fix: session invalidation

server/memorystore/providers/inmemory/provider.go

@@ -2,24 +2,23 @@ package inmemory
 
 import (
 	"sync"
+
+	"github.com/authorizerdev/authorizer/server/memorystore/providers/inmemory/stores"
 )
 
 type provider struct {
 	mutex        sync.Mutex
-	sessionStore map[string]map[string]string
-	stateStore   map[string]string
-	envStore     *EnvStore
+	sessionStore *stores.SessionStore
+	stateStore   *stores.StateStore
+	envStore     *stores.EnvStore
 }
 
 // NewInMemoryStore returns a new in-memory store.
 func NewInMemoryProvider() (*provider, error) {
 	return &provider{
 		mutex:        sync.Mutex{},
-		sessionStore: map[string]map[string]string{},
-		stateStore:   map[string]string{},
-		envStore: &EnvStore{
-			mutex: sync.Mutex{},
-			store: map[string]interface{}{},
-		},
+		envStore:     stores.NewEnvStore(),
+		sessionStore: stores.NewSessionStore(),
+		stateStore:   stores.NewStateStore(),
 	}, nil
 }

server/memorystore/providers/inmemory/store.go

@@ -3,46 +3,44 @@ package inmemory
 import (
 	"fmt"
 	"os"
-	"strings"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 )
 
-// ClearStore clears the in-memory store.
-func (c *provider) ClearStore() error {
-	if os.Getenv("ENV") != constants.TestEnv {
-		c.mutex.Lock()
-		defer c.mutex.Unlock()
-	}
-	c.sessionStore = map[string]map[string]string{}
-
+// SetUserSession sets the user session
+func (c *provider) SetUserSession(userId, key, token string) error {
+	c.sessionStore.Set(userId, key, token)
 	return nil
 }
 
-// GetUserSessions returns all the user session token from the in-memory store.
-func (c *provider) GetUserSessions(userId string) map[string]string {
-	res := map[string]string{}
-	for k, v := range c.stateStore {
-		split := strings.Split(v, "@")
-		if split[1] == userId {
-			res[k] = split[0]
-		}
-	}
-
-	return res
+// GetAllUserSessions returns all the user sessions token from the in-memory store.
+func (c *provider) GetAllUserSessions(userId string) (map[string]string, error) {
+	data := c.sessionStore.GetAll(userId)
+	return data, nil
 }
 
-// DeleteAllUserSession deletes all the user sessions from in-memory store.
-func (c *provider) DeleteAllUserSession(userId string) error {
+// GetUserSession returns value for given session token
+func (c *provider) GetUserSession(userId, sessionToken string) (string, error) {
+	return c.sessionStore.Get(userId, sessionToken), nil
+}
+
+// DeleteAllUserSessions deletes all the user sessions from in-memory store.
+func (c *provider) DeleteAllUserSessions(userId string) error {
 	if os.Getenv("ENV") != constants.TestEnv {
 		c.mutex.Lock()
 		defer c.mutex.Unlock()
 	}
-	sessions := c.GetUserSessions(userId)
-	for k := range sessions {
-		c.RemoveState(k)
-	}
+	c.sessionStore.RemoveAll(userId)
+	return nil
+}
 
+// DeleteUserSession deletes the user session from the in-memory store.
+func (c *provider) DeleteUserSession(userId, sessionToken string) error {
+	if os.Getenv("ENV") != constants.TestEnv {
+		c.mutex.Lock()
+		defer c.mutex.Unlock()
+	}
+	c.sessionStore.Remove(userId, sessionToken)
 	return nil
 }
 
@@ -52,29 +50,19 @@ func (c *provider) SetState(key, state string) error {
 		c.mutex.Lock()
 		defer c.mutex.Unlock()
 	}
-	c.stateStore[key] = state
+	c.stateStore.Set(key, state)
 
 	return nil
 }
 
 // GetState gets the state from the in-memory store.
 func (c *provider) GetState(key string) (string, error) {
-	state := ""
-	if stateVal, ok := c.stateStore[key]; ok {
-		state = stateVal
-	}
-
-	return state, nil
+	return c.stateStore.Get(key), nil
 }
 
