/
auth_ticket.go
78 lines (67 loc) · 2.03 KB
/
auth_ticket.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
// Copyright 2020 The nfgo Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package nsecurity
import (
"errors"
"strconv"
"time"
"github.com/nf-go/nfgo/nerrors"
"github.com/nf-go/nfgo/nutil/ncrypto"
)
// AuthTicket -
type AuthTicket struct {
ClientType string
RequestID string
Token string
Subject string
Timestamp string
Signature string
}
// VerifyToken -
func (a *AuthTicket) VerifyToken(validateFn func(token string) (*JWTPayload, error)) error {
// Check the jwt token
claims, err := validateFn(a.Token)
if err != nil {
return nerrors.ErrUnauthorized
}
// Check the subject in the token
if claims.Subject != a.Subject {
return errors.New("the ticket's subject is not equal with the subject int the token")
}
return nil
}
// VerifySignature -
func (a *AuthTicket) VerifySignature(signKey string) bool {
expectSig := ncrypto.Sha256(signKey + a.Timestamp + a.Subject + a.RequestID)
return expectSig == a.Signature
}
// VerifyTimeWindow - check IsoverTimeWindow clientTs milliseconds since January 1, 1970 UTC.
func (a *AuthTicket) VerifyTimeWindow(timeWindow time.Duration) error {
clientTs, err := strconv.ParseInt(a.Timestamp, 10, 64)
if err != nil {
return err
}
clientTime := time.Unix(0, clientTs*int64(time.Millisecond))
serverTime := time.Now()
var duration time.Duration
if serverTime.After(clientTime) {
duration = serverTime.Sub(clientTime)
} else {
duration = clientTime.Sub(serverTime)
}
if duration > timeWindow {
return nerrors.ErrUnauthorized
}
return nil
}