updates

Author: KenWilliamson

README.md

@@ -8,7 +8,7 @@ A complete standalone Oauth2 Server RFC 6749 implementation written in Golang an
 GoAuth2 is an Oauth2 server implementation written in Golang. Currently authorization code, 
 implicit, and client credentials grant, and password grant types are supported.
 
-GoAuth2 issues an enhanced JWT token that can be used to secure individual REST endpoints for users using roles. REST endpoints can be coded to validate the JWT token using the user's role.
+GoAuth2 issues a compressed enhanced JWT token that can be used to secure individual REST endpoints for users using roles. REST endpoints can be coded to validate the JWT token using the user's role. There is also a access token REST service that can validate a compressed token. Token compression can be turned off at startup if desired.
 
 ### GoAuth2 will provide the security infrastructure for the new Ulbora Labs eCommerce Platform project, 66GoCart.
 #### (66GoCart is an eCommerce Platform server solution written in golang that provides REST endpoints for backend operations. 66GoCart frontend soltutions can be written in golang or any other language.)

compresstoken/compressToken.go

@@ -0,0 +1,67 @@
+//Package compresstoken ...
+package compresstoken
+
+import (
+	"bytes"
+	"compress/flate"
+	"compress/zlib"
+	"encoding/base64"
+	"io"
+)
+
+/*
+ Copyright (C) 2019 Ulbora Labs LLC. (www.ulboralabs.com)
+ All rights reserved.
+
+ Copyright (C) 2019 Ken Williamson
+ All rights reserved.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ You should have received a copy of the GNU General Public License
+ along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+//JwtCompress JwtCompress
+type JwtCompress struct {
+}
+
+//CompressJwt CompressJwt
+func (c *JwtCompress) CompressJwt(jwt string) string {
+	//compress jwt with zlib and package with base64
+	var rtn string
+	var b bytes.Buffer
+	w, err := zlib.NewWriterLevel(&b, flate.BestCompression)
+	if err == nil {
+		w.Write([]byte(jwt))
+		w.Close()
+		rtn = base64.StdEncoding.EncodeToString(b.Bytes())
+	}
+	return rtn
+}
+
+//UnCompressJwt UnCompressJwt
+func (c *JwtCompress) UnCompressJwt(cjwt string) string {
+	//uncompress jwt with zlib after converting from base64
+	var rtn string
+	var b bytes.Buffer
+	decoded, derr := base64.StdEncoding.DecodeString(cjwt)
+	if derr == nil {
+		b.Write(decoded)
+		r, err := zlib.NewReader(&b)
+		if err == nil {
+			var out bytes.Buffer
+			io.Copy(&out, r)
+			r.Close()
+			rtn = out.String()
+		}
+	}
+	return rtn
+}

compresstoken/compressToken_test.go

@@ -0,0 +1,8 @@
+mode: set
+github.com/Ulbora/GoAuth2/compresstoken/compressToken.go:37.54,42.16 4 1
+github.com/Ulbora/GoAuth2/compresstoken/compressToken.go:47.2,47.12 1 1
+github.com/Ulbora/GoAuth2/compresstoken/compressToken.go:42.16,46.3 3 1
+github.com/Ulbora/GoAuth2/compresstoken/compressToken.go:51.57,56.17 4 1
+github.com/Ulbora/GoAuth2/compresstoken/compressToken.go:66.2,66.12 1 1
+github.com/Ulbora/GoAuth2/compresstoken/compressToken.go:56.17,59.17 3 1
+github.com/Ulbora/GoAuth2/compresstoken/compressToken.go:59.17,64.4 4 1

compresstoken/coverage.out

@@ -240,7 +240,7 @@ func (h *OauthRestHandler) GetClientSearchList(w http.ResponseWriter, r *http.Re
 	var getCltsURL = "/ulbora/rs/client/search"
 
 	var gcltscl oc.Claim
-	gcltscl.Role = "admin"
+	gcltscl.Role = "superAdmin"
 	gcltscl.URL = getCltsURL
 	gcltscl.Scope = "read"
 	//fmt.Println("client: ", h.Client)

handlers/clientRestHandlers.go

@@ -8,6 +8,7 @@ import (
 	"log"
 	"net/http"
 
