add redis authenticator, split authn out

Author: hfoxy

auth.go

@@ -1,13 +1,10 @@
 package irdata
 
 import (
-	"bytes"
 	"crypto/sha256"
 	"encoding/base64"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"net/http"
 	"net/http/cookiejar"
 	"strings"
@@ -67,6 +64,10 @@ func Login(email string, password string, options ...Options) (IRData, error) {
 		},
 	}
 
+	data.authenticator = &DefaultAuthenticator{
+		irdata: data,
+	}
+
 	for _, option := range options {
 		err := option.Apply(data)
 		if err != nil {
@@ -79,97 +80,26 @@ func Login(email string, password string, options ...Options) (IRData, error) {
 		}
 	}
 
-	err := data.Authenticate()
+	err := data.Authenticate(false)
 	if err != nil {
 		return nil, err
 	}
 
 	return data, nil
 }
 
-func (d *irdata) Authenticate() error {
-	/**
-	 * data := url.Values{}
-	 * data.Set("username", d.email)
-	 * data.Set("password", d.passwordHash)
-	 * resp, err := d.client.Post(fmt.Sprintf("%s/Login", d.membersUrl), "application/x-www-form-urlencoded", strings.NewReader(data.Encode()))
-	 * if err != nil {
-	 * 	return &ConfigurationError{Msg: "unable to make request", Trigger: err}
-	 * }
-	 */
-
-	requestBody := AuthRequest{
-		Email:    d.email,
-		Password: d.passwordHash,
-	}
-
-	body, err := json.Marshal(requestBody)
-	if err != nil {
-		return &ConfigurationError{Msg: "unable to marshal request body", Trigger: err}
-	}
-
-	bodyReader := bytes.NewReader(body)
-
-	resp, err := d.client.Post(fmt.Sprintf("%s/auth", d.membersUrl), "application/json", bodyReader)
+func (d *irdata) Authenticate(force bool) error {
+	cookieUrl, cookies, expiration, err := d.authenticator.Authenticate(d.email, d.passwordHash, force)
 	if err != nil {
-		return &ConfigurationError{Msg: "unable to make request", Trigger: err}
-	}
-
-	defer resp.Body.Close()
-
-	if err != nil {
-		return &ConfigurationError{Msg: "unable to read authentication response", Trigger: err}
-	}
-
-	err = d.RateLimit().update(resp)
-	if err != nil {
-		return &ConfigurationError{Msg: "unable to update rate limit", Trigger: err}
-	}
-
-	if resp.StatusCode == 401 {
-		return &AuthenticationError{Msg: "invalid credentials"}
-	} else if resp.StatusCode == 503 {
-		return &ServiceUnavailableError{Msg: "service unavailable"}
-	} else if resp.StatusCode == 209 {
-		return &RateLimitExceededError{Msg: "too many requests"}
-	} else if resp.StatusCode != 200 {
-		return &ServiceUnavailableError{Msg: "unexpected error", Trigger: errors.New(resp.Status)}
-	}
-
-	r, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return &ConfigurationError{Msg: "unable to read authentication response body", Trigger: err}
-	}
-
-	responseBody := AuthResponse{}
-	err = json.Unmarshal(r, &responseBody)
-	if err != nil {
-		return &ConfigurationError{Msg: "unable to unmarshal authentication response body", Trigger: err}
-	}
-
-	if responseBody.AuthCode == 0 || responseBody.AuthCode == float64(0) {
-		return &AuthenticationError{Msg: "authentication failed", Trigger: errors.New(responseBody.Message)}
-	}
-
-	membersCookie := false
-	d.cookies = resp.Cookies()
-	for _, cookie := range d.cookies {
-		if cookie.Name == "authtoken_members" {
-			d.expiration = cookie.Expires
-			membersCookie = true
-			break
-		}
+		return err
 	}
 
+	d.cookies = cookies
+	d.expiration = expiration
 	if d.client.Jar == nil {
 		d.client.Jar, _ = cookiejar.New(&cookiejar.Options{})
 	}
 
