toby3d/auth
toby3d
/
auth
1
0
Fork 0
Code Actions Packages Releases Activity

🔀 Merge branch 'feature/token' into develop

This commit is contained in:
Maxim Lebedev 2021-09-23 23:29:09 +05:00
parent 08c34c3328 a8bc4587ed
commit 317c84786a
Signed by: toby3d
GPG Key ID: 1F14E25B7C119FC5
16 changed files with 865 additions and 307 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
internal/common/common.go Normal file
View File

@ -0,0 +1,7 @@
package common
const (
MIMEApplicationJSON string = "application/json"
MIMETextHTML string = "text/html"
MIMEApplicationXWWWFormUrlencoded string = "application/x-www-form-urlencoded"
)

67
internal/model/error.go
View File

@ -6,8 +6,6 @@ import (
"golang.org/x/xerrors"
)
// TODO(toby3d): make more informative errors.
// See https://indieauth.spec.indieweb.org/#authorization-request
type Error struct {
Code string `json:"error"`
Description string `json:"error_description,omitempty"`
@ -15,48 +13,43 @@ type Error struct {
Frame xerrors.Frame `json:"-"`
}
var (
ErrInvalidRequest Error = Error{
Code: "invalid_request",
Description: "the request is missing a required parameter, includes an invalid parameter value, or is otherwise malformed",
}
ErrUnauthorizedClient Error = Error{
Code: "unauthorized_client",
Description: "the client is not authorized to request an authorization code using this method",
}
ErrAccessDenied Error = Error{
Code: "access_denied",
Description: "",
}
ErrUnsupportedResponseType Error = Error{
Code: "unsupported_response_type",
Description: "the authorization server does not support obtaining an authorization code using this method",
}
ErrInvalidScope Error = Error{
Code: "invalid_scope",
Description: "the requested scope is invalid, unknown, or malformed",
}
ErrServerError Error = Error{
Code: "server_error",
Description: "the authorization server encountered an unexpected condition which prevented it from fulfilling the request",
}
ErrTemporarilyUnavailable Error = Error{
Code: "temporarily_unavailable",
Description: "the authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server",
}
const (
ErrAccessDenied string = "access_denied"
ErrInvalidClient string = "invalid_client"
ErrInvalidGrant string = "invalid_grant"
ErrInvalidRequest string = "invalid_request"
ErrInvalidScope string = "invalid_scope"
ErrInvalidToken string = "invalid_token"
ErrServerError string = "server_error"
ErrTemporarilyUnavailable string = "temporarily_unavailable"
ErrUnauthorizedClient string = "unauthorized_client"
ErrUnsupportedResponseType string = "unsupported_response_type"
)
func (e Error) FormatError(p xerrors.Printer) error {
p.Printf("%s: %s", e.Code, e.Description)
e.Frame.Format(p)
const errorColor string = "\033[31m"
return nil
func (e Error) Error() string {
return fmt.Sprint(e)
}
func (e Error) Format(s fmt.State, r rune) {
xerrors.FormatError(e, s, r)
}
func (e Error) Error() string {
return fmt.Sprint(e)
func (e Error) FormatError(p xerrors.Printer) error {
p.Print(errorColor, e.Code)
if e.Description != "" {
p.Printf(": %s", e.Description)
}
if e.URI != "" {
p.Printf("%4s", e.URI)
}
if p.Detail() {
e.Frame.Format(p)
}
return nil
}

12
internal/model/profile.go
View File

@ -1,8 +1,12 @@
package model
type Profile struct {
Name string `json:"name"`
URL string `json:"url"`
Photo string `json:"photo"`
Email string `json:"email,omitempty"`
Name string
URL URL
Photo URL
Email string
}
func NewProfile() *Profile {
return new(Profile)
}

19
internal/model/token.go
View File

@ -1,12 +1,17 @@
package model
type Token struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
Scope string `json:"scope"`
Me string `json:"me"`
ClientID string `json:"client_id"`
Profile *Profile `json:"profile,omitempty"`
Profile *Profile
Scopes []string
AccessToken string
Type string
Me URL
ClientID URL
}
func (Token) Bucket() []byte { return []byte("tokens") }
func NewToken() *Token {
t := new(Token)
t.Scopes = make([]string, 0)
return t
}

