From 9f2d2d331bca255427c85adf35103a6299b387ec Mon Sep 17 00:00:00 2001 From: shynome Date: Mon, 13 Mar 2023 17:06:21 +0800 Subject: [PATCH 1/3] support ed25519 sign method --- generates/jwt_access.go | 10 ++++++++++ go.mod | 2 +- go.sum | 2 ++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/generates/jwt_access.go b/generates/jwt_access.go index 0b79020..f1f7c7b 100755 --- a/generates/jwt_access.go +++ b/generates/jwt_access.go @@ -70,6 +70,12 @@ func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasi key = v } else if a.isHs() { key = a.SignedKey + } else if a.isEd() { + v, err := jwt.ParseEdPrivateKeyFromPEM(a.SignedKey) + if err != nil { + return "", "", err + } + key = v } else { return "", "", errors.New("unsupported sign method") } @@ -102,3 +108,7 @@ func (a *JWTAccessGenerate) isRsOrPS() bool { func (a *JWTAccessGenerate) isHs() bool { return strings.HasPrefix(a.SignedMethod.Alg(), "HS") } + +func (a *JWTAccessGenerate) isEd() bool { + return strings.HasPrefix(a.SignedMethod.Alg(), "Ed") +} diff --git a/go.mod b/go.mod index 3bd26f5..12e9f09 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/fatih/structs v1.1.0 // indirect github.com/gavv/httpexpect v2.0.0+incompatible github.com/go-session/session v3.1.2+incompatible - github.com/golang-jwt/jwt v3.2.1+incompatible + github.com/golang-jwt/jwt v3.2.2+incompatible github.com/google/go-querystring v1.0.0 // indirect github.com/google/uuid v1.1.1 github.com/gorilla/websocket v1.4.2 // indirect diff --git a/go.sum b/go.sum index 01039d6..b82b3db 100644 --- a/go.sum +++ b/go.sum @@ -19,6 +19,8 @@ github.com/go-session/session v3.1.2+incompatible h1:yStchEObKg4nk2F7JGE7KoFIrA/ github.com/go-session/session v3.1.2+incompatible/go.mod h1:8B3iivBQjrz/JtC68Np2T1yBBLxTan3mn/3OM0CyRt0= github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= From b7de272e1fa81c64d44cf88000804571a4135663 Mon Sep 17 00:00:00 2001 From: Jerome Bidault Date: Fri, 9 Jun 2023 15:38:02 +0700 Subject: [PATCH 2/3] Add SetModeAPI() to allow returning the token within the ResponseWriter --- server/server.go | 38 +++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/server/server.go b/server/server.go index df19d1f..9a7ed1f 100755 --- a/server/server.go +++ b/server/server.go @@ -21,8 +21,9 @@ func NewDefaultServer(manager oauth2.Manager) *Server { // NewServer create authorization server func NewServer(cfg *Config, manager oauth2.Manager) *Server { srv := &Server{ - Config: cfg, - Manager: manager, + Config: cfg, + Manager: manager, + IsModeAPI: false, } // default handler @@ -56,6 +57,7 @@ type Server struct { AccessTokenExpHandler AccessTokenExpHandler AuthorizeScopeHandler AuthorizeScopeHandler ResponseTokenHandler ResponseTokenHandler + IsModeAPI bool } func (s *Server) handleError(w http.ResponseWriter, req *AuthorizeRequest, err error) error { @@ -76,14 +78,24 @@ func (s *Server) redirectError(w http.ResponseWriter, req *AuthorizeRequest, err } func (s *Server) redirect(w http.ResponseWriter, req *AuthorizeRequest, data map[string]interface{}) error { - uri, err := s.GetRedirectURI(req, data) - if err != nil { - return err - } + if !s.IsModeAPI { + uri, err := s.GetRedirectURI(req, data) + if err != nil { + return err + } + + w.Header().Set("Location", uri) + w.WriteHeader(302) + return nil - w.Header().Set("Location", uri) - w.WriteHeader(302) - return nil + } else { + w.Header().Set("Content-Type", "application/json") + w.Header().Set("Cache-Control", "no-store") + w.Header().Set("Pragma", "no-cache") + + w.WriteHeader(http.StatusOK) + return json.NewEncoder(w).Encode(data) + } } func (s *Server) tokenError(w http.ResponseWriter, err error) error { @@ -112,6 +124,11 @@ func (s *Server) token(w http.ResponseWriter, data map[string]interface{}, heade return json.NewEncoder(w).Encode(data) } +// SetModeAPI allow the token to be return within the ResponseWriter instead of being redirected +func (s *Server) SetModeAPI() { + s.IsModeAPI = true +} + // GetRedirectURI get redirect uri func (s *Server) GetRedirectURI(req *AuthorizeRequest, data map[string]interface{}) (string, error) { u, err := url.Parse(req.RedirectURI) @@ -165,6 +182,7 @@ func (s *Server) CheckCodeChallengeMethod(ccm oauth2.CodeChallengeMethod) bool { // ValidationAuthorizeRequest the authorization request validation func (s *Server) ValidationAuthorizeRequest(r *http.Request) (*AuthorizeRequest, error) { + redirectURI := r.FormValue("redirect_uri") clientID := r.FormValue("client_id") if !(r.Method == "GET" || r.Method == "POST") || @@ -263,6 +281,7 @@ func (s *Server) GetAuthorizeData(rt oauth2.ResponseType, ti oauth2.TokenInfo) m // HandleAuthorizeRequest the authorization request handling func (s *Server) HandleAuthorizeRequest(w http.ResponseWriter, r *http.Request) error { + ctx := r.Context() req, err := s.ValidationAuthorizeRequest(r) @@ -277,6 +296,7 @@ func (s *Server) HandleAuthorizeRequest(w http.ResponseWriter, r *http.Request) } else if userID == "" { return nil } + req.UserID = userID // specify the scope of authorization From d69b3296d93bf5740755db88a25f0cf71fdba6d4 Mon Sep 17 00:00:00 2001 From: Jerome Bidault Date: Fri, 9 Jun 2023 16:16:40 +0700 Subject: [PATCH 3/3] Add example secureYourMicroservices --- .gitignore | 3 + .../authorization/go.mod | 29 ++ .../authorization/go.sum | 421 ++++++++++++++++++ .../internal/handlers/authentication.go | 229 ++++++++++ .../internal/handlers/handlers.go | 114 +++++ .../authorization/server.go | 184 ++++++++ example/secureYourMicroservices/client/go.mod | 12 + example/secureYourMicroservices/client/go.sum | 23 + .../secureYourMicroservices/client/main.go | 344 ++++++++++++++ .../client/static/createOrders.html | 87 ++++ .../client/static/getOrders.html | 62 +++ .../client/static/login.html | 42 ++ .../client/static/portail.html | 45 ++ .../client/static/signup.html | 41 ++ .../client/static/welcome.html | 70 +++ .../docker-compose.yaml | 20 + example/secureYourMicroservices/order/go.mod | 5 + example/secureYourMicroservices/order/go.sum | 2 + .../order/internal/service/service.go | 36 ++ .../order/internal/types/types.go | 12 + example/secureYourMicroservices/order/main.go | 172 +++++++ .../secureYourMicroservices/preOrder/go.mod | 12 + .../secureYourMicroservices/preOrder/go.sum | 23 + .../secureYourMicroservices/preOrder/main.go | 274 ++++++++++++ example/{ => workFlow}/README.md | 0 example/{ => workFlow}/client/client.go | 0 example/{ => workFlow}/server/server.go | 0 .../{ => workFlow}/server/static/auth.html | 0 example/{ => workFlow}/server/static/auth.png | Bin .../{ => workFlow}/server/static/login.html | 0 .../{ => workFlow}/server/static/login.png | Bin .../{ => workFlow}/server/static/token.png | Bin go.sum | 2 - 33 files changed, 2262 insertions(+), 2 deletions(-) create mode 100644 example/secureYourMicroservices/authorization/go.mod create mode 100644 example/secureYourMicroservices/authorization/go.sum create mode 100644 example/secureYourMicroservices/authorization/internal/handlers/authentication.go create mode 100644 example/secureYourMicroservices/authorization/internal/handlers/handlers.go create mode 100644 example/secureYourMicroservices/authorization/server.go create mode 100644 example/secureYourMicroservices/client/go.mod create mode 100644 example/secureYourMicroservices/client/go.sum create mode 100644 example/secureYourMicroservices/client/main.go create mode 100644 example/secureYourMicroservices/client/static/createOrders.html create mode 100644 example/secureYourMicroservices/client/static/getOrders.html create mode 100644 example/secureYourMicroservices/client/static/login.html create mode 100644 example/secureYourMicroservices/client/static/portail.html create mode 100644 