _, err = tx.ExecContext(ctx, query1) + if nil != err { + return err + } + query2 := ` + INSERT INTO authorizations (slug, shared_key, public_key) + SELECT $1, $2, $3 + WHERE NOT EXISTS ( + SELECT slug FROM authorizations WHERE deleted_at = '1970-01-01 00:00:00' AND slug = $1 + ) + ` + res, err := tx.ExecContext(ctx, query2, auth.Slug, auth.SharedKey, auth.PublicKey) + if nil != err { + return err + } + + // PostgreSQL does support RowsAffected(), but not LastInsertId() + if count, _ := res.RowsAffected(); count != 1 { + return fmt.Errorf("record not added (probably exists)") + } + + if err := tx.Commit(); nil != err { + return err + } + + return nil +} + +func (s *PGStore) Set(auth *Authorization) error { + ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second)) + defer done() + query := ` + UPDATE authorizations SET + machine_ppid=$1, + shared_key=$2, + public_key=$3 + WHERE + deleted_at = '1970-01-01 00:00:00' + AND shared_key = $2 + AND machine_ppid= '' + ` + row, err := s.dbx.ExecContext(ctx, query, auth.MachinePPID, auth.SharedKey, auth.PublicKey) + if nil != err { + return err + } + // PostgreSQL does support RowsAffected() + if count, _ := row.RowsAffected(); count != 1 { + return fmt.Errorf("record exists") + } + return nil +} + +func (s *PGStore) Get(id string) (*Authorization, error) { + ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second)) + defer done() + query := `SELECT * FROM authorizations WHERE deleted_at = '1970-01-01 00:00:00' AND (slug = $1 OR public_key = $1)` + row := s.dbx.QueryRowxContext(ctx, query, id) + if nil != row { + auth := &Authorization{} + if err := row.StructScan(auth); nil != err { + fmt.Println("what's wrong here", err) + return nil, err + } + return auth, nil + } + return nil, nil +} + +func (s *PGStore) GetBySlug(id string) (*Authorization, error) { + ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second)) + defer done() + query := `SELECT * FROM authorizations WHERE deleted_at = '1970-01-01 00:00:00' AND slug = $1` + row := s.dbx.QueryRowxContext(ctx, query, id) + if nil != row { + auth := &Authorization{} + if err := row.StructScan(auth); nil != err { + return nil, err + } + return auth, nil + } + return nil, nil +} + +func (s *PGStore) GetByPub(id string) (*Authorization, error) { + ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second)) + defer done() + query := `SELECT * FROM authorizations WHERE deleted_at = '1970-01-01 00:00:00' AND public_key = $1` + row := s.dbx.QueryRowxContext(ctx, query, id) + if nil != row { + auth := &Authorization{} + if err := row.StructScan(auth); nil != err { + return nil, err + } + return auth, nil + } + return nil, nil +} + +func (s *PGStore) Delete(auth *Authorization) error { + ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second)) + defer done() + query := ` + UPDATE authorizations SET deleted_at = 'now' + WHERE deleted_at = '1970-01-01 00:00:00' AND slug = $1 + ` + row, err := s.dbx.ExecContext(ctx, query, auth.Slug) + if nil != err { + return err + } + // PostgreSQL does support RowsAffected() + if count, _ := row.RowsAffected(); count != 1 { + return fmt.Errorf("record exists") + } + return nil +} + +func (s *PGStore) Close() error { + return s.dbx.DB.Close() +} diff --git a/mplexer/cmd/sqlstore/sqlstore.go b/mplexer/cmd/sqlstore/sqlstore.go new file mode 100644 index 0000000..8a6ef03 --- /dev/null +++ b/mplexer/cmd/sqlstore/sqlstore.go @@ -0,0 +1,59 @@ +package main + +import ( + "fmt" + "log" + + "git.coolaj86.com/coolaj86/go-telebitd/mplexer/authstore" +) + +func main() { + store, err := authstore.NewStore(nil) + if nil != err { + log.Fatal("connection error", err) + return + } + + num := "8" + slug := num + "-xxx-client" + pubkey := num + "-somehash" + auth1 := &authstore.Authorization{ + Slug: slug, + SharedKey: "3-xxxx-zzzz-yyyy", + PublicKey: pubkey, + } + err = store.Add(auth1) + if nil != err { + log.Fatal("add error", err) + return + } + + auth, err := store.Get(slug) + if nil != err { + log.Fatal("get by slug error", err) + return + } + + auth, err = store.Get(pubkey) + if nil != err { + log.Fatal("get by pub error", err) + return + } + + auth1.MachinePPID = "a-secretish-id" + err = store.Set(auth1) + if nil != err { + log.Fatal("set machine id", err) + return + } + + err = store.Delete(auth1) + if nil != err { + log.Fatal("set machine id", err) + return + } + + store.Close() + + fmt.Printf("%#v\n", auth) +}