...

Source file src/edge-infra.dev/pkg/edge/iam/session/session.go

Documentation: edge-infra.dev/pkg/edge/iam/session 

     1  package session
     2  
     3  import (
     4  	"time"
     5  
     6  	"edge-infra.dev/pkg/edge/iam/config"
     7  
     8  	"github.com/mohae/deepcopy"
     9  	"github.com/ory/fosite"
    10  	"github.com/ory/fosite/handler/oauth2"
    11  	"github.com/ory/fosite/handler/openid"
    12  	"github.com/ory/fosite/token/jwt"
    13  )
    14  
    15  type Session interface {
    16  	GetSubject() string
    17  	SetSubject(subject string)
    18  	SetChallenge(challenge string)
    19  	SetOrg(value string)
    20  	SetRls(value string)
    21  
    22  	SetGivenName(value string)
    23  	SetFamilyName(value string)
    24  	SetFullName(value string)
    25  	SetDeviceLogin(value string)
    26  	SetEmail(value string)
    27  	SetAge(value int)
    28  	SetAddress(address map[string]interface{})
    29  
    30  	AsFosite() fosite.Session
    31  	AsOpenID() openid.DefaultSession
    32  }
    33  
    34  type DefaultSession struct {
    35  	oauth2.JWTSession
    36  	openid.DefaultSession
    37  	fosite.Session
    38  }
    39  
    40  // type AuthorizeSession struct {
    41  // 	method       string
    42  // 	reason       string
    43  // 	continuation string
    44  // 	org          string
    45  // 	rls          string
    46  // }
    47  
    48  func FromRequester(requester fosite.AccessRequester) Session {
    49  	return requester.GetSession().(Session)
    50  }
    51  
    52  func NewSession(subject string) *DefaultSession {
    53  	jwtHeaders := jwt.NewHeaders()
    54  	jwtHeaders.Add("kid", config.PrivateKeyID())
    55  
    56  	return &DefaultSession{
    57  		JWTSession: oauth2.JWTSession{
    58  			Subject:   subject,
    59  			JWTHeader: jwtHeaders,
    60  			JWTClaims: &jwt.JWTClaims{
    61  				Issuer:  config.Issuer(),
    62  				Subject: subject,
    63  				Extra: map[string]interface{}{
    64  					"rls": "",
    65  					"org": config.OrganizationName(), // this is closer to what is needed, the FQN of the org
    66  				},
    67  			},
    68  		},
    69  		DefaultSession: openid.DefaultSession{
    70  			Claims: &jwt.IDTokenClaims{
    71  				Issuer:      config.Issuer(),
    72  				Subject:     subject,
    73  				Audience:    []string{},
    74  				ExpiresAt:   time.Now().Add(time.Hour * 6),
    75  				IssuedAt:    time.Now(),
    76  				RequestedAt: time.Now(),
    77  				AuthTime:    time.Now(),
    78  				Extra:       make(map[string]interface{}),
    79  			},
    80  			Headers: jwtHeaders,
    81  		},
    82  	}
    83  }
    84  
    85  func (s *DefaultSession) AsFosite() fosite.Session {
    86  	return s
    87  }
    88  
    89  func (s *DefaultSession) AsOpenID() openid.DefaultSession {
    90  	return s.DefaultSession
    91  }
    92  
    93  func (s *DefaultSession) SetExpiresAt(key fosite.TokenType, exp time.Time) {
    94  	s.JWTSession.SetExpiresAt(key, exp)
    95  }
    96  
    97  func (s *DefaultSession) GetExpiresAt(key fosite.TokenType) time.Time {
    98  	return s.JWTSession.GetExpiresAt(key)
    99  }
   100  
   101  func (s *DefaultSession) GetUsername() string {
   102  	return s.JWTSession.Username
   103  }
   104  
   105  func (s *DefaultSession) SetSubject(subject string) {
   106  	s.JWTSession.Subject = subject
   107  	s.JWTSession.JWTClaims.Subject = subject
   108  	s.DefaultSession.Subject = subject
   109  	s.DefaultSession.Claims.Subject = subject
   110  }
   111  func (s *DefaultSession) SetChallenge(value string) {
   112  	s.JWTClaims.Add("challenge", value)
   113  	s.JWTClaims.Extra["challenge"] = value
   114  }
   115  func (s *DefaultSession) GetChallenge() string {
   116  	return s.JWTClaims.Extra["challenge"].(string)
   117  }
   118  func (s *DefaultSession) GetSubject() string {
   119  	return s.JWTSession.Subject
   120  }
   121  
   122  func (s *DefaultSession) Clone() fosite.Session {
   123  	return deepcopy.Copy(s).(fosite.Session)
   124  }
   125  
   126  func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims {
   127  	return s.DefaultSession.IDTokenClaims()
   128  }
   129  
   130  func (s *DefaultSession) IDTokenHeaders() *jwt.Headers {
   131  	return s.DefaultSession.IDTokenHeaders()
   132  }
   133  
   134  func (s *DefaultSession) SetOrg(value string) {
   135  	s.JWTClaims.Add("org", value)
   136  	s.JWTClaims.Extra["org"] = value
   137  	// s.DefaultSession.IDTokenClaims().Extra["org"] = value
   138  }
   139  
   140  func (s *DefaultSession) SetRls(value string) {
   141  	s.JWTClaims.Add("rls", value)
   142  	s.JWTClaims.Extra["rls"] = value
   143  	// s.DefaultSession.IDTokenClaims().Extra["rls"] = value
   144  }
   145  
   146  // SetGivenName sets the user's given name on the id token claims
   147  func (s *DefaultSession) SetGivenName(value string) {
   148  	if value != "" {
   149  		s.DefaultSession.Claims.Extra["given_name"] = value
   150  	}
   151  }
   152  
   153  // SetFamilyName sets the user's family name on the id token claims
   154  func (s *DefaultSession) SetFamilyName(value string) {
   155  	if value != "" {
   156  		s.DefaultSession.Claims.Extra["family_name"] = value
   157  	}
   158  }
   159  
   160  // SetFullName sets the user's full name on the id token claims
   161  func (s *DefaultSession) SetFullName(value string) {
   162  	if value != "" {
   163  		s.DefaultSession.Claims.Extra["name"] = value
   164  	}
   165  }
   166  
   167  // SetAge sets the user's age on the id token claims.
   168  func (s *DefaultSession) SetAge(value int) {
   169  	// assuming people below 1 year of age are not registered to sign in :)
   170  	if value > 0 {
   171  		s.DefaultSession.Claims.Extra["age"] = value
   172  	}
   173  }
   174  
   175  // SetDeviceLogin sets the user's device login on the id token claims.
   176  func (s *DefaultSession) SetDeviceLogin(value string) {
   177  	if value != "" {
   178  		s.DefaultSession.Claims.Extra["device_login"] = value
   179  	}
   180  }
   181  
   182  // SetEmail sets the user's e-mail on the id token claims
   183  func (s *DefaultSession) SetEmail(value string) {
   184  	if value != "" {
   185  		s.DefaultSession.Claims.Extra["email"] = value
   186  	}
   187  }
   188  
   189  // SetAddress sets the user's address on the id token claims
   190  func (s *DefaultSession) SetAddress(address map[string]interface{}) {
   191  	if len(address) > 0 {
   192  		s.DefaultSession.Claims.Extra["address"] = address
   193  	}
   194  }
   195  
   196  func (s *DefaultSession) SetExtra(key, value string) {
   197  	s.JWTClaims.Extra[key] = value
   198  }
   199  

View as plain text