Added redis backend, backend selection mechanism

2023-10-26 20:29:11 +02:00
parent 17086b1abf
commit d5af575e74
11 changed files with 393 additions and 81 deletions
--- a/backend/all/importAll.go
+++ b/backend/all/importAll.go
@@ -0,0 +1,12 @@
+// Shortcut to include all available backends
+// Usage:
+//
+// ```
+// import _ "git.thequux.com/thequux/ipasso/backend/all"
+// ```
+package all
+
+import (
+	_ "git.thequux.com/thequux/ipasso/backend/null"
+	_ "git.thequux.com/thequux/ipasso/backend/redis"
+)
--- a/backend/interface.go
+++ b/backend/interface.go
@@ -0,0 +1,71 @@
+package backend
+
+import (
+	"context"
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"time"
+)
+
+type UserType string
+
+var (
+	UtPerson  UserType = "person"
+	UtHost    UserType = "host"
+	UtService UserType = "service"
+
+	ErrTooManyAttempts   error = errors.New("too many attempts")
+	ErrReservationSniped error = errors.New("session ID reservation expired and was sniped")
+	ErrBackendData       error = errors.New("invalid data from backend")
+)
+
+// Session holds info about the logged-in user that won't change
+type Session struct {
+	SessionID  string
+	Expiration time.Time
+	UserID     string
+	UserType   UserType
+	LdapDN     string
+}
+
+// SessionCache holds volatile information about the logged-in user
+type SessionCache struct {
+	Valid       bool
+	Groups      []string
+	DisplayName string
+	GivenName   string
+	SurName     string
+	Email       string
+}
+
+type Backend interface {
+	PutSession(ctx context.Context, session Session, cache SessionCache) error
+	GetSession(ctx context.Context, id string) (Session, *SessionCache, error)
+	EndSession(ctx context.Context, id string)
+	// ReserveSessionID attempts to reserve a session ID. If the ID was successfully reserved, return true
+	// A reserved session ID should time out no sooner than 60s from the reservation.
+	// Ergo, once reserved, a session ID should be used within 60s
+	ReserveSessionID(ctx context.Context, sessionID string) (bool, error)
+	DoMaintenance(ctx context.Context)
+	Ping(ctx context.Context) error
+}
+
+func NewSessionID(ctx context.Context, backend Backend) (string, error) {
+	var data = make([]byte, 18)
+	for i := 0; i < 10; i++ {
+		_, err := rand.Read(data[2:])
+		if err != nil {
+			return "", err
+		}
+		encoded := base64.URLEncoding.EncodeToString(data)
+		success, err := backend.ReserveSessionID(ctx, encoded)
+		if err != nil {
+			return "", err
+		}
+		if success {
+			return encoded, nil
+		}
+	}
+	return "", ErrTooManyAttempts
+}
--- a/backend/null/null.go
+++ b/backend/null/null.go
@@ -0,0 +1,47 @@
+package backend
+
+import (
+	"context"
+	"errors"
+	"git.thequux.com/thequux/ipasso/backend"
+	"go.uber.org/zap"
+	"net/url"
+)
+
+type NullBackend struct{}
+
+func (n *NullBackend) PutSession(ctx context.Context, session backend.Session, cache backend.SessionCache) error {
+	//TODO implement me
+	zap.L().Info("Put session", zap.Any("session", session), zap.Any("cache", cache))
+	return nil
+}
+
+func (n *NullBackend) GetSession(ctx context.Context, id string) (backend.Session, *backend.SessionCache, error) {
+	//TODO implement me
+	return backend.Session{}, nil, errors.New("no such session")
+}
+
+func (n *NullBackend) EndSession(ctx context.Context, id string) {
+	//TODO implement me
+}
+
+func (n *NullBackend) ReserveSessionID(ctx context.Context, sessionID string) (bool, error) {
+	//TODO implement me
+	return false, nil
+}
+
+func (n *NullBackend) Ping(ctx context.Context) error {
+	//TODO implement me
+	return nil
+}
+
+func (n *NullBackend) DoMaintenance(ctx context.Context) {
+	//TODO implement me
+}
+
+func init() {
+	backend.RegisterBackendFactory("null", "Do-nothing backend. Probably not useful", "Usage: null://",
+		func(*url.URL) (backend.Backend, error) {
+			return &NullBackend{}, nil
+		})
+}
--- a/backend/redis/redis.go
+++ b/backend/redis/redis.go
@@ -0,0 +1,145 @@
+package redis
+
+import (
+	"context"
+	"encoding/json"
+	"git.thequux.com/thequux/ipasso/backend"
+	"github.com/redis/go-redis/v9"
+	"net/url"
+	"time"
+)
+
+var redisHelp = `
+Usage: redis://<user>:<password>@<host>:<port>/<db_number>
+       redisu://<user>:<password>@</path/to/redis.sock>?db=<db_number>
+       rediss://<user>:<password>@<host>:<port>/<db_number>?addr=<host:port>&addr=<host:port>...