3
internal/model/url.go Normal file
View File

@ -0,0 +1,3 @@
package model
type URL string

227
internal/token/delivery/http/token_http.go
View File

@ -1,186 +1,151 @@
package http
import (
"bytes"
"strings"
"github.com/fasthttp/router"
json "github.com/goccy/go-json"
http "github.com/valyala/fasthttp"
"gitlab.com/toby3d/indieauth/internal/model"
"gitlab.com/toby3d/indieauth/internal/token"
"golang.org/x/xerrors"
"source.toby3d.me/website/oauth/internal/common"
"source.toby3d.me/website/oauth/internal/model"
"source.toby3d.me/website/oauth/internal/token"
)
type (
Handler struct {
RequestHandler struct {
useCase token.UseCase
}
ExchangeRequest struct {
GrantType string
Code string
ClientID string
RedirectURI string
CodeVerifier string
}
RevokeRequest struct {
RevocationRequest struct {
Action string
Token string
}
ExchangeResponse struct {
AccessToken string `json:"access_token"`
Me string `json:"me"`
Scope string `json:"scope"`
TokenType string `json:"token_type"`
//nolint: tagliatelle
VerificationResponse struct {
Me model.URL `json:"me"`
ClientID model.URL `json:"client_id"`
Scope string `json:"scope"`
}
VerificationResponse struct {
Me string `json:"me"`
ClientID string `json:"client_id"`
Scope string `json:"scope"`
}
RevocationResponse struct{}
)
func NewTokenHandler(useCase token.UseCase) *Handler {
return &Handler{
const (
Action string = "action"
ActionRevoke string = "revoke"
)
func NewRequestHandler(useCase token.UseCase) *RequestHandler {
return &RequestHandler{
useCase: useCase,
}
}
func (h *Handler) Register(r *router.Router) {
r.GET("/token", h.Verification)
func (h *RequestHandler) Register(r *router.Router) {
r.GET("/token", h.Read)
r.POST("/token", h.Update)
}
func (h *Handler) Verification(ctx *http.RequestCtx) {
func (h *RequestHandler) Read(ctx *http.RequestCtx) {
ctx.SetContentType(common.MIMEApplicationJSON)
ctx.SetStatusCode(http.StatusOK)
encoder := json.NewEncoder(ctx)
rawToken := ctx.Request.Header.Peek(http.HeaderAuthorization)
token, err := h.useCase.Verify(ctx,
strings.TrimPrefix(string(ctx.Request.Header.Peek(http.HeaderAuthorization)), "Bearer "),
)
token, err := h.useCase.Verify(ctx, string(bytes.TrimSpace(bytes.TrimPrefix(rawToken, []byte("Bearer")))))
if err != nil {
ctx.Error(err.Error(), http.StatusBadRequest)
ctx.SetStatusCode(http.StatusBadRequest)
return
}
ctx.SetContentType("application/json")
_ = encoder.Encode(&VerificationResponse{
Me: token.Me,
ClientID: token.ClientID,
Scope: token.Scope,
})
}
func (h *Handler) Update(ctx *http.RequestCtx) {
if ctx.PostArgs().Has("action") {
h.Revoke(ctx)
return
}
h.Exchange(ctx)
}
func (r *ExchangeRequest) bind(ctx *http.RequestCtx) error {
if r.GrantType = string(ctx.PostArgs().Peek("grant_type")); r.GrantType != "authorization_code" {
return model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "'grant_type' must be 'authorization_code'",
if err = encoder.Encode(err); err != nil {
ctx.Error(err.Error(), http.StatusInternalServerError)
}
}
if r.Code = string(ctx.PostArgs().Peek("code")); r.Code == "" {
return model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "'code' query is required",
}
}
if r.ClientID = string(ctx.PostArgs().Peek("client_id")); r.ClientID == "" {
return model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "'client_id' query is required",
}
}
if r.RedirectURI = string(ctx.PostArgs().Peek("redirect_uri")); r.RedirectURI == "" {
return model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "'redirect_uri' query is required",
