...

Source file src/edge-infra.dev/pkg/edge/iam/storage/database/storage_revoke_token.go

Documentation: edge-infra.dev/pkg/edge/iam/storage/database 

     1  package database
     2  
     3  import (
     4  	"context"
     5  	"time"
     6  
     7  	"github.com/go-redis/redis"
     8  	"github.com/ory/fosite"
     9  	"github.com/pkg/errors"
    10  
    11  	"edge-infra.dev/pkg/edge/iam/config"
    12  )
    13  
    14  // RevokeRefreshToken revokes a refresh token as specified in:
    15  // https://tools.ietf.org/html/rfc7009#section-2.1
    16  // If the particular
    17  // token is a refresh token and the authorization server supports the
    18  // revocation of access tokens, then the authorization server SHOULD
    19  // also invalidate all access tokens based on the same authorization
    20  // grant (see Implementation Note).
    21  func (s *Store) RevokeRefreshToken(_ context.Context, requestID string) error {
    22  	refreshReqKey := keyFrom(KeyPrefixRefreshTokenReq, requestID)
    23  	signature, err := s.RedisDB.Get(refreshReqKey).Result()
    24  	if err != nil {
    25  		return fosite.ErrNotFound
    26  	}
    27  
    28  	refreshKey := keyFrom(KeyPrefixRefreshToken, signature)
    29  	req, err := s.get(refreshKey)
    30  	if err == redis.Nil {
    31  		return errors.Wrap(fosite.ErrNotFound, "")
    32  	} else if err != nil {
    33  		return errors.WithStack(err)
    34  	}
    35  
    36  	req.UpdateTime = time.Now().Unix()
    37  	req.Active = false
    38  	err = s.set(refreshKey, *req, config.GetRefreshTokenTTL())
    39  	if err != nil {
    40  		return errors.WithStack(err)
    41  	}
    42  
    43  	return nil
    44  }
    45  
    46  // RevokeRefreshTokenMaybeGracePeriod revokes a refresh token as specified in:
    47  // https://tools.ietf.org/html/rfc7009#section-2.1
    48  // If the particular
    49  // token is a refresh token and the authorization server supports the
    50  // revocation of access tokens, then the authorization server SHOULD
    51  // also invalidate all access tokens based on the same authorization
    52  // grant (see Implementation Note).
    53  //
    54  // If the Refresh Token grace period is greater than zero in configuration the token
    55  // will have its expiration time set as UTCNow + GracePeriod.
    56  func (s *Store) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, _ string) error {
    57  	return s.RevokeRefreshToken(ctx, requestID)
    58  }
    59  
    60  // RevokeAccessToken revokes an access token as specified in:
    61  // https://tools.ietf.org/html/rfc7009#section-2.1
    62  // If the token passed to the request
    63  // is an access token, the server MAY revoke the respective refresh
    64  // token as well.
    65  func (s *Store) RevokeAccessToken(ctx context.Context, requestID string) error {
    66  	tokenReqKey := keyFrom(KeyPrefixAccessTokenReq, requestID)
    67  	signature, err := s.RedisDB.Get(tokenReqKey).Result()
    68  	if err == redis.Nil {
    69  		return nil
    70  	} else if err != nil {
    71  		return errors.WithStack(err)
    72  	}
    73  
    74  	err = s.DeleteAccessTokenSession(ctx, signature)
    75  	if err != nil {
    76  		return errors.WithStack(err)
    77  	}
    78  
    79  	return nil
    80  }
    81  

View as plain text