woodpecker/shared/token/token.go

package token

import (
	"net/http"

	"github.com/drone/drone/Godeps/_workspace/src/github.com/dgrijalva/jwt-go"
)

type SecretFunc func(*Token) (string, error)

const (
	UserToken = "user"
	SessToken = "sess"
	HookToken = "hook"
)

// Default algorithm used to sign JWT tokens.
const SignerAlgo = "HS256"

type Token struct {
	Kind string
	Text string
}

// Parse parses
func Parse(raw string, fn SecretFunc) (*Token, error) {
	token := &Token{}
	parsed, err := jwt.Parse(raw, keyFunc(token, fn))
	if err != nil {
		return nil, err
	} else if !parsed.Valid {
		return nil, jwt.ValidationError{}
	}
	return token, nil
}

func ParseRequest(req *http.Request, fn SecretFunc) (*Token, error) {
	token := &Token{}
	parsed, err := jwt.ParseFromRequest(req, keyFunc(token, fn))
	if err != nil {
		return nil, err
	} else if !parsed.Valid {
		return nil, jwt.ValidationError{}
	}
	return token, nil
}

func New(kind, text string) *Token {
	return &Token{Kind: kind, Text: text}
}

// Sign signs the token using the given secret hash
// and returns the string value.
func (t *Token) Sign(secret string) (string, error) {
	return t.SignExpires(secret, 0)
}

// Sign signs the token using the given secret hash
// with an expiration date.
func (t *Token) SignExpires(secret string, exp int64) (string, error) {
	token := jwt.New(jwt.SigningMethodHS256)
	token.Claims["type"] = t.Kind
	token.Claims["text"] = t.Text
	if exp > 0 {
		token.Claims["exp"] = float64(exp)
	}
	return token.SignedString([]byte(secret))
}

func keyFunc(token *Token, fn SecretFunc) jwt.Keyfunc {
	return func(t *jwt.Token) (interface{}, error) {
		// validate the correct algorithm is being used
		if t.Method.Alg() != SignerAlgo {
			return nil, jwt.ErrSignatureInvalid
		}

		// extract the token kind and cast to
		// the expected type.
		kindv, ok := t.Claims["type"]
		if !ok {
			return nil, jwt.ValidationError{}
		}
		token.Kind, _ = kindv.(string)

		// extract the token value and cast to
		// exepected type.
		textv, ok := t.Claims["text"]
		if !ok {
			return nil, jwt.ValidationError{}
		}
		token.Text, _ = textv.(string)

		// invoke the callback function to retrieve
		// the secret key used to verify
		secret, err := fn(token)
		return []byte(secret), err
	}
}
cleaned up the token implementation for #1175 2015-09-09 21:05:52 +00:00			`package token`

			`import (`
			`"net/http"`

			`"github.com/drone/drone/Godeps/_workspace/src/github.com/dgrijalva/jwt-go"`
			`)`

			`type SecretFunc func(*Token) (string, error)`

			`const (`
			`UserToken = "user"`
			`SessToken = "sess"`
			`HookToken = "hook"`
			`)`

			`// Default algorithm used to sign JWT tokens.`
			`const SignerAlgo = "HS256"`

			`type Token struct {`
			`Kind string`
			`Text string`
			`}`

			`// Parse parses`
			`func Parse(raw string, fn SecretFunc) (*Token, error) {`
			`token := &Token{}`
			`parsed, err := jwt.Parse(raw, keyFunc(token, fn))`
			`if err != nil {`
			`return nil, err`
			`} else if !parsed.Valid {`
			`return nil, jwt.ValidationError{}`
			`}`
			`return token, nil`
			`}`

			`func ParseRequest(req http.Request, fn SecretFunc) (Token, error) {`
			`token := &Token{}`
			`parsed, err := jwt.ParseFromRequest(req, keyFunc(token, fn))`
			`if err != nil {`
			`return nil, err`
			`} else if !parsed.Valid {`
			`return nil, jwt.ValidationError{}`
			`}`
			`return token, nil`
			`}`

			`func New(kind, text string) *Token {`
			`return &Token{Kind: kind, Text: text}`
			`}`

			`// Sign signs the token using the given secret hash`
			`// and returns the string value.`
			`func (t *Token) Sign(secret string) (string, error) {`
			`return t.SignExpires(secret, 0)`
			`}`

			`// Sign signs the token using the given secret hash`
			`// with an expiration date.`
			`func (t *Token) SignExpires(secret string, exp int64) (string, error) {`
			`token := jwt.New(jwt.SigningMethodHS256)`
			`token.Claims["type"] = t.Kind`
			`token.Claims["text"] = t.Text`
			`if exp > 0 {`
			`token.Claims["exp"] = float64(exp)`
			`}`
			`return token.SignedString([]byte(secret))`
			`}`

			`func keyFunc(token *Token, fn SecretFunc) jwt.Keyfunc {`
			`return func(t *jwt.Token) (interface{}, error) {`
			`// validate the correct algorithm is being used`
			`if t.Method.Alg() != SignerAlgo {`
			`return nil, jwt.ErrSignatureInvalid`
			`}`

			`// extract the token kind and cast to`
			`// the expected type.`
			`kindv, ok := t.Claims["type"]`
			`if !ok {`
			`return nil, jwt.ValidationError{}`
			`}`
			`token.Kind, _ = kindv.(string)`

			`// extract the token value and cast to`
			`// exepected type.`
			`textv, ok := t.Claims["text"]`
			`if !ok {`
			`return nil, jwt.ValidationError{}`
			`}`
			`token.Text, _ = textv.(string)`

			`// invoke the callback function to retrieve`
			`// the secret key used to verify`
			`secret, err := fn(token)`
			`return []byte(secret), err`
			`}`
			`}`