Newer
Older
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
"github.com/oidc-mytoken/server/shared/model"
"github.com/oidc-mytoken/server/shared/utils"
"github.com/oidc-mytoken/server/internal/config"
"github.com/oidc-mytoken/server/internal/db"
"github.com/oidc-mytoken/server/internal/db/dbrepo/authcodeinforepo/state"
"github.com/oidc-mytoken/server/internal/db/dbrepo/mytokenrepo/transfercoderepo"
"github.com/oidc-mytoken/server/shared/mytoken/restrictions"
// AuthFlowInfo holds database information about a started authorization flow
AuthFlowInfoOut
PollingCode *transfercoderepo.TransferCode
}
// AuthFlowInfoOut holds database information about a started authorization flow
type AuthFlowInfoOut struct {
State *state.State
Issuer string
Restrictions restrictions.Restrictions
Capabilities api.Capabilities
SubtokenCapabilities api.Capabilities
ResponseType model.ResponseType
MaxTokenLen int
}
type authFlowInfo struct {
State *state.State `db:"state_h"`
Issuer string `db:"iss"`
Capabilities api.Capabilities
SubtokenCapabilities api.Capabilities `db:"subtoken_capabilities"`
PollingCode db.BitBool `db:"polling_code"`
ExpiresIn int64 `db:"expires_in"`
ResponseType model.ResponseType `db:"response_type"`
MaxTokenLen *int `db:"max_token_len"`
State: i.State,
Issuer: i.Issuer,
Restrictions: i.Restrictions,
Capabilities: i.Capabilities,
SubtokenCapabilities: i.SubtokenCapabilities,
Name: db.NewNullString(i.Name),
ExpiresIn: config.Get().Features.Polling.PollingCodeExpiresAfter,
PollingCode: i.PollingCode != nil,
ResponseType: i.ResponseType,
MaxTokenLen: utils.NewInt(i.MaxTokenLen),
func (i *authFlowInfo) toAuthFlowInfo() *AuthFlowInfoOut {
o := &AuthFlowInfoOut{
State: i.State,
Issuer: i.Issuer,
Restrictions: i.Restrictions,
Capabilities: i.Capabilities,
SubtokenCapabilities: i.SubtokenCapabilities,
Name: i.Name.String,
PollingCode: bool(i.PollingCode),
ResponseType: i.ResponseType,
if i.MaxTokenLen != nil {
o.MaxTokenLen = *i.MaxTokenLen
}
return o
// Store stores the AuthFlowInfoIn in the database as well as the linked polling code if it exists
func (i *AuthFlowInfo) Store(tx *sqlx.Tx) error {
return db.RunWithinTransaction(
tx, func(tx *sqlx.Tx) error {
if i.PollingCode != nil {
if err := i.PollingCode.Store(tx); err != nil {
return err
}
_, err := tx.NamedExec(
`CALL AuthInfo_Insert(:state_h, :iss, :restrictions, :capabilities, :subtoken_capabilities, :name,
:expires_in, :polling_code, :rotation, :response_type, :max_token_len)`, store,
)
return errors.WithStack(err)
},
)
// GetAuthFlowInfoByState returns AuthFlowInfoIn by state
func GetAuthFlowInfoByState(state *state.State) (*AuthFlowInfoOut, error) {
if err := db.Transact(
func(tx *sqlx.Tx) error {
return errors.WithStack(tx.Get(&info, `CALL AuthInfo_Get(?)`, state))
},
); err != nil {
// DeleteAuthFlowInfoByState deletes the AuthFlowInfoIn for a given state
func DeleteAuthFlowInfoByState(tx *sqlx.Tx, state *state.State) error {
return db.RunWithinTransaction(
tx, func(tx *sqlx.Tx) error {
_, err := tx.Exec(`CALL AuthInfo_Delete(?)`, state)
return errors.WithStack(err)
},
)
// UpdateTokenInfoByState updates the stored AuthFlowInfo for the given state
func UpdateTokenInfoByState(
tx *sqlx.Tx, state *state.State, r restrictions.Restrictions, c, sc api.Capabilities, rot *api.Rotation,
tokenName string,
) error {
return db.RunWithinTransaction(
tx, func(tx *sqlx.Tx) error {
_, err := tx.Exec(
`CALL AuthInfo_Update(?,?,?,?,?,?)`,
state, r, c, sc, rot, tokenName,
)
return errors.WithStack(err)
},
)
// SetCodeVerifier stores the passed PKCE code verifier
func SetCodeVerifier(tx *sqlx.Tx, state *state.State, verifier string) error {
return db.RunWithinTransaction(
tx, func(tx *sqlx.Tx) error {
_, err := tx.Exec(`CALL AuthInfo_SetCodeVerifier(?,?)`, state, verifier)
return errors.WithStack(err)
},
)