-	d.client.Jar.SetCookies(resp.Request.URL, d.cookies)
-
-	if !membersCookie {
-		return &AuthenticationError{Msg: "unable to find 'authtoken_members' cookie"}
-	}
-
+	d.client.Jar.SetCookies(cookieUrl, d.cookies)
 	return nil
 }

authenticator.go

@@ -0,0 +1,114 @@
+package irdata
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type Authenticator interface {
+	Authenticate(username string, password string, force bool) (*url.URL, []*http.Cookie, time.Time, error)
+}
+
+type DefaultAuthenticator struct {
+	Authenticator
+
+	irdata IRData
+}
+
+func NewDefaultAuthenticator(irdata IRData) (*DefaultAuthenticator, error) {
+	if irdata == nil {
+		return nil, errors.New("irdata is nil")
+	}
+
+	return &DefaultAuthenticator{
+		irdata: irdata,
+	}, nil
+}
+
+func (a *DefaultAuthenticator) Authenticate(username string, password string, _ bool) (*url.URL, []*http.Cookie, time.Time, error) {
+	/**
+	 * data := url.Values{}
+	 * data.Set("username", d.email)
+	 * data.Set("password", d.passwordHash)
+	 * resp, err := d.client.Post(fmt.Sprintf("%s/Login", d.membersUrl), "application/x-www-form-urlencoded", strings.NewReader(data.Encode()))
+	 * if err != nil {
+	 * 	return &ConfigurationError{Msg: "unable to make request", Trigger: err}
+	 * }
+	 */
+
+	requestBody := AuthRequest{
+		Email:    username,
+		Password: password,
+	}
+
+	body, err := json.Marshal(requestBody)
+	if err != nil {
+		return nil, nil, time.Time{}, &ConfigurationError{Msg: "unable to marshal request body", Trigger: err}
+	}
+
+	bodyReader := bytes.NewReader(body)
+
+	resp, err := a.irdata.HttpClient().Post(fmt.Sprintf("%s/auth", a.irdata.MembersUrl()), "application/json", bodyReader)
+	if err != nil {
+		return nil, nil, time.Time{}, &ConfigurationError{Msg: "unable to make request", Trigger: err}
+	}
+
+	defer resp.Body.Close()
+
+	if err != nil {
+		return nil, nil, time.Time{}, &ConfigurationError{Msg: "unable to read authentication response", Trigger: err}
+	}
+
+	err = a.irdata.RateLimit().update(resp)
+	if err != nil {
+		return nil, nil, time.Time{}, &ConfigurationError{Msg: "unable to update rate limit", Trigger: err}
+	}
+
+	if resp.StatusCode == 401 {
+		return nil, nil, time.Time{}, &AuthenticationError{Msg: "invalid credentials"}
+	} else if resp.StatusCode == 503 {
+		return nil, nil, time.Time{}, &ServiceUnavailableError{Msg: "service unavailable"}
+	} else if resp.StatusCode == 209 {
+		return nil, nil, time.Time{}, &RateLimitExceededError{Msg: "too many requests"}
+	} else if resp.StatusCode != 200 {
+		return nil, nil, time.Time{}, &ServiceUnavailableError{Msg: "unexpected error", Trigger: errors.New(resp.Status)}
+	}
+
+	r, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, nil, time.Time{}, &ConfigurationError{Msg: "unable to read authentication response body", Trigger: err}
+	}
+
+	responseBody := AuthResponse{}
+	err = json.Unmarshal(r, &responseBody)
+	if err != nil {
+		return nil, nil, time.Time{}, &ConfigurationError{Msg: "unable to unmarshal authentication response body", Trigger: err}
+	}
+
+	if responseBody.AuthCode == 0 || responseBody.AuthCode == float64(0) {
+		return nil, nil, time.Time{}, &AuthenticationError{Msg: "authentication failed", Trigger: errors.New(responseBody.Message)}
+	}
+
+	expiresAt := time.Now()
+	membersCookie := false
+	cookies := resp.Cookies()
+	for _, cookie := range cookies {
+		if cookie.Name == "authtoken_members" {
+			membersCookie = true
+			expiresAt = cookie.Expires
+			break
+		}
+	}
+
+	if !membersCookie {
+		return nil, nil, time.Time{}, &AuthenticationError{Msg: "unable to find 'authtoken_members' cookie"}
+	}
+
+	return resp.Request.URL, cookies, expiresAt, nil
+}

