1
0
mirror of https://github.com/pocketbase/pocketbase.git synced 2024-11-24 09:02:26 +02:00
pocketbase/tokens/record.go

96 lines
3.0 KiB
Go

package tokens
import (
"errors"
"github.com/golang-jwt/jwt/v4"
"github.com/pocketbase/pocketbase/core"
"github.com/pocketbase/pocketbase/models"
"github.com/pocketbase/pocketbase/tools/security"
)
// NewRecordAuthToken generates and returns a new auth record authentication token.
func NewRecordAuthToken(app core.App, record *models.Record) (string, error) {
if !record.Collection().IsAuth() {
return "", errors.New("The record is not from an auth collection.")
}
return security.NewJWT(
jwt.MapClaims{
"id": record.Id,
"type": TypeAuthRecord,
"collectionId": record.Collection().Id,
},
(record.TokenKey() + app.Settings().RecordAuthToken.Secret),
app.Settings().RecordAuthToken.Duration,
)
}
// NewRecordVerifyToken generates and returns a new record verification token.
func NewRecordVerifyToken(app core.App, record *models.Record) (string, error) {
if !record.Collection().IsAuth() {
return "", errors.New("The record is not from an auth collection.")
}
return security.NewJWT(
jwt.MapClaims{
"id": record.Id,
"type": TypeAuthRecord,
"collectionId": record.Collection().Id,
"email": record.Email(),
},
(record.TokenKey() + app.Settings().RecordVerificationToken.Secret),
app.Settings().RecordVerificationToken.Duration,
)
}
// NewRecordResetPasswordToken generates and returns a new auth record password reset request token.
func NewRecordResetPasswordToken(app core.App, record *models.Record) (string, error) {
if !record.Collection().IsAuth() {
return "", errors.New("The record is not from an auth collection.")
}
return security.NewJWT(
jwt.MapClaims{
"id": record.Id,
"type": TypeAuthRecord,
"collectionId": record.Collection().Id,
"email": record.Email(),
},
(record.TokenKey() + app.Settings().RecordPasswordResetToken.Secret),
app.Settings().RecordPasswordResetToken.Duration,
)
}
// NewRecordChangeEmailToken generates and returns a new auth record change email request token.
func NewRecordChangeEmailToken(app core.App, record *models.Record, newEmail string) (string, error) {
return security.NewJWT(
jwt.MapClaims{
"id": record.Id,
"type": TypeAuthRecord,
"collectionId": record.Collection().Id,
"email": record.Email(),
"newEmail": newEmail,
},
(record.TokenKey() + app.Settings().RecordEmailChangeToken.Secret),
app.Settings().RecordEmailChangeToken.Duration,
)
}
// NewRecordFileToken generates and returns a new record private file access token.
func NewRecordFileToken(app core.App, record *models.Record) (string, error) {
if !record.Collection().IsAuth() {
return "", errors.New("The record is not from an auth collection.")
}
return security.NewJWT(
jwt.MapClaims{
"id": record.Id,
"type": TypeAuthRecord,
"collectionId": record.Collection().Id,
},
(record.TokenKey() + app.Settings().RecordFileToken.Secret),
app.Settings().RecordFileToken.Duration,
)
}