+
+The redis  scheme connects to a normal Redis server over TCP
+the redisu scheme connects to a normal Redis server over a Unix domain socket
+the rediss scheme connects to a redis cluster 
+`
+
+func init() {
+	backend.RegisterBackendFactory("redis", "Redis TCP", redisHelp, DialRedis)
+	backend.RegisterBackendFactory("redisu", "Redis Unix", redisHelp, DialRedis)
+	backend.RegisterBackendFactory("rediss", "Redis Cluster", redisHelp, DialRedis)
+}
+
+func DialRedis(url *url.URL) (be backend.Backend, err error) {
+	var urlString = url.String()
+	var client redis.UniversalClient
+	if url.Scheme == "redis" || url.Scheme == "redisu" {
+		var options *redis.Options
+		options, err = redis.ParseURL(urlString)
+		client = redis.NewClient(options)
+	} else if url.Scheme == "rediss" {
+		var options *redis.ClusterOptions
+		options, err = redis.ParseClusterURL(urlString)
+		client = redis.NewClusterClient(options)
+	}
+	if err == nil {
+		be = &RedisBackend{
+			rdb: client,
+		}
+	}
+	return
+}
+
+func sessionKey(id string) string {
+	return "session:" + id
+}
+func scacheKey(id string) string {
+	return "scache:" + id
+}
+
+type RedisBackend struct {
+	rdb redis.UniversalClient
+}
+
+var putSessionScript = redis.NewScript(`
+local skey = KEYS[1]
+local ckey = KEYS[2]
+local session = ARGS[1]
+local sexp = ARGS[2]
+local cache = ARGS[3]
+local clifetime = ARGS[4]
+
+if redis.call("GET", skey) != "" then
+	return false
+else
+	redis.call("SET", skey, session, "EXAT", sexp)
+	redis.call("SET", ckey, cache, "EX", 30)
+	return true
+end
+`)
+
+func (r *RedisBackend) PutSession(ctx context.Context, session backend.Session, cache backend.SessionCache) error {
+	jsonSession, err := json.Marshal(session)
+	if err != nil {
+		return err
+	}
+	jsonCache, err := json.Marshal(cache)
+	if err != nil {
+		return err
+	}
+
+	result, err := putSessionScript.Run(ctx, r.rdb,
+		[]string{sessionKey(session.SessionID), scacheKey(session.SessionID)},
+		jsonSession,
+		session.Expiration.Unix(),
+		jsonCache,
+		30,
+	).Bool()
+
+	if err != nil {
+		return err
+	} else if result {
+		return nil
+	} else {
+		return backend.ErrReservationSniped
+	}
+}
+
+func (r *RedisBackend) GetSession(ctx context.Context, id string) (backend.Session, *backend.SessionCache, error) {
+	var session backend.Session
+	var cache backend.SessionCache
+
+	result, err := r.rdb.MGet(ctx, sessionKey(id), scacheKey(id)).Result()
+	if err != nil {
+		return session, nil, err
+	}
+
+	v, ok := result[0].([]byte)
+	if !ok {
+		return backend.Session{}, nil, backend.ErrBackendData
+	}
+	if err = json.Unmarshal(v, &session); err != nil {
+		return backend.Session{}, nil, err
+	}
+
+	v, ok = result[1].([]byte)
+	if !ok {
+		return backend.Session{}, nil, backend.ErrBackendData
+	}
+	if err = json.Unmarshal(v, &cache); err != nil {
+		return backend.Session{}, nil, err
+	}
+
+	return session, &cache, nil
+}
+
+func (r *RedisBackend) EndSession(ctx context.Context, id string) {
