feat: configurable timings
This commit is contained in:
parent
a99045a034
commit
a04c5b062e
|
@ -7,3 +7,8 @@ misskey:
|
||||||
secret: ""
|
secret: ""
|
||||||
hydra:
|
hydra:
|
||||||
admin_url: "http://localhost:4445"
|
admin_url: "http://localhost:4445"
|
||||||
|
time:
|
||||||
|
request_valid: 3600
|
||||||
|
login_remember: 600
|
||||||
|
consent_remember: 0
|
||||||
|
userinfo_cache: 3600
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
package consts
|
package consts
|
||||||
|
|
||||||
import "time"
|
|
||||||
|
|
||||||
const (
|
const (
|
||||||
TIME_REQUEST_VALID = 1 * time.Hour
|
TIME_DEFAULT_REQUEST_VALID = 3600 // 1 Hour
|
||||||
|
|
||||||
TIME_LOGIN_REMEMBER = 10 * time.Minute
|
TIME_DEFAULT_LOGIN_REMEMBER = 600 // 10 Minute
|
||||||
TIME_CONSENT_REMEMBER = 0 // Forever
|
TIME_DEFAULT_CONSENT_REMEMBER = 0 // Forever
|
||||||
|
|
||||||
TIME_USERINFO_CACHE = 1 * time.Hour
|
TIME_DEFAULT_USERINFO_CACHE = 3600 // 1 Hour
|
||||||
)
|
)
|
||||||
|
|
|
@ -5,10 +5,12 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
client "github.com/ory/hydra-client-go/v2"
|
client "github.com/ory/hydra-client-go/v2"
|
||||||
|
"misso/config"
|
||||||
"misso/consts"
|
"misso/consts"
|
||||||
"misso/global"
|
"misso/global"
|
||||||
"misso/utils"
|
"misso/utils"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func ConsentCheck(ctx *gin.Context) {
|
func ConsentCheck(ctx *gin.Context) {
|
||||||
|
@ -57,7 +59,7 @@ func ConsentCheck(ctx *gin.Context) {
|
||||||
global.Logger.Debugf("Generating CSRF token...")
|
global.Logger.Debugf("Generating CSRF token...")
|
||||||
csrf := utils.RandString(32)
|
csrf := utils.RandString(32)
|
||||||
sessKey := fmt.Sprintf(consts.REDIS_KEY_CONSENT_CSRF, oauth2challenge)
|
sessKey := fmt.Sprintf(consts.REDIS_KEY_CONSENT_CSRF, oauth2challenge)
|
||||||
err := global.Redis.Set(context.Background(), sessKey, csrf, consts.TIME_REQUEST_VALID).Err()
|
err := global.Redis.Set(context.Background(), sessKey, csrf, time.Duration(config.Config.Time.RequestValid)*time.Second).Err()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
global.Logger.Errorf("Failed to save csrf into redis with error: %v", err)
|
global.Logger.Errorf("Failed to save csrf into redis with error: %v", err)
|
||||||
ctx.HTML(http.StatusInternalServerError, "error.tmpl", gin.H{
|
ctx.HTML(http.StatusInternalServerError, "error.tmpl", gin.H{
|
||||||
|
|
|
@ -5,10 +5,10 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
client "github.com/ory/hydra-client-go/v2"
|
client "github.com/ory/hydra-client-go/v2"
|
||||||
|
"misso/config"
|
||||||
"misso/consts"
|
"misso/consts"
|
||||||
"misso/global"
|
"misso/global"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type ConsentConfirmRequest struct {
|
type ConsentConfirmRequest struct {
|
||||||
|
@ -88,9 +88,9 @@ func ConsentConfirm(ctx *gin.Context) {
|
||||||
global.Logger.Debugf("User accepted the request, reporting back to hydra...")
|
global.Logger.Debugf("User accepted the request, reporting back to hydra...")
|
||||||
|
|
||||||
global.Logger.Debugf("Initializing ID Token...")
|
global.Logger.Debugf("Initializing ID Token...")
