forked from islax/microapp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Token.go
61 lines (53 loc) · 1.65 KB
/
Token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package security
import (
"strings"
jwt "github.com/dgrijalva/jwt-go"
uuid "github.com/satori/go.uuid"
)
// Appliance ExternalID Type
const Appliance = "Appliance"
// Session ExternalID Type
const Session = "Session"
// User ExternalID Type
const User = "User"
// JwtToken represents the parsed Token from Authentication Header
type JwtToken struct {
// UserID is id of user matchimg the token
UserID uuid.UUID `json:"user,omitempty"`
UserName string `json:"name,omitempty"`
DisplayName string `json:"displayName,omitempty"`
UserGroupIDs []uuid.UUID `json:"usergroupIds,omitempty"`
TenantID uuid.UUID `json:"tenant,omitempty"`
TenantName string `json:"tenantName,omitempty"`
ExternalID string `json:"externalId,omitempty"`
ExternalIDType string `json:"externalIdType,omitempty"`
Scopes []string `json:"scope,omitempty"`
Admin bool `json:"admin,omitempty"`
Raw string `json:"-"`
jwt.StandardClaims
}
func (token *JwtToken) isValidForScope(allowedScopes []string) bool {
if ok, _ := inArray("*", token.Scopes); ok {
return true
}
allScopesMatched := true
for _, allowedScope := range allowedScopes {
if ok, _ := inArray(allowedScope, token.Scopes); !ok {
scopeParts := strings.Split(allowedScope, ":")
if ok, _ := inArray(scopeParts[0]+":*", token.Scopes); !ok {
if ok, _ := inArray("*:"+scopeParts[1], token.Scopes); !ok {
allScopesMatched = false
}
}
}
}
return allScopesMatched
}
func inArray(val string, array []string) (ok bool, i int) {
for i = range array {
if ok = array[i] == val; ok {
return
}
}
return
}