fleet/kolide/sessions.go

package kolide

import (
	"time"

	jwt "github.com/dgrijalva/jwt-go"
	"github.com/kolide/kolide-ose/errors"
	"golang.org/x/net/context"
)

const publicErrorMessage string = "Session error"

var (
	// An error returned by SessionStore.Get() if no session record was found
	// in the database
	ErrNoActiveSession = errors.New(publicErrorMessage, "Active session is not present in the database")

	// An error returned by SessionStore methods when no session object has
	// been created yet but the requested action requires one
	ErrSessionNotCreated = errors.New(publicErrorMessage, "The session has not been created")

	// An error returned by SessionStore.Get() when a session is requested but
	// it has expired
	ErrSessionExpired = errors.New(publicErrorMessage, "The session has expired")

	// An error returned by SessionStore which indicates that the token
	// or it's content were malformed
	ErrSessionMalformed = errors.New(publicErrorMessage, "The session token was malformed")
)

// SessionStore is the abstract interface that all session backends must
// conform to.
type SessionStore interface {
	// Given a session key, find and return a session object or an error if one
	// could not be found for the given key
	FindSessionByKey(key string) (*Session, error)

	// Given a session id, find and return a session object or an error if one
	// could not be found for the given id
	FindSessionByID(id uint) (*Session, error)

	// Find all of the active sessions for a given user
	FindAllSessionsForUser(id uint) ([]*Session, error)

	// Store a new session struct
	NewSession(session *Session) (*Session, error)

	// Destroy the currently tracked session
	DestroySession(session *Session) error

	// Destroy all of the sessions for a given user
	DestroyAllSessionsForUser(id uint) error

	// Mark the currently tracked session as access to extend expiration
	MarkSessionAccessed(session *Session) error
}

type SessionService interface {
	Login(ctx context.Context, username, password string) (*User, string, error)
	Logout(ctx context.Context) error
	DestroySession(ctx context.Context) error
	GetInfoAboutSessionsForUser(ctx context.Context, id uint) ([]*Session, error)
	DeleteSessionsForUser(ctx context.Context, id uint) error
	GetInfoAboutSession(ctx context.Context, id uint) (*Session, error)
	GetSessionByKey(ctx context.Context, key string) (*Session, error)
	DeleteSession(ctx context.Context, id uint) error
}

// Session is the model object which represents what an active session is
type Session struct {
	ID         uint `gorm:"primary_key"`
	CreatedAt  time.Time
	AccessedAt time.Time
	UserID     uint   `gorm:"not null"`
	Key        string `gorm:"not null;unique_index:idx_session_unique_key"`
}

////////////////////////////////////////////////////////////////////////////////
// JSON Web Tokens
////////////////////////////////////////////////////////////////////////////////

// Given a session key create a JWT to be delivered to the client
func GenerateJWT(sessionKey, jwtKey string) (string, error) {
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"session_key": sessionKey,
	})

	return token.SignedString([]byte(jwtKey))
}

// ParseJWT attempts to parse a JWT token in serialized string form into a
// JWT token in a deserialized jwt.Token struct.
func ParseJWT(token, jwtKey string) (*jwt.Token, error) {
	return jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {
		method, ok := t.Method.(*jwt.SigningMethodHMAC)
		if !ok || method != jwt.SigningMethodHS256 {
			return nil, errors.New(publicErrorMessage, "Unexpected signing method")
		}
		return []byte(jwtKey), nil
	})
}
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`package kolide`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00
			`import (`
			`"time"`

Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`jwt "github.com/dgrijalva/jwt-go"`
Improve error handling throughout backend (#50) * New function `errors.ReturnError` for writing errors into the HTTP response * New type `KolideError` that includes additional error context * Validation and application errors are reported in a consistent JSON format * Add 404 handler * Refactored error handling throughout codebase to use new error patterns 2016-08-10 02:04:28 +00:00			`"github.com/kolide/kolide-ose/errors"`
Sessions endpoints (#108) * renaming auth service to sessions service * service method implementations * endpoint and transport and transport tests * Authenticate tests 2016-09-05 19:50:57 +00:00			`"golang.org/x/net/context"`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`)`