example/secureYourMicroservices/client/static/signup.html create mode 100644 example/secureYourMicroservices/client/static/welcome.html create mode 100644 example/secureYourMicroservices/docker-compose.yaml create mode 100644 example/secureYourMicroservices/order/go.mod create mode 100644 example/secureYourMicroservices/order/go.sum create mode 100644 example/secureYourMicroservices/order/internal/service/service.go create mode 100644 example/secureYourMicroservices/order/internal/types/types.go create mode 100644 example/secureYourMicroservices/order/main.go create mode 100644 example/secureYourMicroservices/preOrder/go.mod create mode 100644 example/secureYourMicroservices/preOrder/go.sum create mode 100644 example/secureYourMicroservices/preOrder/main.go rename example/{ => workFlow}/README.md (100%) rename example/{ => workFlow}/client/client.go (100%) rename example/{ => workFlow}/server/server.go (100%) rename example/{ => workFlow}/server/static/auth.html (100%) rename example/{ => workFlow}/server/static/auth.png (100%) rename example/{ => workFlow}/server/static/login.html (100%) rename example/{ => workFlow}/server/static/login.png (100%) rename example/{ => workFlow}/server/static/token.png (100%) diff --git a/.gitignore b/.gitignore index 2a8538b..3f16a8e 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,6 @@ coverage.txt *.swp /example/client/client /example/server/server +/example/secureYourMicroservices/db-oauth + + diff --git a/example/secureYourMicroservices/authorization/go.mod b/example/secureYourMicroservices/authorization/go.mod new file mode 100644 index 0000000..396c35e --- /dev/null +++ b/example/secureYourMicroservices/authorization/go.mod @@ -0,0 +1,29 @@ +module server + +go 1.20 + +replace github.com/go-oauth2/oauth2/v4 => ../../../ + +require ( + github.com/go-oauth2/oauth2/v4 v4.4.3 + github.com/jackc/pgx/v4 v4.18.1 + github.com/vgarvardt/go-oauth2-pg/v4 v4.4.3 + github.com/vgarvardt/go-pg-adapter v1.0.0 +) + +require ( + github.com/golang-jwt/jwt v3.2.2+incompatible // indirect + github.com/google/uuid v1.1.1 // indirect + github.com/jackc/chunkreader/v2 v2.0.1 // indirect + github.com/jackc/pgconn v1.14.0 // indirect + github.com/jackc/pgio v1.0.0 // indirect + github.com/jackc/pgpassfile v1.0.0 // indirect + github.com/jackc/pgproto3/v2 v2.3.2 // indirect + github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect + github.com/jackc/pgtype v1.14.0 // indirect + github.com/jackc/puddle v1.3.0 // indirect + github.com/jmoiron/sqlx v1.3.4 // indirect + github.com/vgarvardt/pgx-helpers/v4 v4.0.0-20200225100150-876aee3d1a22 // indirect + golang.org/x/crypto v0.6.0 // indirect + golang.org/x/text v0.7.0 // indirect +) diff --git a/example/secureYourMicroservices/authorization/go.sum b/example/secureYourMicroservices/authorization/go.sum new file mode 100644 index 0000000..32a6016 --- /dev/null +++ b/example/secureYourMicroservices/authorization/go.sum @@ -0,0 +1,421 @@ +bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU= +github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= +github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= +github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= +github.com/ajg/form v1.5.1 h1:t9c7v8JUKu/XxOGBU0yjNpaMloxGEJhUkqFRq0ibGeU= +github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= +github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= +github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= +github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I= +github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ= +github.com/containerd/continuity v0.0.0-20200107194136-26c1120b8d41 h1:kIFnQBO7rQ0XkMe6xEwbybYHBEaWmh/f++laI6Emt7M= +github.com/containerd/continuity v0.0.0-20200107194136-26c1120b8d41/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= +github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= +github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/fasthttp-contrib/websocket v0.0.0-20160511215533-1f3b11f56072/go.mod h1:duJ4Jxv5lDcvg4QuQr0oowTf7dz4/CR8NtyCooz9HL8= +github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= +github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/gavv/httpexpect v2.0.0+incompatible h1:1X9kcRshkSKEjNJJxX9Y9mQ5BRfbxU5kORdjhlA1yX8= +github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc= +github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-session/session v3.1.2+incompatible/go.mod h1:8B3iivBQjrz/JtC68Np2T1yBBLxTan3mn/3OM0CyRt0= +github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw= +github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= +github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= +github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/imkira/go-interpol v1.1.0 h1:KIiKr0VSG2CUW1hl1jpiyuzuJeKUUpC8iM1AIE7N1Vk= +github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo= +github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= +github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= +github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= +github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ= +github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA= +github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE= +github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s= +github.com/jackc/pgconn v1.3.0/go.mod h1:2Ze5IP7prCiM28C4nc5LUoRaSyMDYZFE32L4gMJVtcU= +github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI= +github.com/jackc/pgconn v1.6.0/go.mod h1:yeseQo4xhQbgyJs2c87RAXOH2i624N0Fh1KSPJya7qo= +github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o= +github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY= +github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI= +github.com/jackc/pgconn v1.14.0 h1:vrbA9Ud87g6JdFWkHTJXppVce58qPIdP7N8y0Ml/A7Q= +github.com/jackc/pgconn v1.14.0/go.mod h1:9mBNlny0UvkgJdCDvdVHYSjI+8tD2rnKK69Wz8ti++E= +github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE= +github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= +github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE= +github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c= +github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc= +github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= +github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= +github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= +github.com/jackc/pgproto3 v1.1.0/go.mod h1:eR5FA3leWg7p9aeAqi37XOTgTIbkABlvcPB3E5rlc78= +github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod h1:bhq50y+xrl9n5mRYyCBFKkpRVTLYJVWeCc+mEAI3yXA= +github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg= +github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= +github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM= +github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.0.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgproto3/v2 v2.3.2 h1:7eY55bdBeCz1F2fTzSz69QC+pG46jYq9/jtSPiJ5nn0= +github.com/jackc/pgproto3/v2 v2.3.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= +github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= +github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E= +github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= +github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= +github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg= +github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= +github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= +github.com/jackc/pgtype v1.1.0/go.mod h1:5m2OfMh1wTK7x+Fk952IDmI4nw3nPrvtQdM0ZT4WpC0= +github.com/jackc/pgtype v1.3.0/go.mod h1:b0JqxHvPmljG+HQ5IsvQ0yqeSi4nGcDTVjFoiLDb0Ik= +github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= +github.com/jackc/pgtype v1.9.1/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgtype v1.14.0 h1:y+xUdabmyMkJLyApYuPj38mW+aAIqCe5uuBB51rH3Vw= +github.com/jackc/pgtype v1.14.