Google Git
Sign in
fuchsia / garnet / 66e1924c2a18c92594644cfa392bf02cb568984d / . / go / src / amber / source / token_loader.go
blob: 9f2b8877c8b3835a6067e89c33e89bdf5dd0c257 [file] [log] [blame]
// Copyright 2018 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
package source
import (
"amber/atonce"
"encoding/base64"
"encoding/json"
"fmt"
"log"
"os"
"path/filepath"
"regexp"
"sync"
"time"
"unicode/utf8"
)
type TokenRecord struct {
ProviderType string `json:"auth_provider_type"`
ProfileId string `json:"user_profile_id"`
RefreshToken string `json:"refresh_token"`
}
type TokenStore []TokenRecord
type TokenLoader struct {
AuthDir string
watcher tokenObserver
}
type tokenCallback func(string, string)
const (
oauthClientId = "934259141868-rejmm4ollj1bs7th1vg2ur6antpbug79.apps.googleusercontent.com"
)
var defaultTokenLoader = &TokenLoader{AuthDir: "/data/auth"}
var tknStorePat = regexp.MustCompile(".+_token_store\\.json$")
func (t *TokenLoader) ReadToken(f tokenCallback, clientId string) {
t.watcher.observe(clientId, f)
atonce.Do("token-loader-read-token", "", t.read)
}
func (t *TokenLoader) read() error {
log.Printf("token_loader: loading auth tokens")
immediate := make(chan struct{}, 1)
immediate <- struct{}{}
defer close(immediate)
timer := time.NewTicker(5 * time.Second)
defer timer.Stop()
// loop until we succeed. This is potentially expensive because if no one
// ever logs in we'll spin forever. however we have no signaling to
// understand that someone has logged in. As a result there's no way to
// know what an acceptable timeout period would be when we could give up
for {
select {
case <-immediate:
case <-timer.C:
}
d, err := os.OpenFile(t.AuthDir, os.O_RDONLY, os.ModeDir)
if err != nil {
if !os.IsNotExist(err) {
log.Printf("token_loader: unexpected error open auth directory: %s", err)
}
continue
}
path, err := findAuthTokenFile(d)
d.Close()
if err != nil {
if !os.IsNotExist(err) {
log.Printf("token_loader: error finding token file: %s", err)
}
continue
}
ts, err := readTokenFile(path)
if err != nil {
log.Printf("token_loader: json decode error: %s", err)
continue
}
err = decodeTokens(ts)
if err != nil {
continue
}
for i := range ts {
go t.watcher.update(oauthClientId, ts[i].RefreshToken)
}
break
}
return nil
}
func findAuthTokenFile(dir *os.File) (string, error) {
files, err := dir.Readdir(-1)
if err != nil {
return "", err
}
for _, file := range files {
if !tknStorePat.MatchString(file.Name()) {
continue
}
log.Printf("token_loader: found matching file %s", file.Name())
fp := filepath.Join(dir.Name(), file.Name())
return fp, nil
}
return "", os.ErrNotExist
}
func decodeTokens(ts TokenStore) error {
for i := range ts {
t, err := base64.StdEncoding.DecodeString(ts[i].RefreshToken)
if err != nil {
return err
}
if !utf8.Valid(t) {
return fmt.Errorf("token is invalid, not UTF-8")
}
ts[i].RefreshToken = string(t)
}
return nil
}
func readTokenFile(path string) (TokenStore, error) {
tokenFile, err := os.Open(path)
if err != nil {
return nil, err
}
defer tokenFile.Close()
var ts TokenStore
if err := json.NewDecoder(tokenFile).Decode(&ts); err != nil {
return nil, err
}
return ts, nil
}
type tokenObserver struct {
mu sync.Mutex
observers map[string][]tokenCallback
}
func (t *tokenObserver) observe(key string, f tokenCallback) {
t.mu.Lock()
defer t.mu.Unlock()
if t.observers == nil {
t.observers = make(map[string][]tokenCallback)
}
t.observers[key] = append(t.observers[key], f)
}
func (t *tokenObserver) update(key string, refreshTkn string) {
t.mu.Lock()
obs := t.observers[key]
delete(t.observers, key)
t.mu.Unlock()
for _, ob := range obs {
ob(key, refreshTkn)
}
}