DataFed/core/server/AuthenticationManager.hpp at a69cd679419b94756e41f47331d6be2f2b1326b1 · ORNL/DataFed · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

#ifndef AUTHENTICATION_MANAGER_HPP
#define AUTHENTICATION_MANAGER_HPP
#pragma once

// Local includes
#include "Condition.hpp"
#include "PublicKeyTypes.hpp"

// Common includes
#include "common/DynaLog.hpp"
#include "common/IAuthenticationManager.hpp"

// Standard includes
#include <map>
#include <memory>
#include <mutex>
#include <vector>

namespace SDMS {
namespace Core {

class AuthenticationManager : public IAuthenticationManager {
private:
  // The next purge time for each type of public key
  std::map<PublicKeyType, time_t> m_next_purge;
  // The purge interval for each type of public key
  std::map<PublicKeyType, time_t> m_purge_interval;
  // The purge conditions for each type of public key
  std::map<PublicKeyType, std::vector<std::unique_ptr<Condition>>>
      m_purge_conditions;

  AuthMap m_auth_mapper;

  mutable std::mutex m_lock;

  LogContext m_log_context;

public:
  AuthenticationManager(){};

  virtual ~AuthenticationManager(){};

  AuthenticationManager &operator=(AuthenticationManager &&other);

  /// Construct without database connectivity (in-memory only mode).
  /// Persistent key lookups will only check the in-memory map, not the DB.
  AuthenticationManager(
      std::map<PublicKeyType, time_t> purge_intervals,
      std::map<PublicKeyType, std::vector<std::unique_ptr<Condition>>>
          &&purge_conditions,
      LogContext log_context = LogContext{});

  /// Construct with database connectivity for persistent key lookups.
  AuthenticationManager(
      std::map<PublicKeyType, time_t> purge_intervals,
      std::map<PublicKeyType, std::vector<std::unique_ptr<Condition>>>
          &&purge_conditions,
      const std::string &db_url, const std::string &db_user,
      const std::string &db_pass,
      LogContext log_context = LogContext{});
  /**
   * Increments the number of times that the key has been accessed, this is used
   *by the transient key to know when it needs to be converted to a session key.
   *
   * It is used by the session key to know if it has been accesses within an
   *allotted purge time frame. If the count is above one then the session key
   *not be purged.
   **/
  virtual void incrementKeyAccessCounter(const std::string &public_key, LogContext log_context) final;

  /**
   * This will purge all keys of a particular type that have expired.
   *
   * The session key counter will be set back to 0 if it has been used and is
   *not purged.
   **/
  virtual void purge(const PublicKeyType pub_key_type) final;

  /**
   * Calls purge for both TRANSIENT and SESSION keys. If they need to be
   * purged they are.
   */
  virtual void purge() final;

  /**
   * Will return true if the public key is known is associated with a user
   *account.
   *
   * Will look at all keys:
   * - TRANSIENT
   * - SESSION
   * - PERSISTENT
   **/
  virtual bool hasKey(const std::string &pub_key, LogContext log_context) const final;

  void addKey(const PublicKeyType &pub_key_type, const std::string &public_key,
              const std::string &uid);

  /**
   * Check if a specific key exists in a specific map type
   **/
  bool hasKey(const PublicKeyType &pub_key_type, const std::string &public_key, LogContext log_context) const;

  /**
   * Migrate a key from one type to another
   **/
  void migrateKey(const PublicKeyType &from_type, const PublicKeyType &to_type,
                  const std::string &public_key, const std::string &uid);

  /**
   * Clear all transient keys from the authentication map.
   * This is useful for cleaning up stale keys after service restarts.
   **/
  void clearTransientKeys();

  /**
   * Clear all session keys from the authentication map.
   * This is useful for cleaning up stale keys after service restarts.
   **/
  void clearSessionKeys();

  /**
   * Clear all non-persistent (transient and session) keys.
   * Persistent keys are preserved as they represent service accounts.
   **/
  void clearAllNonPersistentKeys();

  /**
   * Will the id or throw an error
   *
   * Will look at all keys:
   * - TRANSIENT
   * - SESSION
   * - PERSISTENT
   **/
  virtual std::string getUID(const std::string &pub_key, LogContext log_context) const final;

  /**
   * Safe version that returns empty string if key not found
   * instead of throwing an exception
   **/
  std::string getUIDSafe(const std::string &pub_key, LogContext log_context) const;
};

} // namespace Core
} // namespace SDMS

#endif // AUTHENTICATION_MANAGER