···
"github.com/redis/go-redis/v9"
+
type RedisStoreConfig struct {
+
// The purpose of these limits is to avoid dead sessions hanging around in
+
// the db indefinitely. The durations here should be *at least as long as*
+
// the expected duration of the oauth session itself.
+
SessionExpiryDuration time.Duration // duration since session creation (max TTL)
+
SessionInactivityDuration time.Duration // duration since last session update
+
AuthRequestExpiryDuration time.Duration // duration since auth request creation
+
// Redis-backed implementation of ClientAuthStore
+
type sessionMetadata struct {
+
CreatedAt time.Time `json:"created_at"`
+
UpdatedAt time.Time `json:"updated_at"`
var _ oauth.ClientAuthStore = &RedisStore{}
+
func NewRedisStore(cfg *RedisStoreConfig) (*RedisStore, error) {
+
return nil, fmt.Errorf("missing cfg")
+
if cfg.RedisURL == "" {
+
return nil, fmt.Errorf("missing RedisURL")
+
if cfg.SessionExpiryDuration == 0 {
+
return nil, fmt.Errorf("missing SessionExpiryDuration")
+
if cfg.SessionInactivityDuration == 0 {
+
return nil, fmt.Errorf("missing SessionInactivityDuration")
+
if cfg.AuthRequestExpiryDuration == 0 {
+
return nil, fmt.Errorf("missing AuthRequestExpiryDuration")
+
opts, err := redis.ParseURL(cfg.RedisURL)
return nil, fmt.Errorf("failed to parse redis URL: %w", err)
client := redis.NewClient(opts)
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
···
···
return fmt.Sprintf("oauth:session:%s:%s", did, sessionID)
+
func sessionMetadataKey(did syntax.DID, sessionID string) string {
+
return fmt.Sprintf("oauth:session_meta:%s:%s", did, sessionID)
func authRequestKey(state string) string {
return fmt.Sprintf("oauth:auth_request:%s", state)
func (r *RedisStore) GetSession(ctx context.Context, did syntax.DID, sessionID string) (*oauth.ClientSessionData, error) {
key := sessionKey(did, sessionID)
+
metaKey := sessionMetadataKey(did, sessionID)
+
// Check metadata for inactivity expiry
+
metaData, err := r.client.Get(ctx, metaKey).Bytes()
+
return nil, fmt.Errorf("session not found: %s", did)
+
return nil, fmt.Errorf("failed to get session metadata: %w", err)
+
var meta sessionMetadata
+
if err := json.Unmarshal(metaData, &meta); err != nil {
+
return nil, fmt.Errorf("failed to unmarshal session metadata: %w", err)
+
// Check if session has been inactive for too long
+
inactiveThreshold := time.Now().Add(-r.cfg.SessionInactivityDuration)
+
if meta.UpdatedAt.Before(inactiveThreshold) {
+
// Session is inactive, delete it
+
r.client.Del(ctx, key, metaKey)
+
return nil, fmt.Errorf("session expired due to inactivity: %s", did)
+
// Get the actual session data
data, err := r.client.Get(ctx, key).Bytes()
return nil, fmt.Errorf("session not found: %s", did)
···
func (r *RedisStore) SaveSession(ctx context.Context, sess oauth.ClientSessionData) error {
key := sessionKey(sess.AccountDID, sess.SessionID)
+
metaKey := sessionMetadataKey(sess.AccountDID, sess.SessionID)
data, err := json.Marshal(sess)
return fmt.Errorf("failed to marshal session: %w", err)
+
// Check if session already exists to preserve CreatedAt
+
var meta sessionMetadata
+
existingMetaData, err := r.client.Get(ctx, metaKey).Bytes()
+
meta = sessionMetadata{
+
return fmt.Errorf("failed to check existing session metadata: %w", err)
+
// Existing session - preserve CreatedAt, update UpdatedAt
+
if err := json.Unmarshal(existingMetaData, &meta); err != nil {
+
return fmt.Errorf("failed to unmarshal existing session metadata: %w", err)
+
meta.UpdatedAt = time.Now()
+
// Calculate remaining TTL based on creation time
+
remainingTTL := r.cfg.SessionExpiryDuration - time.Since(meta.CreatedAt)
+
return fmt.Errorf("session has expired")
+
// Use the shorter of: remaining TTL or inactivity duration
+
ttl := min(r.cfg.SessionInactivityDuration, remainingTTL)
+
if err := r.client.Set(ctx, key, data, ttl).Err(); err != nil {
return fmt.Errorf("failed to save session: %w", err)
+
metaData, err := json.Marshal(meta)
+
return fmt.Errorf("failed to marshal session metadata: %w", err)
+
if err := r.client.Set(ctx, metaKey, metaData, ttl).Err(); err != nil {
+
return fmt.Errorf("failed to save session metadata: %w", err)
func (r *RedisStore) DeleteSession(ctx context.Context, did syntax.DID, sessionID string) error {
key := sessionKey(did, sessionID)
+
metaKey := sessionMetadataKey(did, sessionID)
+
if err := r.client.Del(ctx, key, metaKey).Err(); err != nil {
return fmt.Errorf("failed to delete session: %w", err)
···
func (r *RedisStore) SaveAuthRequestInfo(ctx context.Context, info oauth.AuthRequestData) error {
key := authRequestKey(info.State)
+
// Check if already exists (to match MemStore behavior)
exists, err := r.client.Exists(ctx, key).Result()
return fmt.Errorf("failed to check auth request existence: %w", err)
···
return fmt.Errorf("failed to marshal auth request: %w", err)
+
if err := r.client.Set(ctx, key, data, r.cfg.AuthRequestExpiryDuration).Err(); err != nil {
return fmt.Errorf("failed to save auth request: %w", err)
brookjeynes.dev