Ilia Denisov
224 lines
6.8 KiB
Go
224 lines
6.8 KiB
Go
// Package projectionpublisher implements
|
|
// ports.GatewaySessionProjectionPublisher with Redis-backed gateway-compatible
|
|
// cache snapshots and session lifecycle events.
|
|
package projectionpublisher
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"galaxy/authsession/internal/domain/gatewayprojection"
|
|
"galaxy/authsession/internal/ports"
|
|
|
|
"github.com/redis/go-redis/v9"
|
|
)
|
|
|
|
// Config configures one Redis-backed gateway session projection publisher.
|
|
type Config struct {
|
|
// Addr is the Redis network address in host:port form.
|
|
Addr string
|
|
|
|
// Username is the optional Redis ACL username.
|
|
Username string
|
|
|
|
// Password is the optional Redis ACL password.
|
|
Password string
|
|
|
|
// DB is the Redis logical database index.
|
|
DB int
|
|
|
|
// TLSEnabled enables TLS with a conservative minimum protocol version.
|
|
TLSEnabled bool
|
|
|
|
// SessionCacheKeyPrefix is the namespace prefix applied to gateway session
|
|
// cache keys. The raw device session identifier is appended directly.
|
|
SessionCacheKeyPrefix string
|
|
|
|
// SessionEventsStream identifies the gateway session lifecycle Redis Stream.
|
|
SessionEventsStream string
|
|
|
|
// StreamMaxLen bounds the session lifecycle stream with approximate
|
|
// trimming via XADD MAXLEN ~.
|
|
StreamMaxLen int64
|
|
|
|
// OperationTimeout bounds each Redis round trip performed by the adapter.
|
|
OperationTimeout time.Duration
|
|
}
|
|
|
|
// Publisher publishes gateway-compatible session projections into Redis cache
|
|
// and stream namespaces.
|
|
type Publisher struct {
|
|
client *redis.Client
|
|
sessionCacheKeyPrefix string
|
|
sessionEventsStream string
|
|
streamMaxLen int64
|
|
operationTimeout time.Duration
|
|
}
|
|
|
|
type cacheRecord struct {
|
|
DeviceSessionID string `json:"device_session_id"`
|
|
UserID string `json:"user_id"`
|
|
ClientPublicKey string `json:"client_public_key"`
|
|
Status gatewayprojection.Status `json:"status"`
|
|
RevokedAtMS *int64 `json:"revoked_at_ms,omitempty"`
|
|
}
|
|
|
|
// New constructs a Redis-backed gateway session projection publisher from
|
|
// cfg.
|
|
func New(cfg Config) (*Publisher, error) {
|
|
switch {
|
|
case strings.TrimSpace(cfg.Addr) == "":
|
|
return nil, errors.New("new redis projection publisher: redis addr must not be empty")
|
|
case cfg.DB < 0:
|
|
return nil, errors.New("new redis projection publisher: redis db must not be negative")
|
|
case strings.TrimSpace(cfg.SessionCacheKeyPrefix) == "":
|
|
return nil, errors.New("new redis projection publisher: session cache key prefix must not be empty")
|
|
case strings.TrimSpace(cfg.SessionEventsStream) == "":
|
|
return nil, errors.New("new redis projection publisher: session events stream must not be empty")
|
|
case cfg.StreamMaxLen <= 0:
|
|
return nil, errors.New("new redis projection publisher: stream max len must be positive")
|
|
case cfg.OperationTimeout <= 0:
|
|
return nil, errors.New("new redis projection publisher: operation timeout must be positive")
|
|
}
|
|
|
|
options := &redis.Options{
|
|
Addr: cfg.Addr,
|
|
Username: cfg.Username,
|
|
Password: cfg.Password,
|
|
DB: cfg.DB,
|
|
Protocol: 2,
|
|
DisableIdentity: true,
|
|
}
|
|
if cfg.TLSEnabled {
|
|
options.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
|
|
}
|
|
|
|
return &Publisher{
|
|
client: redis.NewClient(options),
|
|
sessionCacheKeyPrefix: cfg.SessionCacheKeyPrefix,
|
|
sessionEventsStream: cfg.SessionEventsStream,
|
|
streamMaxLen: cfg.StreamMaxLen,
|
|
operationTimeout: cfg.OperationTimeout,
|
|
}, nil
|
|
}
|
|
|
|
// Close releases the underlying Redis client resources.