}
}
r.CodeVerifier = string(ctx.PostArgs().Peek("code_verifier"))
return nil
}
func (h *Handler) Exchange(ctx *http.RequestCtx) {
encoder := json.NewEncoder(ctx)
req := new(ExchangeRequest)
if err := req.bind(ctx); err != nil {
ctx.Error(err.Error(), http.StatusBadRequest)
return
}
token, err := h.useCase.Exchange(ctx, &model.ExchangeRequest{
ClientID: req.ClientID,
Code: req.Code,
CodeVerifier: req.CodeVerifier,
RedirectURI: req.RedirectURI,
})
if err != nil {
ctx.Error(err.Error(), http.StatusInternalServerError)
return
}
if token == nil {
ctx.Error(model.ErrUnauthorizedClient.Error(), http.StatusUnauthorized)
ctx.SetStatusCode(http.StatusUnauthorized)
return
}
ctx.SetContentType("application/json")
_ = encoder.Encode(&ExchangeResponse{
AccessToken: token.AccessToken,
Me: token.Me,
Scope: token.Scope,
TokenType: token.TokenType,
})
if err := encoder.Encode(&VerificationResponse{
Me: token.Me,
ClientID: token.ClientID,
Scope: strings.Join(token.Scopes, " "),
}); err != nil {
ctx.SetStatusCode(http.StatusInternalServerError)
if err = encoder.Encode(err); err != nil {
ctx.Error(err.Error(), http.StatusInternalServerError)
}
}
}
func (r *RevokeRequest) bind(ctx *http.RequestCtx) error {
if r.Action = string(ctx.PostArgs().Peek("action")); r.Action != "revoke" {
func (h *RequestHandler) Update(ctx *http.RequestCtx) {
if strings.EqualFold(string(ctx.FormValue(Action)), ActionRevoke) {
h.Revocation(ctx)
}
}
func (h *RequestHandler) Revocation(ctx *http.RequestCtx) {
ctx.SetContentType(common.MIMEApplicationJSON)
ctx.SetStatusCode(http.StatusOK)
encoder := json.NewEncoder(ctx)
req := new(RevocationRequest)
if err := req.bind(ctx); err != nil {
ctx.SetStatusCode(http.StatusBadRequest)
if err = encoder.Encode(err); err != nil {
ctx.Error(err.Error(), http.StatusInternalServerError)
}
return
}
if err := h.useCase.Revoke(ctx, req.Token); err != nil {
ctx.SetStatusCode(http.StatusBadRequest)
if err = encoder.Encode(err); err != nil {
ctx.Error(err.Error(), http.StatusInternalServerError)
}
return
}
if err := encoder.Encode(&RevocationResponse{}); err != nil {
ctx.SetStatusCode(http.StatusInternalServerError)
if err = encoder.Encode(err); err != nil {
ctx.Error(err.Error(), http.StatusInternalServerError)
}
}
}
func (r *RevocationRequest) bind(ctx *http.RequestCtx) error {
if r.Action = string(ctx.FormValue(Action)); !strings.EqualFold(r.Action, ActionRevoke) {
return model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "'action' must be 'revoke'",
Code: "invalid_request",
Description: "request MUST contain 'action' key with value 'revoke'",
URI: "https://indieauth.spec.indieweb.org/#token-revocation-request",
Frame: xerrors.Caller(1),
}
}
if r.Token = string(ctx.PostArgs().Peek("token")); r.Token == "" {
if r.Token = string(ctx.FormValue("token")); r.Token == "" {
return model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "'token' query is required",
Code: "invalid_request",
Description: "request MUST contain the 'token' key with the valid access token as its value",
URI: "https://indieauth.spec.indieweb.org/#token-revocation-request",
Frame: xerrors.Caller(1),
}
}
return nil
}
func (h *Handler) Revoke(ctx *http.RequestCtx) {
req := new(RevokeRequest)
if err := req.bind(ctx); err != nil {
ctx.Error(err.Error(), http.StatusBadRequest)
return
}
_ = h.useCase.Revoke(ctx, string(ctx.PostArgs().Peek("token")))
ctx.SuccessString("application/json", "{}")
}

