libs/VNLib.Plugins.Sessions.OAuth/src/O2SessionProviderEntry.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

/*
* Copyright (c) 2022 Vaughn Nugent
* 
* Library: VNLib
* Package: VNLib.Plugins.Essentials.Sessions.OAuth
* File: O2SessionProviderEntry.cs 
*
* O2SessionProviderEntry.cs is part of VNLib.Plugins.Essentials.Sessions.OAuth which is part of the larger 
* VNLib collection of libraries and utilities.
*
* VNLib.Plugins.Essentials.Sessions.OAuth is free software: you can redistribute it and/or modify 
* it under the terms of the GNU Affero General Public License as 
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* VNLib.Plugins.Essentials.Sessions.OAuth is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program.  If not, see https://www.gnu.org/licenses/.
*/

using System;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
using System.Collections.Generic;

using VNLib.Net.Http;
using VNLib.Utils.Logging;
using VNLib.Utils.Extensions;
using VNLib.Data.Caching;
using VNLib.Plugins.Sessions.Cache.Client;
using VNLib.Plugins.Essentials;
using VNLib.Plugins.Essentials.Sessions;
using VNLib.Plugins.Essentials.Oauth.Tokens;
using VNLib.Plugins.Essentials.Oauth.Applications;
using VNLib.Plugins.Sessions.OAuth.Endpoints;
using VNLib.Plugins.Extensions.VNCache;
using VNLib.Plugins.Extensions.Loading;
using VNLib.Plugins.Extensions.Loading.Routing;
using VNLib.Plugins.Extensions.Loading.Sql;
using VNLib.Plugins.Extensions.Loading.Events;


namespace VNLib.Plugins.Sessions.OAuth
{

    public sealed class O2SessionProviderEntry : ISessionProvider
    {
        const string OAUTH2_CONFIG_KEY = "oauth2";

        private OAuth2SessionProvider? _sessions;

        public bool CanProcess(IHttpEvent entity)
        {
            //If authorization header is set try to process as oauth2 session
            return _sessions != null && entity.Server.Headers.HeaderSet(System.Net.HttpRequestHeader.Authorization);
        }

        ValueTask<SessionHandle> ISessionProvider.GetSessionAsync(IHttpEvent entity, CancellationToken cancellationToken)
        {
            return _sessions!.GetSessionAsync(entity, cancellationToken);
        }
        

        public void Load(PluginBase plugin, ILogProvider localized)
        {
            IReadOnlyDictionary<string, JsonElement> oauth2Config = plugin.GetConfigForType<OAuth2SessionProvider>();

            //Access token endpoint is optional
            if (oauth2Config.TryGetValue("token_path", out JsonElement el))
            {
                //Init auth endpoint
                AccessTokenEndpoint authEp = new(el.GetString()!, plugin, CreateTokenDelegateAsync);

                //route auth endpoint
                plugin.Route(authEp);
            }

            //Optional revocation endpoint
            if (plugin.HasConfigForType<RevocationEndpoint>())
            {
                //Route revocation endpoint
                plugin.Route<RevocationEndpoint>();
            }

            int cacheLimit = oauth2Config["cache_size"].GetInt32();
            int maxTokensPerApp = oauth2Config["max_tokens_per_app"].GetInt32();
            int sessionIdSize = (int)oauth2Config["access_token_size"].GetUInt32();
            TimeSpan tokenValidFor = oauth2Config["token_valid_for_sec"].GetTimeSpan(TimeParseType.Seconds);
            TimeSpan cleanupInterval = oauth2Config["gc_interval_sec"].GetTimeSpan(TimeParseType.Seconds);
            string sessionIdPrefix = oauth2Config["cache_prefix"].GetString() ?? throw new KeyNotFoundException($"Missing required key 'cache_prefix' in '{OAUTH2_CONFIG_KEY}' config");

            //init the id provider
            OAuth2SessionIdProvider idProv = new(sessionIdPrefix, maxTokensPerApp, sessionIdSize, tokenValidFor);

            //Get shared global-cache
            IGlobalCacheProvider globalCache = plugin.GetGlobalCache(localized);

            //Create cache store from global cache
            GlobalCacheStore cacheStore = new(globalCache);

            //Init session provider now that client is loaded
            _sessions = new(cacheStore, cacheLimit, 100, idProv, plugin.GetContextOptions());

            //Schedule cleanup interval with the plugin scheduler
            plugin.ScheduleInterval(_sessions, cleanupInterval);

            //Wait and cleanup expired sessions
            _ = plugin.ObserveTask(() => _sessions.CleanupExpiredSessionsAsync(localized, plugin.UnloadToken), 1000);

            localized.Information("Session provider loaded");

        }

        private async Task<IOAuth2TokenResult?> CreateTokenDelegateAsync(HttpEntity entity, UserApplication app, CancellationToken cancellation)
        {
            return await _sessions!.CreateAccessTokenAsync(entity, app, cancellation).ConfigureAwait(false);
        }
    }
}