| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- // Copyright (c) 2020 Daniel Oaks <daniel@danieloaks.net>
- // Copyright (c) 2020 Shivaram Lingamneni <slingamn@cs.stanford.edu>
- // released under the MIT license
-
- package jwt
-
- import (
- "crypto/rsa"
- "errors"
- "os"
- "time"
-
- jwt "github.com/golang-jwt/jwt/v5"
- )
-
- var (
- ErrNoKeys = errors.New("No EXTJWT signing keys are enabled")
- )
-
- type MapClaims jwt.MapClaims
-
- type JwtServiceConfig struct {
- Expiration time.Duration
- Secret string
- secretBytes []byte
- RSAPrivateKeyFile string `yaml:"rsa-private-key-file"`
- rsaPrivateKey *rsa.PrivateKey
- }
-
- func (t *JwtServiceConfig) Postprocess() (err error) {
- t.secretBytes = []byte(t.Secret)
- t.Secret = ""
- if t.RSAPrivateKeyFile != "" {
- keyBytes, err := os.ReadFile(t.RSAPrivateKeyFile)
- if err != nil {
- return err
- }
- t.rsaPrivateKey, err = jwt.ParseRSAPrivateKeyFromPEM(keyBytes)
- if err != nil {
- return err
- }
- }
- return nil
- }
-
- func (t *JwtServiceConfig) Enabled() bool {
- return t.Expiration != 0 && (len(t.secretBytes) != 0 || t.rsaPrivateKey != nil)
- }
-
- func (t *JwtServiceConfig) Sign(claims MapClaims) (result string, err error) {
- claims["exp"] = time.Now().Unix() + int64(t.Expiration/time.Second)
-
- if t.rsaPrivateKey != nil {
- token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims(claims))
- return token.SignedString(t.rsaPrivateKey)
- } else if len(t.secretBytes) != 0 {
- token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(claims))
- return token.SignedString(t.secretBytes)
- } else {
- return "", ErrNoKeys
- }
- }
|
