super-graph/serv/auth_rails.go

package serv

import (
	"context"
	"errors"
	"fmt"
	"net/http"
	"net/url"

	"github.com/bradfitz/gomemcache/memcache"
	"github.com/dosco/super-graph/rails"
	"github.com/garyburd/redigo/redis"
)

func railsRedisHandler(next http.HandlerFunc) http.HandlerFunc {
	cookie := conf.Auth.Cookie
	if len(cookie) == 0 {
		errlog.Fatal().Msg("no auth.cookie defined")
	}

	if len(conf.Auth.Rails.URL) == 0 {
		errlog.Fatal().Msg("no auth.rails.url defined")
	}

	rp := &redis.Pool{
		MaxIdle:   conf.Auth.Rails.MaxIdle,
		MaxActive: conf.Auth.Rails.MaxActive,
		Dial: func() (redis.Conn, error) {
			c, err := redis.DialURL(conf.Auth.Rails.URL)
			if err != nil {
				errlog.Fatal().Err(err).Send()
			}

			pwd := conf.Auth.Rails.Password
			if len(pwd) != 0 {
				if _, err := c.Do("AUTH", pwd); err != nil {
					errlog.Fatal().Err(err).Send()
				}
			}
			return c, err
		},
	}

	return func(w http.ResponseWriter, r *http.Request) {
		ck, err := r.Cookie(cookie)
		if err != nil {
			next.ServeHTTP(w, r)
			return
		}

		key := fmt.Sprintf("session:%s", ck.Value)
		sessionData, err := redis.Bytes(rp.Get().Do("GET", key))
		if err != nil {
			next.ServeHTTP(w, r)
			return
		}

		userID, err := rails.ParseCookie(string(sessionData))
		if err != nil {
			next.ServeHTTP(w, r)
			return
		}

		ctx := context.WithValue(r.Context(), userIDKey, userID)
		next.ServeHTTP(w, r.WithContext(ctx))
	}
}

func railsMemcacheHandler(next http.HandlerFunc) http.HandlerFunc {
	cookie := conf.Auth.Cookie
	if len(cookie) == 0 {
		errlog.Fatal().Msg("no auth.cookie defined")
	}

	if len(conf.Auth.Rails.URL) == 0 {
		errlog.Fatal().Msg("no auth.rails.url defined")
	}

	rURL, err := url.Parse(conf.Auth.Rails.URL)
	if err != nil {
		errlog.Fatal().Err(err).Send()
	}

	mc := memcache.New(rURL.Host)

	return func(w http.ResponseWriter, r *http.Request) {
		ck, err := r.Cookie(cookie)
		if err != nil {
			next.ServeHTTP(w, r)
			return
		}

		key := fmt.Sprintf("session:%s", ck.Value)
		item, err := mc.Get(key)
		if err != nil {
			next.ServeHTTP(w, r)
			return
		}

		userID, err := rails.ParseCookie(string(item.Value))
		if err != nil {
			next.ServeHTTP(w, r)
			return
		}

		ctx := context.WithValue(r.Context(), userIDKey, userID)
		next.ServeHTTP(w, r.WithContext(ctx))
	}
}

func railsCookieHandler(next http.HandlerFunc) http.HandlerFunc {
	cookie := conf.Auth.Cookie
	if len(cookie) == 0 {
		errlog.Fatal().Msg("no auth.cookie defined")
	}

	ra, err := railsAuth(conf)
	if err != nil {
		errlog.Fatal().Err(err).Send()
	}

	return func(w http.ResponseWriter, r *http.Request) {
		ck, err := r.Cookie(cookie)
		if err != nil || len(ck.Value) == 0 {
			logger.Warn().Err(err).Msg("rails cookie missing")
			next.ServeHTTP(w, r)
			return
		}

		userID, err := ra.ParseCookie(ck.Value)
		if err != nil {
			logger.Warn().Err(err).Msg("failed to parse rails cookie")
			next.ServeHTTP(w, r)
			return
		}

		ctx := context.WithValue(r.Context(), userIDKey, userID)
		next.ServeHTTP(w, r.WithContext(ctx))
	}
}

func railsAuth(c *config) (*rails.Auth, error) {
	secret := c.Auth.Rails.SecretKeyBase
	if len(secret) == 0 {
		return nil, errors.New("no auth.rails.secret_key_base defined")
	}

	version := c.Auth.Rails.Version
	if len(version) == 0 {
		return nil, errors.New("no auth.rails.version defined")
	}

	ra, err := rails.NewAuth(version, secret)
	if err != nil {
		return nil, err
	}

	if len(c.Auth.Rails.Salt) != 0 {
		ra.Salt = c.Auth.Rails.Salt
	}

	if len(conf.Auth.Rails.SignSalt) != 0 {
		ra.SignSalt = c.Auth.Rails.SignSalt
	}

	if len(conf.Auth.Rails.AuthSalt) != 0 {
		ra.AuthSalt = c.Auth.Rails.AuthSalt
	}

	return ra, nil
}
First commit 2019-03-24 14:57:29 +01:00			`package serv`

			`import (`
			`"context"`
			`"errors"`
			`"fmt"`
			`"net/http"`
Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`"net/url"`
First commit 2019-03-24 14:57:29 +01:00
			`"github.com/bradfitz/gomemcache/memcache"`
Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`"github.com/dosco/super-graph/rails"`
First commit 2019-03-24 14:57:29 +01:00			`"github.com/garyburd/redigo/redis"`
			`)`

