Skip to content
Snippets Groups Projects
Normal view Permalink
auth.go 2.72 KiB
Newer Older
  • Learn to ignore specific revisions
    • Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    1 2 3 4 5 6 7 8 
    package server

import (
	"context"
	"time"

	apb "code.fbi.h-da.de/danet/gosdn/api/go/gosdn/rbac"
	"code.fbi.h-da.de/danet/gosdn/controller/metrics"
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    9 
    	"code.fbi.h-da.de/danet/gosdn/controller/rbac"
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    10 
    	"code.fbi.h-da.de/danet/gosdn/controller/store"
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    11 
    	"github.com/prometheus/client_golang/prometheus"
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    12 13 
    	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    14 15 
    )
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    16 17 
    // Auth holds a JWTManager and represents a AuthServiceServer.
type Auth struct {
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    18 
    	apb.UnimplementedAuthServiceServer
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    19 
    	jwtManager *rbac.JWTManager
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    20 21 
    }
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    22 23 24 25 26 27 28 29 30 
    // NewAuthServer receives a JWTManager and returns a new Auth interface.
func NewAuthServer(jwtManager *rbac.JWTManager) *Auth {
	return &Auth{
		jwtManager: jwtManager,
	}
}

// Login logs a user in
func (s Auth) Login(ctx context.Context, request *apb.LoginRequest) (*apb.LoginResponse, error) {
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    31 
    	labels := prometheus.Labels{"service": "auth", "rpc": "post"}
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    32 33 34 
    	start := metrics.StartHook(labels, grpcRequestsTotal)
	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    35 
    	user := rbac.User{
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    36 
    		UserName: request.Username,
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    37 38 39 
    		Password: request.Pwd,
	}
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    40 
    	//TODO: add check if user is logged in with session handling
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    41 42 43 
    
	// validation of credentials
	validCredentials, err := s.isValidUser(user)
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    44 
    	if (err != nil) || !validCredentials {
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    45 46 47 48 49 50 51 52 53 
    		return nil, err
	}

	// generate token, persist session and return to user
	token, err := s.jwtManager.GenerateToken(user)
	if err != nil {
		return nil, err
	}
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    54 55 56 57 58 59 60 61 62 63 64 
    	userToUpdate, err := userc.Get(store.Query{Name: user.UserName})
	if err != nil {
		return nil, err
	}

	userToUpdate.SetToken(token)

	err = userc.Update(userToUpdate)
	if err != nil {
		return nil, err
	}
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    65 66 67 68 
    
	return &apb.LoginResponse{
		Timestamp: time.Now().UnixNano(),
		Status:    apb.Status_STATUS_OK,
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    69 
    		Token:     token,
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    70 71 72 
    	}, nil
}
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    73 74 
    // Logout logs a user out
func (s Auth) Logout(ctx context.Context, request *apb.LogoutRequest) (*apb.LogoutResponse, error) {
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    75 
    	labels := prometheus.Labels{"service": "auth", "rpc": "post"}
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    76 77 78 
    	start := metrics.StartHook(labels, grpcRequestsTotal)
	defer metrics.FinishHook(labels, start, grpcRequestDurationSecondsTotal, grpcRequestDurationSeconds)
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    79 80 
    	// not implemented yet
	// TODO: add session handling and logout
    Fabian Seidl's avatar
    Resolve "Update NB API for user managment"
    Fabian Seidl committed
    81 82 83 84 85 86 87 
    
	return &apb.LogoutResponse{
		Timestamp: time.Now().UnixNano(),
		Status:    apb.Status_STATUS_OK,
	}, nil
}
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    88 89 90 91 92 93 94 
    func (s Auth) isValidUser(user rbac.User) (bool, error) {
	storedUser, err := userc.Get(store.Query{Name: user.Name()})
	if err != nil {
		return false, err
	} else if storedUser == nil {
		return false, status.Errorf(codes.Aborted, "no user object")
	}
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    95
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    96 97 98 99 100 
    	if storedUser.Name() == user.Name() {
		if storedUser.GetPassword() == user.GetPassword() {
			return true, nil
		}
	}
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    101
    Fabian Seidl's avatar
    Implement data persisting for user management  
    Fabian Seidl committed
    102 
    	return false, status.Errorf(codes.Unauthenticated, "incorrect user name or password")
    Fabian Seidl's avatar
    178 Progress on authz, not properly implemented yet  
    Fabian Seidl committed
    103 
    }