101
internal/token/delivery/http/token_http_test.go Normal file
View File

@ -0,0 +1,101 @@
package http_test
import (
"context"
"strings"
"sync"
"testing"
"github.com/brianvoe/gofakeit"
"github.com/goccy/go-json"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
http "github.com/valyala/fasthttp"
"source.toby3d.me/website/oauth/internal/common"
"source.toby3d.me/website/oauth/internal/model"
delivery "source.toby3d.me/website/oauth/internal/token/delivery/http"
repository "source.toby3d.me/website/oauth/internal/token/repository/memory"
"source.toby3d.me/website/oauth/internal/token/usecase"
"source.toby3d.me/website/oauth/internal/util"
)
func TestVerification(t *testing.T) {
t.Parallel()
require := require.New(t)
assert := assert.New(t)
store := new(sync.Map)
repo := repository.NewMemoryTokenRepository(store)
accessToken := model.Token{
AccessToken: gofakeit.Password(true, true, true, true, false, 32),
Type: "Bearer",
ClientID: "https://app.example.com/",
Me: "https://user.example.net/",
Scopes: []string{"create", "update", "delete"},
Profile: nil,
}
require.NoError(repo.Create(context.TODO(), &accessToken))
req := http.AcquireRequest()
defer http.ReleaseRequest(req)
req.Header.SetMethod(http.MethodGet)
req.SetRequestURI("http://localhost/token")
req.Header.Set(http.HeaderAccept, common.MIMEApplicationJSON)
req.Header.Set(http.HeaderAuthorization, "Bearer "+accessToken.AccessToken)
resp := http.AcquireResponse()
defer http.ReleaseResponse(resp)
require.NoError(util.Serve(delivery.NewRequestHandler(usecase.NewTokenUseCase(repo)).Read, req, resp))
assert.Equal(http.StatusOK, resp.StatusCode())
token := new(delivery.VerificationResponse)
require.NoError(json.Unmarshal(resp.Body(), token))
assert.Equal(&delivery.VerificationResponse{
Me: accessToken.Me,
ClientID: accessToken.ClientID,
Scope: strings.Join(accessToken.Scopes, " "),
}, token)
}
func TestRevocation(t *testing.T) {
t.Parallel()
require := require.New(t)
assert := assert.New(t)
store := new(sync.Map)
repo := repository.NewMemoryTokenRepository(store)
accessToken := gofakeit.Password(true, true, true, true, false, 32)
require.NoError(repo.Create(context.TODO(), &model.Token{
AccessToken: accessToken,
Type: "Bearer",
ClientID: "https://app.example.com/",
Me: "https://user.example.net/",
Scopes: []string{"create", "update", "delete"},
Profile: nil,
}))
req := http.AcquireRequest()
defer http.ReleaseRequest(req)
req.Header.SetMethod(http.MethodPost)
req.SetRequestURI("http://localhost/token")
req.Header.SetContentType(common.MIMEApplicationXWWWFormUrlencoded)
req.Header.Set(http.HeaderAccept, common.MIMEApplicationJSON)
req.PostArgs().Set("action", "revoke")
req.PostArgs().Set("token", accessToken)
resp := http.AcquireResponse()
defer http.ReleaseResponse(resp)
require.NoError(util.Serve(delivery.NewRequestHandler(usecase.NewTokenUseCase(repo)).Update, req, resp))
assert.Equal(http.StatusOK, resp.StatusCode())
assert.Equal(`{}`, strings.TrimSpace(string(resp.Body())))
token, err := repo.Get(context.TODO(), accessToken)
require.NoError(err)
assert.Nil(token)
}