|
|
func (p *Publisher) Close() error {
|
|
if p == nil || p.client == nil {
|
|
return nil
|
|
}
|
|
|
|
return p.client.Close()
|
|
}
|
|
|
|
// Ping verifies that the configured Redis backend is reachable within the
|
|
// adapter operation timeout budget.
|
|
func (p *Publisher) Ping(ctx context.Context) error {
|
|
operationCtx, cancel, err := p.operationContext(ctx, "ping redis projection publisher")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer cancel()
|
|
|
|
if err := p.client.Ping(operationCtx).Err(); err != nil {
|
|
return fmt.Errorf("ping redis projection publisher: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// PublishSession writes one gateway-compatible session snapshot into the
|
|
// gateway cache namespace and appends the same snapshot to the gateway session
|
|
// event stream within one Redis transaction.
|
|
func (p *Publisher) PublishSession(ctx context.Context, snapshot gatewayprojection.Snapshot) error {
|
|
if err := snapshot.Validate(); err != nil {
|
|
return fmt.Errorf("publish session projection to redis: %w", err)
|
|
}
|
|
|
|
payload, err := marshalCacheRecord(snapshot)
|
|
if err != nil {
|
|
return fmt.Errorf("publish session projection to redis: %w", err)
|
|
}
|
|
values := buildStreamValues(snapshot)
|
|
|
|
operationCtx, cancel, err := p.operationContext(ctx, "publish session projection to redis")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer cancel()
|
|
|
|
key := p.sessionCacheKey(snapshot.DeviceSessionID)
|
|
_, err = p.client.TxPipelined(operationCtx, func(pipe redis.Pipeliner) error {
|
|
pipe.Set(operationCtx, key, payload, 0)
|
|
pipe.XAdd(operationCtx, &redis.XAddArgs{
|
|
Stream: p.sessionEventsStream,
|
|
MaxLen: p.streamMaxLen,
|
|
Approx: true,
|
|
Values: values,
|
|
})
|
|
return nil
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("publish session projection %q to redis: %w", snapshot.DeviceSessionID, err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (p *Publisher) operationContext(ctx context.Context, operation string) (context.Context, context.CancelFunc, error) {
|
|
if p == nil || p.client == nil {
|
|
return nil, nil, fmt.Errorf("%s: nil publisher", operation)
|
|
}
|
|
if ctx == nil {
|
|
return nil, nil, fmt.Errorf("%s: nil context", operation)
|
|
}
|
|
|
|
operationCtx, cancel := context.WithTimeout(ctx, p.operationTimeout)
|
|
return operationCtx, cancel, nil
|
|
}
|
|
|
|
func (p *Publisher) sessionCacheKey(deviceSessionID interface{ String() string }) string {
|
|
return p.sessionCacheKeyPrefix + deviceSessionID.String()
|
|
}
|
|
|
|
func marshalCacheRecord(snapshot gatewayprojection.Snapshot) ([]byte, error) {
|
|
record := cacheRecord{
|
|
DeviceSessionID: snapshot.DeviceSessionID.String(),
|
|
UserID: snapshot.UserID.String(),
|
|
ClientPublicKey: snapshot.ClientPublicKey,
|
|
Status: snapshot.Status,
|
|
}
|
|
if snapshot.RevokedAt != nil {
|
|
revokedAtMS := snapshot.RevokedAt.UTC().UnixMilli()
|
|
record.RevokedAtMS = &revokedAtMS
|
|
}
|
|
|
|
payload, err := json.Marshal(record)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("marshal gateway session cache record: %w", err)
|
|
}
|
|
|
|
return payload, nil
|
|
}
|
|
|
|
func buildStreamValues(snapshot gatewayprojection.Snapshot) map[string]any {
|
|
values := map[string]any{
|
|
"device_session_id": snapshot.DeviceSessionID.String(),
|
|
"user_id": snapshot.UserID.String(),
|
|
"client_public_key": snapshot.ClientPublicKey,
|
|
"status": string(snapshot.Status),
|
|
}
|
|
if snapshot.RevokedAt != nil {
|
|
values["revoked_at_ms"] = fmt.Sprint(snapshot.RevokedAt.UTC().UnixMilli())
|
|
}
|
|
|
|
return values
|
|
}
|
|
|
|
var _ ports.GatewaySessionProjectionPublisher = (*Publisher)(nil)
|