-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathtoken_source.go
71 lines (58 loc) · 1.56 KB
/
token_source.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package token
import (
"context"
"errors"
"fmt"
"time"
"github.com/golang-jwt/jwt/v4"
"github.com/harness/ff-proxy/v2/domain"
"github.com/harness/ff-proxy/v2/log"
)
type authRepo interface {
Get(context context.Context, key domain.AuthAPIKey) (string, bool, error)
}
type hasher interface {
Hash(s string) string
}
// Source is a type that can create and validate tokens
type Source struct {
repo authRepo
hasher hasher
secret []byte
log log.Logger
}
// NewSource creates a new Source
func NewSource(l log.Logger, repo authRepo, hasher hasher, secret []byte) Source {
l = l.With("component", "Source")
return Source{log: l, repo: repo, hasher: hasher, secret: secret}
}
// GenerateToken creates a token from a key
func (a Source) GenerateToken(key string) (domain.Token, error) {
h := a.hasher.Hash(key)
k := domain.NewAuthAPIKey(h)
env, ok, err := a.repo.Get(context.Background(), k)
if err != nil {
if !errors.Is(err, domain.ErrCacheNotFound) {
a.log.Error("failed to get auth key from cache to generate token", "err", err)
}
}
if !ok {
return domain.Token{}, fmt.Errorf("%w: key not found", err)
}
t := time.Now()
c := domain.Claims{
APIKey: string(k),
Environment: env,
ClusterIdentifier: "1",
RegisteredClaims: jwt.RegisteredClaims{
IssuedAt: jwt.NewNumericDate(t),
NotBefore: jwt.NewNumericDate(t),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, c)
authToken, err := token.SignedString(a.secret)
if err != nil {
return domain.Token{}, err
}
return domain.NewToken(authToken, c), nil
}