Improve error handling throughout backend (#50) * New function `errors.ReturnError` for writing errors into the HTTP response * New type `KolideError` that includes additional error context * Validation and application errors are reported in a consistent JSON format * Add 404 handler * Refactored error handling throughout codebase to use new error patterns 2016-08-10 02:04:28 +00:00			`const publicErrorMessage string = "Session error"`

Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`var (`
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`// An error returned by SessionStore.Get() if no session record was found`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`// in the database`
Improve error handling throughout backend (#50) * New function `errors.ReturnError` for writing errors into the HTTP response * New type `KolideError` that includes additional error context * Validation and application errors are reported in a consistent JSON format * Add 404 handler * Refactored error handling throughout codebase to use new error patterns 2016-08-10 02:04:28 +00:00			`ErrNoActiveSession = errors.New(publicErrorMessage, "Active session is not present in the database")`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`// An error returned by SessionStore methods when no session object has`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`// been created yet but the requested action requires one`
Improve error handling throughout backend (#50) * New function `errors.ReturnError` for writing errors into the HTTP response * New type `KolideError` that includes additional error context * Validation and application errors are reported in a consistent JSON format * Add 404 handler * Refactored error handling throughout codebase to use new error patterns 2016-08-10 02:04:28 +00:00			`ErrSessionNotCreated = errors.New(publicErrorMessage, "The session has not been created")`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`// An error returned by SessionStore.Get() when a session is requested but`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`// it has expired`
Improve error handling throughout backend (#50) * New function `errors.ReturnError` for writing errors into the HTTP response * New type `KolideError` that includes additional error context * Validation and application errors are reported in a consistent JSON format * Add 404 handler * Refactored error handling throughout codebase to use new error patterns 2016-08-10 02:04:28 +00:00			`ErrSessionExpired = errors.New(publicErrorMessage, "The session has expired")`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`// An error returned by SessionStore which indicates that the token`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`// or it's content were malformed`
Improve error handling throughout backend (#50) * New function `errors.ReturnError` for writing errors into the HTTP response * New type `KolideError` that includes additional error context * Validation and application errors are reported in a consistent JSON format * Add 404 handler * Refactored error handling throughout codebase to use new error patterns 2016-08-10 02:04:28 +00:00			`ErrSessionMalformed = errors.New(publicErrorMessage, "The session token was malformed")`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`)`

Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`// SessionStore is the abstract interface that all session backends must`
			`// conform to.`
			`type SessionStore interface {`
			`// Given a session key, find and return a session object or an error if one`
			`// could not be found for the given key`
			`FindSessionByKey(key string) (*Session, error)`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`// Given a session id, find and return a session object or an error if one`
			`// could not be found for the given id`
			`FindSessionByID(id uint) (*Session, error)`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00			`// Find all of the active sessions for a given user`
			`FindAllSessionsForUser(id uint) ([]*Session, error)`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer. 2016-09-14 16:11:06 +00:00			`// Store a new session struct`
			`NewSession(session Session) (Session, error)`
Session shuffle and rename app to server (#84) * renaming campaign to email * moving session management code to the new kolide/datastore pattern * removing global configuration variables in favor of config * moving email operations to package kolide * moving app to server * using http.ListenAndServeTLS instead of a method on gin.Engine remove the kolide.go dependency on gin 2016-08-19 00:45:39 +00:00
			`// Destroy the currently tracked session`
			`DestroySession(session *Session) error`

			`// Destroy all of the sessions for a given user`
			`DestroyAllSessionsForUser(id uint) error`

