github.com/dbernstein1/tyk@v2.9.0-beta9-dl-apic+incompatible/user/session.go

github.com/dbernstein1/tyk@v2.9.0-beta9-dl-apic+incompatible/user/session.go (about)

     1  package user
     2  
     3  import (
     4  	"crypto/md5"
     5  	"fmt"
     6  	"time"
     7  
     8  	"github.com/TykTechnologies/tyk/config"
     9  	logger "github.com/TykTechnologies/tyk/log"
    10  )
    11  
    12  var log = logger.Get()
    13  
    14  type HashType string
    15  
    16  const (
    17  	HashPlainText HashType = ""
    18  	HashBCrypt    HashType = "bcrypt"
    19  )
    20  
    21  // AccessSpecs define what URLS a user has access to an what methods are enabled
    22  type AccessSpec struct {
    23  	URL     string   `json:"url" msg:"url"`
    24  	Methods []string `json:"methods" msg:"methods"`
    25  }
    26  
    27  // APILimit stores quota and rate limit on ACL level (per API)
    28  type APILimit struct {
    29  	Rate               float64 `json:"rate" msg:"rate"`
    30  	Per                float64 `json:"per" msg:"per"`
    31  	ThrottleInterval   float64 `json:"throttle_interval" msg:"throttle_interval"`
    32  	ThrottleRetryLimit int     `json:"throttle_retry_limit" msg:"throttle_retry_limit"`
    33  	QuotaMax           int64   `json:"quota_max" msg:"quota_max"`
    34  	QuotaRenews        int64   `json:"quota_renews" msg:"quota_renews"`
    35  	QuotaRemaining     int64   `json:"quota_remaining" msg:"quota_remaining"`
    36  	QuotaRenewalRate   int64   `json:"quota_renewal_rate" msg:"quota_renewal_rate"`
    37  	SetByPolicy        bool    `json:"set_by_policy" msg:"set_by_policy"`
    38  }
    39  
    40  // AccessDefinition defines which versions of an API a key has access to
    41  type AccessDefinition struct {
    42  	APIName     string       `json:"api_name" msg:"api_name"`
    43  	APIID       string       `json:"api_id" msg:"api_id"`
    44  	Versions    []string     `json:"versions" msg:"versions"`
    45  	AllowedURLs []AccessSpec `bson:"allowed_urls" json:"allowed_urls" msg:"allowed_urls"` // mapped string MUST be a valid regex
    46  	Limit       *APILimit    `json:"limit" msg:"limit"`
    47  }
    48  
    49  // SessionState objects represent a current API session, mainly used for rate limiting.
    50  // There's a data structure that's based on this and it's used for Protocol Buffer support, make sure to update "coprocess/proto/coprocess_session_state.proto" and generate the bindings using: cd coprocess/proto && ./update_bindings.sh
    51  //
    52  // swagger:model
    53  type SessionState struct {
    54  	LastCheck          int64                       `json:"last_check" msg:"last_check"`
    55  	Allowance          float64                     `json:"allowance" msg:"allowance"`
    56  	Rate               float64                     `json:"rate" msg:"rate"`
    57  	Per                float64                     `json:"per" msg:"per"`
    58  	ThrottleInterval   float64                     `json:"throttle_interval" msg:"throttle_interval"`
    59  	ThrottleRetryLimit int                         `json:"throttle_retry_limit" msg:"throttle_retry_limit"`
    60  	DateCreated        time.Time                   `json:"date_created" msg:"date_created"`
    61  	Expires            int64                       `json:"expires" msg:"expires"`
    62  	QuotaMax           int64                       `json:"quota_max" msg:"quota_max"`
    63  	QuotaRenews        int64                       `json:"quota_renews" msg:"quota_renews"`
    64  	QuotaRemaining     int64                       `json:"quota_remaining" msg:"quota_remaining"`
    65  	QuotaRenewalRate   int64                       `json:"quota_renewal_rate" msg:"quota_renewal_rate"`
    66  	AccessRights       map[string]AccessDefinition `json:"access_rights" msg:"access_rights"`
    67  	OrgID              string                      `json:"org_id" msg:"org_id"`
    68  	OauthClientID      string                      `json:"oauth_client_id" msg:"oauth_client_id"`
