-
Notifications
You must be signed in to change notification settings - Fork 78
/
Copy pathaws.go
117 lines (95 loc) · 3.38 KB
/
aws.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package storage
import (
"context"
"crypto/ed25519"
"encoding/json"
"fmt"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
)
type AwsSessionStruct struct {
AccessToken string `json:"accessToken"`
RefreshToken string `json:"refreshToken"`
PrivateKey ed25519.PrivateKey `json:"privateKey"`
PublicKey ed25519.PublicKey `json:"publicKey"`
}
// Write session data to aws secrets manager: accessToken, refreshToken, publicKey, privateKey
// Filename to be stored as `userId` (provided by SxT)
func AwsWriteSession(userId, accessToken, refreshToken string, privateKey ed25519.PrivateKey, publicKey ed25519.PublicKey) (status bool) {
if accessToken == "" || refreshToken == "" {
return false
}
sessionStruct := AwsSessionStruct{
AccessToken: accessToken,
RefreshToken: refreshToken,
PublicKey: publicKey,
PrivateKey: privateKey,
}
sessionData, err := json.Marshal(sessionStruct)
if err != nil {
return false
} else {
secretsManagerClient := getSecretsManagerClient()
input := &secretsmanager.CreateSecretInput{
Description: aws.String("Credentials for " + userId),
Name: aws.String(userId), // In live, you can put the sxt username (userId) here
SecretString: aws.String(string(sessionData)),
}
secret, err := secretsManagerClient.CreateSecret(context.TODO(), input)
if err != nil {
return false
}
fmt.Println("WRITE Session", secret)
}
return true
}
// Read session data from aws secrets manager: accessToken, refreshToken, publicKey, privateKey
// Filename to be retrieved as `userId` (provided by SxT)
func AwsReadSession(userId string) (sessionStruct AwsSessionStruct, status bool) {
secretsManagerClient := getSecretsManagerClient()
input := &secretsmanager.GetSecretValueInput{
SecretId: aws.String(userId), // In live, you can put the sxt username (userId) here
}
secret, err := secretsManagerClient.GetSecretValue(context.TODO(), input)
if err != nil || json.Unmarshal([]byte(*secret.SecretString), &sessionStruct) != nil {
return AwsSessionStruct{}, false
}
return sessionStruct, true
}
// Update session data to aws secrets manager: accessToken, refreshToken, publicKey, privateKey
// Filename to be updated as `userId` (provided by SxT)
func AwsUpdateSession(userId, accessToken, refreshToken string, privateKey ed25519.PrivateKey, publicKey ed25519.PublicKey) (status bool) {
if accessToken == "" || refreshToken == "" {
return false
}
sessionStruct := AwsSessionStruct{
AccessToken: accessToken,
RefreshToken: refreshToken,
PublicKey: publicKey,
PrivateKey: privateKey,
}
sessionData, err := json.Marshal(sessionStruct)
if err != nil {
return false
} else {
secretsManagerClient := getSecretsManagerClient()
input := &secretsmanager.PutSecretValueInput{
SecretId: aws.String(userId), // In live, you can put the sxt username (userId) here
SecretString: aws.String(string(sessionData)),
}
secret, err := secretsManagerClient.PutSecretValue(context.TODO(), input)
if err != nil {
return false
}
fmt.Println("UPDATE Session", secret)
}
return true
}
func getSecretsManagerClient() *secretsmanager.Client {
session, _ := awsAuthenticate()
return secretsmanager.NewFromConfig(session)
}
func awsAuthenticate() (cfg aws.Config, err error) {
return config.LoadDefaultConfig(context.TODO())
}