storage

package module

v0.7.2 Latest Latest Go to latest Published: Oct 2, 2017 License: Apache-2.0 Imports: 15 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/matthewhartstonge/storage

Links

Open Source Insights

README ¶

fosite-storage-mongo

fosite-storage-mongo provides Mongo backed database storage that conforms to all the interfaces! required by fosite.

Lastest Version: v0.7.2

Table of contents

Documentation
- Development
  - Testing
- Example

Documentation

We wanted a Fosite/Hydra* storage backend that supported MongoDB. 'Nuf said.

Development

To start hacking:

Install glide - A golang package manager
Run glide install
go build successfully!

Testing

We use go test $(glide novendor) to discover our heinous crimes against coding. For those developing on windows, like ourselves, there is a slight problem with linux based commandline expansion for obvious reasons...

In order to test correctly under windows, neither go test or glide novendor work happily together. For this reason, please run ./test.bat which has been manually created to achieve what glide novendor does.

Example

Following the fosite-example/authorizationserver example, we can extend this to add support for Mongo storage via the compose configuration.

package authorizationserver

import (
	"crypto/rand"
	"crypto/rsa"
	"net/http"
	"time"

	"github.com/ory/fosite/compose"
	"github.com/ory/fosite/handler/openid"
	"github.com/ory/fosite/token/jwt"
	"github.com/MatthewHartstonge/storage"
	"github.com/pkg/errors"
	"gopkg.in/mgo.v2"
)

func RegisterHandlers() {
	// Set up oauth2 endpoints. You could also use gorilla/mux or any other router.
	http.HandleFunc("/oauth2/auth", authEndpoint)
	http.HandleFunc("/oauth2/token", tokenEndpoint)

	// revoke tokens
	http.HandleFunc("/oauth2/revoke", revokeEndpoint)
	http.HandleFunc("/oauth2/introspect", introspectionEndpoint)
}

// NewExampleMongoStore allows us to create an example Mongo Datastore and panics if you don't have an unauthenticated 
// mongo database that can be found at `localhost:27017`. NewExampleMongoStore has one Client and one User. Check out 
// storage.NewExampleMongoStore() for the implementation/specific client/user details.
var store = storage.NewExampleMongoStore()
var config = new(compose.Config)

// Because we are using oauth2 and open connect id, we use this little helper to combine the two in one
// variable.
var strat = compose.CommonStrategy{
	// alternatively you could use:
	//  OAuth2Strategy: compose.NewOAuth2JWTStrategy(mustRSAKey())
	CoreStrategy: compose.NewOAuth2HMACStrategy(config, []byte("some-super-cool-secret-that-nobody-knows")),

	// open id connect strategy
	OpenIDConnectTokenStrategy: compose.NewOpenIDConnectStrategy(mustRSAKey()),
}

var oauth2 = compose.Compose(
	config,
	store,
	strat,

	// enabled handlers
	compose.OAuth2AuthorizeExplicitFactory,
	compose.OAuth2AuthorizeImplicitFactory,
	compose.OAuth2ClientCredentialsGrantFactory,
	compose.OAuth2RefreshTokenGrantFactory,
	compose.OAuth2ResourceOwnerPasswordCredentialsFactory,

	compose.OAuth2TokenRevocationFactory,
	compose.OAuth2TokenIntrospectionFactory,

	// be aware that open id connect factories need to be added after oauth2 factories to work properly.
	compose.OpenIDConnectExplicitFactory,
	compose.OpenIDConnectImplicitFactory,
	compose.OpenIDConnectHybridFactory,
)

// A session is passed from the `/auth` to the `/token` endpoint. You probably want to store data like: "Who made the request",
// "What organization does that person belong to" and so on.
// For our use case, the session will meet the requirements imposed by JWT access tokens, HMAC access tokens and OpenID Connect
// ID Tokens plus a custom field

