mirror of
https://github.com/TecharoHQ/anubis.git
synced 2025-08-03 09:48:08 -04:00
dff2176beb
* feat(decaymap): add Delete method Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(lib/challenge): refactor Validate to take ValidateInput Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib): implement store interface Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib/store): all metapackage to import all store implementations Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(policy): import all store backends Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib): use new challenge creation flow Previously Anubis constructed challenge strings from request metadata. This was a good idea in spirit, but has turned out to be a very bad idea in practice. This new flow reuses the Store facility to dynamically create challenge values with completely random data. This is a fairly big rewrite of how Anubis processes challenges. Right now it defaults to using the in-memory storage backend, but on-disk (boltdb) and valkey-based adaptors will come soon. Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(decaymap): fix documentation typo Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(lib): fix SA4004 Signed-off-by: Xe Iaso <me@xeiaso.net> * test(lib/store): make generic storage interface test adaptor Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(decaymap): invert locking process for Delete Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib/store): add bbolt store implementation Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: go mod tidy Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(devcontainer): adapt to docker compose, add valkey service Signed-off-by: Xe Iaso <me@xeiaso.net> * fix(lib): make challenges live for 30 minutes by default Signed-off-by: Xe Iaso <me@xeiaso.net> * feat(lib/store): implement valkey backend Signed-off-by: Xe Iaso <me@xeiaso.net> * test(lib/store/valkey): disable tests if not using docker Signed-off-by: Xe Iaso <me@xeiaso.net> * test(lib/policy/config): ensure valkey stores can be loaded Signed-off-by: Xe Iaso <me@xeiaso.net> * Update metadata check-spelling run (pull_request) for Xe/store-interface Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com> on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev> * chore(devcontainer): remove port forwards because vs code handles that for you Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(default-config): add a nudge to the storage backends section of the docs Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(docs): listen on 0.0.0.0 for dev container support Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(policy): document storage backends Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: update CHANGELOG and internal links Signed-off-by: Xe Iaso <me@xeiaso.net> * docs(admin/policies): don't start a sentence with as Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: fixes found in review Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com>
78 lines
2.1 KiB
Go
78 lines
2.1 KiB
Go
package store
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"time"
|
|
)
|
|
|
|
var (
|
|
// ErrNotFound is returned when the store implementation cannot find the value
|
|
// for a given key.
|
|
ErrNotFound = errors.New("store: key not found")
|
|
|
|
// ErrCantDecode is returned when a store adaptor cannot decode the store format
|
|
// to a value used by the code.
|
|
ErrCantDecode = errors.New("store: can't decode value")
|
|
|
|
// ErrCantEncode is returned when a store adaptor cannot encode the value into
|
|
// the format that the store uses.
|
|
ErrCantEncode = errors.New("store: can't encode value")
|
|
|
|
// ErrBadConfig is returned when a store adaptor's configuration is invalid.
|
|
ErrBadConfig = errors.New("store: configuration is invalid")
|
|
)
|
|
|
|
// Interface defines the calls that Anubis uses for storage in a local or remote
|
|
// datastore. This can be implemented with an in-memory, on-disk, or in-database
|
|
// storage backend.
|
|
type Interface interface {
|
|
// Delete removes a value from the store by key.
|
|
Delete(ctx context.Context, key string) error
|
|
|
|
// Get returns the value of a key assuming that value exists and has not expired.
|
|
Get(ctx context.Context, key string) ([]byte, error)
|
|
|
|
// Set puts a value into the store that expires according to its expiry.
|
|
Set(ctx context.Context, key string, value []byte, expiry time.Duration) error
|
|
}
|
|
|
|
func z[T any]() T { return *new(T) }
|
|
|
|
type JSON[T any] struct {
|
|
Underlying Interface
|
|
}
|
|
|
|
func (j *JSON[T]) Delete(ctx context.Context, key string) error {
|
|
return j.Underlying.Delete(ctx, key)
|
|
}
|
|
|
|
func (j *JSON[T]) Get(ctx context.Context, key string) (T, error) {
|
|
data, err := j.Underlying.Get(ctx, key)
|
|
if err != nil {
|
|
return z[T](), err
|
|
}
|
|
|
|
var result T
|
|
if err := json.Unmarshal(data, &result); err != nil {
|
|
return z[T](), fmt.Errorf("%w: %w", ErrCantDecode, err)
|
|
}
|
|
|
|
return result, nil
|
|
}
|
|
|
|
func (j *JSON[T]) Set(ctx context.Context, key string, value T, expiry time.Duration) error {
|
|
data, err := json.Marshal(value)
|
|
if err != nil {
|
|
return fmt.Errorf("%w: %w", ErrCantEncode, err)
|
|
}
|
|
|
|
if err := j.Underlying.Set(ctx, key, data, expiry); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|