17
internal/token/repository.go
View File

@ -3,11 +3,20 @@ package token
import (
"context"
"gitlab.com/toby3d/indieauth/internal/model"
"golang.org/x/xerrors"
"source.toby3d.me/website/oauth/internal/model"
)
type Repository interface {
Create(ctx context.Context, token *model.Token) error
Get(ctx context.Context, token string) (*model.Token, error)
Delete(ctx context.Context, token string) error
Get(ctx context.Context, accessToken string) (*model.Token, error)
Create(ctx context.Context, accessToken *model.Token) error
Update(ctx context.Context, accessToken *model.Token) error
Remove(ctx context.Context, accessToken string) error
}
var ErrExist error = model.Error{
Code: "invalid_request",
Description: "this token is already exists",
URI: "",
Frame: xerrors.Caller(1),
}

142
internal/token/repository/bolt/bolt_token.go
View File

@ -2,24 +2,40 @@ package bolt
import (
"context"
"strings"
json "github.com/goccy/go-json"
"gitlab.com/toby3d/indieauth/internal/model"
"gitlab.com/toby3d/indieauth/internal/token"
"github.com/pkg/errors"
bolt "go.etcd.io/bbolt"
"golang.org/x/xerrors"
"source.toby3d.me/website/oauth/internal/model"
"source.toby3d.me/website/oauth/internal/token"
)
type boltTokenRepository struct {
db *bolt.DB
}
type (
Token struct {
AccessToken string `json:"accessToken"`
ClientID string `json:"clientId"`
Me string `json:"me"`
Scope string `json:"scope"`
Type string `json:"type"`
}
boltTokenRepository struct {
db *bolt.DB
}
)
var ErrNotExist error = xerrors.New("key not exist")
func NewBoltTokenRepository(db *bolt.DB) (token.Repository, error) {
if err := db.Update(func(tx *bolt.Tx) error {
_, err := tx.CreateBucketIfNotExists(model.Token{}.Bucket())
//nolint: exhaustivestruct
_, err := tx.CreateBucketIfNotExists(Token{}.Bucket())
return err
return errors.Wrap(err, "failed to create a bucket")
}); err != nil {
return nil, err
return nil, errors.Wrap(err, "failed to update the storage structure")
}
return &boltTokenRepository{
@ -27,31 +43,101 @@ func NewBoltTokenRepository(db *bolt.DB) (token.Repository, error) {
}, nil
}
func (repo *boltTokenRepository) Create(ctx context.Context, token *model.Token) error {
jsonToken, err := json.Marshal(token)
if err != nil {
return err
}
return repo.db.Update(func(tx *bolt.Tx) error {
return tx.Bucket(model.Token{}.Bucket()).Put([]byte(token.AccessToken), jsonToken)
})
}
func (repo *boltTokenRepository) Get(ctx context.Context, token string) (*model.Token, error) {
t := new(model.Token)
func (repo *boltTokenRepository) Get(ctx context.Context, accessToken string) (*model.Token, error) {
result := model.NewToken()
if err := repo.db.View(func(tx *bolt.Tx) error {
return json.Unmarshal(tx.Bucket(model.Token{}.Bucket()).Get([]byte(token)), t)
//nolint: exhaustivestruct
if src := tx.Bucket(Token{}.Bucket()).Get([]byte(accessToken)); src != nil {
return NewToken().Bind(src, result)
}
return ErrNotExist
}); err != nil {
return nil, err
if !xerrors.Is(err, ErrNotExist) {
return nil, errors.Wrap(err, "failed to retrieve token from storage")
}
return nil, nil
}
return t, nil
return result, nil
}
func (repo *boltTokenRepository) Delete(ctx context.Context, token string) error {
return repo.db.Update(func(tx *bolt.Tx) error {
return tx.Bucket(model.Token{}.Bucket()).Delete([]byte(token))
})
func (repo *boltTokenRepository) Create(ctx context.Context, accessToken *model.Token) error {
t, err := repo.Get(ctx, accessToken.AccessToken)
if err != nil {
return errors.Wrap(err, "failed to verify the existence of the token")
}
if t != nil {
return token.ErrExist
}
return repo.Update(ctx, accessToken)
}
func (repo *boltTokenRepository) Update(ctx context.Context, accessToken *model.Token) error {
dto := NewToken()
dto.Populate(accessToken)
src, err := json.Marshal(dto)
if err != nil {
return errors.Wrap(err, "failed to marshal token")
}
if err = repo.db.Update(func(tx *bolt.Tx) error {
if err := tx.Bucket(dto.Bucket()).Put([]byte(dto.AccessToken), src); err != nil {
return errors.Wrap(err, "failed to overwrite the token in the bucket")
}
return nil
}); err != nil {
return errors.Wrap(err, "failed to update the token in the repository")
}
return nil
}
func (repo *boltTokenRepository) Remove(ctx context.Context, accessToken string) error {
if err := repo.db.Update(func(tx *bolt.Tx) error {
//nolint: exhaustivestruct
if err := tx.Bucket(Token{}.Bucket()).Delete([]byte(accessToken)); err != nil {
return errors.Wrap(err, "failed to remove token in bucket")
}
return nil
}); err != nil {
return errors.Wrap(err, "failed to remove token from storage")
}
return nil
}
func NewToken() *Token {
return new(Token)
}
func (Token) Bucket() []byte { return []byte("tokens") }
func (t *Token) Populate(src *model.Token) {
t.AccessToken = src.AccessToken
t.ClientID = string(src.ClientID)
t.Me = string(src.Me)
t.Scope = strings.Join(src.Scopes, " ")
t.Type = src.Type
}
func (t *Token) Bind(src []byte, dst *model.Token) error {
if err := json.Unmarshal(src, t); err != nil {
return errors.Wrap(err, "cannot unmarshal token source")
}
dst.AccessToken = t.AccessToken
dst.Scopes = strings.Fields(t.Scope)
dst.Type = t.Type
dst.ClientID = model.URL(t.ClientID)
dst.Me = model.URL(t.Me)
return nil
}

