2020-12-29 17:49:26 +02:00
|
|
|
package token
|
2020-03-23 18:19:30 +02:00
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/base64"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
2021-01-20 23:01:10 +02:00
|
|
|
"github.com/asim/go-micro/v3/auth"
|
2020-03-23 18:19:30 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// authClaims to be encoded in the JWT
|
|
|
|
type authClaims struct {
|
2020-05-19 19:17:17 +02:00
|
|
|
Type string `json:"type"`
|
|
|
|
Scopes []string `json:"scopes"`
|
|
|
|
Metadata map[string]string `json:"metadata"`
|
2020-03-23 18:19:30 +02:00
|
|
|
|
|
|
|
jwt.StandardClaims
|
|
|
|
}
|
|
|
|
|
|
|
|
// JWT implementation of token provider
|
|
|
|
type JWT struct {
|
2020-12-29 17:49:26 +02:00
|
|
|
opts Options
|
2020-03-23 18:19:30 +02:00
|
|
|
}
|
|
|
|
|
2020-12-29 17:49:26 +02:00
|
|
|
// New returns an initialized basic provider
|
|
|
|
func New(opts ...Option) Provider {
|
2020-03-23 18:19:30 +02:00
|
|
|
return &JWT{
|
2020-12-29 17:49:26 +02:00
|
|
|
opts: NewOptions(opts...),
|
2020-03-23 18:19:30 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Generate a new JWT
|
2020-12-29 17:49:26 +02:00
|
|
|
func (j *JWT) Generate(acc *auth.Account, opts ...GenerateOption) (*Token, error) {
|
2020-03-23 18:19:30 +02:00
|
|
|
// decode the private key
|
|
|
|
priv, err := base64.StdEncoding.DecodeString(j.opts.PrivateKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// parse the private key
|
|
|
|
key, err := jwt.ParseRSAPrivateKeyFromPEM(priv)
|
|
|
|
if err != nil {
|
2020-12-29 17:49:26 +02:00
|
|
|
return nil, ErrEncodingToken
|
2020-03-23 18:19:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// parse the options
|
2020-12-29 17:49:26 +02:00
|
|
|
options := NewGenerateOptions(opts...)
|
2020-03-23 18:19:30 +02:00
|
|
|
|
|
|
|
// generate the JWT
|
|
|
|
expiry := time.Now().Add(options.Expiry)
|
|
|
|
t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
|
2020-05-21 17:41:55 +02:00
|
|
|
acc.Type, acc.Scopes, acc.Metadata, jwt.StandardClaims{
|
2020-04-01 15:25:00 +02:00
|
|
|
Subject: acc.ID,
|
2020-05-21 17:41:55 +02:00
|
|
|
Issuer: acc.Issuer,
|
2020-03-23 18:19:30 +02:00
|
|
|
ExpiresAt: expiry.Unix(),
|
|
|
|
},
|
|
|
|
})
|
|
|
|
tok, err := t.SignedString(key)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// return the token
|
2020-12-29 17:49:26 +02:00
|
|
|
return &Token{
|
2020-04-01 15:25:00 +02:00
|
|
|
Token: tok,
|
|
|
|
Expiry: expiry,
|
|
|
|
Created: time.Now(),
|
2020-03-23 18:19:30 +02:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Inspect a JWT
|
2020-04-01 15:25:00 +02:00
|
|
|
func (j *JWT) Inspect(t string) (*auth.Account, error) {
|
2020-03-23 18:19:30 +02:00
|
|
|
// decode the public key
|
|
|
|
pub, err := base64.StdEncoding.DecodeString(j.opts.PublicKey)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// parse the public key
|
|
|
|
res, err := jwt.ParseWithClaims(t, &authClaims{}, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
return jwt.ParseRSAPublicKeyFromPEM(pub)
|
|
|
|
})
|
|
|
|
if err != nil {
|
2020-12-29 17:49:26 +02:00
|
|
|
return nil, ErrInvalidToken
|
2020-03-23 18:19:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// validate the token
|
|
|
|
if !res.Valid {
|
2020-12-29 17:49:26 +02:00
|
|
|
return nil, ErrInvalidToken
|
2020-03-23 18:19:30 +02:00
|
|
|
}
|
|
|
|
claims, ok := res.Claims.(*authClaims)
|
|
|
|
if !ok {
|
2020-12-29 17:49:26 +02:00
|
|
|
return nil, ErrInvalidToken
|
2020-03-23 18:19:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// return the token
|
2020-04-01 15:25:00 +02:00
|
|
|
return &auth.Account{
|
2020-05-19 19:17:17 +02:00
|
|
|
ID: claims.Subject,
|
2020-05-21 17:41:55 +02:00
|
|
|
Issuer: claims.Issuer,
|
2020-05-19 19:17:17 +02:00
|
|
|
Type: claims.Type,
|
|
|
|
Scopes: claims.Scopes,
|
|
|
|
Metadata: claims.Metadata,
|
2020-03-23 18:19:30 +02:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// String returns JWT
|
|
|
|
func (j *JWT) String() string {
|
|
|
|
return "jwt"
|
|
|
|
}
|