mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-11-23 18:31:00 +00:00
113 lines
2.7 KiB
Go
113 lines
2.7 KiB
Go
package session
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/dgrijalva/jwt-go"
|
|
"github.com/drone/drone/common"
|
|
"github.com/drone/drone/common/httputil"
|
|
"github.com/drone/drone/settings"
|
|
"github.com/gorilla/securecookie"
|
|
)
|
|
|
|
type Session interface {
|
|
GenerateToken(*http.Request, *common.User) (string, error)
|
|
GetLogin(*http.Request) string
|
|
}
|
|
|
|
type session struct {
|
|
secret []byte
|
|
expire time.Duration
|
|
}
|
|
|
|
func New(s *settings.Session) Session {
|
|
// TODO (bradrydzewski) hook up the Session.Expires
|
|
secret := []byte(s.Secret)
|
|
expire := time.Hour * 72
|
|
if len(secret) == 0 {
|
|
securecookie.GenerateRandomKey(32)
|
|
}
|
|
return &session{
|
|
secret: secret,
|
|
expire: expire,
|
|
}
|
|
}
|
|
|
|
// GenerateToken generates a JWT token for the user session
|
|
// that can be appended to the #access_token segment to
|
|
// facilitate client-based OAuth2.
|
|
func (s *session) GenerateToken(r *http.Request, user *common.User) (string, error) {
|
|
token := jwt.New(jwt.GetSigningMethod("HS256"))
|
|
token.Claims["user_id"] = user.Login
|
|
token.Claims["audience"] = httputil.GetURL(r)
|
|
token.Claims["expires"] = time.Now().UTC().Add(s.expire).Unix()
|
|
return token.SignedString(s.secret)
|
|
}
|
|
|
|
// GetLogin gets the currently authenticated user for the
|
|
// http.Request. The user details will be stored as either
|
|
// a simple API token or JWT bearer token.
|
|
func (s *session) GetLogin(r *http.Request) (_ string) {
|
|
token := getToken(r)
|
|
if len(token) == 0 {
|
|
return
|
|
}
|
|
|
|
claims := getClaims(token, s.secret)
|
|
if claims == nil || claims["user_id"] == nil {
|
|
return
|
|
}
|
|
|
|
userid, ok := claims["user_id"].(string)
|
|
if !ok {
|
|
return
|
|
}
|
|
|
|
// tokenid, ok := claims["token_id"].(string)
|
|
// if ok {
|
|
// _, err := datastore.GetToken(c, int64(tokenid))
|
|
// if err != nil {
|
|
// return nil
|
|
// }
|
|
// }
|
|
|
|
return userid
|
|
}
|
|
|
|
// getToken is a helper function that extracts the token
|
|
// from the http.Request.
|
|
func getToken(r *http.Request) string {
|
|
token := getTokenHeader(r)
|
|
if len(token) == 0 {
|
|
token = getTokenParam(r)
|
|
}
|
|
return token
|
|
}
|
|
|
|
// getTokenHeader parses the JWT token value from
|
|
// the http Authorization header.
|
|
func getTokenHeader(r *http.Request) string {
|
|
var tokenstr = r.Header.Get("Authorization")
|
|
fmt.Sscanf(tokenstr, "Bearer %s", &tokenstr)
|
|
return tokenstr
|
|
}
|
|
|
|
// getTokenParam parses the JWT token value from
|
|
// the http Request's query parameter.
|
|
func getTokenParam(r *http.Request) string {
|
|
return r.FormValue("access_token")
|
|
}
|
|
|
|
// getClaims is a helper function that extracts the token
|
|
// claims from the JWT token string.
|
|
func getClaims(token string, secret []byte) map[string]interface{} {
|
|
t, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {
|
|
return secret, nil
|
|
})
|
|
if err != nil || !t.Valid {
|
|
return nil
|
|
}
|
|
return t.Claims
|
|
}
|