205
internal/token/repository/bolt/bolt_token_test.go Normal file
View File

@ -0,0 +1,205 @@
//nolint: wrapcheck
package bolt_test
import (
"context"
"log"
"os"
"path/filepath"
"testing"
json "github.com/goccy/go-json"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"go.etcd.io/bbolt"
"source.toby3d.me/website/oauth/internal/model"
"source.toby3d.me/website/oauth/internal/random"
"source.toby3d.me/website/oauth/internal/token"
"source.toby3d.me/website/oauth/internal/token/repository/bolt"
)
//nolint: gochecknoglobals
var (
db *bbolt.DB
repo token.Repository
)
func TestMain(m *testing.M) {
var err error
dbPath := filepath.Join("..", "..", "..", "..", "test", "testing.db")
if db, err = bbolt.Open(dbPath, os.ModePerm, nil); err != nil {
log.Fatalln(err)
}
if repo, err = bolt.NewBoltTokenRepository(db); err != nil {
_ = db.Close()
log.Fatalln(err)
}
code := m.Run()
_ = db.Close()
_ = os.RemoveAll(dbPath)
os.Exit(code)
}
func TestGet(t *testing.T) {
t.Parallel()
accessToken := random.New().String(32)
t.Cleanup(func() {
_ = db.Update(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return tx.Bucket(bolt.Token{}.Bucket()).Delete([]byte(accessToken))
})
})
src, err := json.Marshal(&bolt.Token{
AccessToken: accessToken,
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Scope: "read update delete",
Type: "Bearer",
})
require.NoError(t, err)
require.NoError(t, db.Update(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return tx.Bucket(bolt.Token{}.Bucket()).Put([]byte(accessToken), src)
}))
tkn, err := repo.Get(context.TODO(), accessToken)
require.NoError(t, err)
assert.Equal(t, &model.Token{
AccessToken: accessToken,
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Scopes: []string{"read", "update", "delete"},
Type: "Bearer",
Profile: nil,
}, tkn)
}
func TestCreate(t *testing.T) {
t.Parallel()
accessToken := random.New().String(32)
t.Cleanup(func() {
_ = db.Update(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return tx.Bucket(bolt.Token{}.Bucket()).Delete([]byte(accessToken))
})
})
tkn := &model.Token{
AccessToken: accessToken,
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Scopes: []string{"read", "update", "delete"},
Type: "Bearer",
Profile: nil,
}
require.NoError(t, repo.Create(context.TODO(), tkn))
result := model.NewToken()
require.NoError(t, db.View(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return bolt.NewToken().Bind(tx.Bucket(bolt.Token{}.Bucket()).Get([]byte(tkn.AccessToken)), result)
}))
assert.Equal(t, tkn, result)
assert.EqualError(t, repo.Create(context.TODO(), tkn), token.ErrExist.Error())
}
func TestUpdate(t *testing.T) {
t.Parallel()
accessToken := random.New().String(32)
t.Cleanup(func() {
_ = db.Update(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return tx.Bucket(bolt.Token{}.Bucket()).Delete([]byte(accessToken))
})
})
src, err := json.Marshal(&bolt.Token{
AccessToken: accessToken,
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Scope: "read update delete",
Type: "Bearer",
})
require.NoError(t, err)
require.NoError(t, db.Update(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return tx.Bucket(bolt.Token{}.Bucket()).Put([]byte(accessToken), src)
}))
require.NoError(t, repo.Update(context.TODO(), &model.Token{
AccessToken: accessToken,
ClientID: "https://client.example.com/",
Me: "https://toby3d.ru/",
Scopes: []string{"read"},
Type: "Bearer",
Profile: nil,
}))
result := model.NewToken()
require.NoError(t, db.View(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return bolt.NewToken().Bind(tx.Bucket(bolt.Token{}.Bucket()).Get([]byte(accessToken)), result)
}))
assert.Equal(t, &model.Token{
AccessToken: accessToken,
ClientID: "https://client.example.com/",
Me: "https://toby3d.ru/",
Scopes: []string{"read"},
Type: "Bearer",
Profile: nil,
}, result)
}
func TestDelete(t *testing.T) {
t.Parallel()
accessToken := random.New().String(32)
t.Cleanup(func() {
_ = db.Update(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return tx.Bucket(bolt.Token{}.Bucket()).Delete([]byte(accessToken))
})
})
src, err := json.Marshal(&bolt.Token{
AccessToken: accessToken,
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Scope: "read update delete",
Type: "Bearer",
})
require.NoError(t, err)
require.NoError(t, db.Update(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
return tx.Bucket(bolt.Token{}.Bucket()).Put([]byte(accessToken), src)
}))
require.NoError(t, repo.Remove(context.TODO(), accessToken))
require.NoError(t, db.View(func(tx *bbolt.Tx) error {
//nolint: exhaustivestruct
assert.Nil(t, tx.Bucket(bolt.Token{}.Bucket()).Get([]byte(accessToken)))
return nil
}))
}

56
internal/token/repository/memory/memory_token.go
View File

@ -4,37 +4,55 @@ import (
"context"
"sync"
"gitlab.com/toby3d/indieauth/internal/model"
"gitlab.com/toby3d/indieauth/internal/token"
"source.toby3d.me/website/oauth/internal/model"
"source.toby3d.me/website/oauth/internal/token"
)
type memoryTokenRepository struct {
tokens *sync.Map
}
func NewMemoryTokenRepository() token.Repository {
func NewMemoryTokenRepository(tokens *sync.Map) token.Repository {
return &memoryTokenRepository{
tokens: new(sync.Map),
tokens: tokens,
}
}
func (repo *memoryTokenRepository) Create(ctx context.Context, token *model.Token) error {
repo.tokens.Store(token.AccessToken, token)
return nil
}
func (repo *memoryTokenRepository) Delete(ctx context.Context, token string) error {
repo.tokens.Delete(token)
return nil
}
func (repo *memoryTokenRepository) Get(ctx context.Context, token string) (*model.Token, error) {
t, ok := repo.tokens.Load(token)
func (repo *memoryTokenRepository) Get(ctx context.Context, accessToken string) (*model.Token, error) {
src, ok := repo.tokens.Load(accessToken)
if !ok {
return nil, nil
}
return t.(*model.Token), nil
result, ok := src.(*model.Token)
if !ok {
return nil, nil
}
return result, nil
}
func (repo *memoryTokenRepository) Create(ctx context.Context, accessToken *model.Token) error {
t, err := repo.Get(ctx, accessToken.AccessToken)
if err != nil {
return err
}
if t != nil {
return token.ErrExist
}
return repo.Update(ctx, accessToken)
}
func (repo *memoryTokenRepository) Update(ctx context.Context, accessToken *model.Token) error {
repo.tokens.Store(accessToken.AccessToken, accessToken)
return nil
}
func (repo *memoryTokenRepository) Remove(ctx context.Context, accessToken string) error {
repo.tokens.Delete(accessToken)
return nil
}

