forked from kiali/kiali
-
Notifications
You must be signed in to change notification settings - Fork 0
/
models.go
81 lines (71 loc) · 2.17 KB
/
models.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
package ldap
import (
"fmt"
"github.com/kiali/kiali/config"
"time"
)
// UserInfo holds authenticatoin information
type UserInfo struct {
APIVersion string `json:"apiVersion,omitempty"`
Kind string `json:"kind,omitempty"`
Status *Status `json:"status,omitempty"`
}
// User holds user information from AD
type User struct {
Username string `json:"username,omitempty"`
UID string `json:"uid,omitempty"`
Groups []string `json:"groups,omitempty"`
}
// JWTClaimsJSON is used for decoding an incoming JSON JWT payload to the /authenticate API
type JWTClaimsJSON struct {
Iat int `json:"iat"`
UID string `json:"uid"`
Username string `json:"username"`
Expiry int `json:"exp"`
Groups []string `json:"groups"`
Issuer string `json:"iss,omitempty"`
}
// Valid so that JWTClaimsJSON satisfies the jwt.Claims interface
func (c *JWTClaimsJSON) Valid() error {
if c.UID == "" {
return fmt.Errorf("UID must be present in token claims")
}
if c.Expiry == 0 {
return fmt.Errorf("Token has no expiry")
}
if c.Expiry < int(time.Now().Unix()) {
return fmt.Errorf("Token has expired")
}
if c.Iat > int(time.Now().Unix()+int64(time.Second)) {
return fmt.Errorf("Token is from the future")
}
if c.Issuer != config.AuthStrategyLDAPIssuer {
return fmt.Errorf("token is invalid because of authentication strategy mismatch")
}
return nil
}
// Status indicates if user is authenticated or not
type Status struct {
Authenticated *bool `json:"authenticated,omitempty"`
User *User `json:"user,omitempty"`
}
// UserCredentials holds user creds
type UserCredentials struct {
UserName string `json:"userName,omitempty"`
Password string `json:"password,omitempty"`
}
// Token return JWT with its expiry time
type Token struct {
JWT string `json:"token,omitempty"`
Expiry time.Time `json:"expiry,omitempty"`
}
// Request maps the incoming auth request from api-server
type Request struct {
APIVersion string `json:"apiVersion,omitempty"`
Kind string `json:"kind,omitempty"`
Spec *Spec `json:"spec,omitempty"`
}
// Spec maps to the bearer token send by api-server
type Spec struct {
Token string `json:"token,omitempty"`
}