// newSession is a helper function for creating a new session. This may look like a lot of code but since we are
// setting up multiple strategies it is a bit longer.
// Usually, you could do:
//
//  session = new(fosite.DefaultSession)
func newSession(user string) *openid.DefaultSession {
	return &openid.DefaultSession{
		Claims: &jwt.IDTokenClaims{
			Issuer:    "https://fosite.my-application.com",
			Subject:   user,
			Audience:  "https://my-client.my-application.com",
			ExpiresAt: time.Now().Add(time.Hour * 6),
			IssuedAt:  time.Now(),
		},
		Headers: &jwt.Headers{
			Extra: make(map[string]interface{}),
		},
	}
}

func mustRSAKey() *rsa.PrivateKey {
	key, err := rsa.GenerateKey(rand.Reader, 1024)
	if err != nil {
		panic(err)
	}
	return key
}

type stackTracer interface {
	StackTrace() errors.StackTrace
}

Disclaimers

We haven't tested implementation with Hydra at all, but we implemented on top of fosite which Hydra uses store it's data under the hood.

Documentation ¶

Index ¶

func ConnectToMongo(cfg *Config) (*mgo.Database, error)
func ConnectionInfo(cfg *Config) *mgo.DialInfo
type Config
- func DefaultConfig() *Config
type MongoStore

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ConnectToMongo ¶

func ConnectToMongo(cfg *Config) (*mgo.Database, error)

ConnectToMongo returns a connection to mongo.

func ConnectionInfo ¶ added in v0.7.0

func ConnectionInfo(cfg *Config) *mgo.DialInfo

ConnectionInfo configures options for establishing a session with a MongoDB cluster.

Types ¶

type Config ¶

type Config struct {
	// Default connection settings
	Hostname     string
	Hostnames    []string
	Port         uint16 // 0 to 65,535
	DatabaseName string

	// Credential Access
	Username string
	Password string

	// Timeout specified in seconds.
	Timeout uint

	// Mongo Options
	Replset string
	SSL     bool
}

Config provides a way to define the specific pieces that make up a mongo connection

func DefaultConfig ¶

func DefaultConfig() *Config

DefaultConfig returns a configuration for a locally hosted, unauthenticated mongo

type MongoStore ¶

type MongoStore struct {
	// DB is the Mongo connection that holds the base session that can be copied and closed.
	DB       *mgo.Database
	Hasher   fosite.Hasher
	Clients  *client.MongoManager
	Requests *request.MongoManager
	Users    *user.MongoManager
	// Cache Stores
	// - *cache.MemoryManager
	// - *cache.MongoManager
	// - *cache.RedisManager
	Cache *cache.MongoManager
}

MongoStore composes all stores into the one datastore to rule them all

func NewDefaultMongoStore ¶

func NewDefaultMongoStore() (*MongoStore, error)

NewDefaultMongoStore returns a MongoStore configured with the default mongo configuration and default hasher.

func NewExampleMongoStore ¶

func NewExampleMongoStore() *MongoStore

NewExampleMongoStore returns an example mongo store that matches the fosite-example data. If a default unauthenticated mongo database can't be found at localhost:27017, it will panic as you've done it wrong.

func NewMongoStore ¶

func NewMongoStore(cfg *Config, hasher fosite.Hasher) (*MongoStore, error)

NewMongoStore allows for custom mongo configuration and custom hashers.

func (*MongoStore) Authenticate ¶

func (m *MongoStore) Authenticate(ctx context.Context, username string, secret string) error

Authenticate checks if supplied user credentials are valid for User Credentials Grant

func (MongoStore) AuthenticateClient ¶

func (m MongoStore) AuthenticateClient(id string, secret []byte) (*client.Client, error)

AuthenticateClient checks is supplied client credentials are valid

func (*MongoStore) AuthenticateUserByUsername ¶

func (m *MongoStore) AuthenticateUserByUsername(ctx context.Context, username string, secret string) (*user.User, error)

AuthenticateUserByUsername checks if supplied user credentials are valid

func (*MongoStore) Close ¶

func (m *MongoStore) Close()

Close ensures that each endpoint has it's connection closed properly.

func (*MongoStore) CreateAccessTokenSession ¶

func (m *MongoStore) CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

CreateAccessTokenSession creates a new session for an Access Token in mongo

func (*MongoStore) CreateAuthorizeCodeSession ¶

func (m *MongoStore) CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error)

CreateAuthorizeCodeSession creates a new session for an authorize code grant in mongo

func (*MongoStore) CreateClient ¶

func (m *MongoStore) CreateClient(c *client.Client) error

CreateClient adds a new OAuth2.0 Client to the client store.