126
internal/token/repository/memory/memory_token_test.go Normal file
View File

@ -0,0 +1,126 @@
package memory_test
import (
"context"
"sync"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"source.toby3d.me/website/oauth/internal/model"
"source.toby3d.me/website/oauth/internal/random"
"source.toby3d.me/website/oauth/internal/token"
"source.toby3d.me/website/oauth/internal/token/repository/memory"
)
func TestGet(t *testing.T) {
t.Parallel()
store := new(sync.Map)
accessToken := &model.Token{
AccessToken: random.New().String(32),
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Profile: &model.Profile{
Name: "Maxim Lebedev",
URL: "https://toby3d.me/",
Photo: "https://toby3d.me/photo.jpg",
Email: "hey@toby3d.me",
},
Scopes: []string{"read", "update", "delete"},
Type: "Bearer",
}
store.Store(accessToken.AccessToken, accessToken)
result, err := memory.NewMemoryTokenRepository(store).Get(context.TODO(), accessToken.AccessToken)
require.NoError(t, err)
assert.Equal(t, accessToken, result)
}
func TestCreate(t *testing.T) {
t.Parallel()
store := new(sync.Map)
accessToken := &model.Token{
AccessToken: random.New().String(32),
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Profile: &model.Profile{
Name: "Maxim Lebedev",
URL: "https://toby3d.me/",
Photo: "https://toby3d.me/photo.jpg",
Email: "hey@toby3d.me",
},
Scopes: []string{"read", "update", "delete"},
Type: "Bearer",
}
repo := memory.NewMemoryTokenRepository(store)
require.NoError(t, repo.Create(context.TODO(), accessToken))
result, ok := store.Load(accessToken.AccessToken)
assert.True(t, ok)
assert.Equal(t, accessToken, result)
assert.EqualError(t, repo.Create(context.TODO(), accessToken), token.ErrExist.Error())
}
func TestUpdate(t *testing.T) {
t.Parallel()
store := new(sync.Map)
accessToken := &model.Token{
AccessToken: random.New().String(32),
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Profile: &model.Profile{
Name: "Maxim Lebedev",
URL: "https://toby3d.me/",
Photo: "https://toby3d.me/photo.jpg",
Email: "hey@toby3d.me",
},
Scopes: []string{"read", "update", "delete"},
Type: "Bearer",
}
store.Store(accessToken.AccessToken, accessToken)
tokenCopy := *accessToken
tokenCopy.ClientID = "https://client.example.com/"
tokenCopy.Me = "https://toby3d.ru/"
require.NoError(t, memory.NewMemoryTokenRepository(store).Update(context.TODO(), &tokenCopy))
result, ok := store.Load(accessToken.AccessToken)
assert.True(t, ok)
assert.NotEqual(t, accessToken, result)
assert.Equal(t, &tokenCopy, result)
}
func TestDelete(t *testing.T) {
t.Parallel()
store := new(sync.Map)
accessToken := &model.Token{
AccessToken: random.New().String(32),
ClientID: "https://app.example.com/",
Me: "https://toby3d.me/",
Profile: &model.Profile{
Name: "Maxim Lebedev",
URL: "https://toby3d.me/",
Photo: "https://toby3d.me/photo.jpg",
Email: "hey@toby3d.me",
},
Scopes: []string{"read", "update", "delete"},
Type: "Bearer",
}
store.Store(accessToken.AccessToken, accessToken)
require.NoError(t, memory.NewMemoryTokenRepository(store).Remove(context.TODO(), accessToken.AccessToken))
result, ok := store.Load(accessToken.AccessToken)
assert.False(t, ok)
assert.Nil(t, result)
}

7
internal/token/usecase.go
View File

@ -3,11 +3,10 @@ package token
import (
"context"
"gitlab.com/toby3d/indieauth/internal/model"
"source.toby3d.me/website/oauth/internal/model"
)
type UseCase interface {
Exchange(ctx context.Context, req *model.ExchangeRequest) (*model.Token, error)
Verify(ctx context.Context, token string) (*model.Token, error)
Revoke(ctx context.Context, token string) error
Verify(ctx context.Context, accessToken string) (*model.Token, error)
Revoke(ctx context.Context, accessToken string) error
}

