func (items RDBItems) watch(ctx context.Context, sess *r.Session, lock sync.RWMutex, table r.Term) {
go pkg.Retry(time.Second*15, time.Minute, func() error {
changes, err := table.Changes().Run(sess)
if err != nil {
pkg.LogError(errors.New(err))
return errors.New(err)
}
defer changes.Close()
var update = map[string]*RdbSchema{}
for changes.Next(&update) {
newVal := update["new_val"]
oldVal := update["old_val"]
lock.Lock()
if newVal == nil && oldVal != nil {
delete(items, oldVal.ID)
} else if newVal != nil && oldVal != nil {
delete(items, oldVal.ID)
items[newVal.ID] = newVal
} else {
items[newVal.ID] = newVal
}
lock.Unlock()
}
if changes.Err() != nil {
err = errors.New(changes.Err())
pkg.LogError(err)
return err
}
return nil
})
}
func (m *RethinkManager) Watch(ctx context.Context) {
go pkg.Retry(time.Second*15, time.Minute, func() error {
clients, err := m.Table.Changes().Run(m.Session)
if err != nil {
return errors.New(err)
}
defer clients.Close()
var update map[string]*fosite.DefaultClient
for clients.Next(&update) {
newVal := update["new_val"]
oldVal := update["old_val"]
m.Lock()
if newVal == nil && oldVal != nil {
delete(m.Clients, oldVal.GetID())
} else if newVal != nil && oldVal != nil {
delete(m.Clients, oldVal.GetID())
m.Clients[newVal.GetID()] = newVal
} else {
m.Clients[newVal.GetID()] = newVal
}
m.Unlock()
}
if clients.Err() != nil {
err = errors.New(clients.Err())
pkg.LogError(err)
return err
}
return nil
})
}
func (m *RethinkManager) Watch(ctx context.Context) {
go pkg.Retry(time.Second*15, time.Minute, func() error {
connections, err := m.Table.Changes().Run(m.Session)
if err != nil {
return errors.New(err)
}
defer connections.Close()
var update map[string]*rethinkSchema
for connections.Next(&update) {
newVal := update["new_val"]
oldVal := update["old_val"]
m.Lock()
if newVal == nil && oldVal != nil {
m.watcherRemove(oldVal)
} else if newVal != nil && oldVal != nil {
m.watcherRemove(oldVal)
m.watcherInsert(newVal)
} else {
m.watcherInsert(newVal)
}
m.Unlock()
}
if connections.Err() != nil {
err = errors.New(connections.Err())
pkg.LogError(err)
return err
}
return nil
})
}
func (m *RethinkManager) watcherInsert(val *rethinkSchema) {
var c jose.JsonWebKey
key, err := m.Cipher.Decrypt(val.Key)
if err != nil {
pkg.LogError(errors.New(err))
return
}
if err := json.Unmarshal(key, &c); err != nil {
pkg.LogError(errors.New(err))
return
}
keys := m.Keys[val.Set]
keys.Keys = append(keys.Keys, c)
m.Keys[val.Set] = keys
}
func (o *Handler) AuthHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var ctx = fosite.NewContext()
authorizeRequest, err := o.OAuth2.NewAuthorizeRequest(ctx, r)
if err != nil {
pkg.LogError(err)
o.writeAuthorizeError(w, authorizeRequest, err)
return
}
// A session_token will be available if the user was authenticated an gave consent
consentToken := authorizeRequest.GetRequestForm().Get("consent")
if consentToken == "" {
// otherwise redirect to log in endpoint
if err := o.redirectToConsent(w, r, authorizeRequest); err != nil {
pkg.LogError(err)
o.writeAuthorizeError(w, authorizeRequest, err)
return
}
return
}
// decode consent_token claims
// verify anti-CSRF (inject state) and anti-replay token (expiry time, good value would be 10 seconds)
session, err := o.Consent.ValidateResponse(authorizeRequest, consentToken)
if err != nil {
pkg.LogError(err)
o.writeAuthorizeError(w, authorizeRequest, errors.New(fosite.ErrAccessDenied))
return
}
// done
response, err := o.OAuth2.NewAuthorizeResponse(ctx, r, authorizeRequest, session)
if err != nil {
pkg.LogError(err)
o.writeAuthorizeError(w, authorizeRequest, err)
return
}
o.OAuth2.WriteAuthorizeResponse(w, authorizeRequest, response)
}
func (o *Handler) TokenHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
var session Session
var ctx = fosite.NewContext()
accessRequest, err := o.OAuth2.NewAccessRequest(ctx, r, &session)
if err != nil {
pkg.LogError(err)
o.OAuth2.WriteAccessError(w, accessRequest, err)
return
}
if accessRequest.GetGrantTypes().Exact("client_credentials") {
session.Subject = accessRequest.GetClient().GetID()
}
accessResponse, err := o.OAuth2.NewAccessResponse(ctx, r, accessRequest)
if err != nil {
pkg.LogError(err)
o.OAuth2.WriteAccessError(w, accessRequest, err)
return
}
o.OAuth2.WriteAccessResponse(w, accessRequest, accessResponse)
}
func requestFromRDB(s *RdbSchema, proto interface{}) (*fosite.Request, error) {
if proto != nil {
if err := json.Unmarshal(s.Session, proto); err != nil {
pkg.LogError(errors.New(err))
return nil, errors.New(err)
}
}
d := new(fosite.Request)
d.RequestedAt = s.RequestedAt
d.Client = s.Client
d.Scopes = s.Scopes
d.GrantedScopes = s.GrantedScopes
d.Form = s.Form
d.Session = proto
return d, nil
}
func (s *FositeRehinkDBStore) publishInsert(table r.Term, id string, requester fosite.Requester) error {
sess, err := json.Marshal(requester.GetSession())
if err != nil {
pkg.LogError(errors.New(err))
return errors.New(err)
}
if _, err := table.Insert(&RdbSchema{
ID: id,
RequestedAt: requester.GetRequestedAt(),
Client: requester.GetClient().(*fosite.DefaultClient),
Scopes: requester.GetScopes(),
GrantedScopes: requester.GetGrantedScopes(),
Form: requester.GetRequestForm(),
Session: sess,
}).RunWrite(s.Session); err != nil {
return errors.New(err)
}
return nil
}
