liquid_feedback_frontend

view model/token.lua @ 1822:d1ef89bd250c

find changesets by author, revision, files, or words in the commit message
Fixed privileges
author bsw
date Wed Jan 26 01:46:10 2022 +0100 (2022-01-26)
parents 32cc544d5a5b
children
line source
1 Token = mondelefant.new_class()
2 Token.table = 'token'
3
4 Token:add_reference{
5 mode = '1m',
6 to = "TokenScope",
7 this_key = 'id',
8 that_key = 'token_id',
9 ref = 'token_scopes',
10 back_ref = 'token',
11 default_order = 'token_scope.index'
12 }
13
14 Token:add_reference{
15 mode = 'm1',
16 to = "Member",
17 this_key = 'member_id',
18 that_key = 'id',
19 ref = 'member',
20 }
21
22 Token:add_reference{
23 mode = 'm1',
24 to = "Session",
25 this_key = 'session_id',
26 that_key = 'id',
27 ref = 'session',
28 }
29
30 Token:add_reference{
31 mode = 'm1',
32 to = "SystemApplication",
33 this_key = 'system_application_id',
34 that_key = 'id',
35 ref = 'system_application',
36 }
37
38 function Token:new()
39 local token = self.prototype.new(self)
40 token.token = multirand.string(16, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
41 return token
42 end
43
44 function Token:create_authorization(member_id, system_application_id, domain, session_id, redirect_uri, redirect_uri_explicit, scopes, state)
45
46 local detached = false
47 for i = 0, #scopes do
48 if scopes[i] then
49 for s in string.gmatch(scopes[i], "[^ ]+") do
50 if s == "detached" then
51 detached = true
52 end
53 end
54 end
55 end
56
57 local requested_scopes = {}
58
59 for i = 0, #scopes do
60 if scopes[i] then
61 for scope in string.gmatch(scopes[i], "[^ ]+") do
62 requested_scopes[scope] = true
63 end
64 end
65 end
66
67 local requested_scopes_list = {}
68
69 for k, v in pairs(requested_scopes) do
70 requested_scopes_list[#requested_scopes_list+1] = k
71 end
72
73 local requested_scopes_string = table.concat(requested_scopes_list, " ")
74
75 local expiry = db:query({"SELECT now() + (? || 'sec')::interval AS expiry", config.oauth2.authorization_code_lifetime }, "object").expiry
76
77 local token = Token:new()
78 token.token_type = "authorization"
79 token.member_id = member_id
80 token.system_application_id = system_application_id
81 token.domain = domain
82 if not detached then
83 token.session_id = session_id
84 end
85 token.redirect_uri = redirect_uri
86 token.redirect_uri_explicit = redirect_uri_explicit
87 token.expiry = expiry
88 token.scope = requested_scopes_string
89
90 token:save()
91
92 for i = 0, #scopes do
93 if scopes[i] then
94 local token_scope = TokenScope:new()
95 token_scope.token_id = token.id
96 token_scope.index = i
97 token_scope.scope = scopes[i]
98 token_scope:save()
99 end
100 end
101
102
103 return token, target_uri
104 end
105
106 function Token:by_token_type_and_token(token_type, token)
107 local selector = Token:new_selector()
108 selector:add_where{ "token_type = ?", token_type }
109 selector:add_where{ "token = ?", token }
110 selector:add_where{ "expiry > now()" }
111 selector:optional_object_mode()
112 if token_type == "authorization_code" then
113 selector:for_update()
114 end
115 if token_type == "access_token" then
116 selector:add_field("FLOOR(EXTRACT(EPOCH FROM expiry - now()))", "expiry_in")
117 end
118 return selector:exec()
119 end
120
121 function Token:refresh_token_by_token_selector(token)
122 local selector = Token:new_selector()
123 selector:add_where{ "token_type = ?", "refresh" }
124 selector:add_where{ "member_id = ?", token.member_id }
125 if token.system_application_id then
126 selector:add_where{ "system_application_id = ?", token.system_application_id }
127 else
128 selector:add_where{ "domain = ?", token.domain }
129 end
130 return selector
131 end
132
133 function Token:fresh_refresh_token_by_token(token)
134 local selector = Token:refresh_token_by_token_selector(token)
135 selector:add_where{ "created + ('?' || ' sec')::interval > now()", config.oauth2.refresh_pause }
136 selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') <@ regexp_split_to_array(?, E'\\\\s+')", token.scope }
137 selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') @> regexp_split_to_array(?, E'\\\\s+')", token.scope }
138 return selector:exec()
139 end
140
141 function Token:old_refresh_token_by_token(token, scopes)
142 local selector = Token:refresh_token_by_token_selector(token)
143 selector:add_where{ "id < ?", token.id }
144 selector:add_where{ "created + ('?' || ' sec')::interval <= now()", config.oauth2.refresh_grace_period }
145 selector:add_where{ "regexp_split_to_array(scope, E'\\\\s+') && regexp_split_to_array(?, E'\\\\s+')", scopes }
146 return selector:exec()
147 end

Impressum / About Us