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgx v3.5.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= +github.com/jackc/pgx v3.6.2+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= +github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= +github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= +github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= +github.com/jackc/pgx/v4 v4.3.0/go.mod h1:BiIGdCptiC/hXZI8EkeixUG0xzTPn9J6S2YSXEBFidE= +github.com/jackc/pgx/v4 v4.6.0/go.mod h1:vPh43ZzxijXUVJ+t/EmXBtFmbFVO72cuneCT9oAlxAg= +github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= +github.com/jackc/pgx/v4 v4.14.1/go.mod h1:RgDuE4Z34o7XE92RpLsvFiOEfrAUT0Xt2KxvX73W06M= +github.com/jackc/pgx/v4 v4.18.1 h1:YP7G1KABtKpB5IHrO9vYwSrCOhs7p3uqhvhhQBptya0= +github.com/jackc/pgx/v4 v4.18.1/go.mod h1:FydWkUyadDmdNH/mHnGob881GawxeEm7TcMCzkb+qQE= +github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.0.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jackc/puddle v1.3.0 h1:eHK/5clGOatcjX3oWGBO/MpxpbHzSwud5EWTSCI+MX0= +github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= +github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks= +github.com/jmoiron/sqlx v1.3.4 h1:wv+0IJZfL5z0uZoUjlpKgHkgaFSYD+r9CfrXjEXsO7w= +github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= +github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U= +github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= +github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8= +github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= +github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= +github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc= +github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/moul/http2curl v1.0.0 h1:dRMWoAtb+ePxMlLkrCbAqh4TlPHXvoGUSQ323/9Zahs= +github.com/moul/http2curl v1.0.0/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= +github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= +github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= +github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= +github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/runc v0.1.1 h1:GlxAyO6x8rfZYN9Tt0Kti5a/cP41iuiO2yYT0IJGY8Y= +github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/ory/dockertest v3.3.5+incompatible h1:iLLK6SQwIhcbrG783Dghaaa3WPzGc+4Emza6EbVUUGA= +github.com/ory/dockertest v3.3.5+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs= +github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= +github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= +github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= +github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= +github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= +github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= +github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/tidwall/btree v0.0.0-20191029221954-400434d76274 h1:G6Z6HvJuPjG6XfNGi/feOATzeJrfgTNJY+rGrHbA04E= +github.com/tidwall/btree v0.0.0-20191029221954-400434d76274/go.mod h1:huei1BkDWJ3/sLXmO+bsCNELL+Bp2Kks9OLyQFkzvA8= +github.com/tidwall/buntdb v1.1.2 h1:noCrqQXL9EKMtcdwJcmuVKSEjqu1ua99RHHgbLTEHRo= +github.com/tidwall/buntdb v1.1.2/go.mod h1:xAzi36Hir4FarpSHyfuZ6JzPJdjRZ8QlLZSntE2mqlI= +github.com/tidwall/gjson v1.3.4/go.mod h1:P256ACg0Mn+j1RXIDXoss50DeIABTYK1PULOJHhxOls= +github.com/tidwall/gjson v1.12.1 h1:ikuZsLdhr8Ws0IdROXUS1Gi4v9Z4pGqpX/CvJkxvfpo= +github.com/tidwall/gjson v1.12.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/grect v0.0.0-20161006141115-ba9a043346eb h1:5NSYaAdrnblKByzd7XByQEJVT8+9v0W/tIY0Oo4OwrE= +github.com/tidwall/grect v0.0.0-20161006141115-ba9a043346eb/go.mod h1:lKYYLFIr9OIgdgrtgkZ9zgRxRdvPYsExnYBsEAd8W5M= +github.com/tidwall/match v1.0.1/go.mod h1:LujAq0jyVjBy028G1WhWfIzbpQfMO8bBZ6Tyb0+pL9E= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= +github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= +github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= +github.com/tidwall/rtree v0.0.0-20180113144539-6cd427091e0e h1:+NL1GDIUOKxVfbp2KoJQD9cTQ6dyP2co9q4yzmT9FZo= +github.com/tidwall/rtree v0.0.0-20180113144539-6cd427091e0e/go.mod h1:/h+UnNGt0IhNNJLkGikcdcJqm66zGD/uJGMRxK/9+Ao= +github.com/tidwall/tinyqueue v0.0.0-20180302190814-1e39f5511563 h1:Otn9S136ELckZ3KKDyCkxapfufrqDqwmGjcHfAyXRrE= +github.com/tidwall/tinyqueue v0.0.0-20180302190814-1e39f5511563/go.mod h1:mLqSmt7Dv/CNneF2wfcChfN1rvapyQr01LGKnKex0DQ= +github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= +github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= +github.com/valyala/fasthttp v1.34.0 h1:d3AAQJ2DRcxJYHm7OXNXtXt2as1vMDfxeIcFvhmGGm4= +github.com/valyala/fasthttp v1.34.0/go.mod h1:epZA5N+7pY6ZaEKRmstzOuYJx9HI8DI1oaCGZpdH4h0= +github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= +github.com/vgarvardt/go-oauth2-pg/v4 v4.4.3 h1:OmbpDamjDknR5R7b3/kLFztDaWVq81UCGP1MhpNK1Ug= +github.com/vgarvardt/go-oauth2-pg/v4 v4.4.3/go.mod h1:oCItSgiIg2jkDMEso1Gn78mYq/mrG7zlXYp5TLQfYqA= +github.com/vgarvardt/go-pg-adapter v1.0.0 h1:sKCbcCqI1l3pQ74usNO0QlXfjeNp3lXhVLa4CGMrtbQ= +github.com/vgarvardt/go-pg-adapter v1.0.0/go.mod h1:zXzBevepLuEmQkLo5Uw+0bu8335is8xGJKXeZhQQSeM= +github.com/vgarvardt/pgx-helpers v0.0.0-20190703163610-cbb413594454/go.mod h1:xp2aDvL8NKu92fXxNr9kbH03+OJ+dIVu/dYfPxt3LWs= +github.com/vgarvardt/pgx-helpers/v4 v4.0.0-20200225100150-876aee3d1a22 h1:4FALl8RvmCRmHOy1z0fDRCdf8NQBg5rP9sGPxP1haoQ= +github.com/vgarvardt/pgx-helpers/v4 v4.0.0-20200225100150-876aee3d1a22/go.mod h1:vFsMp4/TQkKX4HeOynXa6npSFBWUusa3S+fFW7IejqE= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0 h1:6fRhSjgLCkTD3JnJxvaJ4Sj+TYblw757bqYgZaOq5ZY= +github.com/yalp/jsonpath v0.0.0-20180802001716-5cc68e5049a0/go.mod h1:/LWChgwKmvncFJFHJ7Gvn9wZArjbV5/FppcK2fKk/tI= +github.com/yudai/gojsondiff v1.0.0 h1:27cbfqXLVEJ1o8I6v3y9lg8Ydm53EKqHXAOMxEGlCOA= +github.com/yudai/gojsondiff v1.0.0/go.mod h1:AY32+k2cwILAkW1fbgxQ5mUmMiZFgLIV+FBNExI05xg= +github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82 h1:BHyfKlQyqbsFN5p3IfnEUduWvb9is428/nNb5L3U01M= +github.com/yudai/golcs v0.0.0-20170316035057-ecda9a501e82/go.mod h1:lgjkn3NuSvDfVJdfcVVdX+jpBxNmX4rDAzaS45IcYoM= +github.com/yudai/pp v2.0.1+incompatible/go.mod h1:PuxR/8QJ7cyCkFp/aUDS+JY727OFEZkTdatxwunjIkc= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= +go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= +go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= +go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= +go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= +golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= +gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= diff --git a/example/secureYourMicroservices/authorization/internal/handlers/authentication.go b/example/secureYourMicroservices/authorization/internal/handlers/authentication.go new file mode 100644 index 0000000..884c0cc --- /dev/null +++ b/example/secureYourMicroservices/authorization/internal/handlers/authentication.go @@ -0,0 +1,229 @@ +package handlers + +import ( + "fmt" + "github.com/go-oauth2/oauth2/v4/server" + "net/http" + "os" + "sync" +) + +// List of the allowed services +var apiWhiteList = map[string]string{ + "888888": "88888888", +} + +// DBRepo is the db repo +type Authentication struct { + srv *server.Server + extStore map[string]interface{} // like a redis store + databaseUsers map[string]interface{} // use a db + // one mutex for 2 stores, ok for the demo + sync.RWMutex +} + +// NewPostgresqlHandlers creates db repo for postgres +func NewAuthentication(srv *server.Server) Authentication { + + return Authentication{ + srv: srv, + extStore: make(map[string]interface{}), + databaseUsers: make(map[string]interface{}), + } +} + +func (a Authentication) Authorize(w http.ResponseWriter, r *http.Request) { + if dumpvar { + dumpRequest(os.Stdout, "authorize", r) + } + + err := a.srv.HandleAuthorizeRequest(w, r) + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + } + +} + +func (a Authentication) UserAuthorizeHandler(w http.ResponseWriter, r *http.Request) (userID string, err error) { + if dumpvar { + _ = dumpRequest(os.Stdout, "userAuthorizeHandler", r) // Ignore the error + } + + clientID := r.Form.Get("client_id") + + switch clientID { + case "222222": + + a.RLock() + uid, ok := a.extStore[fmt.Sprintf("LoggedInUserID-%v", r.Form.Get("email"))] + a.RUnlock() + if !ok { + if r.Form == nil { + r.ParseForm() + } + + w.WriteHeader(http.StatusOK) + return + } + + userID = uid.