created hwsauth module

hwsauth/authenticator.go

@@ -0,0 +1,93 @@
+package hwsauth
+
+import (
+	"database/sql"
+	"projectreshoot/pkg/hws"
+
+	"git.haelnorr.com/h/golib/jwt"
+	"github.com/pkg/errors"
+	"github.com/rs/zerolog"
+)
+
+type Authenticator[T Model] struct {
+	tokenGenerator     *jwt.TokenGenerator
+	load               LoadFunc[T]
+	conn               *sql.DB
+	ignoredPaths       []string
+	logger             *zerolog.Logger
+	server             *hws.Server
+	errorPage          hws.ErrorPage
+	SSL                bool   // Use SSL for JWT tokens. Default true
+	TrustedHost        string // TrustedHost to use for SSL verification
+	SecretKey          string // Secret key to use for JWT tokens
+	AccessTokenExpiry  int64  // Expiry time for Access tokens in minutes. Default 5
+	RefreshTokenExpiry int64  // Expiry time for Refresh tokens in minutes. Default 1440 (1 day)
+	TokenFreshTime     int64  // Expiry time of token freshness. Default 5 minutes
+	LandingPage        string // Path of the desired landing page for logged in users
+}
+
+// NewAuthenticator creates and returns a new Authenticator using the provided configuration.
+// All expiry times should be provided in minutes.
+// trustedHost and secretKey strings must be provided.
+func NewAuthenticator[T Model](
+	load LoadFunc[T],
+	server *hws.Server,
+	conn *sql.DB,
+	logger *zerolog.Logger,
+	errorPage hws.ErrorPage,
+) (*Authenticator[T], error) {
+	if load == nil {
+		return nil, errors.New("No function to load model supplied")
+	}
+	if server == nil {
+		return nil, errors.New("No hws.Server provided")
+	}
+	if conn == nil {
+		return nil, errors.New("No database connection supplied")
+	}
+	if logger == nil {
+		return nil, errors.New("No logger provided")
+	}
+	if errorPage == nil {
+		return nil, errors.New("No ErrorPage provided")
+	}
+	auth := Authenticator[T]{
+		load:               load,
+		server:             server,
+		conn:               conn,
+		logger:             logger,
+		errorPage:          errorPage,
+		AccessTokenExpiry:  5,
+		RefreshTokenExpiry: 1440,
+		TokenFreshTime:     5,
+		SSL:                true,
+	}
+	return &auth, nil
+}
+
+// Initialise finishes the setup and prepares the Authenticator for use.
+// Any custom configuration must be set before Initialise is called
+func (auth *Authenticator[T]) Initialise() error {
+	if auth.TrustedHost == "" {
+		return errors.New("Trusted host must be provided")
+	}
+	if auth.SecretKey == "" {
+		return errors.New("Secret key cannot be blank")
+	}
+	if auth.LandingPage == "" {
+		return errors.New("No landing page specified")
+	}
+	tokenGen, err := jwt.CreateGenerator(
+		auth.AccessTokenExpiry,
+		auth.RefreshTokenExpiry,
+		auth.TokenFreshTime,
+		auth.TrustedHost,
+		auth.SecretKey,
+		auth.conn,
+	)
+	if err != nil {
+		return errors.Wrap(err, "jwt.CreateGenerator")
+	}
+	auth.tokenGenerator = tokenGen
+	return nil
+}