|
||||||
rememberFor := int64(consts.TIME_CONSENT_REMEMBER / time.Second) // Remember forever
|
rememberFor := config.Config.Time.ConsentRemember // Remember forever
|
||||||
acceptReq, _, err := global.Hydra.Admin.OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).ConsentChallenge(oauth2challenge).AcceptOAuth2ConsentRequest(client.AcceptOAuth2ConsentRequest{
|
acceptReq, _, err := global.Hydra.Admin.OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).ConsentChallenge(oauth2challenge).AcceptOAuth2ConsentRequest(client.AcceptOAuth2ConsentRequest{
|
||||||
GrantScope: consentReq.RequestedScope, // TODO: Specify scopes
|
GrantScope: consentReq.RequestedScope,
|
||||||
GrantAccessTokenAudience: consentReq.RequestedAccessTokenAudience,
|
GrantAccessTokenAudience: consentReq.RequestedAccessTokenAudience,
|
||||||
Remember: &req.Remember,
|
Remember: &req.Remember,
|
||||||
RememberFor: &rememberFor,
|
RememberFor: &rememberFor,
|
||||||
|
|
|
@ -5,10 +5,12 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
client "github.com/ory/hydra-client-go/v2"
|
client "github.com/ory/hydra-client-go/v2"
|
||||||
|
"misso/config"
|
||||||
"misso/consts"
|
"misso/consts"
|
||||||
"misso/global"
|
"misso/global"
|
||||||
"misso/misskey"
|
"misso/misskey"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Login(ctx *gin.Context) {
|
func Login(ctx *gin.Context) {
|
||||||
|
@ -69,7 +71,7 @@ func Login(ctx *gin.Context) {
|
||||||
|
|
||||||
// Save login challenge state into redis (misskey cannot keep state info)
|
// Save login challenge state into redis (misskey cannot keep state info)
|
||||||
sessKey := fmt.Sprintf(consts.REDIS_KEY_LOGIN_SESSION, authSess.Token)
|
sessKey := fmt.Sprintf(consts.REDIS_KEY_LOGIN_SESSION, authSess.Token)
|
||||||
err = global.Redis.Set(context.Background(), sessKey, oauth2challenge, consts.TIME_REQUEST_VALID).Err()
|
err = global.Redis.Set(context.Background(), sessKey, oauth2challenge, time.Duration(config.Config.Time.RequestValid)*time.Second).Err()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
global.Logger.Errorf("Failed to save session into redis with error: %v", err)
|
global.Logger.Errorf("Failed to save session into redis with error: %v", err)
|
||||||
ctx.HTML(http.StatusInternalServerError, "error.tmpl", gin.H{
|
ctx.HTML(http.StatusInternalServerError, "error.tmpl", gin.H{
|
||||||
|
|
|
@ -10,7 +10,6 @@ import (
|
||||||
"misso/global"
|
"misso/global"
|
||||||
"misso/misskey"
|
"misso/misskey"
|
||||||
"net/http"
|
"net/http"
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func MisskeyAuthCallback(ctx *gin.Context) {
|
func MisskeyAuthCallback(ctx *gin.Context) {
|
||||||
|
@ -75,13 +74,15 @@ func MisskeyAuthCallback(ctx *gin.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
global.Logger.Debugf("User accepted the request, reporting back to hydra...")
|
global.Logger.Debugf("User accepted the request, reporting back to hydra...")
|
||||||
remember := true
|
acceptReq := client.AcceptOAuth2LoginRequest{
|
||||||
rememberFor := int64(consts.TIME_LOGIN_REMEMBER / time.Second)
|
Subject: userIdentifier,
|
||||||
acceptReq, _, err := global.Hydra.Admin.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).LoginChallenge(oauth2challenge).AcceptOAuth2LoginRequest(client.AcceptOAuth2LoginRequest{
|
}
|
||||||
Subject: userIdentifier,
|
if config.Config.Time.LoginRemember > 0 {
|
||||||
Remember: &remember,
|
remember := true
|
||||||
RememberFor: &rememberFor,
|
acceptReq.Remember = &remember
|
||||||
}).Execute()
|
acceptReq.RememberFor = &config.Config.Time.LoginRemember
|
||||||
|
}
|
||||||
|
acceptRes, _, err := global.Hydra.Admin.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).LoginChallenge(oauth2challenge).AcceptOAuth2LoginRequest(acceptReq).Execute()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
global.Logger.Errorf("Failed to accept login request with error: %v", err)
|
global.Logger.Errorf("Failed to accept login request with error: %v", err)
|
||||||
ctx.HTML(http.StatusInternalServerError, "error.tmpl", gin.H{
|
ctx.HTML(http.StatusInternalServerError, "error.tmpl", gin.H{
|
||||||
|
@ -91,7 +92,7 @@ func MisskeyAuthCallback(ctx *gin.Context) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Redirect to target uri
|
// Redirect to target uri
|
||||||
ctx.Redirect(http.StatusTemporaryRedirect, acceptReq.RedirectTo)
|
ctx.Redirect(http.StatusTemporaryRedirect, acceptRes.RedirectTo)
|
||||||
|
|
||||||
global.Logger.Debugf("User should now be redirecting to target URI.")
