fix: review comments

* simplify token generator
* rename tokenStorage to tokenStore

Signed-off-by: xu.zhu <[email protected]>

Author: xuzhu-591

core/cmd/cmd.go

@@ -121,7 +121,7 @@ import (
 	"github.com/horizoncd/horizon/pkg/regioninformers"
 	"github.com/horizoncd/horizon/pkg/token/generator"
 	tokenservice "github.com/horizoncd/horizon/pkg/token/service"
-	tokenstorage "github.com/horizoncd/horizon/pkg/token/storage"
+	tokenstore "github.com/horizoncd/horizon/pkg/token/store"
 	"github.com/horizoncd/horizon/pkg/util/kube"
 	"github.com/horizoncd/horizon/pkg/workload"
 
@@ -370,8 +370,8 @@ func Init(ctx context.Context, flags *Flags, coreConfig *config.Config) {
 	}
 
 	oauthAppDAO := oauthdao.NewDAO(mysqlDB)
-	tokenStorage := tokenstorage.NewStorage(mysqlDB)
-	oauthManager := oauthmanager.NewManager(oauthAppDAO, tokenStorage,
+	tokenStore := tokenstore.NewStore(mysqlDB)
+	oauthManager := oauthmanager.NewManager(oauthAppDAO, tokenStore,
 		generator.NewAuthorizeGenerator(),
 		coreConfig.Oauth.AuthorizeCodeExpireIn,
 		coreConfig.Oauth.AccessTokenExpireIn,

core/controller/accesstoken/controller_test.go

@@ -28,7 +28,7 @@ import (
 	"github.com/horizoncd/horizon/pkg/token/generator"
 	tokenmodels "github.com/horizoncd/horizon/pkg/token/models"
 	tokenservice "github.com/horizoncd/horizon/pkg/token/service"
-	tokenstorage "github.com/horizoncd/horizon/pkg/token/storage"
+	tokenstore "github.com/horizoncd/horizon/pkg/token/store"
 
 	"github.com/horizoncd/horizon/core/common"
 	herror "github.com/horizoncd/horizon/core/errors"
@@ -96,9 +96,9 @@ func TestMain(m *testing.M) {
 	accessTokenExpireIn := time.Hour * 24
 	refreshTokenExpireIn := time.Hour * 24 * 30
 
-	tokenStorage := tokenstorage.NewStorage(db)
+	tokenStore := tokenstore.NewStore(db)
 	oauthAppDAO := oauthdao.NewDAO(db)
-	oauthMgr := oauthmanager.NewManager(oauthAppDAO, tokenStorage, generator.NewAuthorizeGenerator(),
+	oauthMgr := oauthmanager.NewManager(oauthAppDAO, tokenStore, generator.NewAuthorizeGenerator(),
 		authorizeCodeExpireIn, accessTokenExpireIn, refreshTokenExpireIn)
 
 	parameter := &param.Param{

integrationtest/authpagerender_test.go

@@ -47,7 +47,7 @@ import (
 	"github.com/horizoncd/horizon/pkg/rbac/types"
 	"github.com/horizoncd/horizon/pkg/token/generator"
 	tokenmodels "github.com/horizoncd/horizon/pkg/token/models"
-	tokenstorage "github.com/horizoncd/horizon/pkg/token/storage"
+	tokenstore "github.com/horizoncd/horizon/pkg/token/store"
 	callbacks "github.com/horizoncd/horizon/pkg/util/ormcallbacks"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/net/context"
@@ -119,9 +119,9 @@ func TestServer(t *testing.T) {
 	db = db.WithContext(context.WithValue(context.Background(), common.UserContextKey(), aUser))
 	callbacks.RegisterCustomCallbacks(db)
 
