Token Management - Implementation

ndyakov · ndyakov · commit d5d0aa82c8eb · 2025-03-31T12:00:00.000Z
diff --git a/token/token.go b/token/token.go
@@ -0,0 +1,83 @@
+package token
+
+import (
+	"time"
+
+	"github.com/redis/go-redis/v9/auth"
+)
+
+// Ensure Token implements the auth.Credentials interface.
+var _ auth.Credentials = (*Token)(nil)
+
+// New creates a new token with the specified username, password, raw token, expiration time, received at time, and time to live.
+// NOTE: This won't do any validation on the token, expiresOn, receivedAt, or ttl. It will simply create a new token instance.
+func New(username, password, rawToken string, expiresOn, receivedAt time.Time, ttl int64) *Token {
+	return &Token{
+		username:   username,
+		password:   password,
+		expiresOn:  expiresOn,
+		receivedAt: receivedAt,
+		ttl:        ttl,
+		rawToken:   rawToken,
+	}
+}
+
+// Token represents parsed authentication token used to access the Redis server.
+// It implements the auth.Credentials interface.
+type Token struct {
+	// username is the username of the user.
+	username string
+	// password is the password of the user.
+	password string
+	// expiresOn is the expiration time of the token.
+	expiresOn time.Time
+	// ttl is the time to live of the token.
+	ttl int64
+	// rawToken is the authentication token.
+	rawToken string
+	// receivedAt is the time when the token was received.
+	receivedAt time.Time
+}
+
+// BasicAuth returns the username and password for basic authentication.
+func (t *Token) BasicAuth() (string, string) {
+	return t.username, t.password
+}
+
+// RawCredentials returns the raw credentials for authentication.
+func (t *Token) RawCredentials() string {
+	return t.rawToken
+}
+
+// ExpirationOn returns the expiration time of the token.
+func (t *Token) ExpirationOn() time.Time {
+	return t.expiresOn
+}
+
+// Copy creates a copy of the token.
+func (t *Token) Copy() *Token {
+	return copyToken(t)
+}
+
+// compareCredentials two tokens if they are the same credentials
+func (t *Token) compareCredentials(token *Token) bool {
+	return t.username == token.username && t.password == token.password
+}
+
+// compareRawCredentials two tokens if they are the same raw credentials
+func (t *Token) compareRawCredentials(token *Token) bool {
+	return t.rawToken == token.rawToken
+}
+
+// compareToken compares two tokens if they are the same token
+func (t *Token) compareToken(token *Token) bool {
+	return t.compareCredentials(token) && t.compareRawCredentials(token)
+}
+
+// copyToken creates a copy of the token.
+func copyToken(token *Token) *Token {
+	if token == nil {
+		return nil
+	}
+	return New(token.username, token.password, token.rawToken, token.expiresOn, token.receivedAt, token.ttl)
+}
diff --git a/token/token_test.go b/token/token_test.go
@@ -0,0 +1,180 @@
+package token
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNew(t *testing.T) {
+	t.Parallel()
+	token := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	assert.Equal(t, "username", token.username)
+	assert.Equal(t, "password", token.password)
+	assert.Equal(t, "rawToken", token.rawToken)
+	assert.Equal(t, int64(3600), token.ttl)
+}
+
+func TestBasicAuth(t *testing.T) {
+	t.Parallel()
+	token := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	username, password := token.BasicAuth()
+	assert.Equal(t, "username", username)
+	assert.Equal(t, "password", password)
+}
+
+func TestRawCredentials(t *testing.T) {
+	t.Parallel()
+	token := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	rawCredentials := token.RawCredentials()
+	assert.Equal(t, "rawToken", rawCredentials)
+}
+
+func TestExpirationOn(t *testing.T) {
+	t.Parallel()
+	token := New("username", "password", "rawToken", time.Now().Add(1*time.Hour), time.Now(), 3600)
+	expirationOn := token.ExpirationOn()
+	assert.True(t, expirationOn.After(time.Now()))
+}
+
+func TestTokenExpiration(t *testing.T) {
+	t.Parallel()
+	token := New("username", "password", "rawToken", time.Now().Add(1*time.Hour), time.Now(), 3600)
+	assert.True(t, token.ExpirationOn().After(time.Now()))
+
