153 lines
4.9 KiB
Go
153 lines
4.9 KiB
Go
package storage
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"git.zhouxhere.com/zhouxhere/syz/oauth"
|
|
"github.com/go-jose/go-jose"
|
|
"github.com/google/uuid"
|
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
|
"github.com/zitadel/oidc/v3/pkg/op"
|
|
)
|
|
|
|
type AuthStorage struct {
|
|
op.AuthStorage
|
|
}
|
|
|
|
func (s *Storage) CreateAuthRequest(ctx context.Context, authRequest *oidc.AuthRequest, userID string) (op.AuthRequest, error) {
|
|
s.lock.Lock()
|
|
defer s.lock.Unlock()
|
|
|
|
request := oauth.AuthRequestFromOIDC(authRequest, userID)
|
|
|
|
result := s.store.DB.Create(request)
|
|
|
|
return request, result.Error
|
|
}
|
|
|
|
func (s *Storage) AuthRequestByID(ctx context.Context, id string) (op.AuthRequest, error) {
|
|
s.lock.Lock()
|
|
defer s.lock.Unlock()
|
|
|
|
var request oauth.AuthRequest
|
|
|
|
result := s.store.DB.First(&request, id)
|
|
|
|
return &request, result.Error
|
|
}
|
|
|
|
func (s *Storage) AuthRequestByCode(ctx context.Context, code string) (op.AuthRequest, error) {
|
|
s.lock.Lock()
|
|
defer s.lock.Unlock()
|
|
|
|
var authCode oauth.AuthCode
|
|
err := s.store.DB.Where("code = ?", code).First(&authCode).Error
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var request oauth.AuthRequest
|
|
err = s.store.DB.Where("id = ?", authCode.RequestId).First(&request).Error
|
|
|
|
return &request, err
|
|
}
|
|
|
|
func (s *Storage) SaveAuthCode(ctx context.Context, requestID string, code string) error {
|
|
s.lock.Lock()
|
|
defer s.lock.Unlock()
|
|
|
|
requestUUID, err := uuid.Parse(requestID)
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
authCode := oauth.AuthCode{
|
|
RequestId: requestUUID,
|
|
Code: code,
|
|
}
|
|
|
|
result := s.store.DB.Create(&authCode)
|
|
return result.Error
|
|
}
|
|
|
|
func (s *Storage) DeleteAuthRequest(ctx context.Context, id string) error {
|
|
s.lock.Lock()
|
|
defer s.lock.Unlock()
|
|
|
|
result := s.store.DB.Delete(&oauth.AuthCode{}, "request_id = ?", id)
|
|
|
|
if result.Error != nil {
|
|
return result.Error
|
|
}
|
|
|
|
result = s.store.DB.Delete(&oauth.AuthRequest{}, id)
|
|
return result.Error
|
|
}
|
|
|
|
// The TokenRequest parameter of CreateAccessToken can be any of:
|
|
//
|
|
// * TokenRequest as returned by ClientCredentialsStorage.ClientCredentialsTokenRequest,
|
|
//
|
|
// * AuthRequest as returned by AuthRequestByID or AuthRequestByCode (above)
|
|
//
|
|
// - *oidc.JWTTokenRequest from a JWT that is the assertion value of a JWT Profile
|
|
// Grant: https://datatracker.ietf.org/doc/html/rfc7523#section-2.1
|
|
//
|
|
// * TokenExchangeRequest as returned by ValidateTokenExchangeRequest
|
|
func (s *Storage) CreateAccessToken(ctx context.Context, tokenRequest op.TokenRequest) (accessTokenID string, expiration time.Time, err error) {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|
|
|
|
// The TokenRequest parameter of CreateAccessAndRefreshTokens can be any of:
|
|
//
|
|
// * TokenRequest as returned by ClientCredentialsStorage.ClientCredentialsTokenRequest
|
|
//
|
|
// * RefreshTokenRequest as returned by AuthStorage.TokenRequestByRefreshToken
|
|
//
|
|
// - AuthRequest as by returned by the AuthRequestByID or AuthRequestByCode (above).
|
|
// Used for the authorization code flow which requested offline_access scope and
|
|
// registered the refresh_token grant type in advance
|
|
//
|
|
// * TokenExchangeRequest as returned by ValidateTokenExchangeRequest
|
|
func (s *Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshTokenID string, expiration time.Time, err error) {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|
|
|
|
func (s *Storage) TokenRequestByRefreshToken(ctx context.Context, refreshTokenID string) (op.RefreshTokenRequest, error) {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|
|
|
|
func (s *Storage) TerminateSession(ctx context.Context, userID string, clientID string) error {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|
|
|
|
// RevokeToken should revoke a token. In the situation that the original request was to
|
|
// revoke an access token, then tokenOrTokenID will be a tokenID and userID will be set
|
|
// but if the original request was for a refresh token, then userID will be empty and
|
|
// tokenOrTokenID will be the refresh token, not its ID. RevokeToken depends upon GetRefreshTokenInfo
|
|
// to get information from refresh tokens that are not either "<tokenID>:<userID>" strings
|
|
// nor JWTs.
|
|
func (s *Storage) RevokeToken(ctx context.Context, tokenOrTokenID string, userID string, clientID string) *oidc.Error {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|
|
|
|
// GetRefreshTokenInfo must return ErrInvalidRefreshToken when presented
|
|
// with a token that is not a refresh token.
|
|
func (s *Storage) GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error) {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|
|
|
|
func (s *Storage) SigningKey(_ context.Context) (op.SigningKey, error) {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|
|
|
|
func (s *Storage) SignatureAlgorithms(_ context.Context) ([]jose.SignatureAlgorithm, error) {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|
|
|
|
func (s *Storage) KeySet(_ context.Context) ([]op.Key, error) {
|
|
panic("not implemented") // TODO: Implement
|
|
}
|