/auth/nonce/nonce.go

https://github.com/target/goalert · Go · 105 lines · 78 code · 14 blank · 13 comment · 14 complexity · f10efd90601458287babc44181ee8b2b MD5 · raw file 

    

  1. package nonce
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"database/sql"
    6. 

  6. 	"github.com/target/goalert/util"
    7. 

  7. 	"github.com/target/goalert/util/log"
    8. 

  8. 	"time"
    9. 

  9. 

  10. 	"github.com/pkg/errors"
    11. 

  11. 	uuid "github.com/satori/go.uuid"
    12. 

  12. )
    13. 

  13. 

  14. // Store allows generating and consuming nonce values.
    15. 

  15. type Store interface {
    16. 

  16. 	New() [16]byte
    17. 

  17. 	Consume(context.Context, [16]byte) (bool, error)
    18. 

  18. 	Shutdown(context.Context) error
    19. 

  19. }
    20. 

  20. 

  21. // DB implements the Store interface using postgres as it's backend.
    22. 

  22. type DB struct {
    23. 

  23. 	db       *sql.DB
    24. 

  24. 	shutdown chan context.Context
    25. 

  25. 

  26. 	consume *sql.Stmt
    27. 

  27. 	cleanup *sql.Stmt
    28. 

  28. }
    29. 

  29. 

  30. // NewDB prepares a new DB instance for the given sql.DB.
    31. 

  31. func NewDB(ctx context.Context, db *sql.DB) (*DB, error) {
    32. 

  32. 	p := &util.Prepare{DB: db, Ctx: ctx}
    33. 

  33. 

  34. 	d := &DB{
    35. 

  35. 		db:       db,
    36. 

  36. 		shutdown: make(chan context.Context),
    37. 

  37. 

  38. 		consume: p.P(`
    39. 

  39. 			insert into auth_nonce (id)
    40. 

  40. 			values ($1)
    41. 

  41. 			on conflict do nothing
    42. 

  42. 		`),
    43. 

  43. 		cleanup: p.P(`
    44. 

  44. 			delete from auth_nonce
    45. 

  45. 			where created_at < now() - '1 week'::interval
    46. 

  46. 		`),
    47. 

  47. 	}
    48. 

  48. 	if p.Err != nil {
    49. 

  49. 		return nil, p.Err
    50. 

  50. 	}
    51. 

  51. 	go d.loop()
    52. 

  52. 

  53. 	return d, nil
    54. 

  54. }
    55. 

  55. 

  56. func (db *DB) loop() {
    57. 

  57. 	defer close(db.shutdown)
    58. 

  58. 	t := time.NewTicker(time.Hour * 24)
    59. 

  59. 	defer t.Stop()
    60. 

  60. 	for {
    61. 

  61. 		select {
    62. 

  62. 		case <-t.C:
    63. 

  63. 			_, err := db.cleanup.ExecContext(context.Background())
    64. 

  64. 			if err != nil {
    65. 

  65. 				log.Log(context.Background(), errors.Wrap(err, "cleanup old nonce values"))
    66. 

  66. 			}
    67. 

  67. 		case <-db.shutdown:
    68. 

  68. 			return
    69. 

  69. 		}
    70. 

  70. 	}
    71. 

  71. }
    72. 

  72. 

  73. // Shutdown allows gracefully shutting down the nonce store.
    74. 

  74. func (db *DB) Shutdown(ctx context.Context) error {
    75. 

  75. 	if db == nil {
    76. 

  76. 		return nil
    77. 

  77. 	}
    78. 

  78. 	db.shutdown <- ctx
    79. 

  79. 

  80. 	// wait for it to complete
    81. 

  81. 	<-db.shutdown
    82. 

  82. 	return nil
    83. 

  83. }
    84. 

  84. 

  85. // New will generate a new cryptographically random nonce value.
    86. 

  86. func (db *DB) New() (id [16]byte) {
    87. 

  87. 	copy(id[:], uuid.NewV4().Bytes())
    88. 

  88. 	return id
    89. 

  89. }
    90. 

  90. 

  91. // Consume will record the use of a nonce value.
    92. 

  92. //
    93. 

  93. // An error is returned if it is not possible to validate the nonce value.
    94. 

  94. // Otherwise true/false is returned to indicate if the id is valid.
    95. 

  95. //
    96. 

  96. // The first call to Consume for a given ID will return true, subsequent calls
    97. 

  97. // for the same ID will return false.
    98. 

  98. func (db *DB) Consume(ctx context.Context, id [16]byte) (bool, error) {
    99. 

  99. 	res, err := db.consume.ExecContext(ctx, uuid.UUID(id).String())
    100. 

  100. 	if err != nil {
    101. 

  101. 		return false, err
    102. 

  102. 	}
    103. 

  103. 	n, _ := res.RowsAffected()
    104. 

  104. 	return n == 1, nil
    105. 

  105. }
    106.