Mercurial > gemma
comparison auth/token.go @ 134:0c56c56a1c44 remove-jwt
Removed the JWT layer from the session management.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Fri, 29 Jun 2018 17:17:20 +0200 |
parents | bb9120d28950 |
children |
comparison
equal
deleted
inserted
replaced
133:f4523620ba5d | 134:0c56c56a1c44 |
---|---|
1 package auth | 1 package auth |
2 | 2 |
3 import ( | 3 import ( |
4 "crypto/rand" | |
5 "encoding/base64" | |
6 "io" | |
4 "time" | 7 "time" |
5 | |
6 "gemma.intevation.de/gemma/config" | |
7 | |
8 jwt "github.com/dgrijalva/jwt-go" | |
9 ) | 8 ) |
10 | 9 |
11 type Claims struct { | 10 type Session struct { |
12 jwt.StandardClaims | 11 ExpiresAt int64 `json:"expires"` |
13 | 12 User string `json:"user"` |
14 User string `json:"user"` | 13 Password string `json:"password"` |
15 Roles []string `json:"roles"` | 14 Roles []string `json:"roles"` |
16 } | 15 } |
17 | 16 |
18 const maxTokenValid = time.Hour * 3 | 17 const ( |
18 sessionKeyLength = 20 | |
19 maxTokenValid = time.Hour * 3 | |
20 ) | |
19 | 21 |
20 func NewToken(user string, roles []string) (string, error) { | 22 func NewSession(user, password string, roles []string) *Session { |
21 | 23 |
22 // Create the Claims | 24 // Create the Claims |
23 claims := &Claims{ | 25 return &Session{ |
24 StandardClaims: jwt.StandardClaims{ | 26 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), |
25 ExpiresAt: jwt.TimeFunc().Add(maxTokenValid).Unix(), | 27 User: user, |
26 }, | 28 Password: password, |
27 User: user, | 29 Roles: roles, |
28 Roles: roles, | |
29 } | 30 } |
30 | |
31 token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) | |
32 return token.SignedString(config.Config.JWTSignKey) | |
33 } | 31 } |
34 | 32 |
35 func TokenToClaims(token string) (*Claims, error) { | 33 func GenerateSessionKey() string { |
36 claims := &Claims{} | 34 return base64.URLEncoding.EncodeToString(GenerateRandomKey(sessionKeyLength)) |
37 _, err := jwt.ParseWithClaims(token, claims, | |
38 func(*jwt.Token) (interface{}, error) { return config.Config.JWTSignKey, nil }) | |
39 return claims, err | |
40 } | 35 } |
41 | 36 |
42 func GenerateToken(user, password string) (string, error) { | 37 func GenerateRandomKey(length int) []byte { |
38 k := make([]byte, length) | |
39 if _, err := io.ReadFull(rand.Reader, k); err != nil { | |
40 return nil | |
41 } | |
42 return k | |
43 } | |
44 | |
45 func GenerateSession(user, password string) (string, *Session, error) { | |
43 roles, err := AllOtherRoles(user, password) | 46 roles, err := AllOtherRoles(user, password) |
44 if err != nil { | 47 if err != nil { |
45 return "", err | 48 return "", nil, err |
46 } | 49 } |
47 token, err := NewToken(user, roles) | 50 token := GenerateSessionKey() |
48 if err != nil { | 51 session := NewSession(user, password, roles) |
49 return "", err | 52 ConnPool.Add(token, session) |
50 } | 53 return token, session, nil |
51 ConnPool.Add(token, user, password) | |
52 return token, nil | |
53 } | 54 } |