| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 |
- package security
- import (
- "net/http"
- "strings"
- "time"
- "github.com/chrislusf/seaweedfs/weed/glog"
- jwt "github.com/dgrijalva/jwt-go"
- )
- type EncodedJwt string
- type Secret string
- func GenJwt(secret Secret, fileId string) EncodedJwt {
- if secret == "" {
- return ""
- }
- t := jwt.New(jwt.GetSigningMethod("HS256"))
- t.Claims = &jwt.StandardClaims{
- ExpiresAt: time.Now().Add(time.Second * 10).Unix(),
- Subject: fileId,
- }
- encoded, e := t.SignedString(secret)
- if e != nil {
- glog.V(0).Infof("Failed to sign claims: %v", t.Claims)
- return ""
- }
- return EncodedJwt(encoded)
- }
- func GetJwt(r *http.Request) EncodedJwt {
- // Get token from query params
- tokenStr := r.URL.Query().Get("jwt")
- // Get token from authorization header
- if tokenStr == "" {
- bearer := r.Header.Get("Authorization")
- if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
- tokenStr = bearer[7:]
- }
- }
- // Get token from cookie
- if tokenStr == "" {
- cookie, err := r.Cookie("jwt")
- if err == nil {
- tokenStr = cookie.Value
- }
- }
- return EncodedJwt(tokenStr)
- }
- func EncodeJwt(secret Secret, claims *jwt.StandardClaims) (EncodedJwt, error) {
- if secret == "" {
- return "", nil
- }
- t := jwt.New(jwt.GetSigningMethod("HS256"))
- t.Claims = claims
- encoded, e := t.SignedString(secret)
- return EncodedJwt(encoded), e
- }
- func DecodeJwt(secret Secret, tokenString EncodedJwt) (token *jwt.Token, err error) {
- // check exp, nbf
- return jwt.Parse(string(tokenString), func(token *jwt.Token) (interface{}, error) {
- return secret, nil
- })
- }
|
