feat(jwt): add helpers
This commit is contained in:
parent
d2f7826eb3
commit
e21bf927b5
71
jwt.go
71
jwt.go
@ -12,9 +12,14 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
AccessType = "access"
|
||||
RefreshType = "refresh"
|
||||
)
|
||||
|
||||
func CreateRefreshTokenByAccess(accessClaims JWT, ttl time.Duration) JWT {
|
||||
return JWT{
|
||||
Type: "refresh",
|
||||
Type: RefreshType,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ID: accessClaims.ID,
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(ttl)),
|
||||
@ -70,6 +75,11 @@ func (j *JWT) WithAuthorizationInfo(tai TokenAuthorizationInfo, secret string) *
|
||||
return j
|
||||
}
|
||||
|
||||
func (j *JWT) WithTFAStep(tai TokenAuthorizationInfo, secret string) *JWT {
|
||||
j.Step = "tfa"
|
||||
return j
|
||||
}
|
||||
|
||||
func (j *JWT) GetAuthorizationInfo(secret string) *TokenAuthorizationInfo {
|
||||
tai, err := DecodeTokenAuthorizationInfo(j.AuthorizationInfo, secret)
|
||||
if err != nil {
|
||||
@ -80,7 +90,26 @@ func (j *JWT) GetAuthorizationInfo(secret string) *TokenAuthorizationInfo {
|
||||
}
|
||||
|
||||
func (j *JWT) IsRefreshToken() bool {
|
||||
return j.Type == "refresh"
|
||||
return j.Type == RefreshType
|
||||
}
|
||||
|
||||
func (j *JWT) IsTFAStep() bool {
|
||||
return j.Step == "tfa"
|
||||
}
|
||||
|
||||
func (j *JWT) CheckAccess() bool {
|
||||
if j.Type != AccessType {
|
||||
return false
|
||||
}
|
||||
if j.Step != "" {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func (j *JWT) CheckAuthorizationInfo(secret string, tai TokenAuthorizationInfo) bool {
|
||||
return j.GetAuthorizationInfo(secret).Equal(tai)
|
||||
}
|
||||
|
||||
func Encode(j interface{}, privateKey *rsa.PrivateKey) (string, error) {
|
||||
@ -132,6 +161,25 @@ func ReadPublicKey(path string) (*rsa.PublicKey, error) {
|
||||
return publicKey, nil
|
||||
}
|
||||
|
||||
func ReadPrivateKey(path string) (*rsa.PrivateKey, error) {
|
||||
b, err := readFile(path)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("reading file: %w", err)
|
||||
}
|
||||
|
||||
decrypted, err := decodePEMBlock(b)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("decode PEM block: %w", err)
|
||||
}
|
||||
|
||||
parsedKey, err := x509.ParsePKCS1PrivateKey(decrypted)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parsing decrypted private key: %w", err)
|
||||
}
|
||||
|
||||
return parsedKey, nil
|
||||
}
|
||||
|
||||
func readFile(path string) ([]byte, error) {
|
||||
file, err := os.Open(filepath.Clean(path))
|
||||
if err != nil {
|
||||
@ -154,25 +202,6 @@ func readPublicKey(path string) ([]byte, error) {
|
||||
return b, nil
|
||||
}
|
||||
|
||||
func ReadPrivateKey(path string) (*rsa.PrivateKey, error) {
|
||||
b, err := readFile(path)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("reading file: %w", err)
|
||||
}
|
||||
|
||||
decrypted, err := decodePEMBlock(b)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("decode PEM block: %w", err)
|
||||
}
|
||||
|
||||
parsedKey, err := x509.ParsePKCS1PrivateKey(decrypted)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("parsing decrypted private key: %w", err)
|
||||
}
|
||||
|
||||
return parsedKey, nil
|
||||
}
|
||||
|
||||
func decodePEMBlock(block []byte) ([]byte, error) {
|
||||
decodedKey, _ := pem.Decode(block)
|
||||
if decodedKey == nil {
|
||||
|
Loading…
Reference in New Issue
Block a user