+	cp "github.com/Ulbora/GoAuth2/compresstoken"
 	m "github.com/Ulbora/GoAuth2/managers"
 	oa "github.com/Ulbora/GoAuth2/oauthclient"
 	rc "github.com/Ulbora/GoAuth2/rolecontrol"
@@ -35,9 +36,11 @@ import (
 
 //OauthRestHandler OauthRestHandler
 type OauthRestHandler struct {
-	Manager      m.Manager
-	Client       oa.Client
-	AssetControl rc.AssetControl
+	Manager         m.Manager
+	Client          oa.Client
+	AssetControl    rc.AssetControl
+	TokenCompressed bool
+	JwtCompress     cp.JwtCompress
 }
 
 //GetNewRestHandler GetNewRestHandler

handlers/coverage.out

@@ -38,7 +38,7 @@ import (
 */
 
 //UseWebHandler UseWebHandler
-func UseWebHandler(dbi db.Database) *OauthWebHandler {
+func UseWebHandler(dbi db.Database, compressJtw bool) *OauthWebHandler {
 	var oauthManagerw m.OauthManager
 	var oauthMySqldbw msdb.MySQLOauthDB
 	oauthMySqldbw.DB = dbi
@@ -50,11 +50,12 @@ func UseWebHandler(dbi db.Database) *OauthWebHandler {
 
 	var wh OauthWebHandler
 	wh.Manager = &oauthManagerw
+	wh.TokenCompressed = compressJtw
 	return &wh
 }
 
 //UseRestHandler UseRestHandler
-func UseRestHandler(dbi db.Database, assets string) *OauthRestHandler {
+func UseRestHandler(dbi db.Database, assets string, compressJtw bool) *OauthRestHandler {
 	var oauthManager m.OauthManager
 	var oauthMySqldb msdb.MySQLOauthDB
 	oauthMySqldb.DB = dbi
@@ -67,6 +68,7 @@ func UseRestHandler(dbi db.Database, assets string) *OauthRestHandler {
 
 	var clt oa.OauthClient
 	clt.Manager = &oauthManager
+	clt.TokenCompressed = compressJtw
 	rh.Client = &clt
 
 	var curs []rc.ControlledURL
@@ -81,5 +83,6 @@ func UseRestHandler(dbi db.Database, assets string) *OauthRestHandler {
 	var ac rc.OauthAssets
 	ac.AddControledURLs(&curs)
 	rh.AssetControl = &ac
+	rh.TokenCompressed = compressJtw
 	return &rh
 }

handlers/oauthHandlers.go

@@ -9,7 +9,7 @@ import (
 
 func TestUseHanders_UseWebHandler(t *testing.T) {
 	var dbi db.Database
-	h := UseWebHandler(dbi)
+	h := UseWebHandler(dbi, false)
 	if h == nil {
 		t.Fail()
 	}
@@ -18,7 +18,7 @@ func TestUseHanders_UseWebHandler(t *testing.T) {
 func TestUseHanders_UseRestHandler(t *testing.T) {
 	var dbi db.Database
 	var assets = "WwogICB7CiAgICAgICJ1cmwiOiIvdWxib3JhL3JzL2NsaWVudEFsbG93ZWRVcmkvYWRkIiwKICAgICAgImFzc2V0cyI6WwogICAgICAgICB7CiAgICAgICAgICAgICJjb250cm9sbGVkQXNzZXQiOiJ1bGJvcmEiLAogICAgICAgICAgICAiYWxsb3dlZFJvbGUiOiJzdXBlckFkbWluIgogICAgICAgICB9CiAgICAgIF0KICAgfSwKICAgewogICAgICAidXJsIjoiL3VsYm9yYS9ycy9jbGllbnRBbGxvd2VkVXJpL3VwZGF0ZSIsCiAgICAgICJhc3NldHMiOlsKICAgICAgICAgewogICAgICAgICAgICAiY29udHJvbGxlZEFzc2V0IjoidWxib3JhIiwKICAgICAgICAgICAgImFsbG93ZWRSb2xlIjoic3VwZXJBZG1pbiIKICAgICAgICAgfQogICAgICBdCiAgIH0sCiAgIHsKICAgICAgInVybCI6Ii91bGJvcmEvcnMvY2xpZW50Um9sZS9hZGQiLAogICAgICAiYXNzZXRzIjpbCiAgICAgICAgIHsKICAgICAgICAgICAgImNvbnRyb2xsZWRBc3NldCI6InN1cGVyQWRtaW4iLAogICAgICAgICAgICAiYWxsb3dlZFJvbGUiOiJzdXBlckFkbWluIgogICAgICAgICB9CiAgICAgIF0KICAgfQpd"
-	h := UseRestHandler(dbi, assets)
+	h := UseRestHandler(dbi, assets, false)
 	if h == nil {
 		t.Fail()
 	}

handlers/utilites.go

@@ -38,6 +38,10 @@ type ValidationResponse struct {
 func (h *OauthRestHandler) ValidateAccessToken(w http.ResponseWriter, r *http.Request) {
 	var vdtr m.ValidateAccessTokenReq
 	vdtsuc, gerr := h.ProcessBody(r, &vdtr)
+	if h.TokenCompressed {
+		vdtr.AccessToken = h.JwtCompress.UnCompressJwt(vdtr.AccessToken)
+		fmt.Println("uncompressed token in validate: ", vdtr.AccessToken)
+	}
 	fmt.Println("vdtsuc: ", vdtsuc)
 	fmt.Println("vdtr: ", vdtr)
 	fmt.Println("gerr: ", gerr)

handlers/utilites_test.go

@@ -11,6 +11,7 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	cp "github.com/Ulbora/GoAuth2/compresstoken"
 	m "github.com/Ulbora/GoAuth2/managers"
 )
 
@@ -43,6 +44,39 @@ func TestOauthRestHandler_ValidateToken(t *testing.T) {
 	}
 }
 
+func TestOauthRestHandler_ValidateTokenCompressed(t *testing.T) {
+	var oh OauthRestHandler
+
+	var man m.MockManager
+	man.MockValidateAccessTokenSuccess = true
+	oh.Manager = &man
+	oh.TokenCompressed = true
+
+	h := oh.GetNewRestHandler()
+	var token = "jdljdfldjslkjdsdfgdfgdffgdfgfdfgdfgdfgdfgdfdfdfdfdfdfdfdfgdgdfgdffgdfgdfdfgfdfgdfdfgddddgdgdgdgdgdgdgddggdgdgdgdggdfgdfgdfgdgflkldksldfks"
+	var jc cp.JwtCompress
+	tkn := jc.CompressJwt(token)
+	fmt.Println("compressed token in test", tkn)
+	fmt.Println("uncompressed token in test", jc.UnCompressJwt(tkn))
+
+	aJSON := ioutil.NopCloser(bytes.NewBufferString(`{"accessToken":"eNpUjFEKRDEIAy87JKD58/6w4NJHSwYcRVKkUKhJF4O87NDZ/rwx1+cedATAT/DnV6OVDj1BPb8AAAD//8ZtNs8=", "hashed": false, "userId":"someUser", "clientId": 2, "role": "someRole", "uri": "someUri", "scope":"someScope"}`))
+	//aJSON, _ := json.Marshal(robj)
+	//fmt.Println("aJSON: ", aJSON)
+	r, _ := http.NewRequest("POST", "/ffllist", aJSON)
+	//r, _ := http.NewRequest("POST", "/ffllist", nil)
+	r.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	h.ValidateAccessToken(w, r)
+	resp := w.Result()
+	body, _ := ioutil.ReadAll(resp.Body)
+	var bdy ValidationResponse
+	json.Unmarshal(body, &bdy)
+	fmt.Println("body: ", string(body))
+	if w.Code != 200 || w.Header().Get("Content-Type") != "application/json" || !bdy.Valid {
+		t.Fail()
+	}
+}
+
 func TestOauthRestHandler_ValidateTokenNotValid(t *testing.T) {
 	var oh OauthRestHandler
 

handlers/validateTokenRestHandlers.go

@@ -93,7 +93,7 @@ func (h *OauthWebHandler) Authorize(w http.ResponseWriter, r *http.Request) {
 		ari.ClientID = clientIDAuth
 		ari.RedirectURI = redirectURLAuth
 		ari.Scope = scopeAuth
-		ari.State = scopeAuth
+		ari.State = stateAuth
 
 		if loggedInAuth == true && userAuth != nil {
 			fmt.Println("loggedIn: ", loggedInAuth)
@@ -134,6 +134,9 @@ func (h *OauthWebHandler) Authorize(w http.ResponseWriter, r *http.Request) {
 				if iauthed {
 					isuc, im := h.Manager.AuthorizeImplicit(&aut)
 					if isuc && im.Token != "" {
+						if h.TokenCompressed {
+							im.Token = h.JwtCompress.CompressJwt(im.Token)
+						}
 						http.Redirect(w, r, redirectURLAuth+"?token="+im.Token+"&token_type=bearer&state="+stateAuth, http.StatusFound)
 					} else {
 						http.Redirect(w, r, accessDeniedErrorURL, http.StatusFound)
@@ -269,6 +272,9 @@ func (h *OauthWebHandler) ApplicationAuthorizationByUser(w http.ResponseWriter,
 				fmt.Println("aaiSuc", aaiSuc)
 				fmt.Println("irtn", irtn)
 				if aaiSuc && irtn.Token != "" {
+					if h.TokenCompressed {
+						irtn.Token = h.JwtCompress.CompressJwt(irtn.Token)
+					}
 					http.Redirect(w, r, aaari.RedirectURI+"?token="+irtn.Token+"&token_type=bearer&state="+aaari.State, http.StatusFound)
 				} else {
 					var aaipg PageParams

handlers/validateTokenRestHandlers_test.go

@@ -123,6 +123,38 @@ func TestOauthWebHandler_AuthorizeImplicit(t *testing.T) {
 	}
 }
 
+func TestOauthWebHandler_AuthorizeImplicitCompressed(t *testing.T) {
+	var om m.MockManager
+	om.MockImplicitAuthorized = true
+	om.MockImplicitAuthorizeSuccess = true
+	var impRtn m.ImplicitReturn
+	impRtn.ID = 5
+	impRtn.Token = "gjfldflkl"
+	om.MockImplicitReturn = impRtn
+	//om.MockAuthCode = 55
+	//om.MockAuthCodeString = "rr666"
+
+	var wh OauthWebHandler
+	wh.Manager = &om
+	wh.TokenCompressed = true
+	h := wh.GetNewWebHandler()
+	r, _ := http.NewRequest("GET", "/test?response_type=token&client_id=125&redirect_uri=http://tester.com/test&scope=web&state=123", nil)
+	//r.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	s, suc := wh.getSession(r)
+	fmt.Println("suc: ", suc)
+	s.Values["loggedIn"] = true
+	s.Values["user"] = "tester"
+	s.Save(r, w)
+	h.Authorize(w, r)
+	fmt.Println("code: ", w.Code)
+	fmt.Println("location: ", w.HeaderMap["Location"])
+	loc := w.HeaderMap["Location"]
+	if w.Code != 302 || loc[0] != "http://tester.com/test?token=eNpKz0rLSUnLyc4BBAAA//8SXAOx&token_type=bearer&state=123" {
+		t.Fail()
+	}
+}
+
 func TestOauthWebHandler_AuthorizeImplicitNotAuth(t *testing.T) {
 	var om m.MockManager
 	om.MockImplicitAuthorized = false
@@ -677,6 +709,50 @@ func TestOauthWebHandler_AuthorizeByUserToken(t *testing.T) {
 	}
 }
 
+func TestOauthWebHandler_AuthorizeByUserTokenCompressed(t *testing.T) {
+	var om m.MockManager
+	om.MockAuthCodeAuthorized = true
+	om.MockAuthCodeAuthorizeSuccess = true
+	om.MockImplicitAuthorizeSuccess = true
+	var acc m.ImplicitReturn
+	acc.ID = 55
+	acc.Token = "lllkldskldfk"
+
+	om.MockImplicitReturn = acc
+	om.MockAuthCode = 55
+	om.MockAuthCodeString = "rr666"
+
+	var ari AuthorizeRequestInfo
+	ari.ResponseType = "token"
+	ari.ClientID = 1234
+	ari.RedirectURI = "http://test.com/test"
+	ari.Scope = "web"
+	ari.State = "12eee"
+
+	var wh OauthWebHandler
+	wh.Templates = template.Must(template.ParseFiles("testHtmls/test.html"))
+	wh.Manager = &om
+	wh.TokenCompressed = true
+	h := wh.GetNewWebHandler()
+	r, _ := http.NewRequest("GET", "/test?response_type=token&authorize=true", nil)
+	//r.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	s, suc := wh.getSession(r)
+	fmt.Println("suc: ", suc)
+	s.Values["loggedIn"] = true
+	s.Values["user"] = "tester"
+	s.Values["authReqInfo"] = &ari
+
+	s.Save(r, w)
+	h.ApplicationAuthorizationByUser(w, r)
+	fmt.Println("code: ", w.Code)
+	fmt.Println("location: ", w.HeaderMap["Location"])
+	loc := w.HeaderMap["Location"]
+	if w.Code != 302 || loc[0] != "http://test.com/test?token=eNrKycnJzkkpzs5JScsGBAAA//8gswT/&token_type=bearer&state=12eee" {
+		t.Fail()
+	}
+}
+
 func TestOauthWebHandler_AuthorizeByUserTokenFailedAuth(t *testing.T) {
 	var om m.MockManager
 	om.MockAuthCodeAuthorized = true

handlers/webAuthorizationHandlers.go

@@ -7,6 +7,7 @@ import (
 	"html/template"
 	"net/http"
 
+	cp "github.com/Ulbora/GoAuth2/compresstoken"
 	m "github.com/Ulbora/GoAuth2/managers"
 	gs "github.com/Ulbora/go-sessions"
 	"github.com/gorilla/sessions"
@@ -47,10 +48,12 @@ const (
 
 //OauthWebHandler OauthWebHandler
 type OauthWebHandler struct {
-	Manager   m.Manager
-	Session   gs.GoSession
-	Templates *template.Template
-	Store     *sessions.CookieStore
+	Manager         m.Manager
+	Session         gs.GoSession
+	Templates       *template.Template
+	Store           *sessions.CookieStore
+	TokenCompressed bool
+	JwtCompress     cp.JwtCompress
 	//SessInit  bool
 }
 

handlers/webAuthorizationHandlers_test.go

@@ -126,6 +126,9 @@ func (h *OauthWebHandler) Token(w http.ResponseWriter, r *http.Request) {
 			h.SetContentType(w)
 			h.SetSecurityHeader(w)
 			w.WriteHeader(http.StatusOK)
+			if h.TokenCompressed {
+				token.AccessToken = h.JwtCompress.CompressJwt(token.AccessToken)
+			}
 			resJSON, _ := json.Marshal(token)
 			fmt.Fprint(w, string(resJSON))
 		} else if caseDef {