|
global.Logger.Debugf("User should now be redirecting to target URI.")
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ package inits
|
||||||
import (
|
import (
|
||||||
"gopkg.in/yaml.v3"
|
"gopkg.in/yaml.v3"
|
||||||
"misso/config"
|
"misso/config"
|
||||||
|
"misso/consts"
|
||||||
"os"
|
"os"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -23,5 +24,21 @@ func Config() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Validate time
|
||||||
|
if config.Config.Time.RequestValid <= 0 {
|
||||||
|
config.Config.Time.RequestValid = consts.TIME_DEFAULT_REQUEST_VALID
|
||||||
|
}
|
||||||
|
if config.Config.Time.LoginRemember < 0 {
|
||||||
|
// 0 means don't remember (in extreme account switch situations)
|
||||||
|
config.Config.Time.LoginRemember = consts.TIME_DEFAULT_LOGIN_REMEMBER
|
||||||
|
}
|
||||||
|
if config.Config.Time.ConsentRemember < 0 {
|
||||||
|
// 0 means remember forever (default behavior)
|
||||||
|
config.Config.Time.ConsentRemember = consts.TIME_DEFAULT_CONSENT_REMEMBER
|
||||||
|
}
|
||||||
|
if config.Config.Time.UserinfoCache <= 0 {
|
||||||
|
config.Config.Time.UserinfoCache = consts.TIME_DEFAULT_USERINFO_CACHE
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,4 +14,10 @@ type Config struct {
|
||||||
Hydra struct {
|
Hydra struct {
|
||||||
AdminUrl string `yaml:"admin_url"`
|
AdminUrl string `yaml:"admin_url"`
|
||||||
} `yaml:"hydra"`
|
} `yaml:"hydra"`
|
||||||
|
Time struct {
|
||||||
|
RequestValid int64 `yaml:"request_valid"`
|
||||||
|
LoginRemember int64 `yaml:"login_remember"`
|
||||||
|
ConsentRemember int64 `yaml:"consent_remember"`
|
||||||
|
UserinfoCache int64 `yaml:"userinfo_cache"`
|
||||||
|
} `yaml:"time"`
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,9 +4,11 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"misso/config"
|
||||||
"misso/consts"
|
"misso/consts"
|
||||||
"misso/global"
|
"misso/global"
|
||||||
"misso/types"
|
"misso/types"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func SaveUserinfo(subject string, userinfo *types.MisskeyUser) error {
|
func SaveUserinfo(subject string, userinfo *types.MisskeyUser) error {
|
||||||
|
@ -16,7 +18,7 @@ func SaveUserinfo(subject string, userinfo *types.MisskeyUser) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
sessUserInfoKey := fmt.Sprintf(consts.REDIS_KEY_USER_INFO, subject)
|
sessUserInfoKey := fmt.Sprintf(consts.REDIS_KEY_USER_INFO, subject)
|
||||||
err = global.Redis.Set(context.Background(), sessUserInfoKey, userinfoBytes, consts.TIME_USERINFO_CACHE).Err()
|
err = global.Redis.Set(context.Background(), sessUserInfoKey, userinfoBytes, time.Duration(config.Config.Time.UserinfoCache)*time.Second).Err()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
global.Logger.Errorf("Failed to save session user info into redis with error: %v", err)
|
global.Logger.Errorf("Failed to save session user info into redis with error: %v", err)
|
||||||
return err
|
return err
|
||||||
|
|
Loading…
Reference in New Issue