Implement 'wookie' protocol (#163)

* Create zookie-like 'wookie' implementation for specifying consistency/freshness on reads

* Persist wookies on updates and send back in responses

* Fix postgres createWookie query

* Send back latest wookie in all check/read calls

* Simplify wookie service methods

* Check service Check() to use wookie read

* Implement wookie service methods

* Allow wookieSafeReads() within WithWookieUpdate()

* Don't err out if wookie values not present

* Add basic wookie token unit test

* Address cr comments

cmd/warrant/main.go

@@ -18,18 +18,19 @@ import (
 	tenant "github.com/warrant-dev/warrant/pkg/authz/tenant"
 	user "github.com/warrant-dev/warrant/pkg/authz/user"
 	warrant "github.com/warrant-dev/warrant/pkg/authz/warrant"
+	wookie "github.com/warrant-dev/warrant/pkg/authz/wookie"
 	"github.com/warrant-dev/warrant/pkg/config"
 	"github.com/warrant-dev/warrant/pkg/database"
 	"github.com/warrant-dev/warrant/pkg/event"
 	"github.com/warrant-dev/warrant/pkg/service"
 )
 
 const (
-	MySQLDatastoreMigrationVersion     = 000004
+	MySQLDatastoreMigrationVersion     = 000005
 	MySQLEventstoreMigrationVersion    = 000003
-	PostgresDatastoreMigrationVersion  = 000005
+	PostgresDatastoreMigrationVersion  = 000006
 	PostgresEventstoreMigrationVersion = 000004
-	SQLiteDatastoreMigrationVersion    = 000004
+	SQLiteDatastoreMigrationVersion    = 000005
 	SQLiteEventstoreMigrationVersion   = 000003
 )
 
@@ -195,22 +196,29 @@ func main() {
 	}
 	eventSvc := event.NewService(svcEnv, eventRepository, cfg.Eventstore.SynchronizeEvents, nil)
 
+	// Init wookie repo and service
+	wookieRepository, err := wookie.NewRepository(svcEnv.DB())
+	if err != nil {
+		log.Fatal().Err(err).Msg("Could not initialize WookieRepository")
+	}
+	wookieSvc := wookie.NewService(svcEnv, wookieRepository)
+
 	// Init object type repo and service
 	objectTypeRepository, err := objecttype.NewRepository(svcEnv.DB())
 	if err != nil {
 		log.Fatal().Err(err).Msg("Could not initialize ObjectTypeRepository")
 	}
-	objectTypeSvc := objecttype.NewService(svcEnv, objectTypeRepository, eventSvc)
+	objectTypeSvc := objecttype.NewService(svcEnv, objectTypeRepository, eventSvc, wookieSvc)
 
 	// Init warrant repo and service
 	warrantRepository, err := warrant.NewRepository(svcEnv.DB())
 	if err != nil {
 		log.Fatal().Err(err).Msg("Could not initialize WarrantRepository")
 	}
-	warrantSvc := warrant.NewService(svcEnv, warrantRepository, eventSvc, objectTypeSvc)
+	warrantSvc := warrant.NewService(svcEnv, warrantRepository, eventSvc, objectTypeSvc, wookieSvc)
 
 	// Init check service
-	checkSvc := check.NewService(svcEnv, warrantRepository, eventSvc, objectTypeSvc)
+	checkSvc := check.NewService(svcEnv, warrantRepository, eventSvc, objectTypeSvc, wookieSvc)
 
 	// Init object repo and service
 	objectRepository, err := object.NewRepository(svcEnv.DB())

migrations/datastore/mysql/000005_create_wookie_table.down.sql

@@ -0,0 +1,5 @@
+BEGIN;
+
+DROP TABLE IF EXISTS wookie;
+
+COMMIT;

migrations/datastore/mysql/000005_create_wookie_table.up.sql

@@ -0,0 +1,10 @@
+BEGIN;
+
+CREATE TABLE IF NOT EXISTS wookie (
+  id bigint NOT NULL AUTO_INCREMENT,
+  ver bigint NOT NULL,
+  createdAt timestamp(6) NULL DEFAULT CURRENT_TIMESTAMP(6),
+  PRIMARY KEY (id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
+
+COMMIT;

migrations/datastore/postgres/000006_create_wookie_table.down.sql

@@ -0,0 +1,5 @@
+BEGIN;
+
+DROP TABLE IF EXISTS wookie;
+
+COMMIT;

migrations/datastore/postgres/000006_create_wookie_table.up.sql

@@ -0,0 +1,9 @@
+BEGIN;
+
+CREATE TABLE IF NOT EXISTS wookie (
+  id bigserial PRIMARY KEY,
+  ver bigserial,
+  created_at timestamp(6) NULL DEFAULT CURRENT_TIMESTAMP(6)
+);
+
+COMMIT;

migrations/datastore/sqlite/000005_create_wookie_table.down.sql

@@ -0,0 +1 @@
+DROP TABLE IF EXISTS wookie;

migrations/datastore/sqlite/000005_create_wookie_table.up.sql

@@ -0,0 +1,5 @@
+CREATE TABLE IF NOT EXISTS wookie (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  ver INTEGER,
+  createdAt DATETIME DEFAULT CURRENT_TIMESTAMP
+);

pkg/authz/check/handlers.go

@@ -5,16 +5,20 @@ import (
 
 	objecttype "github.com/warrant-dev/warrant/pkg/authz/objecttype"
 	warrant "github.com/warrant-dev/warrant/pkg/authz/warrant"
+	wookie "github.com/warrant-dev/warrant/pkg/authz/wookie"
 	"github.com/warrant-dev/warrant/pkg/service"
 )
 
 func (svc CheckService) Routes() ([]service.Route, error) {
 	return []service.Route{
 		// Standard Authorization
 		service.WarrantRoute{
-			Pattern:                    "/v2/authorize",
-			Method:                     "POST",
-			Handler:                    service.NewRouteHandler(svc, AuthorizeHandler),
+			Pattern: "/v2/authorize",
+			Method:  "POST",
+			Handler: service.ChainMiddleware(
+				service.NewRouteHandler(svc, AuthorizeHandler),
+				wookie.ClientTokenMiddleware,
+			),
 			OverrideAuthMiddlewareFunc: service.ApiKeyAndSessionAuthMiddleware,
 		},
 	}, nil
@@ -49,10 +53,11 @@ func AuthorizeHandler(svc CheckService, w http.ResponseWriter, r *http.Request)
 			Debug:    sessionCheckManySpec.Debug,
 		}
 
-		checkResult, err := svc.CheckMany(r.Context(), authInfo, &checkManySpec)
+		checkResult, updatedWookie, err := svc.CheckMany(r.Context(), authInfo, &checkManySpec)
 		if err != nil {
 			return err
 		}
+		wookie.AddAsResponseHeader(w, updatedWookie)
 
 		service.SendJSONResponse(w, checkResult)
 		return nil
@@ -64,10 +69,11 @@ func AuthorizeHandler(svc CheckService, w http.ResponseWriter, r *http.Request)
 		return err
 	}
 
-	checkResult, err := svc.CheckMany(r.Context(), authInfo, &checkManySpec)
+	checkResult, updatedWookie, err := svc.CheckMany(r.Context(), authInfo, &checkManySpec)
 	if err != nil {
 		return err
 	}
+	wookie.AddAsResponseHeader(w, updatedWookie)
 
 	service.SendJSONResponse(w, checkResult)
 	return nil