1
2 package database
3
4 import (
5 "context"
6 "encoding/json"
7 "fmt"
8
9 "github.com/go-redis/redis"
10 "github.com/ory/fosite"
11 "github.com/pkg/errors"
12
13 "edge-infra.dev/pkg/edge/iam/client"
14 "edge-infra.dev/pkg/edge/iam/config"
15 "edge-infra.dev/pkg/edge/iam/crypto"
16 "edge-infra.dev/pkg/edge/iam/log"
17 "edge-infra.dev/pkg/edge/iam/storage"
18 )
19
20 func (s *Store) CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error) {
21 log := log.Get(ctx)
22
23 tokenKey := keyFrom(KeyPrefixAccessToken, signature)
24 r := storage.ToStorage(signature, request)
25
26 masked := r.ToMaskedRequest(ctx)
27 maskedJSON, _ := json.Marshal(masked)
28 client := request.GetClient().(*client.Client)
29 log.Info("access token created", "request", string(maskedJSON), "client CR", client.GetName())
30
31 err = s.set(tokenKey, r, config.GetAccessTokenTTL())
32 if err != nil {
33 return errors.Wrap(err, "failed to create access token session")
34 }
35
36 tokenReqKey := keyFrom(KeyPrefixAccessTokenReq, request.GetID())
37 if config.EncryptionEnabled() {
38 encryptedVal, err := crypto.EncryptRedis([]byte(signature), config.EncryptionKey())
39 if err != nil {
40 return err
41 }
42 signature = encryptedVal
43 }
44 if err := s.RedisDB.Set(tokenReqKey, signature, config.GetAccessTokenTTL()).Err(); err != nil {
45 return errors.Wrap(err, "failed to create access token request")
46 }
47
48 return nil
49 }
50
51 func (s *Store) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) {
52 key := keyFrom(KeyPrefixAccessToken, signature)
53 req, err := s.get(key)
54 if err == redis.Nil {
55 return nil, errors.Wrap(fosite.ErrNotFound, "")
56 } else if err != nil {
57 return nil, errors.WithStack(err)
58 }
59
60
61 iamClient, err := s.GetIAMClient(ctx, req.ClientID)
62 if err != nil {
63 s.Log.Info("failed to get client in db", "error", err, "id", req.ClientID)
64 return nil, err
65 }
66 request, err = req.ToFositeRequest(ctx, session, iamClient)
67 if err != nil {
68 if err == fosite.ErrNotFound {
69 s.Log.Info("failed to transform a fosite session to a fosite request.", "error", err)
70 return nil, err
71 }
72
73 return nil, err
74 }
75
76 return request, err
77 }
78
79 func (s *Store) DeleteAccessTokenSession(_ context.Context, signature string) (err error) {
80 key := keyFrom(KeyPrefixAccessToken, signature)
81 err = s.RedisDB.Del(key).Err()
82 if err != nil {
83 return errors.Wrap(err, fmt.Sprintf("failed to delete key '%v'", key))
84 }
85
86 return nil
87 }
88
View as plain text