-	tokenStorage := tokenstorage.NewStorage(db)
+	tokenStore := tokenstore.NewStore(db)
 	oauthAppDAO := oauthdao.NewDAO(db)
-	oauthManager := oauthmanager.NewManager(oauthAppDAO, tokenStorage, generator.NewAuthorizeGenerator(),
+	oauthManager := oauthmanager.NewManager(oauthAppDAO, tokenStore, generator.NewAuthorizeGenerator(),
 		authorizeCodeExpireIn, accessTokenExpireIn, refreshTokenExpireIn)
 	clientID := "ho_t65dvkmfqb8v8xzxfbc5"
 	clientIDGen := func(appType models.AppType) string {

pkg/oauth/manager/manager.go

@@ -26,7 +26,7 @@ import (
 	"github.com/horizoncd/horizon/pkg/oauth/models"
 	"github.com/horizoncd/horizon/pkg/token/generator"
 	tokenmodels "github.com/horizoncd/horizon/pkg/token/models"
-	tokenstorage "github.com/horizoncd/horizon/pkg/token/storage"
+	tokenstore "github.com/horizoncd/horizon/pkg/token/store"
 	"github.com/horizoncd/horizon/pkg/util/log"
 	"golang.org/x/net/context"
 	"k8s.io/apimachinery/pkg/util/rand"
@@ -95,14 +95,14 @@ type Manager interface {
 
 var _ Manager = &OauthManager{}
 
-func NewManager(oauthAppDAO oauthdao.DAO, tokenStorage tokenstorage.Storage,
+func NewManager(oauthAppDAO oauthdao.DAO, tokenStore tokenstore.Store,
 	gen generator.CodeGenerator,
 	authorizeCodeExpireTime,
 	accessTokenExpireTime,
 	refreshTokenExpireTime time.Duration) *OauthManager {
 	return &OauthManager{
 		oauthAppDAO:                oauthAppDAO,
-		tokenStorage:               tokenStorage,
+		tokenStore:                 tokenStore,
 		authorizationCodeGenerator: gen,
 		authorizeCodeExpireTime:    authorizeCodeExpireTime,
 		accessTokenExpireTime:      accessTokenExpireTime,
@@ -113,7 +113,7 @@ func NewManager(oauthAppDAO oauthdao.DAO, tokenStorage tokenstorage.Storage,
 
 type OauthManager struct {
 	oauthAppDAO                oauthdao.DAO
-	tokenStorage               tokenstorage.Storage
+	tokenStore                 tokenstore.Store
 	authorizationCodeGenerator generator.CodeGenerator
 	authorizeCodeExpireTime    time.Duration
 	accessTokenExpireTime      time.Duration
@@ -170,7 +170,7 @@ func (m *OauthManager) GetOAuthApp(ctx context.Context, clientID string) (*model
 
 func (m *OauthManager) DeleteOAuthApp(ctx context.Context, clientID string) error {
 	// revoke all the token
-	if err := m.tokenStorage.DeleteByClientID(ctx, clientID); err != nil {
+	if err := m.tokenStore.DeleteByClientID(ctx, clientID); err != nil {
 		return err
 	}
 
@@ -316,7 +316,7 @@ func (m *OauthManager) GenAuthorizeCode(ctx context.Context,
 	}
 
 	authorizationToken := m.NewAuthorizationToken(req)
-	_, err = m.tokenStorage.Create(ctx, authorizationToken)
+	_, err = m.tokenStore.Create(ctx, authorizationToken)
 	return authorizationToken, err
 }
 
@@ -339,7 +339,7 @@ func (m *OauthManager) GenOauthTokens(ctx context.Context, req *OauthTokensReque
 	}
 
 	// get authorize token, and check by it
-	authorizationCodeToken, err := m.tokenStorage.GetByCode(ctx, req.Code)
+	authorizationCodeToken, err := m.tokenStore.GetByCode(ctx, req.Code)
 	if err != nil {
 		if _, ok := perror.Cause(err).(*herrors.HorizonErrNotFound); ok {
 			return nil, perror.Wrap(err, "authorization code not exist")
@@ -349,7 +349,7 @@ func (m *OauthManager) GenOauthTokens(ctx context.Context, req *OauthTokensReque
 
 	if err := m.checkByAuthorizationCode(req, authorizationCodeToken); err != nil {
 		if perror.Cause(err) == herrors.ErrOAuthCodeExpired {
-			if delErr := m.tokenStorage.DeleteByCode(ctx, req.Code); delErr != nil {
+			if delErr := m.tokenStore.DeleteByCode(ctx, req.Code); delErr != nil {
 				log.Warningf(ctx, "delete expired code error, err = %v", delErr)
 			}
 		}
@@ -358,21 +358,21 @@ func (m *OauthManager) GenOauthTokens(ctx context.Context, req *OauthTokensReque
 
