supertoken.go

package supertokenrepo

import (
	"database/sql"
	"errors"
	"time"

	"github.com/go-sql-driver/mysql"
	"github.com/jmoiron/sqlx"
	uuid "github.com/satori/go.uuid"
	log "github.com/sirupsen/logrus"

	"github.com/zachmann/mytoken/internal/db"
	"github.com/zachmann/mytoken/internal/model"
	eventService "github.com/zachmann/mytoken/internal/supertoken/event"
	event "github.com/zachmann/mytoken/internal/supertoken/event/pkg"
	supertoken "github.com/zachmann/mytoken/internal/supertoken/pkg"
	"github.com/zachmann/mytoken/internal/utils/cryptUtils"
	"github.com/zachmann/mytoken/internal/utils/hashUtils"
)

// SuperTokenEntry holds the information of a SuperTokenEntry as stored in the
// database
type SuperTokenEntry struct {
	ID           uuid.UUID
	ParentID     string `db:"parent_id"`
	RootID       string `db:"root_id"`
	Token        *supertoken.SuperToken
	RefreshToken string `db:"refresh_token"`
	Name         string
	CreatedAt    time.Time `db:"created_at"`
	IP           string    `db:"ip_created"`
	networkData  model.ClientMetaData
}

// NewSuperTokenEntry creates a new SuperTokenEntry
func NewSuperTokenEntry(st *supertoken.SuperToken, name string, networkData model.ClientMetaData) *SuperTokenEntry {
	return &SuperTokenEntry{
		ID:          st.ID,
		Token:       st,
		Name:        name,
		IP:          networkData.IP,
		networkData: networkData,
	}
}

// Root checks if this SuperTokenEntry is a root token
func (ste *SuperTokenEntry) Root() bool {
	if ste.RootID == "" {
		return true
	}
	return false
}

// Store stores the SuperTokenEntry in the database
func (ste *SuperTokenEntry) Store(tx *sqlx.Tx, comment string) error {
	rtHash := hashUtils.SHA512Str([]byte(ste.RefreshToken))
	jwt, err := ste.Token.Value()
	if err != nil {
		return err
	}
	jwtStr := jwt.(string)
	rtCrypt, err := cryptUtils.AES256Encrypt(ste.RefreshToken, jwtStr)
	if err != nil {
		return err
	}
	steStore := superTokenEntryStore{
		ID:               ste.ID,
		ParentID:         db.NewNullString(ste.ParentID),
		RootID:           db.NewNullString(ste.RootID),
		RefreshToken:     rtCrypt,
		RefreshTokenHash: rtHash,
		Name:             db.NewNullString(ste.Name),
		IP:               ste.IP,
		Iss:              ste.Token.OIDCIssuer,
		Sub:              ste.Token.OIDCSubject,
	}
	return db.RunWithinTransaction(tx, func(tx *sqlx.Tx) error {
		err = steStore.Store(tx)
		if err != nil {
			return err
		}
		return eventService.LogEvent(tx, event.FromNumber(event.STEventSTCreated, comment), ste.ID, ste.networkData)
	})
}

type superTokenEntryStore struct {
	ID               uuid.UUID
	ParentID         sql.NullString `db:"parent_id"`
	RootID           sql.NullString `db:"root_id"`
	RefreshToken     string         `db:"refresh_token"`
	RefreshTokenHash string         `db:"rt_hash"`
	Name             sql.NullString
	IP               string `db:"ip_created"`
	Iss              string
	Sub              string
}

// Store stores the superTokenEntryStore in the database; if this is the first token for this user, the user is also added to the db
func (e *superTokenEntryStore) Store(tx *sqlx.Tx) error {
	return db.RunWithinTransaction(tx, func(tx *sqlx.Tx) error {
		stmt, err := tx.PrepareNamed(`INSERT INTO SuperTokens (id, parent_id, root_id, refresh_token, rt_hash, name, ip_created, user_id) VALUES(:id, :parent_id, :root_id, :refresh_token, :rt_hash, :name, :ip_created, (SELECT id FROM Users WHERE iss=:iss AND sub=:sub))`)
		if err != nil {
			return err
		}
		txStmt := tx.NamedStmt(stmt)
		if _, err = txStmt.Exec(e); err != nil {
			var mysqlError *mysql.MySQLError
			if errors.As(err, &mysqlError) && mysqlError.Number == 1048 {
				_, err = tx.NamedExec(`INSERT INTO Users (sub, iss) VALUES(:sub, :iss)`, e)
				if err != nil {
					return err
				}
				_, err = txStmt.Exec(e)
				return err
			}
			log.WithError(err).Error()
			return err
		}
		return nil
	})
}