* Define project as a Go module and update dependency versions
Signed-off-by: Nikos Filippakis <me@nfil.dev>
* Update docs, configs and dockerfile to use latest Go version
Signed-off-by: Nikos Filippakis <me@nfil.dev>
* Add postgres database driver
Signed-off-by: Nikos Filippakis <me@nfil.dev>
Add a new `AuthSession` function `Authenticated()` which returns `true` if the
user has completed the auth process. This allows the caller to distinguish
between:
- Never done any auth (404s)
- In the process of doing auth (`Authenticated == false`)
- Finished doing auth (`Authenticated == true`)
Required for Github OAuth redirect requests and just is generally useful to
have. Add UNIQUE constraints on realm/user and realm/id to prevent multiple
users getting the same ID.
- Rename the path from /configureAuthSession to /requestAuthSession
- Add a global getter/setter for the `ServiceDB` : this avoids cyclical deps
because now the Realm wants access to the database, and due to the factory
pattern it would mean `types.go` would need to import `database`, but
`database` is already doing so to invoke the factory function in `schema.go`.
- Modify how `AuthSession` is loaded/stored in the database. Now it is just
a blunt JSON store for Public fields. It is initialised via a new Realm
interface function `AuthSession(userID, realmID)` which is there to return
the right `struct` so stuff can be unmarshalled into it.
- Add a new Realm interface function `RequestAuthSession` which is invoked
when `/requestAuthSession` is hit. It is a direct request/response mapping,
a JSON blob goes in as a param, and a JSON blob comes out as the return.
The Realm is free to create/load/update/delete `AuthSessions` inside the
function. This allows better control over when new sessions are made (or
whether to return an existing session).
Auth sessions are a single auth process between a user and an auth realm. As
such, they are keyed off the tuple of `(user_id, realm_id)`.
Only the realm which they belong to knows how to construct them, hence all
"load" sections require an `AuthRealm` to be extracted first.
Currently I pass in a `json.RawMessage` rather than factory initialise and
clobber public fields based on the JSON, we can always change that if need be
later down the line.
Overall, this feels really nice (when starting to add in GH auth, everything I
wanted was already there in the right place waiting for me).
- These represent a place where a user can authenticate themselves.
- They function in the same way as Services (insert/update based on an HTTP API)
- They currently don't *do* a lot other than exist for storing realm-specific
information (e.g. the `GithubRealm` stores the `ClientSecret` and `ClientID`)
Nikos Filippakis
Kegan Dougal