func (*MongoStore) CreateImplicitAccessTokenSession ¶

func (m *MongoStore) CreateImplicitAccessTokenSession(ctx context.Context, token string, request fosite.Requester) (err error)

CreateImplicitAccessTokenSession stores an implicit access token based session in mongo

func (*MongoStore) CreateOpenIDConnectSession ¶

func (m *MongoStore) CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (err error)

CreateOpenIDConnectSession creates an open id connect session for a given authorize code in mongo. This is relevant for explicit open id connect flow.

func (*MongoStore) CreateRefreshTokenSession ¶

func (m *MongoStore) CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

CreateRefreshTokenSession stores a new Refresh Token Session in mongo

func (*MongoStore) DeleteAccessTokenSession ¶

func (m *MongoStore) DeleteAccessTokenSession(ctx context.Context, signature string) (err error)

DeleteAccessTokenSession removes an Access Tokens current session from mongo

func (*MongoStore) DeleteAuthorizeCodeSession ¶

func (m *MongoStore) DeleteAuthorizeCodeSession(ctx context.Context, code string) (err error)

DeleteAuthorizeCodeSession removes an authorize code session from mongo

func (*MongoStore) DeleteClient ¶

func (m *MongoStore) DeleteClient(id string) error

DeleteClient removes an OAuth 2.0 Client from the client store

func (*MongoStore) DeleteOpenIDConnectSession ¶

func (m *MongoStore) DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) (err error)

DeleteOpenIDConnectSession removes an open id connect session from mongo.

func (*MongoStore) DeleteRefreshTokenSession ¶

func (m *MongoStore) DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)

DeleteRefreshTokenSession removes a Refresh Token that has been previously stored in mongo

func (MongoStore) GetAccessTokenSession ¶

func (m MongoStore) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

GetAccessTokenSession returns a session if it can be found by signature in mongo

func (MongoStore) GetAuthorizeCodeSession ¶

func (m MongoStore) GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error)

GetAuthorizeCodeSession finds an authorize code grant session in mongo

func (MongoStore) GetClient ¶

func (m MongoStore) GetClient(ctx context.Context, id string) (fosite.Client, error)

GetClient returns a Client if found by an ID lookup.

func (MongoStore) GetClients ¶

func (m MongoStore) GetClients() (clients map[string]client.Client, err error)

GetClients returns a map of clients mapped by client ID

func (*MongoStore) GetOpenIDConnectSession ¶

func (m *MongoStore) GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (req fosite.Requester, err error)

GetOpenIDConnectSession gets a session based off the Authorize Code and returns a fosite.Requester which contains a session or an error.

func (*MongoStore) GetRefreshTokenSession ¶

func (m *MongoStore) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

GetRefreshTokenSession returns a Refresh Token Session that's been previously stored in mongo

func (*MongoStore) PersistAuthorizeCodeGrantSession ¶

func (m *MongoStore) PersistAuthorizeCodeGrantSession(ctx context.Context, authorizeCode, accessSignature, refreshSignature string, request fosite.Requester) error

PersistAuthorizeCodeGrantSession creates an Authorise Code Grant session in mongo

func (*MongoStore) PersistRefreshTokenGrantSession ¶

func (m *MongoStore) PersistRefreshTokenGrantSession(ctx context.Context, originalRefreshSignature, accessSignature, refreshSignature string, request fosite.Requester) (err error)

PersistRefreshTokenGrantSession stores a refresh token grant session in mongo

func (*MongoStore) RevokeAccessToken ¶

func (m *MongoStore) RevokeAccessToken(ctx context.Context, requestID string) error

RevokeAccessToken finds a token stored in cache based on request ID and deletes the session by signature.

func (*MongoStore) RevokeRefreshToken ¶

func (m *MongoStore) RevokeRefreshToken(ctx context.Context, requestID string) error

RevokeRefreshToken finds a token stored in cache based on request ID and deletes the session by signature.

func (*MongoStore) UpdateClient ¶

func (m *MongoStore) UpdateClient(c *client.Client) error

UpdateClient updates an OAuth 2.0 Client record. This is done using the equivalent of an object replace.

Source Files ¶

View all Source files

storage_mongo.go

Directories ¶

Path	Synopsis
cache
client
mongo
request
user

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL