Allow extending keys through keygen (#268)

This adds a way to extend keys through a normal `keygen` method. Users will need to provide a key which has `extend` permissions in the request along with the desired access permissions. Note that the permissions will be a reflection of the key itself (e.g: if a key has `re` permissions and `keygen` request contains `wr`, the resulting key will only have `r` permission).
emitter-io · Sep 25, 2019 · 7c6b3ed · 7c6b3ed
1 parent d3b208d
commit 7c6b3ed
Show file tree

Hide file tree

Showing 18 changed files with 922 additions and 547 deletions.
diff --git a/internal/broker/assets.go b/internal/broker/assets.go
diff --git a/internal/broker/conn.go b/internal/broker/conn.go
@@ -25,6 +25,8 @@ import (
 	"time"
 
 	"github.com/emitter-io/address"
+	"github.com/emitter-io/emitter/internal/broker/keygen"
+	"github.com/emitter-io/emitter/internal/errors"
 	"github.com/emitter-io/emitter/internal/message"
 	"github.com/emitter-io/emitter/internal/network/mqtt"
 	"github.com/emitter-io/emitter/internal/provider/contract"
@@ -49,6 +51,7 @@ type Conn struct {
 	measurer stats.Measurer    // The measurer to use for monitoring.
 	links    map[string]string // The map of all pre-authorized links.
 	limit    *rate.Limiter     // The read rate limiter.
+	keys     *keygen.Provider  // The key generation provider.
 }
 
 // NewConn creates a new connection.
@@ -61,6 +64,7 @@ func (s *Service) newConn(t net.Conn, readRate int) *Conn {
 		subs:     message.NewCounters(),
 		measurer: s.measurer,
 		links:    map[string]string{},
+		keys:     s.Keygen,
 	}
 
 	// Generate a globally unique id as well
@@ -236,16 +240,16 @@ func (c *Conn) Send(m *message.Message) (err error) {
 }
 
 // notifyError notifies the connection about an error
-func (c *Conn) notifyError(err *Error, requestID uint16) {
+func (c *Conn) notifyError(err *errors.Error, requestID uint16) {
 	c.sendResponse("emitter/error/", err, requestID)
 }
 
 func (c *Conn) sendResponse(topic string, resp response, requestID uint16) {
 	switch m := resp.(type) {
-	case *Error:
-		errCopy := *m // Copy the value
-		errCopy.ForRequest(requestID)
-		resp = &errCopy
+	case *errors.Error:
+		cpy := m.Copy()
+		cpy.ForRequest(requestID)
+		resp = cpy
 	default:
 		m.ForRequest(requestID)
 	}

diff --git a/internal/broker/conn_test.go b/internal/broker/conn_test.go
@@ -18,6 +18,7 @@ import (
 	"io/ioutil"
 	"testing"
 
+	"github.com/emitter-io/emitter/internal/errors"
 	"github.com/emitter-io/emitter/internal/message"
 	netmock "github.com/emitter-io/emitter/internal/network/mock"
 	"github.com/emitter-io/emitter/internal/security/license"
@@ -43,11 +44,11 @@ func TestNotifyError(t *testing.T) {
 	assert.NotNil(t, pipe)
 
 	go func() {
-		conn.notifyError(ErrUnauthorized, 1)
+		conn.notifyError(errors.ErrUnauthorized, 1)
 		conn.Close()
 	}()
 
 	b, err := ioutil.ReadAll(pipe.Server)
-	assert.Contains(t, string(b), ErrUnauthorized.Message)
+	assert.Contains(t, string(b), errors.ErrUnauthorized.Message)
 	assert.NoError(t, err)
 }
diff --git a/internal/broker/generate/assets_gen.go b/internal/broker/generate/assets_gen.go