Add support for downloading a backup

router/tokens/backup.go

@@ -0,0 +1,25 @@
+package tokens
+
+import (
+	"github.com/gbrlsnchs/jwt/v3"
+)
+
+type BackupPayload struct {
+	jwt.Payload
+	ServerUuid string `json:"server_uuid"`
+	BackupUuid string `json:"backup_uuid"`
+	UniqueId   string `json:"unique_id"`
+}
+
+// Returns the JWT payload.
+func (p *BackupPayload) GetPayload() *jwt.Payload {
+	return &p.Payload
+}
+
+// Determines if this JWT is valid for the given request cycle. If the
+// unique ID passed in the token has already been seen before this will
+// return false. This allows us to use this JWT as a one-time token that
+// validates all of the request.
+func (p *BackupPayload) IsUniqueRequest() bool {
+	return getTokenStore().IsValidToken(p.UniqueId)
+}

router/tokens/parser.go

@@ -30,4 +30,4 @@ func ParseToken(token []byte, data TokenData) error {
 	_, err := jwt.Verify(token, alg, &data, verifyOptions)
 
 	return err
-}
+}

router/tokens/token_store.go

@@ -0,0 +1,41 @@
+package tokens
+
+import (
+	cache2 "github.com/patrickmn/go-cache"
+	"sync"
+	"time"
+)
+
+type TokenStore struct {
+	cache *cache2.Cache
+	mutex *sync.Mutex
+}
+
+var _tokens *TokenStore
+
+// Returns the global unqiue token store cache. This is used to validate
+// one time token usage by storing any received tokens in a local memory
+// cache until they are ready to expire.
+func getTokenStore() *TokenStore {
+	if _tokens == nil {
+		_tokens = &TokenStore{
+			cache: cache2.New(time.Minute*60, time.Minute*5),
+			mutex: &sync.Mutex{},
+		}
+	}
+
+	return _tokens
+}
+
+func (t *TokenStore) IsValidToken(token string) bool {
+	t.mutex.Lock()
+	defer t.mutex.Unlock()
+
+	_, exists := t.cache.Get(token)
+
+	if !exists {
+		t.cache.Add(token, "", time.Minute*60)
+	}
+
+	return !exists
+}