 	// generate access token and store
 	accessToken := m.NewAccessToken(authorizationCodeToken, req)
-	accessTokenInDB, err := m.tokenStorage.Create(ctx, accessToken)
+	accessTokenInDB, err := m.tokenStore.Create(ctx, accessToken)
 	if err != nil {
 		return nil, err
 	}
 
 	// generate refresh token, store and associate with the access token
 	refreshToken := m.NewRefreshToken(accessToken, req)
 	refreshToken.RefID = accessTokenInDB.ID
-	refreshTokenInDB, err := m.tokenStorage.Create(ctx, refreshToken)
+	refreshTokenInDB, err := m.tokenStore.Create(ctx, refreshToken)
 	if err != nil {
 		return nil, err
 	}
 
 	// delete authorize code
-	err = m.tokenStorage.DeleteByCode(ctx, req.Code)
+	err = m.tokenStore.DeleteByCode(ctx, req.Code)
 	if err != nil {
 		log.Warningf(ctx, "Delete Authorization token error, code = %s, error = %v", req.Code, err)
 	}
@@ -409,7 +409,7 @@ func (m *OauthManager) RefreshOauthTokens(ctx context.Context,
 		Request: req.Request,
 	})
 	refreshToken.RefID = accessToken.ID
-	err = m.tokenStorage.UpdateByID(ctx, refreshToken.ID, refreshToken)
+	err = m.tokenStore.UpdateByID(ctx, refreshToken.ID, refreshToken)
 	if err != nil {
 		return nil, err
 	}
@@ -435,7 +435,7 @@ func (m *OauthManager) checkClientSecret(ctx context.Context, req *OauthTokensRe
 
 func (m *OauthManager) checkRefreshToken(ctx context.Context,
 	refreshToken, redirectURL string) (*tokenmodels.Token, error) {
-	token, err := m.tokenStorage.GetByCode(ctx, refreshToken)
+	token, err := m.tokenStore.GetByCode(ctx, refreshToken)
 	if err != nil {
 		if _, ok := perror.Cause(err).(*herrors.HorizonErrNotFound); ok {
 			return nil, perror.Wrap(err, "refresh token not exist")
@@ -454,7 +454,7 @@ func (m *OauthManager) checkRefreshToken(ctx context.Context,
 
 func (m *OauthManager) refreshAccessToken(ctx context.Context, refreshToken *tokenmodels.Token,
 	req *OauthTokensRequest) (*tokenmodels.Token, error) {
-	accessToken, err := m.tokenStorage.GetByID(ctx, refreshToken.RefID)
+	accessToken, err := m.tokenStore.GetByID(ctx, refreshToken.RefID)
 	accessTokenNotFound := false
 	if err != nil {
 		if _, ok := perror.Cause(err).(*herrors.HorizonErrNotFound); ok {
@@ -471,7 +471,7 @@ func (m *OauthManager) refreshAccessToken(ctx context.Context, refreshToken *tok
 			Scope:  refreshToken.Scope,
 			UserID: refreshToken.UserID,
 		}, req)
-		accessToken, err = m.tokenStorage.Create(ctx, token)
+		accessToken, err = m.tokenStore.Create(ctx, token)
 		if err != nil {
 			return nil, err
 		}
@@ -482,7 +482,7 @@ func (m *OauthManager) refreshAccessToken(ctx context.Context, refreshToken *tok
 			Request: req.Request,
 		})
 		accessToken.CreatedAt = time.Now()
-		err = m.tokenStorage.UpdateByID(ctx, accessToken.ID, accessToken)
+		err = m.tokenStore.UpdateByID(ctx, accessToken.ID, accessToken)
 		if err != nil {
 			return nil, err
 		}

