manager.go 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194
  1. package auth
  2. import (
  3. "time"
  4. )
  5. // NewManager create to authorization management instance
  6. func NewManager(ag AccessGenerate, ts TokenStore) *Manager {
  7. return &Manager{
  8. cfg: DefaultAccessTokenCfg,
  9. rCfg: DefaultRefreshTokenCfg,
  10. accessGenerate: ag,
  11. tokenStore: ts,
  12. }
  13. }
  14. // SetConfig mapping the access token generate config
  15. func (m *Manager) SetConfig(cfg *Config) {
  16. m.cfg = cfg
  17. }
  18. // SetRefreshTokenConfig mapping the token refresh config
  19. func (m *Manager) SetRefreshTokenConfig(store *RefreshConfig) {
  20. m.rCfg = store
  21. }
  22. // Manager provide authorization management
  23. type Manager struct {
  24. cfg *Config
  25. rCfg *RefreshConfig
  26. accessGenerate AccessGenerate
  27. tokenStore TokenStore
  28. }
  29. // GenerateAccessToken generate the access token
  30. func (m *Manager) GenerateAccessToken(userID string) (TokenInfo, error) {
  31. ti := NewToken()
  32. ti.SetUserID(userID)
  33. createAt := time.Now()
  34. ti.SetAccessCreateAt(createAt)
  35. // set access token expires
  36. ti.SetAccessExpiresIn(m.cfg.AccessTokenExp)
  37. if m.cfg.IsGenerateRefresh {
  38. ti.SetRefreshCreateAt(createAt)
  39. ti.SetRefreshExpiresIn(m.cfg.RefreshTokenExp)
  40. }
  41. td := &GenerateBasic{
  42. UserID: userID,
  43. CreateAt: createAt,
  44. TokenInfo: ti,
  45. }
  46. av, rv, err := m.accessGenerate.Token(td, m.cfg.IsGenerateRefresh)
  47. if err != nil {
  48. return nil, err
  49. }
  50. ti.SetAccess(av)
  51. if rv != "" {
  52. ti.SetRefresh(rv)
  53. }
  54. err = m.tokenStore.Create(ti)
  55. if err != nil {
  56. return nil, err
  57. }
  58. return ti, nil
  59. }
  60. // RefreshAccessToken refreshing an access token
  61. func (m *Manager) RefreshAccessToken(refresh string) (TokenInfo, error) {
  62. ti, err := m.LoadRefreshToken(refresh)
  63. if err != nil {
  64. return nil, err
  65. }
  66. oldAccess, oldRefresh := ti.GetAccess(), ti.GetRefresh()
  67. td := &GenerateBasic{
  68. UserID: ti.GetUserID(),
  69. CreateAt: time.Now(),
  70. TokenInfo: ti,
  71. }
  72. ti.SetAccessCreateAt(td.CreateAt)
  73. if v := m.cfg.AccessTokenExp; v > 0 {
  74. ti.SetAccessExpiresIn(v)
  75. }
  76. if v := m.cfg.RefreshTokenExp; v > 0 {
  77. ti.SetRefreshExpiresIn(v)
  78. }
  79. if m.rCfg.IsResetRefreshTime {
  80. ti.SetRefreshCreateAt(td.CreateAt)
  81. }
  82. tv, rv, err := m.accessGenerate.Token(td, m.cfg.IsGenerateRefresh)
  83. if err != nil {
  84. return nil, err
  85. }
  86. ti.SetAccess(tv)
  87. if rv != "" {
  88. ti.SetRefresh(rv)
  89. }
  90. if err = m.tokenStore.Create(ti); err != nil {
  91. return nil, err
  92. }
  93. if m.rCfg.IsRemoveAccess {
  94. // remove the old access token
  95. if err = m.tokenStore.RemoveByAccess(oldAccess); err != nil {
  96. return nil, err
  97. }
  98. }
  99. if m.rCfg.IsRemoveRefreshing && rv != "" {
  100. // remove the old refresh token
  101. if err = m.tokenStore.RemoveByRefresh(oldRefresh); err != nil {
  102. return nil, err
  103. }
  104. }
  105. if rv == "" {
  106. ti.SetRefresh("")
  107. ti.SetRefreshCreateAt(time.Now())
  108. ti.SetRefreshExpiresIn(0)
  109. }
  110. return ti, nil
  111. }
  112. // RemoveAccessToken use the access token to delete the token information
  113. func (m *Manager) RemoveAccessToken(access string) error {
  114. if access == "" {
  115. return ErrInvalidAccessToken
  116. }
  117. return m.tokenStore.RemoveByAccess(access)
  118. }
  119. // RemoveRefreshToken use the refresh token to delete the token information
  120. func (m *Manager) RemoveRefreshToken(refresh string) error {
  121. if refresh == "" {
  122. return ErrInvalidAccessToken
  123. }
  124. return m.tokenStore.RemoveByRefresh(refresh)
  125. }
  126. // LoadAccessToken according to the access token for corresponding token information
  127. func (m *Manager) LoadAccessToken(access string) (TokenInfo, error) {
  128. if access == "" {
  129. return nil, ErrInvalidAccessToken
  130. }
  131. ct := time.Now()
  132. ti, err := m.tokenStore.GetByAccess(access)
  133. if err != nil {
  134. return nil, err
  135. } else if ti == nil || ti.GetAccess() != access {
  136. return nil, ErrInvalidAccessToken
  137. } else if ti.GetRefresh() != "" && ti.GetRefreshExpiresIn() != 0 &&
  138. ti.GetRefreshCreateAt().Add(ti.GetRefreshExpiresIn()).Before(ct) {
  139. return nil, ErrExpiredRefreshToken
  140. } else if ti.GetAccessExpiresIn() != 0 &&
  141. ti.GetAccessCreateAt().Add(ti.GetAccessExpiresIn()).Before(ct) {
  142. return nil, ErrExpiredAccessToken
  143. }
  144. return ti, nil
  145. }
  146. // LoadRefreshToken according to the refresh token for corresponding token information
  147. func (m *Manager) LoadRefreshToken(refresh string) (TokenInfo, error) {
  148. if refresh == "" {
  149. return nil, ErrInvalidRefreshToken
  150. }
  151. ti, err := m.tokenStore.GetByRefresh(refresh)
  152. if err != nil {
  153. return nil, err
  154. } else if ti == nil || ti.GetRefresh() != refresh {
  155. return nil, ErrInvalidRefreshToken
  156. } else if ti.GetRefreshExpiresIn() != 0 && // refresh token set to not expire
  157. ti.GetRefreshCreateAt().Add(ti.GetRefreshExpiresIn()).Before(time.Now()) {
  158. return nil, ErrExpiredRefreshToken
  159. }
  160. return ti, nil
  161. }