forked from livekit/protocol
/
accesstoken.go
82 lines (67 loc) · 1.63 KB
/
accesstoken.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package auth
import (
"time"
"gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt"
)
const (
defaultValidDuration = 6 * time.Hour
)
// AccessToken produces token signed with API key and secret
type AccessToken struct {
apiKey string
secret string
grant ClaimGrants
validFor time.Duration
}
func NewAccessToken(key string, secret string) *AccessToken {
return &AccessToken{
apiKey: key,
secret: secret,
}
}
func (t *AccessToken) SetIdentity(identity string) *AccessToken {
t.grant.Identity = identity
return t
}
func (t *AccessToken) SetValidFor(duration time.Duration) *AccessToken {
t.validFor = duration
return t
}
func (t *AccessToken) SetName(name string) *AccessToken {
t.grant.Name = name
return t
}
func (t *AccessToken) AddGrant(grant *VideoGrant) *AccessToken {
t.grant.Video = grant
return t
}
func (t *AccessToken) SetMetadata(md string) *AccessToken {
t.grant.Metadata = md
return t
}
func (t *AccessToken) SetSha256(sha string) *AccessToken {
t.grant.Sha256 = sha
return t
}
func (t *AccessToken) ToJWT() (string, error) {
if t.apiKey == "" || t.secret == "" {
return "", ErrKeysMissing
}
sig, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.HS256, Key: []byte(t.secret)},
(&jose.SignerOptions{}).WithType("JWT"))
if err != nil {
return "", err
}
validFor := defaultValidDuration
if t.validFor > 0 {
validFor = t.validFor
}
cl := jwt.Claims{
Issuer: t.apiKey,
NotBefore: jwt.NewNumericDate(time.Now()),
Expiry: jwt.NewNumericDate(time.Now().Add(validFor)),
Subject: t.grant.Identity,
}
return jwt.Signed(sig).Claims(cl).Claims(&t.grant).CompactSerialize()
}