			`func railsRedisHandler(next http.HandlerFunc) http.HandlerFunc {`
Cleanup and redesign config files 2019-04-08 08:47:59 +02:00			`cookie := conf.Auth.Cookie`
First commit 2019-03-24 14:57:29 +01:00			`if len(cookie) == 0 {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Msg("no auth.cookie defined")`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`if len(conf.Auth.Rails.URL) == 0 {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Msg("no auth.rails.url defined")`
First commit 2019-03-24 14:57:29 +01:00			`}`

			`rp := &redis.Pool{`
Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`MaxIdle: conf.Auth.Rails.MaxIdle,`
			`MaxActive: conf.Auth.Rails.MaxActive,`
First commit 2019-03-24 14:57:29 +01:00			`Dial: func() (redis.Conn, error) {`
Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`c, err := redis.DialURL(conf.Auth.Rails.URL)`
First commit 2019-03-24 14:57:29 +01:00			`if err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Err(err).Send()`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`pwd := conf.Auth.Rails.Password`
First commit 2019-03-24 14:57:29 +01:00			`if len(pwd) != 0 {`
			`if _, err := c.Do("AUTH", pwd); err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Err(err).Send()`
First commit 2019-03-24 14:57:29 +01:00			`}`
			`}`
			`return c, err`
			`},`
			`}`

			`return func(w http.ResponseWriter, r *http.Request) {`
			`ck, err := r.Cookie(cookie)`
			`if err != nil {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

			`key := fmt.Sprintf("session:%s", ck.Value)`
			`sessionData, err := redis.Bytes(rp.Get().Do("GET", key))`
			`if err != nil {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`userID, err := rails.ParseCookie(string(sessionData))`
First commit 2019-03-24 14:57:29 +01:00			`if err != nil {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

			`ctx := context.WithValue(r.Context(), userIDKey, userID)`
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`}`
			`}`

			`func railsMemcacheHandler(next http.HandlerFunc) http.HandlerFunc {`
Cleanup and redesign config files 2019-04-08 08:47:59 +02:00			`cookie := conf.Auth.Cookie`
First commit 2019-03-24 14:57:29 +01:00			`if len(cookie) == 0 {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Msg("no auth.cookie defined")`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`if len(conf.Auth.Rails.URL) == 0 {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Msg("no auth.rails.url defined")`
Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`}`

			`rURL, err := url.Parse(conf.Auth.Rails.URL)`
			`if err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Err(err).Send()`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`mc := memcache.New(rURL.Host)`
First commit 2019-03-24 14:57:29 +01:00
			`return func(w http.ResponseWriter, r *http.Request) {`
			`ck, err := r.Cookie(cookie)`
			`if err != nil {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

			`key := fmt.Sprintf("session:%s", ck.Value)`
			`item, err := mc.Get(key)`
			`if err != nil {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`userID, err := rails.ParseCookie(string(item.Value))`
First commit 2019-03-24 14:57:29 +01:00			`if err != nil {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

			`ctx := context.WithValue(r.Context(), userIDKey, userID)`
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`}`
			`}`

			`func railsCookieHandler(next http.HandlerFunc) http.HandlerFunc {`
Cleanup and redesign config files 2019-04-08 08:47:59 +02:00			`cookie := conf.Auth.Cookie`
First commit 2019-03-24 14:57:29 +01:00			`if len(cookie) == 0 {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Msg("no auth.cookie defined")`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`ra, err := railsAuth(conf)`
			`if err != nil {`
Fix bug with compiling anon queries 2019-11-25 08:22:33 +01:00			`errlog.Fatal().Err(err).Send()`
First commit 2019-03-24 14:57:29 +01:00			`}`
Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00
First commit 2019-03-24 14:57:29 +01:00			`return func(w http.ResponseWriter, r *http.Request) {`
			`ck, err := r.Cookie(cookie)`
Block unauthorized requests when 'anon' role is not defined 2019-11-02 22:13:17 +01:00			`if err != nil \|\| len(ck.Value) == 0 {`
Optimize prepared statement flow for RBAC 2019-10-25 06:01:22 +02:00			`logger.Warn().Err(err).Msg("rails cookie missing")`
First commit 2019-03-24 14:57:29 +01:00			`next.ServeHTTP(w, r)`
			`return`
			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`userID, err := ra.ParseCookie(ck.Value)`
First commit 2019-03-24 14:57:29 +01:00			`if err != nil {`
Optimize prepared statement flow for RBAC 2019-10-25 06:01:22 +02:00			`logger.Warn().Err(err).Msg("failed to parse rails cookie")`
First commit 2019-03-24 14:57:29 +01:00			`next.ServeHTTP(w, r)`
			`return`
			`}`

			`ctx := context.WithValue(r.Context(), userIDKey, userID)`
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`}`
			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`func railsAuth(c config) (rails.Auth, error) {`
			`secret := c.Auth.Rails.SecretKeyBase`
			`if len(secret) == 0 {`
			`return nil, errors.New("no auth.rails.secret_key_base defined")`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`version := c.Auth.Rails.Version`
			`if len(version) == 0 {`
			`return nil, errors.New("no auth.rails.version defined")`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`ra, err := rails.NewAuth(version, secret)`
First commit 2019-03-24 14:57:29 +01:00			`if err != nil {`
Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`return nil, err`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`if len(c.Auth.Rails.Salt) != 0 {`
			`ra.Salt = c.Auth.Rails.Salt`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`if len(conf.Auth.Rails.SignSalt) != 0 {`
			`ra.SignSalt = c.Auth.Rails.SignSalt`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`if len(conf.Auth.Rails.AuthSalt) != 0 {`
			`ra.AuthSalt = c.Auth.Rails.AuthSalt`
First commit 2019-03-24 14:57:29 +01:00			`}`

Add supprt for new Rails 5.2 aes-256-gcm cookies 2019-04-10 07:38:48 +02:00			`return ra, nil`
First commit 2019-03-24 14:57:29 +01:00			`}`