woodpecker/server/session/session.go

79 lines
2.2 KiB
Go
Raw Normal View History

2014-06-04 21:25:38 +00:00
package session
import (
2014-09-30 07:43:50 +00:00
"fmt"
2014-06-04 21:25:38 +00:00
"net/http"
2014-09-29 01:36:24 +00:00
"time"
2014-06-04 21:25:38 +00:00
2014-09-29 01:36:24 +00:00
"code.google.com/p/go.net/context"
"github.com/dgrijalva/jwt-go"
"github.com/drone/config"
2014-09-29 01:36:24 +00:00
"github.com/drone/drone/server/datastore"
2014-08-10 02:06:37 +00:00
"github.com/drone/drone/shared/httputil"
"github.com/drone/drone/shared/model"
2014-06-04 21:25:38 +00:00
"github.com/gorilla/securecookie"
)
// random key used to create jwt if none
// provided in the configuration.
var random = securecookie.GenerateRandomKey(32)
var (
secret = config.String("session-secret", string(random))
expires = config.Duration("session-expires", time.Hour*72)
)
2014-06-04 21:25:38 +00:00
2014-09-29 01:36:24 +00:00
// GetUser gets the currently authenticated user for the
// http.Request. The user details will be stored as either
// a simple API token or JWT bearer token.
func GetUser(c context.Context, r *http.Request) *model.User {
2014-06-04 21:25:38 +00:00
switch {
2014-09-30 07:43:50 +00:00
case r.Header.Get("Authorization") != "":
return getUserBearer(c, r)
case r.FormValue("access_token") != "":
2014-09-29 01:36:24 +00:00
return getUserToken(c, r)
default:
2014-09-30 07:43:50 +00:00
return nil
2014-06-04 21:25:38 +00:00
}
}
2014-09-29 01:36:24 +00:00
// GenerateToken generates a JWT token for the user session
// that can be appended to the #access_token segment to
// facilitate client-based OAuth2.
func GenerateToken(c context.Context, r *http.Request, user *model.User) (string, error) {
token := jwt.New(jwt.GetSigningMethod("HS256"))
token.Claims["user_id"] = user.ID
token.Claims["audience"] = httputil.GetURL(r)
token.Claims["expires"] = time.Now().UTC().Add(time.Hour * 72).Unix()
return token.SignedString([]byte(*secret))
2014-08-10 02:06:37 +00:00
}
2014-09-29 01:36:24 +00:00
// getUserToken gets the currently authenticated user for the given
// auth token.
func getUserToken(c context.Context, r *http.Request) *model.User {
var token = r.FormValue("access_token")
var user, _ = datastore.GetUserToken(c, token)
2014-06-04 21:25:38 +00:00
return user
}
2014-09-29 01:36:24 +00:00
// getUserBearer gets the currently authenticated user for the given
// bearer token (JWT)
func getUserBearer(c context.Context, r *http.Request) *model.User {
2014-09-30 07:43:50 +00:00
var tokenstr = r.Header.Get("Authorization")
fmt.Sscanf(tokenstr, "Bearer %s", &tokenstr)
2014-09-29 01:36:24 +00:00
var token, err = jwt.Parse(tokenstr, func(t *jwt.Token) (interface{}, error) {
return []byte(*secret), nil
2014-09-29 01:36:24 +00:00
})
2014-09-30 07:43:50 +00:00
if err != nil || !token.Valid {
println("invalid token")
2014-06-04 21:25:38 +00:00
return nil
}
2014-09-30 07:43:50 +00:00
var userid, ok = token.Claims["user_id"].(float64)
2014-06-04 21:25:38 +00:00
if !ok {
return nil
}
2014-09-30 07:43:50 +00:00
var user, _ = datastore.GetUser(c, int64(userid))
2014-06-04 21:25:38 +00:00
return user
}