mirror of
https://gitlab.com/mbugroup/lti-api.git
synced 2026-05-20 21:41:55 +00:00
Feat(BE-69,70,71,72,73): crud and integration sso with lti, revoke_token
This commit is contained in:
ragilap
@@ -0,0 +1,106 @@
|
||||
package session
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/redis/go-redis/v9"
|
||||
)
|
||||
|
||||
// RevocationStore handles token blacklist / revocation entries in Redis.
|
||||
type RevocationStore struct {
|
||||
redis *redis.Client
|
||||
prefix string
|
||||
}
|
||||
|
||||
var (
|
||||
globalRevokerMu sync.RWMutex
|
||||
globalRevoker *RevocationStore
|
||||
)
|
||||
|
||||
// NewRevocationStore creates a revocation store with the given redis client and key prefix.
|
||||
func NewRevocationStore(client *redis.Client, prefix string) *RevocationStore {
|
||||
return &RevocationStore{
|
||||
redis: client,
|
||||
prefix: strings.TrimSpace(prefix),
|
||||
}
|
||||
}
|
||||
|
||||
// SetRevocationStore registers the provided revocation store for global access.
|
||||
func SetRevocationStore(store *RevocationStore) {
|
||||
globalRevokerMu.Lock()
|
||||
globalRevoker = store
|
||||
globalRevokerMu.Unlock()
|
||||
}
|
||||
|
||||
// GetRevocationStore returns the globally registered revocation store, or nil if unset.
|
||||
func GetRevocationStore() *RevocationStore {
|
||||
globalRevokerMu.RLock()
|
||||
defer globalRevokerMu.RUnlock()
|
||||
return globalRevoker
|
||||
}
|
||||
|
||||
// MustRevocationStore returns the registered revocation store or panics if none is configured.
|
||||
func MustRevocationStore() *RevocationStore {
|
||||
store := GetRevocationStore()
|
||||
if store == nil {
|
||||
panic("revocation store not initialised")
|
||||
}
|
||||
return store
|
||||
}
|
||||
|
||||
// Revoke stores the fingerprint with the provided TTL.
|
||||
func (s *RevocationStore) Revoke(ctx context.Context, fingerprint string, ttl time.Duration) error {
|
||||
if s == nil || s.redis == nil {
|
||||
return errors.New("revocation store redis client not initialised")
|
||||
}
|
||||
fingerprint = strings.TrimSpace(fingerprint)
|
||||
if fingerprint == "" {
|
||||
return nil
|
||||
}
|
||||
if ttl <= 0 {
|
||||
ttl = time.Minute
|
||||
}
|
||||
key := s.keyFor(fingerprint)
|
||||
return s.redis.Set(ctx, key, "1", ttl).Err()
|
||||
}
|
||||
|
||||
// IsRevoked returns true when the fingerprint appears in the blacklist.
|
||||
func (s *RevocationStore) IsRevoked(ctx context.Context, fingerprint string) (bool, error) {
|
||||
if s == nil || s.redis == nil {
|
||||
return false, errors.New("revocation store redis client not initialised")
|
||||
}
|
||||
fingerprint = strings.TrimSpace(fingerprint)
|
||||
if fingerprint == "" {
|
||||
return false, nil
|
||||
}
|
||||
key := s.keyFor(fingerprint)
|
||||
exists, err := s.redis.Exists(ctx, key).Result()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return exists > 0, nil
|
||||
}
|
||||
|
||||
func (s *RevocationStore) keyFor(fingerprint string) string {
|
||||
prefix := s.prefix
|
||||
if prefix == "" {
|
||||
prefix = "sso:blacklist"
|
||||
}
|
||||
return prefix + ":" + fingerprint
|
||||
}
|
||||
|
||||
// TokenFingerprint hashes token material before persisting it to the blacklist.
|
||||
func TokenFingerprint(token string) string {
|
||||
token = strings.TrimSpace(token)
|
||||
if token == "" {
|
||||
return ""
|
||||
}
|
||||
sum := sha256.Sum256([]byte(token))
|
||||
return hex.EncodeToString(sum[:])
|
||||
}
|
||||
Reference in New Issue
Block a user