Session docs on readme

andrebires · andrebires · commit 9301c4a4ee3d · 2022-03-29T15:56:49.000-03:00
diff --git a/README.md b/README.md
@@ -500,13 +500,16 @@ In Lime, the **client can receive and process commands requests** from other nod
 
 ### Session
 
+> The session establishment flow is automatically handled by the library. 
+> This section is for informative purposes only. 
+
 The session envelope is used for the negotiation, authentication and establishment of the communication channel between
 the client and a server. 
-It helps select the transport options, like compression and encryption (TLS), authentication credentials, and session
-metadata, like its `id` and local/remote node addresses.
+It helps the parties to select the transport options, like compression and encryption (TLS), authentication credentials,
+and session metadata, like its `id` and local/remote node addresses.
 
-For instance, the first envelope sent in every like session is the **new session** envelope, which the client sends to
-the server after the transport connection is established:
+The first envelope sent in every Lime session is the **new session** envelope, which the client sends to the server
+after the transport connection is established:
 
 ```json
 {
@@ -531,11 +534,88 @@ encryption by default).
 
 Note that this envelope haves a `id` defined, which is the **session id**. 
 The next session envelopes sent by the client should use this same id, until the end of the session.
+During the session establishment, only session envelopes are allowed.
+
+The server can skip the `negotiating` state and jump directly to the `authenticating` or even to the `established`
+state. The session state progression can occur in the following order:
 
-The session state progression can occur in the following order:
-1. new (client started)
+1. new (started by the client)
 2. negotiating (optional) 
 3. authenticating (optional)
 4. established 
-5. finishing (optional, client started)
-6. finished OR failed
+5. finishing (optional, started by the client)
+6. finished OR failed (final)
+
+In Go, the session negotiation, authentication, and establishment process is **automatically handled** by the 
+`lime.Client` and `lime.Server` types.
+You just need to make sure that the server and client are configured accordingly the desired behavior.
+
+For instance, if you want to ensure that the TCP transport connections are using the TLS encryption, you will need to
+configure the server similarly to this:
+
+```go
+server := lime.NewServerBuilder().
+    // Enable the TLS encryption option for all sessions
+    EncryptionOptions(lime.SessionEncryptionTLS).
+    // Set up the TCP listener providing a certificate
+    ListenTCP(addr, &lime.TCPConfig{
+        TLSConfig: &tls.Config{
+            GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
+                cert, err := tls.LoadX509KeyPair("cert.pem", "key.pem")
+                if err != nil {
+                    return nil, err
+                }
+                return &cert, nil
+            },
+        }}).
+    // TODO: Setup other server options
+    Build()
+```
+
+And in the client side, you should set up the TLS encryption option and the TCP config:
+
+```go
+client := lime.NewClientBuilder().
+    Encryption(lime.SessionEncryptionTLS).
+    UseTCP(addr, &lime.TCPConfig{
+        TLSConfig:   &tls.Config{ServerName: "localhost"},
+    }).
+    // TODO: Setup other client options
+    Build()
+```
+
+You may also want to configure the server and client authentication mechanisms.
+The Lime Go library supports the following schemes:
+- Guest (no authentication)
+- Plain (password)
+- Key
+- Transport (mutual TLS on TCP)
+- External (token emitted by an issuer)
+
+To enable the use of plain authentication, in the server you should use the `EnablePlainAuthentication` method passing
+the authentication handler function, like in the example below:
+
+```go
+server := lime.NewServerBuilder().
+    EnablePlainAuthentication(