+	token.expiresOn = time.Now().Add(-1 * time.Hour)
+	assert.False(t, token.ExpirationOn().After(time.Now()))
+}
+
+func TestTokenReceivedAt(t *testing.T) {
+	t.Parallel()
+	token := New("username", "password", "rawToken", time.Now(), time.Now().Add(1*time.Hour), 3600)
+	assert.True(t, token.receivedAt.After(time.Now().Add(-1*time.Hour)))
+	assert.True(t, token.receivedAt.Before(time.Now().Add(1*time.Hour)))
+}
+
+func TestTokenTTL(t *testing.T) {
+	t.Parallel()
+	token := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	assert.Equal(t, int64(3600), token.ttl)
+
+	token.ttl = 7200
+	assert.Equal(t, int64(7200), token.ttl)
+}
+
+func TestCopyToken(t *testing.T) {
+	t.Parallel()
+	token := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	copiedToken := copyToken(token)
+
+	assert.Equal(t, token.username, copiedToken.username)
+	assert.Equal(t, token.password, copiedToken.password)
+	assert.Equal(t, token.rawToken, copiedToken.rawToken)
+	assert.Equal(t, token.ttl, copiedToken.ttl)
+	assert.Equal(t, token.expiresOn, copiedToken.expiresOn)
+	assert.Equal(t, token.receivedAt, copiedToken.receivedAt)
+
+	// change the copied token
+	copiedToken.expiresOn = time.Now().Add(-1 * time.Hour)
+	assert.NotEqual(t, token.expiresOn, copiedToken.expiresOn)
+
+	// copy nil
+	copiedToken = copyToken(nil)
+	assert.Nil(t, copiedToken)
+	// copy empty token
+	copiedToken = copyToken(&Token{})
+	assert.NotNil(t, copiedToken)
+	anotherCopy := copiedToken.Copy()
+	anotherCopy.rawToken = "changed"
+	assert.NotEqual(t, copiedToken, anotherCopy)
+}
+
+func TestTokenCompare(t *testing.T) {
+	t.Parallel()
+	// Create two tokens with the same credentials
+	token1 := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	token2 := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	assert.True(t, token1.compareCredentials(token2))
+	assert.True(t, token1.compareRawCredentials(token2))
+	assert.True(t, token1.compareToken(token2))
+
+	// Create two tokens with different credentials and different raw credentials
+	token3 := New("username", "differentPassword", "differentRawToken", time.Now(), time.Now(), 3600)
+	assert.False(t, token1.compareCredentials(token3))
+	assert.False(t, token1.compareRawCredentials(token3))
+	assert.False(t, token1.compareToken(token3))
+
+	// Create token with same credentials but different rawCredentials
+	token4 := New("username", "password", "differentRawToken", time.Now(), time.Now(), 3600)
+	assert.False(t, token1.compareRawCredentials(token4))
+	assert.False(t, token1.compareToken(token4))
+	assert.True(t, token1.compareCredentials(token4))
+}
+
+func BenchmarkNew(b *testing.B) {
+	now := time.Now()
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		New("username", "password", "rawToken", now, now, 3600)
+	}
+}
+
+func BenchmarkBasicAuth(b *testing.B) {
+	token := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		token.BasicAuth()
+	}
+}
+
+func BenchmarkRawCredentials(b *testing.B) {
+	token := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		token.RawCredentials()
+	}
+}
+
+func BenchmarkExpirationOn(b *testing.B) {
+	token := New("username", "password", "rawToken", time.Now().Add(1*time.Hour), time.Now(), 3600)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		token.ExpirationOn()
+	}
+}
+
+func BenchmarkCopyToken(b *testing.B) {
+	token := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		token.Copy()
+	}
+}
+
+func BenchmarkCompareCredentials(b *testing.B) {
+	token1 := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	token2 := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		token1.compareCredentials(token2)
+	}
+}
+
+func BenchmarkCompareRawCredentials(b *testing.B) {
+	token1 := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	token2 := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		token1.compareRawCredentials(token2)
+	}
+}
+
+func BenchmarkCompareToken(b *testing.B) {
+	token1 := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	token2 := New("username", "password", "rawToken", time.Now(), time.Now(), 3600)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		token1.compareToken(token2)
+	}
+}