 // RemoveState removes the state from the in-memory store.
 func (c *provider) RemoveState(key string) error {
-	if os.Getenv("ENV") != constants.TestEnv {
-		c.mutex.Lock()
-		defer c.mutex.Unlock()
-	}
-	delete(c.stateStore, key)
-
+	c.stateStore.Remove(key)
 	return nil
 }
 

server/memorystore/providers/inmemory/stores/env_store.go

@@ -1,4 +1,4 @@
-package inmemory
+package stores
 
 import (
 	"os"
@@ -13,6 +13,14 @@ type EnvStore struct {
 	store map[string]interface{}
 }
 
+// NewEnvStore create a new env store
+func NewEnvStore() *EnvStore {
+	return &EnvStore{
+		mutex: sync.Mutex{},
+		store: make(map[string]interface{}),
+	}
+}
+
 // UpdateEnvStore to update the whole env store object
 func (e *EnvStore) UpdateStore(store map[string]interface{}) {
 	if os.Getenv("ENV") != constants.TestEnv {

server/memorystore/providers/inmemory/stores/session_store.go

@@ -0,0 +1,67 @@
+package stores
+
+import (
+	"os"
+	"sync"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+)
+
+// SessionStore struct to store the env variables
+type SessionStore struct {
+	mutex sync.Mutex
+	store map[string]map[string]string
+}
+
+// NewSessionStore create a new session store
+func NewSessionStore() *SessionStore {
+	return &SessionStore{
+		mutex: sync.Mutex{},
+		store: make(map[string]map[string]string),
+	}
+}
+
+// Get returns the value of the key in state store
+func (s *SessionStore) Get(key, subKey string) string {
+	return s.store[key][subKey]
+}
+
+// Set sets the value of the key in state store
+func (s *SessionStore) Set(key string, subKey, value string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+	if _, ok := s.store[key]; !ok {
+		s.store[key] = make(map[string]string)
+	}
+	s.store[key][subKey] = value
+}
+
+// RemoveAll all values for given key
+func (s *SessionStore) RemoveAll(key string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+	delete(s.store, key)
+}
+
+// Remove value for given key and subkey
+func (s *SessionStore) Remove(key, subKey string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+	if _, ok := s.store[key]; ok {
+		delete(s.store[key], subKey)
+	}
+}
+
+// Get all the values for given key
+func (s *SessionStore) GetAll(key string) map[string]string {
+	if _, ok := s.store[key]; !ok {
+		s.store[key] = make(map[string]string)
+	}
+	return s.store[key]
+}

server/memorystore/providers/inmemory/stores/state_store.go

@@ -0,0 +1,46 @@
+package stores
+
+import (
+	"os"
+	"sync"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+)
+
+// StateStore struct to store the env variables
+type StateStore struct {
+	mutex sync.Mutex
+	store map[string]string
+}
+
+// NewStateStore create a new state store
+func NewStateStore() *StateStore {
+	return &StateStore{
+		mutex: sync.Mutex{},
+		store: make(map[string]string),
+	}
+}
+
+// Get returns the value of the key in state store
+func (s *StateStore) Get(key string) string {
+	return s.store[key]
+}
+
+// Set sets the value of the key in state store
+func (s *StateStore) Set(key string, value string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+	s.store[key] = value
+}
+
+// Remove removes the key from state store
+func (s *StateStore) Remove(key string) {
+	if os.Getenv("ENV") != constants.TestEnv {
+		s.mutex.Lock()
+		defer s.mutex.Unlock()
+	}
+
+	delete(s.store, key)
+}

server/memorystore/providers/providers.go

@@ -2,12 +2,17 @@ package providers
 
 // Provider defines current memory store provider
 type Provider interface {
+	// SetUserSession sets the user session
+	SetUserSession(userId, key, token string) error
+	// GetAllUserSessions returns all the user sessions from the session store
+	GetAllUserSessions(userId string) (map[string]string, error)
+	// GetUserSession returns the session token for given token
+	GetUserSession(userId, token string) (string, error)
+	// DeleteUserSession deletes the user session
+	DeleteUserSession(userId, token string) error
 	// DeleteAllSessions deletes all the sessions from the session store
-	DeleteAllUserSession(userId string) error
-	// GetUserSessions returns all the user sessions from the session store
-	GetUserSessions(userId string) map[string]string
-	// ClearStore clears the session store for authorizer tokens
-	ClearStore() error
+	DeleteAllUserSessions(userId string) error
+
 	// SetState sets the login state (key, value form) in the session store
 	SetState(key, state string) error
 	// GetState returns the state from the session store

server/memorystore/providers/redis/store.go

@@ -2,67 +2,72 @@ package redis
 
 import (
 	"strconv"
-	"strings"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	log "github.com/sirupsen/logrus"
 )
 
 var (
-	// session store prefix
-	sessionStorePrefix = "authorizer_session:"
+	// state store prefix
+	stateStorePrefix = "authorizer_state:"
 	// env store prefix
 	envStorePrefix = "authorizer_env"
 )
 