    69  	OauthKeys          map[string]string           `json:"oauth_keys" msg:"oauth_keys"`
    70  	Certificate        string                      `json:"certificate" msg:"certificate"`
    71  	BasicAuthData      struct {
    72  		Password string   `json:"password" msg:"password"`
    73  		Hash     HashType `json:"hash_type" msg:"hash_type"`
    74  	} `json:"basic_auth_data" msg:"basic_auth_data"`
    75  	JWTData struct {
    76  		Secret string `json:"secret" msg:"secret"`
    77  	} `json:"jwt_data" msg:"jwt_data"`
    78  	HMACEnabled   bool     `json:"hmac_enabled" msg:"hmac_enabled"`
    79  	HmacSecret    string   `json:"hmac_string" msg:"hmac_string"`
    80  	IsInactive    bool     `json:"is_inactive" msg:"is_inactive"`
    81  	ApplyPolicyID string   `json:"apply_policy_id" msg:"apply_policy_id"`
    82  	ApplyPolicies []string `json:"apply_policies" msg:"apply_policies"`
    83  	DataExpires   int64    `json:"data_expires" msg:"data_expires"`
    84  	Monitor       struct {
    85  		TriggerLimits []float64 `json:"trigger_limits" msg:"trigger_limits"`
    86  	} `json:"monitor" msg:"monitor"`
    87  	EnableDetailedRecording bool                   `json:"enable_detail_recording" msg:"enable_detail_recording"`
    88  	MetaData                map[string]interface{} `json:"meta_data" msg:"meta_data"`
    89  	Tags                    []string               `json:"tags" msg:"tags"`
    90  	Alias                   string                 `json:"alias" msg:"alias"`
    91  	LastUpdated             string                 `json:"last_updated" msg:"last_updated"`
    92  	IdExtractorDeadline     int64                  `json:"id_extractor_deadline" msg:"id_extractor_deadline"`
    93  	SessionLifetime         int64                  `bson:"session_lifetime" json:"session_lifetime"`
    94  
    95  	// Used to store token hash
    96  	keyHash string
    97  }
    98  
    99  func (s *SessionState) MD5Hash() string {
   100  	return fmt.Sprintf("%x", md5.Sum([]byte(fmt.Sprintf("%+v", s))))
   101  }
   102  
   103  func (s *SessionState) KeyHash() string {
   104  	if s.keyHash == "" {
   105  		panic("KeyHash cache not found. You should call `SetKeyHash` before.")
   106  	}
   107  
   108  	return s.keyHash
   109  }
   110  
   111  func (s *SessionState) SetKeyHash(hash string) {
   112  	s.keyHash = hash
   113  }
   114  
   115  func (s *SessionState) KeyHashEmpty() bool {
   116  	return s.keyHash == ""
   117  }
   118  
   119  func (s *SessionState) Lifetime(fallback int64) int64 {
   120  	if config.Global().ForceGlobalSessionLifetime {
   121  		return config.Global().GlobalSessionLifetime
   122  	}
   123  	if s.SessionLifetime > 0 {
   124  		return s.SessionLifetime
   125  	}
   126  	if fallback > 0 {
   127  		return fallback
   128  	}
   129  	return 0
   130  }
   131  
   132  // PolicyIDs returns the IDs of all the policies applied to this
   133  // session. For backwards compatibility reasons, this falls back to
   134  // ApplyPolicyID if ApplyPolicies is empty.
   135  func (s *SessionState) PolicyIDs() []string {
   136  	if len(s.ApplyPolicies) > 0 {
   137  		return s.ApplyPolicies
   138  	}
   139  	if s.ApplyPolicyID != "" {
   140  		return []string{s.ApplyPolicyID}
   141  	}
   142  	return nil
   143  }
   144  
   145  func (s *SessionState) SetPolicies(ids ...string) {
   146  	s.ApplyPolicyID = ""
   147  	s.ApplyPolicies = ids
   148  }
   149  
   150  // GetQuotaLimitByAPIID return quota max, quota remaining, quota renewal rate and quota renews for the given session
   151  func (s *SessionState) GetQuotaLimitByAPIID(apiID string) (int64, int64, int64, int64) {
   152  	if access, ok := s.AccessRights[apiID]; ok && access.Limit != nil {
   153  		return access.Limit.QuotaMax,
   154  			access.Limit.QuotaRemaining,
   155  			access.Limit.QuotaRenewalRate,
   156  			access.Limit.QuotaRenews
   157  	}
   158  
   159  	return s.QuotaMax, s.QuotaRemaining, s.QuotaRenewalRate, s.QuotaRenews
   160  }