167 lines
4.6 KiB
Go
167 lines
4.6 KiB
Go
// Copyright (C) 2022 Storj Labs, Inc.
|
|
// See LICENSE for copying information.
|
|
|
|
package oidc
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"storj.io/common/uuid"
|
|
"storj.io/storj/satellite/satellitedb/dbx"
|
|
)
|
|
|
|
// DB defines a collection of resources that fall under the scope of OIDC and OAuth operations.
|
|
//
|
|
// architecture: Database
|
|
type DB interface {
|
|
// OAuthClients returns an API for the oauthclients repository.
|
|
OAuthClients() OAuthClients
|
|
// OAuthCodes returns an API for the oauthcodes repository.
|
|
OAuthCodes() OAuthCodes
|
|
// OAuthTokens returns an API for the oauthtokens repository.
|
|
OAuthTokens() OAuthTokens
|
|
}
|
|
|
|
// OAuthClients defines an interface for creating, updating, and obtaining information about oauth clients known to our
|
|
// system.
|
|
type OAuthClients interface {
|
|
// Get returns the OAuthClient associated with the provided id.
|
|
Get(ctx context.Context, id uuid.UUID) (OAuthClient, error)
|
|
|
|
// Create creates a new OAuthClient.
|
|
Create(ctx context.Context, client OAuthClient) error
|
|
|
|
// Update modifies information for the provided OAuthClient.
|
|
Update(ctx context.Context, client OAuthClient) error
|
|
|
|
// Delete deletes the identified client from the database.
|
|
Delete(ctx context.Context, id uuid.UUID) error
|
|
}
|
|
|
|
// OAuthClient defines a concrete representation of an oauth client.
|
|
type OAuthClient struct {
|
|
ID uuid.UUID `json:"id"`
|
|
Secret []byte `json:"secret"`
|
|
UserID uuid.UUID `json:"userID"`
|
|
RedirectURL string `json:"redirectURL"`
|
|
AppName string `json:"appName"`
|
|
AppLogoURL string `json:"appLogoURL"`
|
|
}
|
|
|
|
// GetID returns the clients id.
|
|
func (o OAuthClient) GetID() string {
|
|
return o.ID.String()
|
|
}
|
|
|
|
// GetSecret returns the clients secret.
|
|
func (o OAuthClient) GetSecret() string {
|
|
return string(o.Secret)
|
|
}
|
|
|
|
// GetDomain returns the allowed redirect url associated with the client.
|
|
func (o OAuthClient) GetDomain() string {
|
|
return o.RedirectURL
|
|
}
|
|
|
|
// GetUserID returns the owners' user id.
|
|
func (o OAuthClient) GetUserID() string {
|
|
return o.UserID.String()
|
|
}
|
|
|
|
// OAuthCodes defines a set of operations allowed to be performed against oauth codes.
|
|
type OAuthCodes interface {
|
|
// Get retrieves the OAuthCode for the specified code. Implementations should only return unexpired, unclaimed
|
|
// codes. Once a code has been claimed, it should be marked as such to prevent future calls from exchanging the
|
|
// value for an access tokens.
|
|
Get(ctx context.Context, code string) (OAuthCode, error)
|
|
|
|
// Create creates a new OAuthCode.
|
|
Create(ctx context.Context, code OAuthCode) error
|
|
|
|
// Claim marks that the provided code has been claimed and should not be issued to another caller.
|
|
Claim(ctx context.Context, code string) error
|
|
}
|
|
|
|
// OAuthTokens defines a set of operations that ca be performed against oauth tokens.
|
|
type OAuthTokens interface {
|
|
// Get retrieves the OAuthToken for the specified kind and token value. This can be used to look up either refresh
|
|
// or access tokens that have not expired.
|
|
Get(ctx context.Context, kind OAuthTokenKind, token string) (OAuthToken, error)
|
|
|
|
// Create creates a new OAuthToken. If the token already exists, no value is modified and nil is returned.
|
|
Create(ctx context.Context, token OAuthToken) error
|
|
}
|
|
|
|
// OAuthTokenKind defines an enumeration of different types of supported tokens.
|
|
type OAuthTokenKind int8
|
|
|
|
const (
|
|
// KindUnknown is used to represent an entry for which we do not recognize the value.
|
|
KindUnknown = 0
|
|
// KindAccessToken represents an access token within the database.
|
|
KindAccessToken = 1
|
|
// KindRefreshToken represents a refresh token within the database.
|
|
KindRefreshToken = 2
|
|
)
|
|
|
|
// OAuthCode represents a code stored within our database.
|
|
type OAuthCode struct {
|
|
ClientID uuid.UUID
|
|
UserID uuid.UUID
|
|
Scope string
|
|
RedirectURL string
|
|
Challenge string
|
|
ChallengeMethod string
|
|
Code string
|
|
CreatedAt time.Time
|
|
ExpiresAt time.Time
|
|
ClaimedAt *time.Time
|
|
}
|
|
|
|
// OAuthToken represents a token stored within our database (either access / refresh).
|
|
type OAuthToken struct {
|
|
ClientID uuid.UUID
|
|
UserID uuid.UUID
|
|
Scope string
|
|
Kind OAuthTokenKind
|
|
Token string
|
|
CreatedAt time.Time
|
|
ExpiresAt time.Time
|
|
}
|
|
|
|
// NewDB constructs a database using the provided dbx db.
|
|
func NewDB(dbxdb *dbx.DB) DB {
|
|
return &db{
|
|
clients: &clientsDBX{
|
|
db: dbxdb,
|
|
},
|
|
codes: &codesDBX{
|
|
db: dbxdb,
|
|
},
|
|
tokens: &tokensDBX{
|
|
db: dbxdb,
|
|
},
|
|
}
|
|
}
|
|
|
|
type db struct {
|
|
clients OAuthClients
|
|
codes OAuthCodes
|
|
tokens OAuthTokens
|
|
}
|
|
|
|
func (d *db) OAuthClients() OAuthClients {
|
|
return d.clients
|
|
}
|
|
|
|
func (d *db) OAuthCodes() OAuthCodes {
|
|
return d.codes
|
|
}
|
|
|
|
func (d *db) OAuthTokens() OAuthTokens {
|
|
return d.tokens
|
|
}
|
|
|
|
var _ DB = &db{}
|