-// ClearStore clears the redis store for authorizer related tokens
-func (c *provider) ClearStore() error {
-	err := c.store.Del(c.ctx, sessionStorePrefix+"*").Err()
+// SetUserSession sets the user session in redis store.
+func (c *provider) SetUserSession(userId, key, token string) error {
+	err := c.store.HSet(c.ctx, userId, key, token).Err()
 	if err != nil {
-		log.Debug("Error clearing redis store: ", err)
+		log.Debug("Error saving to redis: ", err)
 		return err
 	}
-
 	return nil
 }
 
-// GetUserSessions returns all the user session token from the redis store.
-func (c *provider) GetUserSessions(userID string) map[string]string {
-	data, err := c.store.HGetAll(c.ctx, "*").Result()
+// GetAllUserSessions returns all the user session token from the redis store.
+func (c *provider) GetAllUserSessions(userID string) (map[string]string, error) {
+	data, err := c.store.HGetAll(c.ctx, userID).Result()
 	if err != nil {
-		log.Debug("error getting token from redis store: ", err)
+		log.Debug("error getting all user sessions from redis store: ", err)
+		return nil, err
 	}
 
-	res := map[string]string{}
-	for k, v := range data {
-		split := strings.Split(v, "@")
-		if split[1] == userID {
-			res[k] = split[0]
-		}
-	}
-
-	return res
+	return data, nil
 }
 
-// DeleteAllUserSession deletes all the user session from redis
-func (c *provider) DeleteAllUserSession(userId string) error {
-	sessions := c.GetUserSessions(userId)
-	for k, v := range sessions {
-		if k == "token" {
-			err := c.store.Del(c.ctx, v).Err()
-			if err != nil {
-				log.Debug("Error deleting redis token: ", err)
-				return err
-			}
-		}
+// GetUserSession returns the user session from redis store.
+func (c *provider) GetUserSession(userId, key string) (string, error) {
+	var res string
+	err := c.store.HGet(c.ctx, userId, key).Scan(&res)
+	if err != nil {
+		return "", err
 	}
+	return res, nil
+}
 
+// DeleteUserSession deletes the user session from redis store.
+func (c *provider) DeleteUserSession(userId, key string) error {
+	err := c.store.HDel(c.ctx, userId, key).Err()
+	if err != nil {
+		log.Debug("Error deleting user session from redis: ", err)
+		return err
+	}
+	return nil
+}
+
+// DeleteAllUserSessions deletes all the user session from redis
+func (c *provider) DeleteAllUserSessions(userID string) error {
+	err := c.store.HDel(c.ctx, userID).Err()
+	if err != nil {
+		log.Debug("Error deleting all user sessions from redis: ", err)
+		return err
+	}
 	return nil
 }
 
 // SetState sets the state in redis store.
 func (c *provider) SetState(key, value string) error {
-	err := c.store.Set(c.ctx, sessionStorePrefix+key, value, 0).Err()
+	err := c.store.Set(c.ctx, stateStorePrefix+key, value, 0).Err()
 	if err != nil {
 		log.Debug("Error saving redis token: ", err)
 		return err
@@ -74,7 +79,7 @@ func (c *provider) SetState(key, value string) error {
 // GetState gets the state from redis store.
 func (c *provider) GetState(key string) (string, error) {
 	var res string
-	err := c.store.Get(c.ctx, sessionStorePrefix+key).Scan(&res)
+	err := c.store.Get(c.ctx, stateStorePrefix+key).Scan(&res)
 	if err != nil {
 		log.Debug("error getting token from redis store: ", err)
 	}
@@ -84,7 +89,7 @@ func (c *provider) GetState(key string) (string, error) {
 
 // RemoveState removes the state from redis store.
 func (c *provider) RemoveState(key string) error {
-	err := c.store.Del(c.ctx, sessionStorePrefix+key).Err()
+	err := c.store.Del(c.ctx, stateStorePrefix+key).Err()
 	if err != nil {
 		log.Fatalln("Error deleting redis token: ", err)
 		return err