-
Notifications
You must be signed in to change notification settings - Fork 327
/
jwt_handler.go
106 lines (85 loc) · 2 KB
/
jwt_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package automation
import (
"context"
"crypto/x509"
"encoding/json"
"encoding/pem"
"fmt"
"strings"
"github.com/lestrrat-go/jwx/jwa"
"github.com/lestrrat-go/jwx/jws"
"github.com/lestrrat-go/jwx/jwt"
)
type (
jwtHandler struct {
reg jwtHandlerRegistry
}
)
func JwtHandler(reg jwtHandlerRegistry) *jwtHandler {
h := &jwtHandler{
reg: reg,
}
h.register()
return h
}
func (h jwtHandler) generate(ctx context.Context, args *jwtGenerateArgs) (res *jwtGenerateResults, err error) {
var (
auxp = make(map[string]interface{})
auxh = make(map[string]interface{})
)
if !args.hasPayload {
err = fmt.Errorf("could not generate JWT, payload missing")
return
}
if !args.hasSecret {
err = fmt.Errorf("could not generate JWT, secret or cert missing")
return
}
for k, v := range args.headerVars {
auxh[k] = v.Get()
}
for k, v := range args.payloadVars {
auxp[k] = v.Get()
}
if args.payloadString != "" {
if err = json.Unmarshal([]byte(args.payloadString), &auxp); err != nil {
return
}
}
if args.headerString != "" {
if err = json.Unmarshal([]byte(args.headerString), &auxh); err != nil {
return
}
}
// check for delimiters
auxp["scope"] = strings.FieldsFunc(args.Scope, func(r rune) bool {
return r == ' ' || r == ','
})
var (
key interface{}
tkn = jwt.New()
tokenBytes []byte
headers = jws.NewHeaders()
)
for k, v := range auxh {
_ = headers.Set(k, v)
}
for k, v := range auxp {
if err = tkn.Set(k, v); err != nil {
return
}
}
if decodedKey, _ := pem.Decode([]byte(args.secretString)); decodedKey != nil {
if key, err = x509.ParsePKCS8PrivateKey(decodedKey.Bytes); err != nil {
return nil, err
}
tokenBytes, err = jwt.Sign(tkn, jwa.RS256, key, jwt.WithHeaders(headers))
} else {
key = []byte(args.secretString)
tokenBytes, err = jwt.Sign(tkn, jwa.HS256, key, jwt.WithHeaders(headers))
}
if err != nil {
return nil, fmt.Errorf("could not sign token: %w", err)
}
return &jwtGenerateResults{Token: string(tokenBytes)}, nil
}