mirror of https://github.com/ergochat/ergo.git
63 lines
1.5 KiB
Go
63 lines
1.5 KiB
Go
// Copyright (c) 2020 Daniel Oaks <daniel@danieloaks.net>
|
|
// Copyright (c) 2020 Shivaram Lingamneni <slingamn@cs.stanford.edu>
|
|
// released under the MIT license
|
|
|
|
package jwt
|
|
|
|
import (
|
|
"crypto/rsa"
|
|
"errors"
|
|
"os"
|
|
"time"
|
|
|
|
jwt "github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
var (
|
|
ErrNoKeys = errors.New("No EXTJWT signing keys are enabled")
|
|
)
|
|
|
|
type MapClaims jwt.MapClaims
|
|
|
|
type JwtServiceConfig struct {
|
|
Expiration time.Duration
|
|
Secret string
|
|
secretBytes []byte
|
|
RSAPrivateKeyFile string `yaml:"rsa-private-key-file"`
|
|
rsaPrivateKey *rsa.PrivateKey
|
|
}
|
|
|
|
func (t *JwtServiceConfig) Postprocess() (err error) {
|
|
t.secretBytes = []byte(t.Secret)
|
|
t.Secret = ""
|
|
if t.RSAPrivateKeyFile != "" {
|
|
keyBytes, err := os.ReadFile(t.RSAPrivateKeyFile)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
t.rsaPrivateKey, err = jwt.ParseRSAPrivateKeyFromPEM(keyBytes)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (t *JwtServiceConfig) Enabled() bool {
|
|
return t.Expiration != 0 && (len(t.secretBytes) != 0 || t.rsaPrivateKey != nil)
|
|
}
|
|
|
|
func (t *JwtServiceConfig) Sign(claims MapClaims) (result string, err error) {
|
|
claims["exp"] = time.Now().Unix() + int64(t.Expiration/time.Second)
|
|
|
|
if t.rsaPrivateKey != nil {
|
|
token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims(claims))
|
|
return token.SignedString(t.rsaPrivateKey)
|
|
} else if len(t.secretBytes) != 0 {
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(claims))
|
|
return token.SignedString(t.secretBytes)
|
|
} else {
|
|
return "", ErrNoKeys
|
|
}
|
|
}
|