2014-06-05 00:25:38 +03:00
|
|
|
package session
|
|
|
|
|
|
|
|
import (
|
2014-09-30 10:43:50 +03:00
|
|
|
"fmt"
|
2014-06-05 00:25:38 +03:00
|
|
|
"net/http"
|
2014-09-29 04:36:24 +03:00
|
|
|
"time"
|
2014-06-05 00:25:38 +03:00
|
|
|
|
2014-09-29 04:36:24 +03:00
|
|
|
"code.google.com/p/go.net/context"
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
2014-10-12 06:33:06 +03:00
|
|
|
"github.com/drone/config"
|
2014-09-29 04:36:24 +03:00
|
|
|
"github.com/drone/drone/server/datastore"
|
2014-08-10 05:06:37 +03:00
|
|
|
"github.com/drone/drone/shared/httputil"
|
2014-06-13 02:41:04 +03:00
|
|
|
"github.com/drone/drone/shared/model"
|
2014-06-05 00:25:38 +03:00
|
|
|
"github.com/gorilla/securecookie"
|
|
|
|
)
|
|
|
|
|
2014-10-12 06:33:06 +03:00
|
|
|
// random key used to create jwt if none
|
|
|
|
// provided in the configuration.
|
|
|
|
var random = securecookie.GenerateRandomKey(32)
|
|
|
|
|
|
|
|
var (
|
|
|
|
secret = config.String("session-secret", string(random))
|
|
|
|
expires = config.Duration("session-expires", time.Hour*72)
|
|
|
|
)
|
2014-06-05 00:25:38 +03:00
|
|
|
|
2014-09-29 04:36:24 +03:00
|
|
|
// GetUser gets the currently authenticated user for the
|
|
|
|
// http.Request. The user details will be stored as either
|
|
|
|
// a simple API token or JWT bearer token.
|
|
|
|
func GetUser(c context.Context, r *http.Request) *model.User {
|
2014-06-05 00:25:38 +03:00
|
|
|
switch {
|
2014-09-30 10:43:50 +03:00
|
|
|
case r.Header.Get("Authorization") != "":
|
|
|
|
return getUserBearer(c, r)
|
|
|
|
case r.FormValue("access_token") != "":
|
2014-09-29 04:36:24 +03:00
|
|
|
return getUserToken(c, r)
|
|
|
|
default:
|
2014-09-30 10:43:50 +03:00
|
|
|
return nil
|
2014-06-05 00:25:38 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-09-29 04:36:24 +03:00
|
|
|
// GenerateToken generates a JWT token for the user session
|
|
|
|
// that can be appended to the #access_token segment to
|
|
|
|
// facilitate client-based OAuth2.
|
|
|
|
func GenerateToken(c context.Context, r *http.Request, user *model.User) (string, error) {
|
|
|
|
token := jwt.New(jwt.GetSigningMethod("HS256"))
|
|
|
|
token.Claims["user_id"] = user.ID
|
|
|
|
token.Claims["audience"] = httputil.GetURL(r)
|
|
|
|
token.Claims["expires"] = time.Now().UTC().Add(time.Hour * 72).Unix()
|
2014-10-12 06:33:06 +03:00
|
|
|
return token.SignedString([]byte(*secret))
|
2014-08-10 05:06:37 +03:00
|
|
|
}
|
|
|
|
|
2014-09-29 04:36:24 +03:00
|
|
|
// getUserToken gets the currently authenticated user for the given
|
|
|
|
// auth token.
|
|
|
|
func getUserToken(c context.Context, r *http.Request) *model.User {
|
|
|
|
var token = r.FormValue("access_token")
|
|
|
|
var user, _ = datastore.GetUserToken(c, token)
|
2014-06-05 00:25:38 +03:00
|
|
|
return user
|
|
|
|
}
|
|
|
|
|
2014-09-29 04:36:24 +03:00
|
|
|
// getUserBearer gets the currently authenticated user for the given
|
|
|
|
// bearer token (JWT)
|
|
|
|
func getUserBearer(c context.Context, r *http.Request) *model.User {
|
2014-09-30 10:43:50 +03:00
|
|
|
var tokenstr = r.Header.Get("Authorization")
|
|
|
|
fmt.Sscanf(tokenstr, "Bearer %s", &tokenstr)
|
|
|
|
|
2014-09-29 04:36:24 +03:00
|
|
|
var token, err = jwt.Parse(tokenstr, func(t *jwt.Token) (interface{}, error) {
|
2014-10-12 06:33:06 +03:00
|
|
|
return []byte(*secret), nil
|
2014-09-29 04:36:24 +03:00
|
|
|
})
|
2014-09-30 10:43:50 +03:00
|
|
|
if err != nil || !token.Valid {
|
|
|
|
println("invalid token")
|
2014-06-05 00:25:38 +03:00
|
|
|
return nil
|
|
|
|
}
|
2014-09-30 10:43:50 +03:00
|
|
|
var userid, ok = token.Claims["user_id"].(float64)
|
2014-06-05 00:25:38 +03:00
|
|
|
if !ok {
|
|
|
|
return nil
|
|
|
|
}
|
2014-09-30 10:43:50 +03:00
|
|
|
var user, _ = datastore.GetUser(c, int64(userid))
|
2014-06-05 00:25:38 +03:00
|
|
|
return user
|
|
|
|
}
|