+        func(ctx context.Context, i lime.Identity, pwd string) (*lime.AuthenticationResult, error) {
+        // TODO: implement checkCredentials to validate the user/password in your secret store
+        if checkCredentials(i.Name, pwd) {
+            return &lime.AuthenticationResult{Role: lime.DomainRoleMember}, nil
+        }
+        return &lime.AuthenticationResult{Role: lime.DomainRoleUnknown}, nil
+    }).
+    // TODO: Setup other server options
+    Build()
+```
+
+On the client side, you can use the `PlainAuthentication` method to set the password that should be used:
+
+```go
+client := lime.NewClientBuilder().
+    // Sets the identity name and password
+    Name("john").
+    PlainAuthentication("mysecretpassword").
+    // TODO: Setup other client options
+    Build()
+```
diff --git a/examples/client/main.go b/examples/client/main.go
@@ -21,10 +21,13 @@ func main() {
 	}
 
 	client := lime.NewClientBuilder().
+		Encryption(lime.SessionEncryptionTLS).
 		UseTCP(addr, &lime.TCPConfig{
 			TLSConfig:   &tls.Config{ServerName: "localhost", InsecureSkipVerify: true},
 			TraceWriter: lime.NewStdoutTraceWriter(),
 		}).
+		Name("john").
+		PlainAuthentication("mysecretpassword").
 		MessagesHandlerFunc(
 			func(ctx context.Context, msg *lime.Message, s lime.Sender) error {
 				fmt.Printf("Message received - ID: %v - From: %v - Type: %v - Content: %v\n", msg.ID, msg.From, msg.Type, msg.Content)
diff --git a/examples/server/credentials.go b/examples/server/credentials.go
@@ -0,0 +1,28 @@
+package main
+
+import "golang.org/x/crypto/bcrypt"
+
+var fakeSecretStore = map[string]string{
+	"john": hashPassword("mysecretpassword"),
+	"mary": hashPassword("mary1234"),
+}
+
+func checkCredentials(name string, password string) bool {
+	if hash, ok := fakeSecretStore[name]; ok {
+		return checkPasswordHash(password, hash)
+	}
+	return false
+}
+
+func hashPassword(password string) string {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
+	if err != nil {
+		panic(err)
+	}
+	return string(bytes)
+}
+
+func checkPasswordHash(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}
diff --git a/examples/server/main.go b/examples/server/main.go
@@ -45,6 +45,7 @@ func main() {
 				fmt.Printf("RequestCommand received - ID: %v\n", cmd.ID)
 				return nil
 			}).
+		EncryptionOptions(lime.SessionEncryptionTLS).
 		ListenTCP(
 			addr,
 			&lime.TCPConfig{
@@ -56,6 +57,12 @@ func main() {
 				TraceWriter: lime.NewStdoutTraceWriter(),
 			}).
 		EnableGuestAuthentication().
+		EnablePlainAuthentication(func(ctx context.Context, identity lime.Identity, password string) (*lime.AuthenticationResult, error) {
+			if checkCredentials(identity.Name, password) {
+				return &lime.AuthenticationResult{Role: lime.DomainRoleMember}, nil
+			}
+			return &lime.AuthenticationResult{Role: lime.DomainRoleUnknown}, nil
+		}).
 		Build()
 
 	go func() {
diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/stretchr/testify v1.7.0
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/goleak v1.1.12
-	go.uber.org/multierr v1.8.0 // indirect
+	go.uber.org/multierr v1.8.0
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 )
diff --git a/go.sum b/go.sum
@@ -1,11 +1,6 @@
-github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo=
-github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
@@ -19,8 +14,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
@@ -32,6 +25,7 @@ go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ
 go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
 go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -62,13 +56,9 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ require (`
`8`	`8`	`github.com/stretchr/testify v1.7.0`
`9`	`9`	`go.uber.org/atomic v1.9.0 // indirect`
`10`	`10`	`go.uber.org/goleak v1.1.12`
`11`		`- go.uber.org/multierr v1.8.0 // indirect`
	`11`	`+ go.uber.org/multierr v1.8.0`
	`12`	`+ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550`
`12`	`13`	`golang.org/x/sync v0.0.0-20210220032951-036812b2e83c`
`13`	`14`	`)`