+	r.rdb.Del(ctx, sessionKey(id), scacheKey(id))
+}
+
+func (r *RedisBackend) ReserveSessionID(ctx context.Context, id string) (bool, error) {
+	return r.rdb.SetNX(ctx, sessionKey(id), "", time.Second*60).Result()
+}
+
+func (r *RedisBackend) DoMaintenance(ctx context.Context) {
+	// Redis handles cleaning up expired keys itself
+}
+
+func (r *RedisBackend) Ping(ctx context.Context) error {
+	return r.rdb.Ping(ctx).Err()
+}
--- a/backend/registration.go
+++ b/backend/registration.go
@@ -0,0 +1,104 @@
+package backend
+
+import (
+	"flag"
+	"fmt"
+	"git.thequux.com/thequux/ipasso/util/startup"
+	"go.uber.org/zap"
+	"net/url"
+	"os"
+	"sort"
+	"strings"
+)
+
+var backendUrl = flag.String("backend", "help://", "URL of backend. Use help:// for a list, or help://[backend] for details on a particular backend")
+
+var SessionStore Backend
+
+type backendRecord struct {
+	description string
+	help        string
+	factory     Factory
+}
+
+// Factory for backend objects. You don't need this unless you're working on
+// initialization machinery or implementing a backend
+type Factory func(url *url.URL) (Backend, error)
+
+var sessionLogger *zap.Logger
+
+var registry = make(map[string]backendRecord)
+
+func RegisterBackendFactory(scheme string, description string, help string, factory Factory) {
+	scheme = strings.ToLower(scheme)
+	_, exist := registry[scheme]
+	if exist {
+		panic("Scheme " + scheme + " registered multiple times")
+	}
+
+	registry[scheme] = backendRecord{
+		description: description,
+		help:        help,
+		factory:     factory,
+	}
+}
+
+func init() {
+	// register the help factory
+	RegisterBackendFactory("help", "Help on backends", `
+Usage: 
+  help://          List available backends
+  help://backend   Print help on a specific backend
+`,
+		backendHelp,
+	)
+
+	startup.Logger.Add(func() {
+		sessionLogger = zap.L().Named("session")
+	})
+	startup.PostFlags.Add(func() {
+		parsed, err := url.Parse(*backendUrl)
+		if err != nil {
+			sessionLogger.Fatal("Invalid backend spec", zap.Error(err))
+		}
+		backend, ok := registry[parsed.Scheme]
+		if !ok {
+			sessionLogger.Fatal("Unknown backend type", zap.String("scheme", parsed.Scheme))
+		}
+		SessionStore, err = backend.factory(parsed)
+		if err != nil {
+			sessionLogger.Fatal("Failed to initialize backend", zap.Error(err))
+		}
+
+	})
+}
+
+func backendHelp(url *url.URL) (Backend, error) {
+
+	scheme := url.Hostname()
+	if scheme != "" {
+		backend, ok := registry[scheme]
+		if ok {
+			fmt.Println(strings.TrimPrefix(backend.help, "\n"))
+			os.Exit(1)
+		}
+	}
+
+	var backendList []string
+
+	var maxLen = 0
+	for name := range registry {
+		backendList = append(backendList, name)
+		if len(name) > maxLen {
+			maxLen = len(name)
+		}
+	}
+	sort.Strings(backendList)
+
+	fmt.Println("Available backends:")
+	for _, name := range backendList {
+		fmt.Printf("%*s  %s\n", maxLen, name, registry[name].description)
+	}
+	os.Exit(1)
+	return nil, nil
+}