Updated auth interface (#1384)

* Updated auth interface * Add Rule * Remove Rule * Return token from Renew * Renew => Refresh * Implement Tokens & Default Auth Implementation * Change default auth to noop * Change default auth to noop * Move token.Token to auth.Token * Remove Token from Account * Auth service implementation * Decode JWT locally * Cookie for secret * Move string to bottom of interface definition * Depricate auth_exclude * Update auth wrappers * Update go.sum Co-authored-by: Ben Toogood <ben@micro.mu>
2025-06-24 22:26:54 +02:00 · 2020-03-23 16:19:30 +00:00
parent 9826ddbd64
commit e0e77f3983
23 changed files with 1842 additions and 649 deletions
--- a/auth/token/basic/basic.go
+++ b/auth/token/basic/basic.go
@ -0,0 +1,95 @@
+package basic
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/micro/go-micro/v2/auth"
+	"github.com/micro/go-micro/v2/auth/token"
+	"github.com/micro/go-micro/v2/store"
+)
+
+// Basic implementation of token provider, backed by the store
+type Basic struct {
+	store store.Store
+}
+
+// NewTokenProvider returns an initialized basic provider
+func NewTokenProvider(opts ...token.Option) token.Provider {
+	options := token.NewOptions(opts...)
+
+	if options.Store == nil {
+		options.Store = store.DefaultStore
+	}
+
+	return &Basic{
+		store: options.Store,
+	}
+}
+
+// Generate a token for an account
+func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.Token, error) {
+	options := token.NewGenerateOptions(opts...)
+
+	// construct the token
+	token := auth.Token{
+		Subject:  subject,
+		Type:     b.String(),
+		Token:    uuid.New().String(),
+		Created:  time.Now(),
+		Expiry:   time.Now().Add(options.Expiry),
+		Metadata: options.Metadata,
+		Roles:    options.Roles,
+	}
+
+	// marshal the account to bytes
+	bytes, err := json.Marshal(token)
+	if err != nil {
+		return nil, err
+	}
+
+	// write to the store
+	err = b.store.Write(&store.Record{
+		Key:    token.Token,
+		Value:  bytes,
+		Expiry: options.Expiry,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// return the token
+	return &token, nil
+}
+
+// Inspect a token
+func (b *Basic) Inspect(t string) (*auth.Token, error) {
+	// lookup the token in the store
+	recs, err := b.store.Read(t)
+	if err == store.ErrNotFound {
+		return nil, token.ErrInvalidToken
+	} else if err != nil {
+		return nil, err
+	}
+	bytes := recs[0].Value
+
+	// unmarshal the bytes
+	var tok *auth.Token
+	if err := json.Unmarshal(bytes, &tok); err != nil {
+		return nil, err
+	}
+
+	// ensure the token hasn't expired, the store should
+	// expire the token but we're checking again
+	if tok.Expiry.Unix() < time.Now().Unix() {
+		return nil, token.ErrInvalidToken
+	}
+
+	return tok, err
+}
+
+// String returns basic
+func (b *Basic) String() string {
+	return "basic"
+}
--- a/auth/token/basic/basic_test.go
+++ b/auth/token/basic/basic_test.go
@ -0,0 +1,80 @@
+package basic
+
+import (
+	"testing"
+	"time"
+
+	"github.com/micro/go-micro/v2/auth/token"
+	"github.com/micro/go-micro/v2/store/memory"
+)
+
+func TestGenerate(t *testing.T) {
+	store := memory.NewStore()
+	b := NewTokenProvider(token.WithStore(store))
+
+	_, err := b.Generate("test")
+	if err != nil {
+		t.Fatalf("Generate returned %v error, expected nil", err)
+	}
+
+	recs, err := store.List()
+	if err != nil {
+		t.Fatalf("Unable to read from store: %v", err)
+	}
+	if len(recs) != 1 {
+		t.Errorf("Generate didn't write to the store, expected 1 record, got %v", len(recs))
+	}
+}
+
+func TestInspect(t *testing.T) {
+	store := memory.NewStore()
+	b := NewTokenProvider(token.WithStore(store))
+
+	t.Run("Valid token", func(t *testing.T) {
+		md := map[string]string{"foo": "bar"}
+		roles := []string{"admin"}
+		subject := "test"
+
+		opts := []token.GenerateOption{
+			token.WithMetadata(md),
+			token.WithRoles(roles),
+		}
+
+		tok, err := b.Generate(subject, opts...)
+		if err != nil {
+			t.Fatalf("Generate returned %v error, expected nil", err)
+		}
+
+		tok2, err := b.Inspect(tok.Token)
+		if err != nil {
+			t.Fatalf("Inspect returned %v error, expected nil", err)
+		}
+		if tok2.Subject != subject {
+			t.Errorf("Inspect returned %v as the token subject, expected %v", tok2.Subject, subject)
+		}
+		if len(tok2.Roles) != len(roles) {
+			t.Errorf("Inspect returned %v roles, expected %v", len(tok2.Roles), len(roles))
+		}
+		if len(tok2.Metadata) != len(md) {
+			t.Errorf("Inspect returned %v as the token metadata, expected %v", tok2.Metadata, md)
+		}
+	})
+
+	t.Run("Expired token", func(t *testing.T) {
+		tok, err := b.Generate("foo", token.WithExpiry(-10*time.Second))
+		if err != nil {
+			t.Fatalf("Generate returned %v error, expected nil", err)
+		}
+
+		if _, err = b.Inspect(tok.Token); err != token.ErrInvalidToken {
+			t.Fatalf("Inspect returned %v error, expected %v", err, token.ErrInvalidToken)
+		}
+	})
+
+	t.Run("Invalid token", func(t *testing.T) {
+		_, err := b.Inspect("Invalid token")
+		if err != token.ErrInvalidToken {
+			t.Fatalf("Inspect returned %v error, expected %v", err, token.ErrInvalidToken)
+		}
+	})
+}