mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2025-01-11 18:15:28 +00:00
session tokens converging with user tokens
This commit is contained in:
parent
eda3cfbe4b
commit
0f60073adc
3 changed files with 39 additions and 29 deletions
|
@ -105,13 +105,17 @@ func GetLogin(c *gin.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := session.GenerateToken(c.Request, u)
|
token := &common.Token{
|
||||||
|
// Expiry: settings.Session.Expires, // TODO add this
|
||||||
|
Login: u.Login,
|
||||||
|
}
|
||||||
|
tokenstr, err := session.GenerateToken(c.Request, token)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("cannot create token for %s. %s", u.Login, err)
|
log.Errorf("cannot create token for %s. %s", u.Login, err)
|
||||||
c.Redirect(303, "/login#error=internal_error")
|
c.Redirect(303, "/login#error=internal_error")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
c.Redirect(303, "/#access_token="+token)
|
c.Redirect(303, "/#access_token="+tokenstr)
|
||||||
}
|
}
|
||||||
|
|
||||||
// getLoginOauth2 is the default authorization implementation
|
// getLoginOauth2 is the default authorization implementation
|
||||||
|
|
|
@ -108,13 +108,13 @@ func SetSession(s session.Session) gin.HandlerFunc {
|
||||||
func SetUser(s session.Session) gin.HandlerFunc {
|
func SetUser(s session.Session) gin.HandlerFunc {
|
||||||
return func(c *gin.Context) {
|
return func(c *gin.Context) {
|
||||||
ds := ToDatastore(c)
|
ds := ToDatastore(c)
|
||||||
login := s.GetLogin(c.Request)
|
token := s.GetLogin(c.Request)
|
||||||
if len(login) == 0 {
|
if token == nil {
|
||||||
c.Next()
|
c.Next()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
u, err := ds.GetUser(login)
|
u, err := ds.GetUser(token.Login)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
c.Set("user", u)
|
c.Set("user", u)
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,14 +7,13 @@ import (
|
||||||
|
|
||||||
"github.com/dgrijalva/jwt-go"
|
"github.com/dgrijalva/jwt-go"
|
||||||
"github.com/drone/drone/common"
|
"github.com/drone/drone/common"
|
||||||
"github.com/drone/drone/common/httputil"
|
|
||||||
"github.com/drone/drone/settings"
|
"github.com/drone/drone/settings"
|
||||||
"github.com/gorilla/securecookie"
|
"github.com/gorilla/securecookie"
|
||||||
)
|
)
|
||||||
|
|
||||||
type Session interface {
|
type Session interface {
|
||||||
GenerateToken(*http.Request, *common.User) (string, error)
|
GenerateToken(*http.Request, *common.Token) (string, error)
|
||||||
GetLogin(*http.Request) string
|
GetLogin(*http.Request) *common.Token
|
||||||
}
|
}
|
||||||
|
|
||||||
type session struct {
|
type session struct {
|
||||||
|
@ -38,42 +37,49 @@ func New(s *settings.Session) Session {
|
||||||
// GenerateToken generates a JWT token for the user session
|
// GenerateToken generates a JWT token for the user session
|
||||||
// that can be appended to the #access_token segment to
|
// that can be appended to the #access_token segment to
|
||||||
// facilitate client-based OAuth2.
|
// facilitate client-based OAuth2.
|
||||||
func (s *session) GenerateToken(r *http.Request, user *common.User) (string, error) {
|
func (s *session) GenerateToken(r *http.Request, t *common.Token) (string, error) {
|
||||||
token := jwt.New(jwt.GetSigningMethod("HS256"))
|
token := jwt.New(jwt.GetSigningMethod("HS256"))
|
||||||
token.Claims["user_id"] = user.Login
|
token.Claims["login"] = t.Login
|
||||||
token.Claims["audience"] = httputil.GetURL(r)
|
token.Claims["expiry"] = t.Expiry
|
||||||
token.Claims["expires"] = time.Now().UTC().Add(s.expire).Unix()
|
|
||||||
|
// add optional repos that can be
|
||||||
|
// access from this session.
|
||||||
|
if len(t.Repos) != 0 {
|
||||||
|
token.Claims["repos"] = t.Repos
|
||||||
|
}
|
||||||
|
// add optional scopes that can be
|
||||||
|
// applied to this session.
|
||||||
|
if len(t.Scopes) != 0 {
|
||||||
|
token.Claims["scope"] = t.Scopes
|
||||||
|
}
|
||||||
return token.SignedString(s.secret)
|
return token.SignedString(s.secret)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetLogin gets the currently authenticated user for the
|
// GetLogin gets the currently authenticated user for the
|
||||||
// http.Request. The user details will be stored as either
|
// http.Request. The user details will be stored as either
|
||||||
// a simple API token or JWT bearer token.
|
// a simple API token or JWT bearer token.
|
||||||
func (s *session) GetLogin(r *http.Request) (_ string) {
|
func (s *session) GetLogin(r *http.Request) *common.Token {
|
||||||
token := getToken(r)
|
t := getToken(r)
|
||||||
if len(token) == 0 {
|
if len(t) == 0 {
|
||||||
return
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
claims := getClaims(token, s.secret)
|
claims := getClaims(t, s.secret)
|
||||||
if claims == nil || claims["user_id"] == nil {
|
if claims == nil || claims["login"] == nil {
|
||||||
return
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
userid, ok := claims["user_id"].(string)
|
loginv, ok := claims["login"]
|
||||||
if !ok {
|
if !ok {
|
||||||
return
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// tokenid, ok := claims["token_id"].(string)
|
loginstr, ok := loginv.(string)
|
||||||
// if ok {
|
if !ok {
|
||||||
// _, err := datastore.GetToken(c, int64(tokenid))
|
return nil
|
||||||
// if err != nil {
|
}
|
||||||
// return nil
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
|
|
||||||
return userid
|
return &common.Token{Login: loginstr}
|
||||||
}
|
}
|
||||||
|
|
||||||
// getToken is a helper function that extracts the token
|
// getToken is a helper function that extracts the token
|
||||||
|
|
Loading…
Reference in a new issue