···
"github.com/redis/go-redis/v9"
14
+
type RedisStoreConfig struct {
17
+
// The purpose of these limits is to avoid dead sessions hanging around in the db indefinitely.
18
+
// The durations here should be *at least as long as* the expected duration of the oauth session itself.
19
+
SessionExpiryDuration time.Duration // duration since session creation (max TTL)
20
+
SessionInactivityDuration time.Duration // duration since last session update
21
+
AuthRequestExpiryDuration time.Duration // duration since auth request creation
// redis-backed implementation of ClientAuthStore.
16
-
client *redis.Client
17
-
SessionTTL time.Duration
18
-
AuthRequestTTL time.Duration
26
+
client *redis.Client
27
+
cfg *RedisStoreConfig
var _ oauth.ClientAuthStore = &RedisStore{}
23
-
func NewRedisStore(redisURL string) (*RedisStore, error) {
24
-
opts, err := redis.ParseURL(redisURL)
32
+
type sessionMetadata struct {
33
+
CreatedAt time.Time `json:"created_at"`
34
+
UpdatedAt time.Time `json:"updated_at"`
37
+
func NewRedisStore(cfg *RedisStoreConfig) (*RedisStore, error) {
39
+
return nil, fmt.Errorf("missing cfg")
41
+
if cfg.RedisURL == "" {
42
+
return nil, fmt.Errorf("missing RedisURL")
44
+
if cfg.SessionExpiryDuration == 0 {
45
+
return nil, fmt.Errorf("missing SessionExpiryDuration")
47
+
if cfg.SessionInactivityDuration == 0 {
48
+
return nil, fmt.Errorf("missing SessionInactivityDuration")
50
+
if cfg.AuthRequestExpiryDuration == 0 {
51
+
return nil, fmt.Errorf("missing AuthRequestExpiryDuration")
54
+
opts, err := redis.ParseURL(cfg.RedisURL)
return nil, fmt.Errorf("failed to parse redis URL: %w", err)
···
41
-
SessionTTL: 30 * 24 * time.Hour, // 30 days
42
-
AuthRequestTTL: 10 * time.Minute, // 10 minutes
···
return fmt.Sprintf("oauth:session:%s:%s", did, sessionID)
83
+
func sessionMetadataKey(did syntax.DID, sessionID string) string {
84
+
return fmt.Sprintf("oauth:session_meta:%s:%s", did, sessionID)
func authRequestKey(state string) string {
return fmt.Sprintf("oauth:auth_request:%s", state)
func (r *RedisStore) GetSession(ctx context.Context, did syntax.DID, sessionID string) (*oauth.ClientSessionData, error) {
key := sessionKey(did, sessionID)
93
+
metaKey := sessionMetadataKey(did, sessionID)
95
+
// Check metadata for inactivity expiry
96
+
metaData, err := r.client.Get(ctx, metaKey).Bytes()
97
+
if err == redis.Nil {
98
+
return nil, fmt.Errorf("session not found: %s", did)
101
+
return nil, fmt.Errorf("failed to get session metadata: %w", err)
104
+
var meta sessionMetadata
105
+
if err := json.Unmarshal(metaData, &meta); err != nil {
106
+
return nil, fmt.Errorf("failed to unmarshal session metadata: %w", err)
109
+
// Check if session has been inactive for too long
110
+
inactiveThreshold := time.Now().Add(-r.cfg.SessionInactivityDuration)
111
+
if meta.UpdatedAt.Before(inactiveThreshold) {
112
+
// Session is inactive, delete it
113
+
r.client.Del(ctx, key, metaKey)
114
+
return nil, fmt.Errorf("session expired due to inactivity: %s", did)
117
+
// Get the actual session data
data, err := r.client.Get(ctx, key).Bytes()
return nil, fmt.Errorf("session not found: %s", did)
···
func (r *RedisStore) SaveSession(ctx context.Context, sess oauth.ClientSessionData) error {
key := sessionKey(sess.AccountDID, sess.SessionID)
136
+
metaKey := sessionMetadataKey(sess.AccountDID, sess.SessionID)
data, err := json.Marshal(sess)
return fmt.Errorf("failed to marshal session: %w", err)
84
-
if err := r.client.Set(ctx, key, data, r.SessionTTL).Err(); err != nil {
143
+
// Check if session already exists to preserve CreatedAt
144
+
var meta sessionMetadata
145
+
existingMetaData, err := r.client.Get(ctx, metaKey).Bytes()
146
+
if err == redis.Nil {
148
+
meta = sessionMetadata{
149
+
CreatedAt: time.Now(),
150
+
UpdatedAt: time.Now(),
152
+
} else if err != nil {
153
+
return fmt.Errorf("failed to check existing session metadata: %w", err)
155
+
// Existing session - preserve CreatedAt, update UpdatedAt
156
+
if err := json.Unmarshal(existingMetaData, &meta); err != nil {
157
+
return fmt.Errorf("failed to unmarshal existing session metadata: %w", err)
159
+
meta.UpdatedAt = time.Now()
162
+
// Calculate remaining TTL based on creation time
163
+
remainingTTL := r.cfg.SessionExpiryDuration - time.Since(meta.CreatedAt)
164
+
if remainingTTL <= 0 {
165
+
return fmt.Errorf("session has expired")
168
+
// Use the shorter of: remaining TTL or inactivity duration
169
+
ttl := min(r.cfg.SessionInactivityDuration, remainingTTL)
171
+
// Save session data
172
+
if err := r.client.Set(ctx, key, data, ttl).Err(); err != nil {
return fmt.Errorf("failed to save session: %w", err)
177
+
metaData, err := json.Marshal(meta)
179
+
return fmt.Errorf("failed to marshal session metadata: %w", err)
181
+
if err := r.client.Set(ctx, metaKey, metaData, ttl).Err(); err != nil {
182
+
return fmt.Errorf("failed to save session metadata: %w", err)
func (r *RedisStore) DeleteSession(ctx context.Context, did syntax.DID, sessionID string) error {
key := sessionKey(did, sessionID)
93
-
if err := r.client.Del(ctx, key).Err(); err != nil {
190
+
metaKey := sessionMetadataKey(did, sessionID)
192
+
if err := r.client.Del(ctx, key, metaKey).Err(); err != nil {
return fmt.Errorf("failed to delete session: %w", err)
···
return fmt.Errorf("failed to marshal auth request: %w", err)
134
-
if err := r.client.Set(ctx, key, data, r.AuthRequestTTL).Err(); err != nil {
233
+
if err := r.client.Set(ctx, key, data, r.cfg.AuthRequestExpiryDuration).Err(); err != nil {
return fmt.Errorf("failed to save auth request: %w", err)
oppi.li