Home Explore Help
Register Sign In
Apq
/
sftpgo
mirror of https://github.com/drakkan/sftpgo.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: v2.6.0
Branches Tags
sftpgo
/
internal
/
httpd
/
token.go

token.go 2.5 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. // Copyright (C) 2019 Nicola Murino
    2. 

  2. //
    3. 

  3. // This program is free software: you can redistribute it and/or modify
    4. 

  4. // it under the terms of the GNU Affero General Public License as published
    5. 

  5. // by the Free Software Foundation, version 3.
    6. 

  6. //
    7. 

  7. // This program is distributed in the hope that it will be useful,
    8. 

  8. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    9. 

  9. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    10. 

  10. // GNU Affero General Public License for more details.
    11. 

  11. //
    12. 

  12. // You should have received a copy of the GNU Affero General Public License
    13. 

  13. // along with this program. If not, see <https://www.gnu.org/licenses/>.
    14. 

  14. 

  15. package httpd
    16. 

  16. 

  17. import (
    18. 

  18. 	"crypto/sha256"
    19. 

  19. 	"encoding/hex"
    20. 

  20. 	"sync"
    21. 

  21. 	"time"
    22. 

  22. 

  23. 	"github.com/drakkan/sftpgo/v2/internal/dataprovider"
    24. 

  24. 	"github.com/drakkan/sftpgo/v2/internal/logger"
    25. 

  25. 	"github.com/drakkan/sftpgo/v2/internal/util"
    26. 

  26. )
    27. 

  27. 

  28. func newTokenManager(isShared int) tokenManager {
    29. 

  29. 	if isShared == 1 {
    30. 

  30. 		logger.Info(logSender, "", "using provider token manager")
    31. 

  31. 		return &dbTokenManager{}
    32. 

  32. 	}
    33. 

  33. 	logger.Info(logSender, "", "using memory token manager")
    34. 

  34. 	return &memoryTokenManager{}
    35. 

  35. }
    36. 

  36. 

  37. type tokenManager interface {
    38. 

  38. 	Add(token string, expiresAt time.Time)
    39. 

  39. 	Get(token string) bool
    40. 

  40. 	Cleanup()
    41. 

  41. }
    42. 

  42. 

  43. type memoryTokenManager struct {
    44. 

  44. 	invalidatedJWTTokens sync.Map
    45. 

  45. }
    46. 

  46. 

  47. func (m *memoryTokenManager) Add(token string, expiresAt time.Time) {
    48. 

  48. 	m.invalidatedJWTTokens.Store(token, expiresAt)
    49. 

  49. }
    50. 

  50. 

  51. func (m *memoryTokenManager) Get(token string) bool {
    52. 

  52. 	_, ok := m.invalidatedJWTTokens.Load(token)
    53. 

  53. 	return ok
    54. 

  54. }
    55. 

  55. 

  56. func (m *memoryTokenManager) Cleanup() {
    57. 

  57. 	m.invalidatedJWTTokens.Range(func(key, value any) bool {
    58. 

  58. 		exp, ok := value.(time.Time)
    59. 

  59. 		if !ok || exp.Before(time.Now().UTC()) {
    60. 

  60. 			m.invalidatedJWTTokens.Delete(key)
    61. 

  61. 		}
    62. 

  62. 		return true
    63. 

  63. 	})
    64. 

  64. }
    65. 

  65. 

  66. type dbTokenManager struct{}
    67. 

  67. 

  68. func (m *dbTokenManager) getKey(token string) string {
    69. 

  69. 	digest := sha256.Sum256([]byte(token))
    70. 

  70. 	return hex.EncodeToString(digest[:])
    71. 

  71. }
    72. 

  72. 

  73. func (m *dbTokenManager) Add(token string, expiresAt time.Time) {
    74. 

  74. 	key := m.getKey(token)
    75. 

  75. 	data := map[string]string{
    76. 

  76. 		"jwt": token,
    77. 

  77. 	}
    78. 

  78. 	session := dataprovider.Session{
    79. 

  79. 		Key:       key,
    80. 

  80. 		Data:      data,
    81. 

  81. 		Type:      dataprovider.SessionTypeInvalidToken,
    82. 

  82. 		Timestamp: util.GetTimeAsMsSinceEpoch(expiresAt),
    83. 

  83. 	}
    84. 

  84. 	dataprovider.AddSharedSession(session) //nolint:errcheck
    85. 

  85. }
    86. 

  86. 

  87. func (m *dbTokenManager) Get(token string) bool {
    88. 

  88. 	key := m.getKey(token)
    89. 

  89. 	_, err := dataprovider.GetSharedSession(key)
    90. 

  90. 	return err == nil
    91. 

  91. }
    92. 

  92. 

  93. func (m *dbTokenManager) Cleanup() {
    94. 

  94. 	dataprovider.CleanupSharedSessions(dataprovider.SessionTypeInvalidToken, time.Now()) //nolint:errcheck
    95. 

  95. }
    96.