(string) + + a.Lock() + delete(a.extStore, fmt.Sprintf("LoggedInUserID-%v", r.Form.Get("email"))) + a.Unlock() + return + case "888888": + + a.RLock() + uid, ok := a.extStore[fmt.Sprintf("LoggedInUserID-%v", r.Form.Get("client_id"))] + a.RUnlock() + if !ok { + if r.Form == nil { + r.ParseForm() + } + + w.WriteHeader(http.StatusOK) + return + } + + userID = uid.(string) + + a.Lock() + delete(a.extStore, fmt.Sprintf("LoggedInUserID-%v", r.Form.Get("client_id"))) + a.Unlock() + return + default: + userID = "" + return + } +} + +func (a Authentication) Token(w http.ResponseWriter, r *http.Request) { + if dumpvar { + _ = dumpRequest(os.Stdout, "token", r) // Ignore the error + } + + err := a.srv.HandleTokenRequest(w, r) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + } +} + +// Endpoint specific for the APIs +func (a Authentication) ApiAuthHandler(w http.ResponseWriter, r *http.Request) { + if dumpvar { + _ = dumpRequest(os.Stdout, "apiAuthHandler", r) // Ignore the error + } + + if r.Method == "POST" { + + if r.Form == nil { + if err := r.ParseForm(); err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } + + // make sure the client's api is allow + _, ok := apiWhiteList[r.Form.Get("client_id")] + if ok { + // save user in a temporary store for the user to be reconized later on + a.Lock() + a.extStore[fmt.Sprintf("LoggedInUserID-%v", r.Form.Get("client_id"))] = r.Form.Get("client_id") + a.Unlock() + + a.Authorize(w, r) + return + } else { + + http.Error(w, "Bad Request", http.StatusBadRequest) + return + } + + } + + http.Error(w, "Bad Request", http.StatusBadRequest) +} + +func (a Authentication) SignupHandler(w http.ResponseWriter, r *http.Request) { + if dumpvar { + _ = dumpRequest(os.Stdout, "signup", r) // Ignore the error + } + + if r.Method == "POST" { + + if r.Form == nil { + if err := r.ParseForm(); err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } + + // some logic + if len(r.Form.Get("email")) < 1 && len(r.Form.Get("password")) < 1 { + + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } else { + // Save the user in db(simplistic, for example) + a.Lock() + a.databaseUsers[fmt.Sprintf(r.Form.Get("email"))] = r.Form.Get("password") + a.Unlock() + } + + // save user in a temporary store for the user to be reconized later on + a.Lock() + a.extStore[fmt.Sprintf("LoggedInUserID-%v", r.Form.Get("email"))] = r.Form.Get("email") + a.Unlock() + + a.Authorize(w, r) + return + } + + http.Error(w, "Bad Request", http.StatusBadRequest) +} + +func (a Authentication) LoginHandler(w http.ResponseWriter, r *http.Request) { + if dumpvar { + _ = dumpRequest(os.Stdout, "login", r) // Ignore the error + } + + if r.Method == "POST" { + + if r.Form == nil { + if err := r.ParseForm(); err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } + + if len(r.Form.Get("email")) < 1 && len(r.Form.Get("password")) < 1 { + + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } else { + a.RLock() + password, ok := a.databaseUsers[fmt.Sprintf(r.Form.Get("email"))] + a.RUnlock() + if !ok { + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + + if password != r.Form.Get("password") { + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + + // save user in a temporary store for the user to be reconized later on + a.Lock() + a.extStore[fmt.Sprintf("LoggedInUserID-%v", r.Form.Get("email"))] = r.Form.Get("email") + a.Unlock() + + } + + a.Authorize(w, r) + return + } + http.Error(w, "Bad Request", http.StatusBadRequest) +} diff --git a/example/secureYourMicroservices/authorization/internal/handlers/handlers.go b/example/secureYourMicroservices/authorization/internal/handlers/handlers.go new file mode 100644 index 0000000..32b35b0 --- /dev/null +++ b/example/secureYourMicroservices/authorization/internal/handlers/handlers.go @@ -0,0 +1,114 @@ +package handlers + +import ( + "encoding/json" + "fmt" + "github.com/go-oauth2/oauth2/v4/server" + "io" + "log" + "net/http" + "net/http/httputil" + "os" + "strings" + "time" +) + +var dumpvar bool + +const ( + authServerURL string = "http://localhost:9096" +) + +type Handlers struct { + Permissions + Authentication +} + +func NewHandlers(dv bool, srv *server.Server) *Handlers { + dumpvar = dv + + perm := NewPermissions(srv) + auth := NewAuthentication(srv) + + return &Handlers{ + Permissions: perm, + Authentication: auth, + } + +} + +type Permissions struct { + srv *server.Server +} + +func NewPermissions(srv *server.Server) Permissions { + return Permissions{ + srv: srv, + } +} + +// Endpoint to validate token and permission +func (p Permissions) ValidPermission(w http.ResponseWriter, r *http.Request) { + if dumpvar { + _ = dumpRequest(os.Stdout, "validPermission", r) // Ignore the error + } + + // validate the token + token, err := p.srv.ValidationBearerToken(r) + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } + + permission := r.URL.Query().Get("permission") + + // validate the permission + switch permission { + case "read": + log.Println("In read permission") + if !strings.Contains(token.GetScope(), "read") && !strings.Contains(token.GetScope(), "all") { + http.Error(w, "Unauthorized", http.StatusBadRequest) + return + } + + case "write": + log.Println("In write permission") + if !strings.Contains(token.GetScope(), "write") && !strings.Contains(token.GetScope(), "all") { + fmt.Println("do not have Write permission.") + http.Error(w, "Unauthorized", http.StatusBadRequest) + return + } + + case "all": + log.Println("In all permission") + if !strings.Contains(token.GetScope(), "all") { + fmt.Println("do not have All permission.") + http.Error(w, "Unauthorized", http.StatusBadRequest) + return + } + default: + log.Println("In default permission") + http.Error(w, "Unauthorized", http.StatusBadRequest) + return + } + + data := map[string]interface{}{ + "expires_in": int64(token.GetAccessCreateAt().Add(token.GetAccessExpiresIn()).Sub(time.Now()).Seconds()), + "client_id": token.GetClientID(), + "user_id": token.GetUserID(), + "permission": token.GetScope(), + } + e := json.NewEncoder(w) + e.SetIndent("", " ") + e.Encode(data) +} + +func dumpRequest(writer io.Writer, header string, r *http.Request) error { + data, err := httputil.DumpRequest(r, true) + if err != nil { + return err + } + writer.Write([]byte("\n" + header + ": \n")) + writer.Write(data) + return nil +} diff --git a/example/secureYourMicroservices/authorization/server.go b/example/secureYourMicroservices/authorization/server.go new file mode 100644 index 0000000..0355c50 --- /dev/null +++ b/example/secureYourMicroservices/authorization/server.go @@ -0,0 +1,184 @@ +package main + +import ( + "context" + "flag" + "fmt" + "io" + "log" + "net/http" + "net/http/httputil" + "time" + + "github.com/go-oauth2/oauth2/v4/generates" + "server/internal/handlers" + + "github.com/go-oauth2/oauth2/v4/errors" + "github.com/go-oauth2/oauth2/v4/manage" + "github.com/go-oauth2/oauth2/v4/models" + "github.com/go-oauth2/oauth2/v4/server" + "github.com/jackc/pgx/v4" + pg "github.com/vgarvardt/go-oauth2-pg/v4" + "github.com/vgarvardt/go-pg-adapter/pgx4adapter" +) + +var ( + dumpvar bool + idvar string + secretvar string + domainvar string + portvar int +) + +func init() { + // credential for the client + flag.BoolVar(&dumpvar, "d", true, "Dump requests and responses") + flag.StringVar(&idvar, "i", "222222", "The client id being passed in") + flag.StringVar(&secretvar, "s", "22222222", "The client secret being passed in") + flag.StringVar(&domainvar, "r", "http://localhost:9094", "The domain of the redirect url") + flag.IntVar(&portvar, "p", 9096, "the base port for the server") +} + +const ( + // credential for the preOrder service + idPreorder string = "888888" + secretPreorder string = "88888888" + domainPreorder string = "http://localhost:8081" + + dbUser = "postgres" + dbHost = "localhost" + dbPassword = "password" + dbDatabase = "users" + dbSSL = "disable" + dbPort = "5432" +) + +func main() { + flag.Parse() + + dsn := fmt.Sprintf("postgres://%s:%s@%s:%s/%s?sslmode=%s", + dbUser, + dbPassword, + dbHost, + dbPort, + dbDatabase, + dbSSL, + ) + + pgxConn, _ := pgx.Connect(context.TODO(), dsn) + + manager := manage.NewDefaultManager() + + // use PostgreSQL token store with pgx.Connection adapter + adapter := pgx4adapter.NewConn(pgxConn) + tokenStore, _ := pg.NewTokenStore(adapter, pg.WithTokenStoreGCInterval(time.Minute)) + defer tokenStore.Close() + + clientStore, _ := pg.NewClientStore(adapter) + + manager.MapTokenStorage(tokenStore) + manager.MapClientStorage(clientStore) + + // generate jwt access token + // manager.MapAccessGenerate(generates.NewJWTAccessGenerate("", []byte("00000000"), jwt.SigningMethodHS512)) + manager.MapAccessGenerate(generates.NewAccessGenerate()) + + manager.MapClientStorage(clientStore) + + // register the front-end + clientStore.Create(&models.Client{ + ID: idvar, + Secret: secretvar, + Domain: domainvar, + }) + + // register prePost service + clientStore.Create(&models.Client{ + ID: idPreorder, + Secret: secretPreorder, + Domain: domainPreorder, + }) + + srv := server.NewServer(server.NewConfig(), manager) + + // set the oauth package to work without browser + // the token will be return as a json payload + srv.SetModeAPI() + + // handlers will handle all handlers + handler := handlers.NewHandlers(dumpvar, srv) + + srv.SetUserAuthorizationHandler(handler.UserAuthorizeHandler) + + srv.SetInternalErrorHandler(func(err error) (re *errors.Response) { + log.Println("Internal Error:", err.Error()) + return + }) + + srv.SetResponseErrorHandler(func(re *errors.Response) { + log.Println("Response Error:", re.Error.Error()) + }) + + // Endpoints for the front-end + // (use this service for the example but a specific users' service may be better) + http.HandleFunc("/signup", handler.SignupHandler) + http.HandleFunc("/login", handler.LoginHandler) + + // Endpoints for the backend services to authenticate and get their token + http.HandleFunc("/apiauth", handler.ApiAuthHandler) + + // Endpoints specific to validate the authorization + http.HandleFunc("/oauth/authorize", handler.Authorize) + http.HandleFunc("/oauth/token", handler.Token) + + // Endpoint which validate a client's token and the given permission + http.HandleFunc("/permission", handler.ValidPermission) + + log.Printf("Server is running at %d port.\n", portvar) + log.Printf("Point your OAuth client Auth endpoint to %s:%d%s", "http://localhost", portvar, "/oauth/authorize") + log.Printf("Point your OAuth client Token endpoint to %s:%d%s", "http://localhost", portvar, "/oauth/token") + log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", portvar), nil)) +} + +func dumpRequest(writer io.Writer, header string, r *http.Request) error { + data, err := httputil.DumpRequest(r, true) + if err != nil { + return err + } + writer.Write([]byte("\n" + header + ": \n")) + writer.Write(data) + return nil +} + +func createDsn() string { + // dbHost := os.Getenv("DATABASE_HOST") + // dbPort := os.Getenv("DATABASE_PORT") + // dbUser := os.Getenv("DATABASE_USER") + // dbPass := os.Getenv("DATABASE_PASS") + // databaseName := os.Getenv("DATABASE_NAME") + + dbHost := "localhost" + dbPort := "5432" + dbUser := "postgres" + dbPass := "password" + databaseName := "users" + + dsnString := "" + if dbPass == "" { + dsnString = fmt.Sprintf("host=%s port=%s user=%s dbname=%s sslmode=%s timezone=UTC connect_timeout=5", + dbHost, + dbPort, + dbUser, + databaseName, + "disable") + } else { + dsnString = fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s timezone=UTC connect_timeout=5", + dbHost, + dbPort, + dbUser, + dbPass, + databaseName, + "disable") + } + return dsnString +} diff --git a/example/secureYourMicroservices/client/go.mod b/example/secureYourMicroservices/client/go.mod new file mode 100644 index 0000000..43cd8e3 --- /dev/null +++ b/example/secureYourMicroservices/client/go.mod @@ -0,0 +1,12 @@ +module client + +go 1.20 + +require golang.org/x/oauth2 v0.8.0 + +require ( + github.com/golang/protobuf v1.5.2 // indirect + golang.org/x/net v0.10.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.28.0 // indirect +) diff --git a/example/secureYourMicroservices/client/go.sum b/example/secureYourMicroservices/client/go.sum new file mode 100644 index 0000000..45e0c97 --- /dev/null +++ b/example/secureYourMicroservices/client/go.sum @@ -0,0 +1,23 @@ +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/example/secureYourMicroservices/client/main.go b/example/secureYourMicroservices/client/main.go new file mode 100644 index 0000000..866fdab --- /dev/null +++ b/example/secureYourMicroservices/client/main.go @@ -0,0 +1,344 @@ +package main + +import ( + "context" + "crypto/sha256" + "encoding/base64" + "encoding/json" + "fmt" + "html/template" + "sync" + + "io/ioutil" + "log" + "net/http" + "net/url" + "strings" + + "golang.org/x/oauth2" + // "golang.org/x/oauth2/clientcredentials" +) + +const ( + authServerURL = "http://localhost:9096" + clientID = "222222" +) + +var ( + config = oauth2.Config{ + ClientID: clientID, + ClientSecret: "22222222", + Scopes: []string{"write, read"}, + RedirectURL: "http://localhost:9094", + Endpoint: oauth2.Endpoint{ + AuthURL: authServerURL + "/oauth/authorize", + TokenURL: authServerURL + "/oauth/token", + }, + } + globalTokens = make(map[string]*oauth2.Token) // should be persisted outside, keep it stateless + // globalToken *oauth2.Token // for mobile app that is ok as each app run its own instance + appUrlParams string + mu = sync.RWMutex{} +) + +type CodeStruct struct { + Code string `json:"code"` +} + +func main() { + + http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + + u := config.AuthCodeURL("xyz", + oauth2.SetAuthURLParam("code_challenge", genCodeChallengeS256("s256example")), + oauth2.SetAuthURLParam("code_challenge_method", "S256")) + + // extract the url params which will be use later on + parsedURL, err := url.Parse(u) + if err != nil { + log.Println("Error parsing URL:", err) + return + } + + appUrlParams = parsedURL.RawQuery + + resp, err := http.Get(u) + if err != nil { + // Handle error if unable to make the request + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + defer resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + http.Redirect(w, r, fmt.Sprintf("/portail?id=%v", clientID), http.StatusFound) + } else { + + http.Error(w, "An err occur", http.StatusInternalServerError) + } + }) + + // Portail shows the signup or login buttons + http.HandleFunc("/portail", func(w