			`// Mark the currently tracked session as access to extend expiration`
			`MarkSessionAccessed(session *Session) error`
			`}`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00
Sessions endpoints (#108) * renaming auth service to sessions service * service method implementations * endpoint and transport and transport tests * Authenticate tests 2016-09-05 19:50:57 +00:00			`type SessionService interface {`
Header based JWT authentication (#131) * add a test data subcommand * updated sessions stuff * merge and tests 2016-09-08 01:24:11 +00:00			`Login(ctx context.Context, username, password string) (*User, string, error)`
			`Logout(ctx context.Context) error`
			`DestroySession(ctx context.Context) error`
Sessions endpoints (#108) * renaming auth service to sessions service * service method implementations * endpoint and transport and transport tests * Authenticate tests 2016-09-05 19:50:57 +00:00			`GetInfoAboutSessionsForUser(ctx context.Context, id uint) ([]*Session, error)`
			`DeleteSessionsForUser(ctx context.Context, id uint) error`
			`GetInfoAboutSession(ctx context.Context, id uint) (*Session, error)`
Refactoring for config patterns (#159) This PR refactors most of the codebase to use the new config patterns implemented in #149. Now the core service keeps a copy of the KolideConfig struct, and service methods can reference the configuration in that struct when they need it. The most significant refactoring is in the sessions code, separating the business logic from the storage layer. 2016-09-14 16:11:06 +00:00			`GetSessionByKey(ctx context.Context, key string) (*Session, error)`
Sessions endpoints (#108) * renaming auth service to sessions service * service method implementations * endpoint and transport and transport tests * Authenticate tests 2016-09-05 19:50:57 +00:00			`DeleteSession(ctx context.Context, id uint) error`
			`}`

Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`// Session is the model object which represents what an active session is`
			`type Session struct {`
			ID uint `gorm:"primary_key"`
			`CreatedAt time.Time`
			`AccessedAt time.Time`
			UserID uint `gorm:"not null"`
			Key string `gorm:"not null;unique_index:idx_session_unique_key"`
			`}`

			`////////////////////////////////////////////////////////////////////////////////`
			`// JSON Web Tokens`
			`////////////////////////////////////////////////////////////////////////////////`

			`// Given a session key create a JWT to be delivered to the client`
update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware 2016-09-01 04:51:38 +00:00			`func GenerateJWT(sessionKey, jwtKey string) (string, error) {`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{`
			`"session_key": sessionKey,`
			`})`

update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware 2016-09-01 04:51:38 +00:00			`return token.SignedString([]byte(jwtKey))`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`}`

			`// ParseJWT attempts to parse a JWT token in serialized string form into a`
			`// JWT token in a deserialized jwt.Token struct.`
update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware 2016-09-01 04:51:38 +00:00			`func ParseJWT(token, jwtKey string) (*jwt.Token, error) {`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`return jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {`
			`method, ok := t.Method.(*jwt.SigningMethodHMAC)`
			`if !ok \|\| method != jwt.SigningMethodHS256 {`
Improve error handling throughout backend (#50) * New function `errors.ReturnError` for writing errors into the HTTP response * New type `KolideError` that includes additional error context * Validation and application errors are reported in a consistent JSON format * Add 404 handler * Refactored error handling throughout codebase to use new error patterns 2016-08-10 02:04:28 +00:00			`return nil, errors.New(publicErrorMessage, "Unexpected signing method")`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`}`
update user service (#101) - Added all required methods for a UserService - Added authentication handlers `/api/login` and `/api/logout` - Added authMiddleware for authentication for `/api/v1/kolide` path - Added authorization middleware for each endoint - Added validation middleware for validating API inputs - Began work on logging middleware 2016-09-01 04:51:38 +00:00			`return []byte(jwtKey), nil`
Moving sessions code into sub-package (#42) Since the sessions code mostly stands on it's own, I wanted to break the dependencies apart from it and move it into it's own package. 2016-08-05 17:47:41 +00:00			`})`
			`}`