// Creates a userCtx object to be passed to the sync function
func makeUserCtx(user auth.User) map[string]interface{} {
if user == nil {
return nil
}
return map[string]interface{}{
"name": user.Name(),
"roles": user.RoleNames(),
"channels": user.InheritedChannels().AllChannels(),
}
}
func (h *handler) makeSession(user auth.User) error {
if user == nil {
return base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
}
h.user = user
auth := h.db.Authenticator()
session, err := auth.CreateSession(user.Name(), kDefaultSessionTTL)
if err != nil {
return err
}
cookie := auth.MakeSessionCookie(session)
cookie.Path = "/" + h.db.Name + "/"
http.SetCookie(h.response, cookie)
return h.respondWithSessionInfo()
}
// Creates a session with TTL and adds to the response. Does NOT return the session info response.
func (h *handler) makeSessionWithTTL(user auth.User, expiry time.Duration) (sessionID string, err error) {
if user == nil {
return "", base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
}
h.user = user
auth := h.db.Authenticator()
session, err := auth.CreateSession(user.Name(), expiry)
if err != nil {
return "", err
}
cookie := auth.MakeSessionCookie(session)
base.AddDbPathToCookie(h.rq, cookie)
http.SetCookie(h.response, cookie)
return session.ID, nil
}
func (listener *changeListener) NewWaiterWithChannels(chans base.Set, user auth.User) *changeWaiter {
waitKeys := make([]string, 0, 5)
for channel, _ := range chans {
waitKeys = append(waitKeys, channel)
}
var userKeys []string
if user != nil {
userKeys = []string{auth.UserKeyPrefix + user.Name()}
for role, _ := range user.RoleNames() {
userKeys = append(userKeys, auth.RoleKeyPrefix+role)
}
waitKeys = append(waitKeys, userKeys...)
}
waiter := listener.NewWaiter(waitKeys)
waiter.userKeys = userKeys
return waiter
}
// Formats session response similar to what is returned by CouchDB
func (h *handler) formatSessionResponse(user auth.User) db.Body {
var name *string
allChannels := channels.TimedSet{}
if user != nil {
userName := user.Name()
if userName != "" {
name = &userName
}
allChannels = user.Channels()
}
// Return a JSON struct similar to what CouchDB returns:
userCtx := db.Body{"name": name, "channels": allChannels}
handlers := []string{"default", "cookie"}
response := db.Body{"ok": true, "userCtx": userCtx, "authentication_handlers": handlers}
return response
}
// Recomputes the set of roles a User has been granted access to by sync() functions.
// This is part of the ChannelComputer interface defined by the Authenticator.
func (context *DatabaseContext) ComputeRolesForUser(user auth.User) (channels.TimedSet, error) {
var vres struct {
Rows []struct {
Value channels.TimedSet
}
}
opts := map[string]interface{}{"stale": false, "key": user.Name()}
if verr := context.Bucket.ViewCustom(DesignDocSyncGateway, ViewRoleAccess, opts, &vres); verr != nil {
return nil, verr
}
// Merge the TimedSets from the view result:
var result channels.TimedSet
for _, row := range vres.Rows {
if result == nil {
result = row.Value
} else {
result.Add(row.Value)
}
}
return result, nil
}