http.ResponseWriter, r *http.Request) { + + outputHTML(w, r, "static/portail.html") + }) + + // Render the form for signup + http.HandleFunc("/signupfront", func(w http.ResponseWriter, r *http.Request) { + + outputHTML(w, r, "static/signup.html") + }) + + // Handle the data from the form signup + http.HandleFunc("/signupdata", func(w http.ResponseWriter, r *http.Request) { + + err := helperHandleAuth(w, r, "signup") + if err != nil { + log.Println("Error in signupdata: ", err) + } + }) + + // Render the form for login + http.HandleFunc("/loginfront", func(w http.ResponseWriter, r *http.Request) { + + outputHTML(w, r, "static/login.html") + }) + + // Handle the data for login + http.HandleFunc("/logindata", func(w http.ResponseWriter, r *http.Request) { + err := helperHandleAuth(w, r, "login") + if err != nil { + log.Println("Error in logindata: ", err) + } + }) + + // After login/signup show the menu + http.HandleFunc("/welcome", func(w http.ResponseWriter, r *http.Request) { + + outputHTML(w, r, "static/welcome.html") + + }) + + // Render the page to create order + http.HandleFunc("/createorder", func(w http.ResponseWriter, r *http.Request) { + email := r.URL.Query().Get("email") + + mu.RLock() + _, ok := globalTokens[email] + mu.RUnlock() + if ok { + + outputHTML(w, r, "static/createOrders.html") + } else { + http.Redirect(w, r, "/", http.StatusSeeOther) + } + }) + + // Render the page to get an order + http.HandleFunc("/getorder", func(w http.ResponseWriter, r *http.Request) { + + email := r.URL.Query().Get("email") + + mu.RLock() + _, ok := globalTokens[email] + mu.RUnlock() + if ok { + + outputHTML(w, r, "static/getOrders.html") + } else { + + http.Redirect(w, r, "/", http.StatusSeeOther) + } + }) + + http.HandleFunc("/signout", func(w http.ResponseWriter, r *http.Request) { + + email := r.URL.Query().Get("email") + + mu.RLock() + _, ok := globalTokens[email] + mu.RUnlock() + if ok { + // delete the token + mu.Lock() + delete(globalTokens, email) + mu.Unlock() + + http.Redirect(w, r, "/", http.StatusSeeOther) + } else { + + http.Redirect(w, r, "/", http.StatusSeeOther) + } + }) + + // Other functionalities + // NOTE for the reader to finish the implementation if needed + // http.HandleFunc("/refresh", func(w http.ResponseWriter, r *http.Request) { + // if globalToken == nil { + // http.Redirect(w, r, "/", http.StatusFound) + // return + // } + + // globalToken.Expiry = time.Now() + // token, err := config.TokenSource(context.Background(), globalToken).Token() + // if err != nil { + // http.Error(w, err.Error(), http.StatusInternalServerError) + // return + // } + + // globalToken = token + // e := json.NewEncoder(w) + // e.SetIndent("", " ") + // e.Encode(token) + // }) + + // http.HandleFunc("/pwd", func(w http.ResponseWriter, r *http.Request) { + // token, err := config.PasswordCredentialsToken(context.Background(), "test", "test") + // if err != nil { + // http.Error(w, err.Error(), http.StatusInternalServerError) + // return + // } + + // globalToken = token + // e := json.NewEncoder(w) + // e.SetIndent("", " ") + // e.Encode(token) + // }) + + // http.HandleFunc("/client", func(w http.ResponseWriter, r *http.Request) { + // cfg := clientcredentials.Config{ + // ClientID: config.ClientID, + // ClientSecret: config.ClientSecret, + // TokenURL: config.Endpoint.TokenURL, + // } + + // token, err := cfg.Token(context.Background()) + // if err != nil { + // http.Error(w, err.Error(), http.StatusInternalServerError) + // return + // } + + // e := json.NewEncoder(w) + // e.SetIndent("", " ") + // e.Encode(token) + // }) + + log.Println("Client is running at 9094 port.Please open http://localhost:9094") + log.Fatal(http.ListenAndServe(":9094", nil)) +} + +// Target the auth server to get a token, and extract it +func helperHandleAuth(w http.ResponseWriter, r *http.Request, path string) error { + err := r.ParseForm() + if err != nil { + return err + } + + u, err := url.Parse(fmt.Sprintf("%s/%s", authServerURL, path)) + if err != nil { + fmt.Println("Error parsing URL:", err) + return err + } + + // Add the form data to the existing query parameters + queryParams := u.Query() + for key, values := range r.Form { + for _, value := range values { + queryParams.Add(key, value) + } + } + + // Add the app parmeters + appParams, err := url.ParseQuery(appUrlParams) + if err != nil { + fmt.Println("Error parsing query string:", err) + return err + } + + for key, values := range appParams { + for _, value := range values { + queryParams.Add(key, value) + } + } + + u.RawQuery = queryParams.Encode() + + resp, err := http.Post(u.String(), "application/x-www-form-urlencoded", strings.NewReader("")) + if err != nil { + fmt.Println("Error making POST request:", err) + return err + } + + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + http.Redirect(w, r, fmt.Sprintf("/portail?id=%v", clientID), http.StatusFound) + return nil + } + + // Read the response body + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + fmt.Println("Error reading response body:", err) + return err + } + + // Parse the response body into CodeStruct + var codeResponse CodeStruct + err = json.Unmarshal(body, &codeResponse) + if err != nil { + fmt.Println("Error parsing response body:", err) + return err + } + + // extract the token + token, err := config.Exchange(context.Background(), codeResponse.Code, oauth2.SetAuthURLParam("code_verifier", "s256example")) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return err + } + + // save the token for a specific user + email := r.Form.Get("email") + mu.Lock() + globalTokens[email] = token + mu.Unlock() + + outputHTML(w, r, "static/welcome.html") + return nil + +} + +func outputHTML(w http.ResponseWriter, req *http.Request, filename string) { + tmpl, err := template.ParseFiles(filename) + if err != nil { + http.Error(w, err.Error(), 500) + return + } + + email := req.URL.Query().Get("email") + + tk := "" + t, ok := globalTokens[email] + if ok { + tk = t.AccessToken + } + + data := struct { + Token string + }{ + Token: tk, + } + + err = tmpl.Execute(w, data) + if err != nil { + http.Error(w, err.Error(), 500) + return + } +} + +func genCodeChallengeS256(s string) string { + s256 := sha256.Sum256([]byte(s)) + return base64.URLEncoding.EncodeToString(s256[:]) +} diff --git a/example/secureYourMicroservices/client/static/createOrders.html b/example/secureYourMicroservices/client/static/createOrders.html new file mode 100644 index 0000000..8015115 --- /dev/null +++ b/example/secureYourMicroservices/client/static/createOrders.html @@ -0,0 +1,87 @@ + + + + + + Login + + + + + + +
+

Create an order

+
+
+ + + + + + + + + +
+
+ + +
+ + +
+ +
+
+ + + + + + + diff --git a/example/secureYourMicroservices/client/static/getOrders.html b/example/secureYourMicroservices/client/static/getOrders.html new file mode 100644 index 0000000..03e415c --- /dev/null +++ b/example/secureYourMicroservices/client/static/getOrders.html @@ -0,0 +1,62 @@ + + + + + + Login + + + + + + +
+

Get an order

+
+
+ + +
+ + +
+
+
+ + + + + diff --git a/example/secureYourMicroservices/client/static/login.html b/example/secureYourMicroservices/client/static/login.html new file mode 100644 index 0000000..7ba9566 --- /dev/null +++ b/example/secureYourMicroservices/client/static/login.html @@ -0,0 +1,42 @@ + + + + + + Login + + + + + + +
+

Login In

+
+
+ + +
+
+ + +
+ +
+
+ + + + + + diff --git a/example/secureYourMicroservices/client/static/portail.html b/example/secureYourMicroservices/client/static/portail.html new file mode 100644 index 0000000..f36a30c --- /dev/null +++ b/example/secureYourMicroservices/client/static/portail.html @@ -0,0 +1,45 @@ + + + + + + Login + + + + + + + +
+
+
+

Welcome!

