feat(jwt): add helpers

This commit is contained in:
Sipachev Igor 2025-02-24 20:52:14 +07:00
parent d2f7826eb3
commit e21bf927b5

71
jwt.go
View File

@ -12,9 +12,14 @@ import (
"time"
)
const (
AccessType = "access"
RefreshType = "refresh"
)
func CreateRefreshTokenByAccess(accessClaims JWT, ttl time.Duration) JWT {
return JWT{
Type: "refresh",
Type: RefreshType,
RegisteredClaims: jwt.RegisteredClaims{
ID: accessClaims.ID,
ExpiresAt: jwt.NewNumericDate(time.Now().Add(ttl)),
@ -70,6 +75,11 @@ func (j *JWT) WithAuthorizationInfo(tai TokenAuthorizationInfo, secret string) *
return j
}
func (j *JWT) WithTFAStep(tai TokenAuthorizationInfo, secret string) *JWT {
j.Step = "tfa"
return j
}
func (j *JWT) GetAuthorizationInfo(secret string) *TokenAuthorizationInfo {
tai, err := DecodeTokenAuthorizationInfo(j.AuthorizationInfo, secret)
if err != nil {
@ -80,7 +90,26 @@ func (j *JWT) GetAuthorizationInfo(secret string) *TokenAuthorizationInfo {
}
func (j *JWT) IsRefreshToken() bool {
return j.Type == "refresh"
return j.Type == RefreshType
}
func (j *JWT) IsTFAStep() bool {
return j.Step == "tfa"
}
func (j *JWT) CheckAccess() bool {
if j.Type != AccessType {
return false
}
if j.Step != "" {
return false
}
return true
}
func (j *JWT) CheckAuthorizationInfo(secret string, tai TokenAuthorizationInfo) bool {
return j.GetAuthorizationInfo(secret).Equal(tai)
}
func Encode(j interface{}, privateKey *rsa.PrivateKey) (string, error) {
@ -132,6 +161,25 @@ func ReadPublicKey(path string) (*rsa.PublicKey, error) {
return publicKey, nil
}
func ReadPrivateKey(path string) (*rsa.PrivateKey, error) {
b, err := readFile(path)
if err != nil {
return nil, fmt.Errorf("reading file: %w", err)
}
decrypted, err := decodePEMBlock(b)
if err != nil {
return nil, fmt.Errorf("decode PEM block: %w", err)
}
parsedKey, err := x509.ParsePKCS1PrivateKey(decrypted)
if err != nil {
return nil, fmt.Errorf("parsing decrypted private key: %w", err)
}
return parsedKey, nil
}
func readFile(path string) ([]byte, error) {
file, err := os.Open(filepath.Clean(path))
if err != nil {
@ -154,25 +202,6 @@ func readPublicKey(path string) ([]byte, error) {
return b, nil
}
func ReadPrivateKey(path string) (*rsa.PrivateKey, error) {
b, err := readFile(path)
if err != nil {
return nil, fmt.Errorf("reading file: %w", err)
}
decrypted, err := decodePEMBlock(b)
if err != nil {
return nil, fmt.Errorf("decode PEM block: %w", err)
}
parsedKey, err := x509.ParsePKCS1PrivateKey(decrypted)
if err != nil {
return nil, fmt.Errorf("parsing decrypted private key: %w", err)
}
return parsedKey, nil
}
func decodePEMBlock(block []byte) ([]byte, error) {
decodedKey, _ := pem.Decode(block)
if decodedKey == nil {