storj/satellite/console/consoleweb/consolewebauth/auth.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package consolewebauth

import (
	"net/http"
	"time"

	"storj.io/storj/satellite/console"
	"storj.io/storj/satellite/console/consoleauth"
)

// CookieSettings variable cookie settings.
type CookieSettings struct {
	Name string
	Path string
}

// CookieAuth handles cookie authorization.
type CookieAuth struct {
	settings CookieSettings
}

// NewCookieAuth create new cookie authorization with provided settings.
func NewCookieAuth(settings CookieSettings) *CookieAuth {
	return &CookieAuth{
		settings: settings,
	}
}

// GetToken retrieves token from request.
func (auth *CookieAuth) GetToken(r *http.Request) (console.TokenInfo, error) {
	cookie, err := r.Cookie(auth.settings.Name)
	if err != nil {
		return console.TokenInfo{}, err
	}

	token, err := consoleauth.FromBase64URLString(cookie.Value)
	if err != nil {
		return console.TokenInfo{}, err
	}

	return console.TokenInfo{
		Token:     token,
		ExpiresAt: cookie.Expires,
	}, nil
}

// SetTokenCookie sets parametrized token cookie that is not accessible from js.
func (auth *CookieAuth) SetTokenCookie(w http.ResponseWriter, tokenInfo console.TokenInfo) {
	http.SetCookie(w, &http.Cookie{
		Name:     auth.settings.Name,
		Value:    tokenInfo.Token.String(),
		Path:     auth.settings.Path,
		Expires:  tokenInfo.ExpiresAt,
		HttpOnly: true,
		SameSite: http.SameSiteStrictMode,
	})
}

// RemoveTokenCookie removes auth cookie that is not accessible from js.
func (auth *CookieAuth) RemoveTokenCookie(w http.ResponseWriter) {
	http.SetCookie(w, &http.Cookie{
		Name:     auth.settings.Name,
		Value:    "",
		Path:     auth.settings.Path,
		Expires:  time.Unix(0, 0),
		HttpOnly: true,
		SameSite: http.SameSiteStrictMode,
	})
}

// GetTokenCookieName returns the name of the cookie storing the session token.
func (auth *CookieAuth) GetTokenCookieName() string {
	return auth.settings.Name
}
satellite/console: use cookie based auth scheme Change-Id: I143b56f49fa9028ec172db8c29fd93577c3e7878 2020-01-20 18:57:14 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package consolewebauth`

			`import (`
			`"net/http"`
			`"time"`
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b 2022-06-05 23:41:38 +01:00
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`"storj.io/storj/satellite/console"`
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b 2022-06-05 23:41:38 +01:00			`"storj.io/storj/satellite/console/consoleauth"`
satellite/console: use cookie based auth scheme Change-Id: I143b56f49fa9028ec172db8c29fd93577c3e7878 2020-01-20 18:57:14 +00:00			`)`

			`// CookieSettings variable cookie settings.`
			`type CookieSettings struct {`
			`Name string`
			`Path string`
			`}`

			`// CookieAuth handles cookie authorization.`
			`type CookieAuth struct {`
			`settings CookieSettings`
			`}`

			`// NewCookieAuth create new cookie authorization with provided settings.`
			`func NewCookieAuth(settings CookieSettings) *CookieAuth {`
			`return &CookieAuth{`
			`settings: settings,`
			`}`
			`}`

			`// GetToken retrieves token from request.`
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`func (auth CookieAuth) GetToken(r http.Request) (console.TokenInfo, error) {`
satellite/console: use cookie based auth scheme Change-Id: I143b56f49fa9028ec172db8c29fd93577c3e7878 2020-01-20 18:57:14 +00:00			`cookie, err := r.Cookie(auth.settings.Name)`
			`if err != nil {`
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`return console.TokenInfo{}, err`
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b 2022-06-05 23:41:38 +01:00			`}`

			`token, err := consoleauth.FromBase64URLString(cookie.Value)`
			`if err != nil {`
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`return console.TokenInfo{}, err`
satellite/console: use cookie based auth scheme Change-Id: I143b56f49fa9028ec172db8c29fd93577c3e7878 2020-01-20 18:57:14 +00:00			`}`

satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`return console.TokenInfo{`
			`Token: token,`
			`ExpiresAt: cookie.Expires,`
			`}, nil`
satellite/console: use cookie based auth scheme Change-Id: I143b56f49fa9028ec172db8c29fd93577c3e7878 2020-01-20 18:57:14 +00:00			`}`

			`// SetTokenCookie sets parametrized token cookie that is not accessible from js.`
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`func (auth *CookieAuth) SetTokenCookie(w http.ResponseWriter, tokenInfo console.TokenInfo) {`
satellite/console: use cookie based auth scheme Change-Id: I143b56f49fa9028ec172db8c29fd93577c3e7878 2020-01-20 18:57:14 +00:00			`http.SetCookie(w, &http.Cookie{`
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`Name: auth.settings.Name,`
			`Value: tokenInfo.Token.String(),`
			`Path: auth.settings.Path,`
			`Expires: tokenInfo.ExpiresAt,`
satellite/console: use cookie based auth scheme Change-Id: I143b56f49fa9028ec172db8c29fd93577c3e7878 2020-01-20 18:57:14 +00:00			`HttpOnly: true,`
			`SameSite: http.SameSiteStrictMode,`
			`})`
			`}`
web/satellite: logout fix Change-Id: I1b2b14c098e0959e9c5bd36adc889a425d00963c 2020-01-29 13:10:13 +00:00
			`// RemoveTokenCookie removes auth cookie that is not accessible from js.`
			`func (auth *CookieAuth) RemoveTokenCookie(w http.ResponseWriter) {`
			`http.SetCookie(w, &http.Cookie{`
			`Name: auth.settings.Name,`
			`Value: "",`
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6 2021-08-11 12:50:50 +01:00			`Path: auth.settings.Path,`
web/satellite: logout fix Change-Id: I1b2b14c098e0959e9c5bd36adc889a425d00963c 2020-01-29 13:10:13 +00:00			`Expires: time.Unix(0, 0),`
			`HttpOnly: true,`
			`SameSite: http.SameSiteStrictMode,`
			`})`
			`}`
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b 2022-06-05 23:41:38 +01:00
			`// GetTokenCookieName returns the name of the cookie storing the session token.`
			`func (auth *CookieAuth) GetTokenCookieName() string {`
			`return auth.settings.Name`
			`}`