88
internal/token/usecase/token_usecase.go
View File

@ -2,93 +2,35 @@ package usecase
import (
"context"
"time"
"gitlab.com/toby3d/indieauth/internal/auth"
"gitlab.com/toby3d/indieauth/internal/model"
"gitlab.com/toby3d/indieauth/internal/pkce"
"gitlab.com/toby3d/indieauth/internal/random"
"gitlab.com/toby3d/indieauth/internal/token"
"github.com/pkg/errors"
"source.toby3d.me/website/oauth/internal/model"
"source.toby3d.me/website/oauth/internal/token"
)
type tokenUseCase struct {
authRepo auth.Repository
tokenRepo token.Repository
tokens token.Repository
}
func NewTokenUseCase(authRepo auth.Repository, tokenRepo token.Repository) token.UseCase {
func NewTokenUseCase(tokens token.Repository) token.UseCase {
return &tokenUseCase{
authRepo: authRepo,
tokenRepo: tokenRepo,
tokens: tokens,
}
}
func (useCase *tokenUseCase) Exchange(ctx context.Context, req *model.ExchangeRequest) (*model.Token, error) {
login, err := useCase.authRepo.Get(ctx, req.Code)
func (useCase *tokenUseCase) Verify(ctx context.Context, accessToken string) (*model.Token, error) {
t, err := useCase.tokens.Get(ctx, accessToken)
if err != nil {
return nil, err
return nil, errors.Wrap(err, "failed to retrieve token from storage")
}
if login == nil {
return nil, nil
}
_ = useCase.authRepo.Delete(ctx, login.Code)
if time.Now().UTC().After(time.Unix(login.CreatedAt, 0).Add(10 * time.Minute)) {
return nil, nil
}
if login.ClientID != req.ClientID {
return nil, model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "'client_id' value must be identical to the value at the start of the authorization flow",
}
}
if login.RedirectURI != req.RedirectURI {
return nil, model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "'client_id' value must be identical to the value at the start of the authorization flow",
}
}
if login.CodeChallenge != "" {
code, err := pkce.New(login.CodeChallengeMethod)
if err != nil {
return nil, err
}
code.Verifier = req.CodeVerifier
code.Generate()
if login.CodeChallenge != code.Challenge {
return nil, model.Error{
Code: model.ErrInvalidRequest.Code,
Description: "PKCE validation failed, please go through the authorization flow again",
}
}
}
token := new(model.Token)
token.AccessToken = random.New().String(64)
token.ClientID = login.ClientID
token.Me = login.Me
token.Scope = login.Scope
token.TokenType = "Bearer"
if err := useCase.tokenRepo.Create(ctx, token); err != nil {
return nil, err
}
return token, nil
return t, nil
}
func (useCase *tokenUseCase) Verify(ctx context.Context, token string) (*model.Token, error) {
return useCase.tokenRepo.Get(ctx, token)
}
func (useCase *tokenUseCase) Revoke(ctx context.Context, accessToken string) error {
if err := useCase.tokens.Remove(ctx, accessToken); err != nil {
return errors.Wrap(err, "failed to delete a token in the vault")
}
func (useCase *tokenUseCase) Revoke(ctx context.Context, token string) error {
return useCase.tokenRepo.Delete(ctx, token)
return nil
}

68
internal/token/usecase/token_usecase_test.go Normal file
View File

@ -0,0 +1,68 @@
package usecase_test
import (
"context"
"sync"
"testing"
"github.com/brianvoe/gofakeit"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"source.toby3d.me/website/oauth/internal/model"
repository "source.toby3d.me/website/oauth/internal/token/repository/memory"
"source.toby3d.me/website/oauth/internal/token/usecase"
)
func TestVerify(t *testing.T) {
t.Parallel()
require := require.New(t)
assert := assert.New(t)
store := new(sync.Map)
repo := repository.NewMemoryTokenRepository(store)
ucase := usecase.NewTokenUseCase(repo)
accessToken := &model.Token{
AccessToken: gofakeit.Password(true, true, true, true, false, 32),
Type: "Bearer",
ClientID: "https://app.example.com/",
Me: "https://user.example.net/",
Scopes: []string{"create", "update", "delete"},
Profile: nil,
}
require.NoError(repo.Create(context.TODO(), accessToken))
token, err := ucase.Verify(context.TODO(), accessToken.AccessToken)
require.NoError(err)
assert.Equal(accessToken, token)
}
func TestRevoke(t *testing.T) {
t.Parallel()
require := require.New(t)
assert := assert.New(t)
store := new(sync.Map)
repo := repository.NewMemoryTokenRepository(store)
ucase := usecase.NewTokenUseCase(repo)
accessToken := gofakeit.Password(true, true, true, true, false, 32)
require.NoError(repo.Create(context.TODO(), &model.Token{
AccessToken: accessToken,
Type: "Bearer",
ClientID: "https://app.example.com/",
Me: "https://user.example.net/",
Scopes: []string{"create", "update", "delete"},
Profile: nil,
}))
token, err := repo.Get(context.TODO(), accessToken)
require.NoError(err)
assert.NotNil(token)
require.NoError(ucase.Revoke(context.TODO(), token.AccessToken))
token, err = repo.Get(context.TODO(), token.AccessToken)
require.NoError(err)
assert.Nil(token)
}

27
internal/util/util.go Normal file
View File

@ -0,0 +1,27 @@
package util
import (
"net"
http "github.com/valyala/fasthttp"
httputil "github.com/valyala/fasthttp/fasthttputil"
)
func Serve(handler http.RequestHandler, req *http.Request, res *http.Response) error {
ln := httputil.NewInmemoryListener()
defer ln.Close()
go func() {
if err := http.Serve(ln, handler); err != nil {
panic(err)
}
}()
client := http.Client{
Dial: func(addr string) (net.Conn, error) {
return ln.Dial()
},
}
return client.Do(req, res)
}