pkg/oauth/manager/manager_test.go

@@ -34,13 +34,13 @@ import (
 	"github.com/horizoncd/horizon/pkg/token/generator"
 	tokenmanager "github.com/horizoncd/horizon/pkg/token/manager"
 	tokenmodels "github.com/horizoncd/horizon/pkg/token/models"
-	tokenstorage "github.com/horizoncd/horizon/pkg/token/storage"
+	tokenstore "github.com/horizoncd/horizon/pkg/token/store"
 	callbacks "github.com/horizoncd/horizon/pkg/util/ormcallbacks"
 )
 
 var (
 	db           *gorm.DB
-	tokenStorage tokenstorage.Storage
+	tokenStore   tokenstore.Store
 	oauthAppDAO  oauthdao.DAO
 	oauthManager Manager
 	tokenManager tokenmanager.Manager
@@ -500,7 +500,7 @@ func TestUpdateToken(t *testing.T) {
 	tokenInDB.Code = newCode
 	tokenInDB.CreatedAt = createdAt
 	tokenInDB.RefID = refID
-	err = tokenStorage.UpdateByID(ctx, tokenInDB.ID, tokenInDB)
+	err = tokenStore.UpdateByID(ctx, tokenInDB.ID, tokenInDB)
 	assert.Nil(t, err)
 	tokenUpdated, err := tokenManager.LoadTokenByID(ctx, tokenInDB.ID)
 	assert.Nil(t, err)
@@ -521,9 +521,9 @@ func TestMain(m *testing.M) {
 	db = db.WithContext(context.WithValue(context.Background(), common.UserContextKey(), aUser))
 	callbacks.RegisterCustomCallbacks(db)
 
-	tokenStorage = tokenstorage.NewStorage(db)
+	tokenStore = tokenstore.NewStore(db)
 	oauthAppDAO = oauthdao.NewDAO(db)
-	oauthManager = NewManager(oauthAppDAO, tokenStorage, generator.NewOauthAccessGenerator(),
+	oauthManager = NewManager(oauthAppDAO, tokenStore, generator.NewOauthAccessGenerator(),
 		authorizeCodeExpireIn, accessTokenExpireIn, refreshTokenExpireIn)
 	tokenManager = tokenmanager.New(db)
 	os.Exit(m.Run())

pkg/token/generator/generator.go

@@ -22,6 +22,7 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	"k8s.io/apimachinery/pkg/util/rand"
 )
 
 // ref: https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
@@ -33,40 +34,32 @@ const (
 )
 
 func NewAuthorizeGenerator() CodeGenerator {
-	return &AuthorizeGenerator{}
+	return &authorizationCodeGenerator{}
 }
 
 func NewHorizonAppUserToServerAccessGenerator() CodeGenerator {
-	return &BasicAccessTokenGenerator{prefix: HorizonAppUserToServerAccessTokenPrefix}
+	return &basicTokenGenerator{prefix: HorizonAppUserToServerAccessTokenPrefix}
 }
 
 func NewOauthAccessGenerator() CodeGenerator {
-	return &BasicAccessTokenGenerator{prefix: OauthAPPAccessTokenPrefix}
+	return &basicTokenGenerator{prefix: OauthAPPAccessTokenPrefix}
 }
 
 func NewGeneralAccessTokenGenerator() CodeGenerator {
-	return &GeneralAccessTokenGenerator{prefix: AccessTokenPrefix}
+	return &basicTokenGenerator{prefix: AccessTokenPrefix}
 }
 
 func NewRefreshTokenGenerator() CodeGenerator {
-	return &BasicRefreshTokenGenerator{prefix: RefreshTokenPrefix}
+	return &basicTokenGenerator{prefix: RefreshTokenPrefix}
 }
 
-type AuthorizeGenerator struct{}
+type authorizationCodeGenerator struct{}
 
-type BasicAccessTokenGenerator struct {
+type basicTokenGenerator struct {
 	prefix string
 }
 
