-
Notifications
You must be signed in to change notification settings - Fork 3
/
package.go
106 lines (85 loc) · 2.6 KB
/
package.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package jwt
import (
"flag"
"os"
"path/filepath"
"strings"
"github.com/go-errors/errors"
)
// Encoder interface allows for mocking of the Encoder.
type Encoder interface {
Encode(claims *StandardClaims) (string, error)
}
// Decoder interface allows for mocking of the Decoder.
type Decoder interface {
Decode(tokenString string) (*StandardClaims, error)
}
var (
DefaultJwtEncoder Encoder = getEncoderInstance()
DefaultJwtDecoder Decoder = getDecoderInstance()
)
func getDecoderInstance() *JwtDecoder {
decoder, err := NewJwtDecoder(jwksFromEnvVarRetriever)
if err != nil {
err := errors.Errorf("error loading default jwk decoder, maybe missing env vars: err='%w'\n", err)
panic(err)
}
return decoder
}
func jwksFromEnvVarRetriever() string {
jwkKeys := os.Getenv("AUTH_PUBLIC_JWK_KEYS")
if isTestMode() {
// If we are running inside a test, the make sure the DefaultJwtDecoder package level
// instance doesn't panic with missing values.
if jwkKeys == "" {
// test key only, not the production keys
b, _ := os.ReadFile(filepath.Clean("./testKeys/development.jwks"))
jwkKeys = string(b)
}
}
return jwkKeys
}
func getEncoderInstance() *JwtEncoder {
encoder, err := NewJwtEncoder(privateKeyFromEnvVarRetriever)
if err != nil {
err := errors.Errorf("error loading jwk encoder, maybe missing env vars: err='%w'\n", err)
panic(err)
}
return encoder
}
func privateKeyFromEnvVarRetriever() (string, string) {
privKey := os.Getenv("AUTH_PRIVATE_KEY")
keyId := os.Getenv("AUTH_PRIVATE_KEY_ID")
if isTestMode() {
// If we are running inside a test, the make sure the DefaultJwtEncoder package level
// instance doesn't panic with missing values.
if privKey == "" {
// test key only, not the production key
b, _ := os.ReadFile(filepath.Clean("./testKeys/jwt-rsa256-test-webgateway.key"))
privKey = string(b)
}
if keyId == "" {
keyId = webGatewayKid
}
}
return privKey, keyId
}
// Decode a jwt token string and return the Standard Culture Amp Claims.
func Decode(tokenString string) (*StandardClaims, error) {
return DefaultJwtDecoder.Decode(tokenString)
}
// Encode the Standard Culture Amp Claims in a jwt token string.
func Encode(claims *StandardClaims) (string, error) {
return DefaultJwtEncoder.Encode(claims)
}
func isTestMode() bool {
// https://stackoverflow.com/questions/14249217/how-do-i-know-im-running-within-go-test
argZero := os.Args[0]
if strings.HasSuffix(argZero, ".test") ||
strings.Contains(argZero, "/_test/") ||
strings.Contains(argZero, "__debug_bin") || // vscode debug binary
flag.Lookup("test.v") != nil {
return true
}
return false
}