authenticator_redis.go

@@ -0,0 +1,145 @@
+package irdata
+
+import (
+	"bytes"
+	"context"
+	"crypto/sha512"
+	"encoding/gob"
+	"errors"
+	"fmt"
+	"github.com/redis/go-redis/v9"
+	"log/slog"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+type RedisAuthenticator struct {
+	Authenticator
+
+	redis         redis.Cmdable
+	authenticator Authenticator
+
+	Logger             Logger
+	KeyPrefix          string
+	LocalCacheDuration time.Duration
+
+	localCache map[string]*AuthenticationResult
+}
+
+func NewRedisDefaultAuthenticator(redis redis.Cmdable, irdata IRData) (*RedisAuthenticator, error) {
+	authenticator, err := NewDefaultAuthenticator(irdata)
+	if err != nil {
+		return nil, err
+	}
+
+	return NewRedisAuthenticator(redis, authenticator)
+}
+
+func NewRedisAuthenticator(redis redis.Cmdable, authenticator Authenticator) (*RedisAuthenticator, error) {
+	if redis == nil {
+		return nil, errors.New("redis is nil")
+	} else if authenticator == nil {
+		return nil, errors.New("authenticator is nil")
+	}
+
+	return &RedisAuthenticator{
+		redis:              redis,
+		authenticator:      authenticator,
+		Logger:             slog.Default(),
+		KeyPrefix:          "iracing:irdata:",
+		LocalCacheDuration: time.Minute,
+		localCache:         make(map[string]*AuthenticationResult),
+	}, nil
+}
+
+type AuthenticationResult struct {
+	Username         string
+	PasswordChecksum string
+	URL              *url.URL
+	Cookies          []*http.Cookie
+	Expiration       time.Time
+
+	lastUpdated time.Time
+}
+
+func init() {
+	gob.Register(AuthenticationResult{})
+}
+
+func (a *RedisAuthenticator) Authenticate(username string, password string, _ bool) (*url.URL, []*http.Cookie, time.Time, error) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	hasher := sha512.New()
+	hasher.Write([]byte(password))
+	hashedPassword := fmt.Sprintf("%032x", hasher.Sum(nil))
+
+	key := fmt.Sprintf("%s%s-%s", a.KeyPrefix, username, hashedPassword)
+	existing, ok := a.localCache[key]
+	if ok && existing.lastUpdated.Before(time.Now().Add(-a.LocalCacheDuration)) {
+		return existing.URL, existing.Cookies, existing.Expiration, nil
+	} else if ok {
+		delete(a.localCache, key)
+	}
+
+	existingResp := a.redis.Get(ctx, key)
+	if existingResp == nil || existingResp.Err() != nil {
+		if existingResp == nil || !errors.Is(existingResp.Err(), redis.Nil) {
+			var err error
+			if existingResp == nil {
+				err = errors.New("no response from redis")
+			} else {
+				err = fmt.Errorf("unexpected response from redis: %s", existingResp.Err())
+			}
+
+			a.Logger.Warn("unable to retrieve cached result from redis", "error", err)
+		}
+
+		return a.authenticate(username, password, hashedPassword, key)
+	}
+
+	result := &AuthenticationResult{}
+	decoder := gob.NewDecoder(bytes.NewBuffer([]byte(existingResp.Val())))
+	err := decoder.Decode(result)
+	if err != nil {
+		a.Logger.Warn("unable to decode cached result from redis", "error", err)
+		return a.authenticate(username, password, hashedPassword, key)
+	}
+
+	result.lastUpdated = time.Now()
+	a.localCache[key] = result
+	return result.URL, result.Cookies, result.Expiration, nil
+}
+
+func (a *RedisAuthenticator) authenticate(username, password, hashedPassword, key string) (*url.URL, []*http.Cookie, time.Time, error) {
+	cookieUrl, cookies, expiration, err := a.authenticator.Authenticate(username, password, true)
+	if err != nil {
+		return nil, nil, time.Time{}, err
+	}
+
+	result := &AuthenticationResult{
+		Username:         username,
+		PasswordChecksum: hashedPassword,
+		URL:              cookieUrl,
+		Cookies:          cookies,
+		Expiration:       expiration,
+		lastUpdated:      time.Now(),
+	}
+
+	a.localCache[key] = result
+
+	buf := new(bytes.Buffer)
+	err = gob.NewEncoder(buf).Encode(result)
+	if err != nil {
+		a.Logger.Warn("unable to encode cached result for redis", "error", err)
+		return cookieUrl, cookies, expiration, nil
+	}
+
+	setResp := a.redis.Set(context.Background(), key, buf.Bytes(), time.Until(result.Expiration))
+	if setResp == nil || setResp.Err() != nil {
+		a.Logger.Warn("unable to set cached result in redis", "error", err)
+	}
+
+	return cookieUrl, cookies, expiration, nil
+}