-
Notifications
You must be signed in to change notification settings - Fork 4
/
user.go
75 lines (58 loc) · 1.42 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package rbac
import (
"net/http"
"strings"
jwt "github.com/dgrijalva/jwt-go"
"github.com/mcluseau/autentigo/client"
)
// GroupsFromToken returns the groups claimed by the token
func GroupsFromToken(token *jwt.Token) (groups []string) {
claims, ok := token.Claims.(jwt.MapClaims)
if claims == nil || !ok {
return
}
tokenGroups, ok := claims["groups"].([]interface{})
if tokenGroups == nil || !ok {
return
}
groups = make([]string, 0, len(tokenGroups))
for _, group := range tokenGroups {
g, ok := group.(string)
if !ok {
// anything wrong is bad
return nil
}
groups = append(groups, g)
}
return
}
// UserFromToken returns a User object from the given token.
func UserFromToken(token *jwt.Token) (u *User) {
claims, ok := token.Claims.(jwt.MapClaims)
if claims == nil || !ok {
return
}
name, ok := claims["sub"].(string)
if !ok {
return
}
return &User{
Name: name,
Groups: GroupsFromToken(token),
}
}
const bearerPrefix = "Bearer "
// UserFromRequest returns a User object from the given request or `nil` if
// the token is not found or invalid.
func UserFromRequest(req *http.Request, validationCrt []byte) (u *User) {
authHeader := req.Header.Get("Authorization")
if !strings.HasPrefix(authHeader, bearerPrefix) {
return
}
tokenStr := authHeader[len(bearerPrefix):]
token, err := client.Parse(validationCrt, tokenStr)
if err != nil {
return
}
return UserFromToken(token)
}