mirror of
https://github.com/raz-varren/sacrificial-socket.git
synced 2025-10-05 16:16:58 +08:00
66 lines
1.5 KiB
Go
66 lines
1.5 KiB
Go
package token
|
|
|
|
import (
|
|
"encoding/json"
|
|
"errors"
|
|
//"fmt"
|
|
"github.com/dvsekhvalnov/jose2go"
|
|
//"net/http"
|
|
//"strings"
|
|
//"sync"
|
|
"time"
|
|
)
|
|
|
|
var (
|
|
ErrTokenExpired = errors.New("token expired")
|
|
ErrBadPayload = errors.New("payload is missing critical values")
|
|
|
|
ErrNoToken = errors.New("user did not provide a token")
|
|
ErrBadBearerValue = errors.New("user provided an invalid Bearer value")
|
|
)
|
|
|
|
//UserToken represents an authenticated user
|
|
type UserToken struct {
|
|
//authenticated user name
|
|
IAM string `json:"iam"`
|
|
|
|
//unix epoc expire time
|
|
EXP int64 `json:"exp"`
|
|
}
|
|
|
|
//GenUserToken will generate an expiring HMAC-SHA256 signed token representing an authenticated user
|
|
func GenUserToken(user string, expires time.Duration, signingKey []byte) (UserToken, string, error) {
|
|
var u UserToken
|
|
u.IAM = user
|
|
u.EXP = time.Now().Add(expires).Unix()
|
|
data, _ := json.Marshal(u)
|
|
tok, err := jose.Sign(string(data), jose.HS256, signingKey)
|
|
return u, tok, err
|
|
}
|
|
|
|
//ValidateUserToken will validate the token and attempt to unmarshal it's payload into a UserToken.
|
|
//
|
|
//error is nil if validation succeeded.
|
|
func ValidateUserToken(token string, signingKey []byte) (UserToken, error) {
|
|
var u UserToken
|
|
payload, _, err := jose.Decode(token, signingKey)
|
|
if err != nil {
|
|
return u, err
|
|
}
|
|
|
|
err = json.Unmarshal([]byte(payload), &u)
|
|
if err != nil {
|
|
return u, err
|
|
}
|
|
|
|
if u.IAM == "" || u.EXP == 0 {
|
|
return u, ErrBadPayload
|
|
}
|
|
|
|
if u.EXP < time.Now().Unix() {
|
|
return u, ErrTokenExpired
|
|
}
|
|
|
|
return u, nil
|
|
}
|