Mercurial > gemma
comparison auth/token.go @ 134:0c56c56a1c44 remove-jwt
Removed the JWT layer from the session management.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Fri, 29 Jun 2018 17:17:20 +0200 |
| parents | bb9120d28950 |
| children |
comparison
equal
deleted
inserted
replaced
| 133:f4523620ba5d | 134:0c56c56a1c44 |
|---|---|
| 1 package auth | 1 package auth |
| 2 | 2 |
| 3 import ( | 3 import ( |
| 4 "crypto/rand" | |
| 5 "encoding/base64" | |
| 6 "io" | |
| 4 "time" | 7 "time" |
| 5 | |
| 6 "gemma.intevation.de/gemma/config" | |
| 7 | |
| 8 jwt "github.com/dgrijalva/jwt-go" | |
| 9 ) | 8 ) |
| 10 | 9 |
| 11 type Claims struct { | 10 type Session struct { |
| 12 jwt.StandardClaims | 11 ExpiresAt int64 `json:"expires"` |
| 13 | 12 User string `json:"user"` |
| 14 User string `json:"user"` | 13 Password string `json:"password"` |
| 15 Roles []string `json:"roles"` | 14 Roles []string `json:"roles"` |
| 16 } | 15 } |
| 17 | 16 |
| 18 const maxTokenValid = time.Hour * 3 | 17 const ( |
| 18 sessionKeyLength = 20 | |
| 19 maxTokenValid = time.Hour * 3 | |
| 20 ) | |
| 19 | 21 |
| 20 func NewToken(user string, roles []string) (string, error) { | 22 func NewSession(user, password string, roles []string) *Session { |
| 21 | 23 |
| 22 // Create the Claims | 24 // Create the Claims |
| 23 claims := &Claims{ | 25 return &Session{ |
| 24 StandardClaims: jwt.StandardClaims{ | 26 ExpiresAt: time.Now().Add(maxTokenValid).Unix(), |
| 25 ExpiresAt: jwt.TimeFunc().Add(maxTokenValid).Unix(), | 27 User: user, |
| 26 }, | 28 Password: password, |
| 27 User: user, | 29 Roles: roles, |
| 28 Roles: roles, | |
| 29 } | 30 } |
| 30 | |
| 31 token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) | |
| 32 return token.SignedString(config.Config.JWTSignKey) | |
| 33 } | 31 } |
| 34 | 32 |
| 35 func TokenToClaims(token string) (*Claims, error) { | 33 func GenerateSessionKey() string { |
| 36 claims := &Claims{} | 34 return base64.URLEncoding.EncodeToString(GenerateRandomKey(sessionKeyLength)) |
| 37 _, err := jwt.ParseWithClaims(token, claims, | |
| 38 func(*jwt.Token) (interface{}, error) { return config.Config.JWTSignKey, nil }) | |
| 39 return claims, err | |
| 40 } | 35 } |
| 41 | 36 |
| 42 func GenerateToken(user, password string) (string, error) { | 37 func GenerateRandomKey(length int) []byte { |
| 38 k := make([]byte, length) | |
| 39 if _, err := io.ReadFull(rand.Reader, k); err != nil { | |
| 40 return nil | |
| 41 } | |
| 42 return k | |
| 43 } | |
| 44 | |
| 45 func GenerateSession(user, password string) (string, *Session, error) { | |
| 43 roles, err := AllOtherRoles(user, password) | 46 roles, err := AllOtherRoles(user, password) |
| 44 if err != nil { | 47 if err != nil { |
| 45 return "", err | 48 return "", nil, err |
| 46 } | 49 } |
| 47 token, err := NewToken(user, roles) | 50 token := GenerateSessionKey() |
| 48 if err != nil { | 51 session := NewSession(user, password, roles) |
| 49 return "", err | 52 ConnPool.Add(token, session) |
| 50 } | 53 return token, session, nil |
| 51 ConnPool.Add(token, user, password) | |
| 52 return token, nil | |
| 53 } | 54 } |