+

Please choose an option:

+ +
+
+ +
+
+
+
+ +
+
+
+
+
+ + + + + diff --git a/example/secureYourMicroservices/client/static/signup.html b/example/secureYourMicroservices/client/static/signup.html new file mode 100644 index 0000000..ff02aa8 --- /dev/null +++ b/example/secureYourMicroservices/client/static/signup.html @@ -0,0 +1,41 @@ + + + + + + Login + + + + + + +
+

Sign up

+
+
+ + +
+
+ + +
+ +
+
+ + + + + + diff --git a/example/secureYourMicroservices/client/static/welcome.html b/example/secureYourMicroservices/client/static/welcome.html new file mode 100644 index 0000000..59e08a9 --- /dev/null +++ b/example/secureYourMicroservices/client/static/welcome.html @@ -0,0 +1,70 @@ + + + + + + Login + + + + + + +

Navigation Links

+ Create an order +
+ Get an order +
+ Signout + + + + diff --git a/example/secureYourMicroservices/docker-compose.yaml b/example/secureYourMicroservices/docker-compose.yaml new file mode 100644 index 0000000..a388027 --- /dev/null +++ b/example/secureYourMicroservices/docker-compose.yaml @@ -0,0 +1,20 @@ +version: '3' + +services: + users-database: + image: postgres:14.7-alpine + ports: + - "5432:5432" + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: password + POSTGRES_DB: users + volumes: + - ./db-oauth/postgres/:/var/lib/postgresql/data/ + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 10s + timeout: 5s + retries: 3 + + diff --git a/example/secureYourMicroservices/order/go.mod b/example/secureYourMicroservices/order/go.mod new file mode 100644 index 0000000..16a8c05 --- /dev/null +++ b/example/secureYourMicroservices/order/go.mod @@ -0,0 +1,5 @@ +module order + +go 1.20 + +require github.com/google/uuid v1.3.0 diff --git a/example/secureYourMicroservices/order/go.sum b/example/secureYourMicroservices/order/go.sum new file mode 100644 index 0000000..3dfe1c9 --- /dev/null +++ b/example/secureYourMicroservices/order/go.sum @@ -0,0 +1,2 @@ +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= diff --git a/example/secureYourMicroservices/order/internal/service/service.go b/example/secureYourMicroservices/order/internal/service/service.go new file mode 100644 index 0000000..6ce1186 --- /dev/null +++ b/example/secureYourMicroservices/order/internal/service/service.go @@ -0,0 +1,36 @@ +package service + +import ( + "fmt" + "order/internal/types" + "sync" +) + +type OrderSvc struct { + orderMap map[string]types.Order + sync.RWMutex +} + +func NewOrderSvc() OrderSvc { + om := make(map[string]types.Order) + return OrderSvc{orderMap: om} +} + +func (o *OrderSvc) PlaceOrder(order types.Order) { + o.Lock() + o.orderMap[order.ID] = order + o.Unlock() +} + +func (o *OrderSvc) GetOrder(id string) (types.Order, error) { + o.RLock() + value, ok := o.orderMap[id] + o.RUnlock() + if ok { + orderFromMap := value + return orderFromMap, nil + } else { + no := types.Order{} + return no, fmt.Errorf("Order not found") + } +} diff --git a/example/secureYourMicroservices/order/internal/types/types.go b/example/secureYourMicroservices/order/internal/types/types.go new file mode 100644 index 0000000..f7d5750 --- /dev/null +++ b/example/secureYourMicroservices/order/internal/types/types.go @@ -0,0 +1,12 @@ +package types + +type Order struct { + ID string `json:"id"` + Items []LineItem `json:"items"` + ShippingAddress string `json:"shipping_address"` +} + +type LineItem struct { + ItemCode string `json:"item_code"` + Quantity int `json:"quantity"` +} diff --git a/example/secureYourMicroservices/order/main.go b/example/secureYourMicroservices/order/main.go new file mode 100644 index 0000000..bd464db --- /dev/null +++ b/example/secureYourMicroservices/order/main.go @@ -0,0 +1,172 @@ +package main + +import ( + "encoding/json" + "fmt" + "github.com/google/uuid" + "log" + "net/http" + "order/internal/service" + "order/internal/types" + "strconv" + "strings" +) + +const ( + authServerURL = "http://localhost:9096" +) + +func main() { + + // the storage + orderStr := service.NewOrderSvc() + + http.HandleFunc("/orders", createOrders(&orderStr)) + http.HandleFunc("/order", getOrders(&orderStr)) + + fmt.Println("start producer-api on port 8080... !!") + log.Fatal(http.ListenAndServe(":8080", nil)) +} + +func createOrders(orderStr *service.OrderSvc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + // in the real world, obviously, a proxy/apiGateway would stand in front + if carryon := allowCORS(w, r); !carryon { + return + } + + accessToken := r.Header.Get("Authorization") + + // get the access token + accessToken, _ = extractBearerToken(accessToken) + + // make sure the token from the caller(here the frontend) is valid + // and make sure it have the right permission + resp, err := http.Get(fmt.Sprintf("%s/permission?permission=write&access_token=%s", authServerURL, accessToken)) + if err != nil || resp.StatusCode == http.StatusBadRequest { + log.Println("Http req err or Invalid oauth token") + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } else { + http.Error(w, "Invalid authentication", http.StatusBadRequest) + return + } + } + + // get the form inputs + o := types.Order{} + if r.Method == "POST" { + + // Parse the multipartForm + if err := r.ParseMultipartForm(0); err != nil { + log.Println("Failed to parse form data:", err) + http.Error(w, "Internal Server Error", http.StatusInternalServerError) + return + } + + // Access the form data + form := r.MultipartForm + values := form.Value + + iq, _ := strconv.Atoi(values["item1quantity"][0]) + li1 := types.LineItem{ + ItemCode: values["item1code"][0], + Quantity: iq, + } + iq, _ = strconv.Atoi(values["item2quantity"][0]) + li2 := types.LineItem{ + ItemCode: values["item2code"][0], + Quantity: iq, + } + + o.Items = []types.LineItem{li1, li2} + o.ShippingAddress = r.Form.Get("shippingaddress") + } + + // create an uid + newUUID := uuid.New() + uuidString := newUUID.String() + + o.ID = uuidString + + // save the received data + orderStr.PlaceOrder(o) + + fmt.Fprintf(w, uuidString) + } +} + +func allowCORS(w http.ResponseWriter, r *http.Request) bool { + // Set the CORS headers + w.Header().Set("Access-Control-Allow-Origin", "http://localhost:9094") + w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS") + w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization") + + // Handle preflight requests + if r.Method == http.MethodOptions { + w.WriteHeader(http.StatusOK) + return false + } + + return true + +} + +func extractBearerToken(tokenWithBearer string) (string, bool) { + bearerPrefix := "Bearer " + if strings.HasPrefix(tokenWithBearer, bearerPrefix) { + token := strings.TrimPrefix(tokenWithBearer, bearerPrefix) + return token, true + } + return "", false +} + +func getOrders(orderStr *service.OrderSvc) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + + var orderID string + if r.Method == "POST" { + if r.Form == nil { + if err := r.ParseForm(); err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } + + orderID = r.Form.Get("orderid") + } + + // get the access_token + accessToken := r.URL.Query().Get("access_token") + + // make sure the token from the caller(here the preOrder service) is valid + // and make sure it have the right permission + resp, err := http.Get(fmt.Sprintf("%s/permission?permission=read&access_token=%s", authServerURL, accessToken)) + if err != nil || resp.StatusCode == http.StatusBadRequest { + log.Println("Http req err or Invalid oauth token") + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } else { + http.Error(w, "Invalid authentication", http.StatusBadRequest) + return + } + } + + // get the data back(to make sure) + v, _ := orderStr.GetOrder(orderID) + + ordeBts, err := json.Marshal(v) + if err != nil { + log.Println("err marshalling: ", err) + } + + w.Header().Set("Content-Type", "application/json") + + _, err = w.Write(ordeBts) + if err != nil { + log.Println("err sending back the order: ", err) + } + } +} diff --git a/example/secureYourMicroservices/preOrder/go.mod b/example/secureYourMicroservices/preOrder/go.mod new file mode 100644 index 0000000..8fe75f4 --- /dev/null +++ b/example/secureYourMicroservices/preOrder/go.mod @@ -0,0 +1,12 @@ +module order + +go 1.20 + +require golang.org/x/oauth2 v0.8.0 + +require ( + github.com/golang/protobuf v1.5.2 // indirect + golang.org/x/net v0.10.