-
Notifications
You must be signed in to change notification settings - Fork 0
/
token_util.go
114 lines (100 loc) · 2.82 KB
/
token_util.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package tokens
import (
"encoding/base64"
"net/http"
"strconv"
"strings"
"time"
"github.com/pkg/errors"
"github.com/rancher/norman/types"
"github.com/rancher/norman/types/convert"
"github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/sirupsen/logrus"
)
func getAuthProviderName(principalID string) string {
parts := strings.Split(principalID, "://")
externalType := parts[0]
providerParts := strings.Split(externalType, "_")
return providerParts[0]
}
func getUserID(principalID string) string {
parts := strings.Split(principalID, "://")
return parts[1]
}
func SplitTokenParts(tokenID string) (string, string) {
parts := strings.Split(tokenID, ":")
if len(parts) != 2 {
return parts[0], ""
}
return parts[0], parts[1]
}
func IsNotExpired(token v3.Token) bool {
created := token.ObjectMeta.CreationTimestamp.Time
durationElapsed := time.Since(created)
ttlDuration, err := time.ParseDuration(strconv.Itoa(token.TTLMillis) + "ms")
if err != nil {
logrus.Errorf("Error parsing ttl %v", err)
return false
}
if durationElapsed.Seconds() <= ttlDuration.Seconds() {
return true
}
return false
}
func GetTokenAuthFromRequest(req *http.Request) string {
var tokenAuthValue string
authHeader := req.Header.Get(AuthHeaderName)
authHeader = strings.TrimSpace(authHeader)
if authHeader != "" {
parts := strings.SplitN(authHeader, " ", 2)
if strings.EqualFold(parts[0], AuthValuePrefix) {
if len(parts) > 1 {
tokenAuthValue = strings.TrimSpace(parts[1])
}
} else if strings.EqualFold(parts[0], BasicAuthPrefix) {
if len(parts) > 1 {
base64Value := strings.TrimSpace(parts[1])
data, err := base64.URLEncoding.DecodeString(base64Value)
if err != nil {
logrus.Errorf("Error %v parsing %v header", err, AuthHeaderName)
} else {
tokenAuthValue = string(data)
}
}
}
} else {
cookie, err := req.Cookie(CookieName)
if err == nil {
tokenAuthValue = cookie.Value
}
}
return tokenAuthValue
}
func GenerateNewLoginToken(userID string, userPrincipal v3.Principal, groupPrincipals []v3.Principal, providerInfo map[string]string, ttl int, description string) v3.Token {
if ttl == 0 {
ttl = defaultTokenTTL //16 hrs
}
k8sToken := v3.Token{
UserPrincipal: userPrincipal,
GroupPrincipals: groupPrincipals,
IsDerived: false,
TTLMillis: ttl,
UserID: userID,
AuthProvider: getAuthProviderName(userPrincipal.Name),
ProviderInfo: providerInfo,
Description: description,
}
return k8sToken
}
func ConvertTokenResource(schema *types.Schema, token v3.Token) (map[string]interface{}, error) {
tokenData, err := convert.EncodeToMap(token)
if err != nil {
return nil, err
}
mapper := schema.Mapper
if mapper == nil {
return nil, errors.New("no schema mapper available")
}
mapper.FromInternal(tokenData)
return tokenData, nil
}