luisgulo/focalboard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2c16446efd
focalboard/server/auth/auth.go

76 lines
2.1 KiB
Go
Raw Normal View History

Recovers inactive websockets connections on reconnect in plugin mode (#1324) * Stores a cache of inactive connections so their subscriptions are recovered on reconnections * Adds test for getUserIDsForWorkspace and simplify messages through helpers * Make the plugin websocket client more resilient * Remove missed event callback and limit ws state polling to one at a time * Add read lock for the plugin adapter and guarantee atomic ops on inactiveAt * Add mutex to the plugin adapter client and tests to cover for races * Split plugin adapter mutex in two and use them to lock only on data access * Group plugin adapter fields by the mutex that's guarding them
2021-09-29 18:19:34 +02:00
//go:generate mockgen --build_flags=--mod=mod -destination=mocks/mockauth_interface.go -package mocks . AuthInterface
Websocket auth
2021-02-02 21:06:28 +01:00
package auth
import (
Auth readToken in websocket
2021-02-03 03:15:03 +01:00
"database/sql"
Websocket auth
2021-02-02 21:06:28 +01:00
"github.com/mattermost/focalboard/server/model"
"github.com/mattermost/focalboard/server/services/config"
"github.com/mattermost/focalboard/server/services/store"
use milliseconds for all timestamps (server) (#1447)
2021-10-07 13:51:01 +02:00
"github.com/mattermost/focalboard/server/utils"
Websocket auth
2021-02-02 21:06:28 +01:00
"github.com/pkg/errors"
)
Recovers inactive websockets connections on reconnect in plugin mode (#1324) * Stores a cache of inactive connections so their subscriptions are recovered on reconnections * Adds test for getUserIDsForWorkspace and simplify messages through helpers * Make the plugin websocket client more resilient * Remove missed event callback and limit ws state polling to one at a time * Add read lock for the plugin adapter and guarantee atomic ops on inactiveAt * Add mutex to the plugin adapter client and tests to cover for races * Split plugin adapter mutex in two and use them to lock only on data access * Group plugin adapter fields by the mutex that's guarding them
2021-09-29 18:19:34 +02:00
type AuthInterface interface {
GetSession(token string) (*model.Session, error)
IsValidReadToken(c store.Container, blockID string, readToken string) (bool, error)
DoesUserHaveWorkspaceAccess(userID string, workspaceID string) bool
}
First pass linter cleanup (#603) * first pass linter cleanup * address review comments
2021-06-21 11:21:42 +02:00
// Auth authenticates sessions.
Websocket auth
2021-02-02 21:06:28 +01:00
type Auth struct {
config *config.Configuration
store store.Store
}
First pass linter cleanup (#603) * first pass linter cleanup * address review comments
2021-06-21 11:21:42 +02:00
// New returns a new Auth.
Websocket auth
2021-02-02 21:06:28 +01:00
func New(config *config.Configuration, store store.Store) *Auth {
return &Auth{config: config, store: store}
}
First pass linter cleanup (#603) * first pass linter cleanup * address review comments
2021-06-21 11:21:42 +02:00
// GetSession Get a user active session and refresh the session if needed.
Websocket auth
2021-02-02 21:06:28 +01:00
func (a *Auth) GetSession(token string) (*model.Session, error) {
if len(token) < 1 {
return nil, errors.New("no session token")
}
session, err := a.store.GetSession(token, a.config.SessionExpireTime)
if err != nil {
return nil, errors.Wrap(err, "unable to get the session for the token")
}
use milliseconds for all timestamps (server) (#1447)
2021-10-07 13:51:01 +02:00
if session.UpdateAt < (utils.GetMillis() - utils.SecondsToMillis(a.config.SessionRefreshTime)) {
First pass linter cleanup (#603) * first pass linter cleanup * address review comments
2021-06-21 11:21:42 +02:00
_ = a.store.RefreshSession(session)
Websocket auth
2021-02-02 21:06:28 +01:00
}
return session, nil
}
Auth readToken in websocket
2021-02-03 03:15:03 +01:00
First pass linter cleanup (#603) * first pass linter cleanup * address review comments
2021-06-21 11:21:42 +02:00
// IsValidReadToken validates the read token for a block.
Workspace backend support
2021-03-26 19:01:54 +01:00
func (a *Auth) IsValidReadToken(c store.Container, blockID string, readToken string) (bool, error) {
rootID, err := a.store.GetRootID(c, blockID)
Auth readToken in websocket
2021-02-03 03:15:03 +01:00
if err != nil {
return false, err
}
Workspace backend support
2021-03-26 19:01:54 +01:00
sharing, err := a.store.GetSharing(c, rootID)
First pass linter cleanup (#603) * first pass linter cleanup * address review comments
2021-06-21 11:21:42 +02:00
if errors.Is(err, sql.ErrNoRows) {
Auth readToken in websocket
2021-02-03 03:15:03 +01:00
return false, nil
}
if err != nil {
return false, err
}
if sharing != nil && (sharing.ID == rootID && sharing.Enabled && sharing.Token == readToken) {
return true, nil
}
return false, nil
}
Changing mattermost-auth method to work based on shared database access (#335) * Improving mattermost auth implementation * Making mattermost-auth based on shared database access * Reverting unneeded changes in the config.json file * Fixing tiny problems * Removing the need of using the mattermost session token * Fixing some bugs and allowing to not-bind the server to any port * Small fix to correctly get the templates * Adding the mattermost-plugin code inside focalboard repo * Adding a not working code part of the cluster websocket communication * Updating the mattermost version * Adding the cluster messages for the websockets * Updating to the new node version * Making it compatible with S3 * Addressing some tiny problems * Fixing server tests * Adds support for MySQL migrations and initialization Co-authored-by: Miguel de la Cruz <miguel@mcrx.me>
2021-05-24 19:06:11 +02:00
func (a *Auth) DoesUserHaveWorkspaceAccess(userID string, workspaceID string) bool {
hasAccess, err := a.store.HasWorkspaceAccess(userID, workspaceID)
if err != nil {
return false
}
return hasAccess
}
Reference in New Issue Copy Permalink