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.28.0 // indirect +) diff --git a/example/secureYourMicroservices/preOrder/go.sum b/example/secureYourMicroservices/preOrder/go.sum new file mode 100644 index 0000000..45e0c97 --- /dev/null +++ b/example/secureYourMicroservices/preOrder/go.sum @@ -0,0 +1,23 @@ +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= diff --git a/example/secureYourMicroservices/preOrder/main.go b/example/secureYourMicroservices/preOrder/main.go new file mode 100644 index 0000000..c2b3975 --- /dev/null +++ b/example/secureYourMicroservices/preOrder/main.go @@ -0,0 +1,274 @@ +package main + +import ( + "context" + "crypto/sha256" + "encoding/base64" + "encoding/json" + "fmt" + "golang.org/x/oauth2" + "io/ioutil" + "log" + "net/http" + "net/url" + "strings" +) + +const ( + authServerURL = "http://localhost:9096" + orderServerURL = "http://localhost:8080" + clientID = "888888" +) + +var ( + config = oauth2.Config{ + ClientID: clientID, + ClientSecret: "88888888", + Scopes: []string{"read"}, + RedirectURL: "http://localhost:8081", + Endpoint: oauth2.Endpoint{ + AuthURL: authServerURL + "/oauth/authorize", + TokenURL: authServerURL + "/oauth/token", + }, + } + globalToken *oauth2.Token // Non-concurrent security + appUrlParams string +) + +type CodeStruct struct { + Code string `json:"code"` +} + +type LineItem struct { + ItemCode string `json:"item_code"` + Quantity int `json:"quantity"` +} + +type Order struct { + ID string `json:"id"` + Items []LineItem `json:"items"` + ShippingAddress string `json:"shipping_address"` +} + +// authenticate with the authentication server +func init() { + u := config.AuthCodeURL("xyz", + oauth2.SetAuthURLParam("code_challenge", genCodeChallengeS256("s256example")), + oauth2.SetAuthURLParam("code_challenge_method", "S256")) + + // extract the url params which will be use later on + parsedURL, err := url.Parse(u) + if err != nil { + log.Fatal("Error parsing URL:", err) + return + } + + appUrlParams = parsedURL.RawQuery + + resp, err := http.Get(u) + if err != nil { + // Handle error if unable to make the request + log.Fatal("Error Authenticating with auth service: ", err) + return + } + defer resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + log.Println("Authentication OK") + } else { + log.Fatal("Authentication failed, make sure the authentication server is running") + } + +} + +func main() { + + // get the token(/apiauth is the endpoint for the backend services to get their token) + getTheToken("apiauth") + + http.HandleFunc("/order", getOrders()) + + fmt.Println("start producer-api on port 8081... !!") + log.Fatal(http.ListenAndServe(":8081", nil)) +} + +func getOrders() http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + // in the real world, obviously, a proxy/apiGateway would stand in front + if carryon := allowCORS(w, r); !carryon { + return + } + + accessToken := r.Header.Get("Authorization") + + accessToken, _ = extractBearerToken(accessToken) + + var orderID string + if r.Method == "POST" { + if r.Form == nil { + if err := r.ParseForm(); err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + } + + orderID = r.Form.Get("orderid") + } + + // make sure the token from the caller(here the frontend) is valid + // and make sure it have the right permission + resp, err := http.Get(fmt.Sprintf("%s/permission?permission=read&access_token=%s", authServerURL, accessToken)) + if err != nil || resp.StatusCode == http.StatusBadRequest { + log.Println("Http req err or Invalid oauth token") + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } else { + http.Error(w, "Invalid authentication", http.StatusBadRequest) + return + } + } + + // Create the form data + form := url.Values{} + form.Set("orderid", orderID) + + // call the order service the get the order + resp, err = http.PostForm(fmt.Sprintf("%s/order?access_token=%s", orderServerURL, globalToken.AccessToken), form) + if err != nil || resp.StatusCode == http.StatusBadRequest { + log.Println("Http req err or Invalid oauth token") + if err != nil { + http.Error(w, err.Error(), http.StatusBadRequest) + return + } else { + http.Error(w, "Invalid authentication", http.StatusBadRequest) + return + } + } + + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + http.Error(w, "Server error", http.StatusInternalServerError) + } + + // run the whatever logic of this service, here we change the shippingAddress + var order Order + err = json.Unmarshal(body, &order) + if err != nil { + log.Println("Error parsing response body:", err) + http.Error(w, "Server error", http.StatusInternalServerError) + } + order.ShippingAddress = "modified by preOrder" + + // send the order + ordeBts, err := json.Marshal(order) + if err != nil { + log.Println("Error marshaling resp body:", err) + http.Error(w, "Server error", http.StatusInternalServerError) + } + + w.Header().Set("Content-Type", "application/json") + + _, err = w.Write(ordeBts) + if err != nil { + log.Println("err sending back the order: ", err) + http.Error(w, "Server error", http.StatusInternalServerError) + } + } +} + +func allowCORS(w http.ResponseWriter, r *http.Request) bool { + // Set the CORS headers + w.Header().Set("Access-Control-Allow-Origin", "http://localhost:9094") + w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS") + w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization") + + // Handle preflight requests + if r.Method == http.MethodOptions { + w.WriteHeader(http.StatusOK) + return false + } + + return true + +} + +func extractBearerToken(tokenWithBearer string) (string, bool) { + bearerPrefix := "Bearer " + if strings.HasPrefix(tokenWithBearer, bearerPrefix) { + token := strings.TrimPrefix(tokenWithBearer, bearerPrefix) + return token, true + } + return "", false +} + +func getTheToken(path string) error { + + u, err := url.Parse(fmt.Sprintf("%s/%s", authServerURL, path)) + if err != nil { + log.Println("Error parsing URL:", err) + return err + } + + // Add the form data to the existing query parameters + queryParams := u.Query() + + // Add the app parmeters + appParams, err := url.ParseQuery(appUrlParams) + if err != nil { + log.Println("Error parsing query string:", err) + return err + } + + for key, values := range appParams { + for _, value := range values { + queryParams.Add(key, value) + } + } + + u.RawQuery = queryParams.Encode() + + resp, err := http.Post(u.String(), "application/x-www-form-urlencoded", strings.NewReader("")) + if err != nil { + log.Println("Error request the token: ", err) + return err + } + + defer resp.Body.Close() + + // Handle the response as needed + if resp.StatusCode != http.StatusOK { + log.Println("Error StatusCode request the token: ", resp) + return nil + } + + // Read the response body + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + log.Println("Error reading response body:", err) + return err + } + + // Parse the response body into CodeStruct + var codeResponse CodeStruct + err = json.Unmarshal(body, &codeResponse) + if err != nil { + log.Println("Error parsing response body:", err) + return err + } + + // Access the extracted code value + token, err := config.Exchange(context.Background(), codeResponse.Code, oauth2.SetAuthURLParam("code_verifier", "s256example")) + if err != nil { + log.Println("Error exchange the token:", err) + return err + } + globalToken = token + return nil + +} + +func genCodeChallengeS256(s string) string { + s256 := sha256.Sum256([]byte(s)) + return base64.URLEncoding.EncodeToString(s256[:]) +} diff --git a/example/README.md b/example/workFlow/README.md similarity index 100% rename from example/README.md rename to example/workFlow/README.md diff --git a/example/client/client.go b/example/workFlow/client/client.go similarity index 100% rename from example/client/client.go rename to example/workFlow/client/client.go diff --git a/example/server/server.go b/example/workFlow/server/server.go similarity index 100% rename from example/server/server.go rename to example/workFlow/server/server.go diff --git a/example/server/static/auth.html b/example/workFlow/server/static/auth.html similarity index 100% rename from example/server/static/auth.html rename to example/workFlow/server/static/auth.html diff --git a/example/server/static/auth.png b/example/workFlow/server/static/auth.png similarity index 100% rename from example/server/static/auth.png rename to example/workFlow/server/static/auth.png diff --git a/example/server/static/login.html b/example/workFlow/server/static/login.html similarity index 100% rename from example/server/static/login.html rename to example/workFlow/server/static/login.html diff --git a/example/server/static/login.png b/example/workFlow/server/static/login.png similarity index 100% rename from example/server/static/login.png rename to example/workFlow/server/static/login.png diff --git a/example/server/static/token.png b/example/workFlow/server/static/token.png similarity index 100% rename from example/server/static/token.png rename to example/workFlow/server/static/token.png diff --git a/go.sum b/go.sum index b82b3db..ac1757e 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,6 @@ github.com/gavv/httpexpect v2.0.0+incompatible h1:1X9kcRshkSKEjNJJxX9Y9mQ5BRfbxU github.com/gavv/httpexpect v2.0.0+incompatible/go.mod h1:x+9tiU1YnrOvnB725RkpoLv1M62hOWzwo5OXotisrKc= github.com/go-session/session v3.1.2+incompatible h1:yStchEObKg4nk2F7JGE7KoFIrA/1Y078peagMWcrncg= github.com/go-session/session v3.1.2+incompatible/go.mod h1:8B3iivBQjrz/JtC68Np2T1yBBLxTan3mn/3OM0CyRt0= -github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= -github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=