-type GeneralAccessTokenGenerator struct {
-	prefix string
-}
-
-type BasicRefreshTokenGenerator struct {
-	prefix string
-}
-
-func (g *AuthorizeGenerator) Generate(info *CodeGenerateInfo) string {
+func (g *authorizationCodeGenerator) Generate(info *CodeGenerateInfo) string {
 	buf := bytes.NewBufferString(info.Token.ClientID)
 	buf.WriteString(strconv.Itoa(int(info.Token.UserID)))
 	token := uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes())
@@ -75,30 +68,16 @@ func (g *AuthorizeGenerator) Generate(info *CodeGenerateInfo) string {
 	return code
 }
 
-func (g *BasicAccessTokenGenerator) Generate(info *CodeGenerateInfo) string {
-	access := encodeInfoWithClient(info)
-	code := g.prefix + strings.ToUpper(strings.TrimRight(access, "="))
-	return code
-}
-
-func (g *GeneralAccessTokenGenerator) Generate(info *CodeGenerateInfo) string {
-	buf := bytes.NewBufferString(time.Now().String())
-	buf.WriteString(strconv.Itoa(int(info.Token.UserID)))
-	code := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
-	code = g.prefix + strings.ToUpper(strings.TrimRight(code, "="))
-	return code
-}
-
-func (g *BasicRefreshTokenGenerator) Generate(info *CodeGenerateInfo) string {
-	access := encodeInfoWithClient(info)
-	code := g.prefix + strings.ToUpper(strings.TrimRight(access, "="))
-	return code
-}
-
-func encodeInfoWithClient(info *CodeGenerateInfo) string {
-	buf := bytes.NewBufferString(info.Token.ClientID)
+func (g *basicTokenGenerator) Generate(info *CodeGenerateInfo) string {
+	clientID := func(info *CodeGenerateInfo) string {
+		if info.Token.ClientID != "" {
+			return info.Token.ClientID
+		}
+		return rand.String(20)
+	}(info)
+	buf := bytes.NewBufferString(clientID)
 	buf.WriteString(strconv.Itoa(int(info.Token.UserID)))
-	buf.WriteString(strconv.FormatInt(info.Token.CreatedAt.UnixNano(), 10))
+	buf.WriteString(strconv.FormatInt(time.Now().UnixNano(), 10))
 	access := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
-	return access
+	return g.prefix + strings.ToUpper(strings.TrimRight(access, "="))
 }

pkg/token/manager/manager.go

@@ -18,7 +18,7 @@ import (
 	"context"
 
 	"github.com/horizoncd/horizon/pkg/token/models"
-	"github.com/horizoncd/horizon/pkg/token/storage"
+	"github.com/horizoncd/horizon/pkg/token/store"
 	"gorm.io/gorm"
 )
 
@@ -31,29 +31,29 @@ type Manager interface {
 }
 
 func New(db *gorm.DB) Manager {
-	return &manager{storage: storage.NewStorage(db)}
+	return &manager{store: store.NewStore(db)}
 }
 
 type manager struct {
-	storage storage.Storage
+	store store.Store
 }
 
 func (m *manager) CreateToken(ctx context.Context, token *models.Token) (*models.Token, error) {
-	return m.storage.Create(ctx, token)
+	return m.store.Create(ctx, token)
 }
 
 func (m *manager) LoadTokenByID(ctx context.Context, id uint) (*models.Token, error) {
-	return m.storage.GetByID(ctx, id)
+	return m.store.GetByID(ctx, id)
 }
 
 func (m *manager) LoadTokenByCode(ctx context.Context, code string) (*models.Token, error) {
-	return m.storage.GetByCode(ctx, code)
+	return m.store.GetByCode(ctx, code)
 }
 
 func (m *manager) RevokeTokenByID(ctx context.Context, id uint) error {
-	return m.storage.DeleteByID(ctx, id)
+	return m.store.DeleteByID(ctx, id)
 }
 
 func (m *manager) RevokeTokenByClientID(ctx context.Context, clientID string) error {
-	return m.storage.DeleteByClientID(ctx, clientID)
+	return m.store.DeleteByClientID(ctx, clientID)
 }