-
Notifications
You must be signed in to change notification settings - Fork 0
/
generate.go
73 lines (62 loc) · 2.26 KB
/
generate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package vbjwt
import (
"strconv"
"time"
"github.com/vikebot/vbcore"
"github.com/vikebot/vbdb"
"go.uber.org/zap"
"gopkg.in/dgrijalva/jwt-go.v3"
)
// GenerateNonDefaultCtx creates a new signed token and saves it's JTI into
// the database
func GenerateNonDefaultCtx(issuer string, userID int, expires time.Time, ip string, allowedIPs []string, ctx *zap.Logger) (token string, success bool) {
// Creation time
issuedAt := time.Now()
// Create custom claim
claims := &VBClaims{
AllowedIPs: allowedIPs,
StandardClaims: jwt.StandardClaims{
Issuer: issuer,
Subject: strconv.Itoa(userID),
Audience: "api.vikebot.com",
ExpiresAt: expires.Unix(),
IssuedAt: issuedAt.Unix(),
Id: vbcore.FastRandomString(32),
},
}
// Safe JTI so we can blacklist it laters
success = vbdb.JwtAddCtx(claims.Id, expires, userID, issuedAt, ip, ctx)
if !success {
return "", false
}
// Create JWT and set our current primary signingkey id to the
// vikebot-signingkey-id in the JWT header.
t := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
t.Header["vbskid"] = skid
// Cryptographically sign the token
st, err := t.SignedString(skstore[skid])
if err != nil {
// Log everything we know about the event
ctx.Error("unable to sign token",
zap.Int("user_id", userID),
zap.String("ip", ip),
zap.Strings("allowed_ips", allowedIPs),
zap.String("skid", skid),
zap.Error(err))
return "", false
}
return st, true
}
// GenerateNonDefault is the same as `GenerateNonDefaultCtx` but uses the
// `defaultCtx` as logger.
func GenerateNonDefault(issuer string, userID int, expires time.Time, ip string, allowedIPs []string) (token string, success bool) {
return GenerateNonDefaultCtx(issuer, userID, expires, ip, allowedIPs, defaultCtx)
}
// GenerateCtx creates a new signed token and saves it's JTI into the database
func GenerateCtx(userID int, ip string, allowedIPs []string, ctx *zap.Logger) (token string, success bool) {
return GenerateNonDefaultCtx(defaultIssuer, userID, time.Now().Add(time.Hour*24*31), ip, allowedIPs, ctx)
}
// Generate is the same as `GenerateCtx` but uses the `defaultCtx` as logger.
func Generate(userID int, ip string, allowedIPs []string) (token string, success bool) {
return GenerateCtx(userID, ip, allowedIPs, defaultCtx)
}