1
0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-12-30 10:11:23 +02:00
woodpecker/server/session/session.go

88 lines
2.6 KiB
Go
Raw Normal View History

2014-06-05 00:25:38 +03:00
package session
import (
2014-09-30 10:43:50 +03:00
"fmt"
2014-06-05 00:25:38 +03:00
"net/http"
2014-09-29 04:36:24 +03:00
"time"
2014-06-05 00:25:38 +03:00
2014-09-29 04:36:24 +03:00
"code.google.com/p/go.net/context"
"github.com/dgrijalva/jwt-go"
"github.com/drone/config"
2014-09-29 04:36:24 +03:00
"github.com/drone/drone/server/datastore"
2014-08-10 05:06:37 +03:00
"github.com/drone/drone/shared/httputil"
"github.com/drone/drone/shared/model"
2014-06-05 00:25:38 +03:00
"github.com/gorilla/securecookie"
)
// random key used to create jwt if none
// provided in the configuration.
var random = securecookie.GenerateRandomKey(32)
var (
secret = config.String("session-secret", string(random))
expires = config.Duration("session-expires", time.Hour*72)
)
2014-06-05 00:25:38 +03:00
2014-09-29 04:36:24 +03:00
// GetUser gets the currently authenticated user for the
// http.Request. The user details will be stored as either
// a simple API token or JWT bearer token.
func GetUser(c context.Context, r *http.Request) *model.User {
2014-06-05 00:25:38 +03:00
switch {
2014-09-30 10:43:50 +03:00
case r.Header.Get("Authorization") != "":
return getUserBearer(c, r)
case r.FormValue("access_token") != "":
2014-09-29 04:36:24 +03:00
return getUserToken(c, r)
default:
2014-09-30 10:43:50 +03:00
return nil
2014-06-05 00:25:38 +03:00
}
}
2014-09-29 04:36:24 +03:00
// GenerateToken generates a JWT token for the user session
// that can be appended to the #access_token segment to
// facilitate client-based OAuth2.
func GenerateToken(c context.Context, r *http.Request, user *model.User) (string, error) {
token := jwt.New(jwt.GetSigningMethod("HS256"))
token.Claims["user_id"] = user.ID
token.Claims["audience"] = httputil.GetURL(r)
token.Claims["expires"] = time.Now().UTC().Add(time.Hour * 72).Unix()
return token.SignedString([]byte(*secret))
2014-08-10 05:06:37 +03:00
}
2014-09-29 04:36:24 +03:00
// getUserToken gets the currently authenticated user for the given
// auth token.
func getUserToken(c context.Context, r *http.Request) *model.User {
var token = r.FormValue("access_token")
var user = getUserJwtToken(c, token)
// TODO: is it needed to fallback to user_token query?
if user == nil {
user, _ = datastore.GetUserToken(c, token)
}
2014-06-05 00:25:38 +03:00
return user
}
2014-09-29 04:36:24 +03:00
// getUserBearer gets the currently authenticated user for the given
// bearer token (JWT)
func getUserBearer(c context.Context, r *http.Request) *model.User {
2014-09-30 10:43:50 +03:00
var tokenstr = r.Header.Get("Authorization")
fmt.Sscanf(tokenstr, "Bearer %s", &tokenstr)
var user = getUserJwtToken(c, tokenstr)
return user
}
2014-09-30 10:43:50 +03:00
// getUserAccessToken gets the currently authenticated user for the given
// auth token in jwt format.
func getUserJwtToken(c context.Context, tokenstr string) *model.User {
2014-09-29 04:36:24 +03:00
var token, err = jwt.Parse(tokenstr, func(t *jwt.Token) (interface{}, error) {
return []byte(*secret), nil
2014-09-29 04:36:24 +03:00
})
2014-09-30 10:43:50 +03:00
if err != nil || !token.Valid {
2014-06-05 00:25:38 +03:00
return nil
}
2014-09-30 10:43:50 +03:00
var userid, ok = token.Claims["user_id"].(float64)
2014-06-05 00:25:38 +03:00
if !ok {
return nil
}
2014-09-30 10:43:50 +03:00
var user, _ = datastore.GetUser(c, int64(userid))
2014-06-05 00:25:38 +03:00
return user
}