github.com/livekit/protocol@v1.5.7/auth/verifier.go

github.com/livekit/protocol@v1.5.7/auth/verifier.go (about)

     1  package auth
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/go-jose/go-jose/v3/jwt"
     7  )
     8  
     9  type APIKeyTokenVerifier struct {
    10  	token    *jwt.JSONWebToken
    11  	identity string
    12  	apiKey   string
    13  }
    14  
    15  // ParseAPIToken parses an encoded JWT token and
    16  func ParseAPIToken(raw string) (*APIKeyTokenVerifier, error) {
    17  	tok, err := jwt.ParseSigned(raw)
    18  	if err != nil {
    19  		return nil, err
    20  	}
    21  
    22  	out := jwt.Claims{}
    23  	if err := tok.UnsafeClaimsWithoutVerification(&out); err != nil {
    24  		return nil, err
    25  	}
    26  
    27  	v := &APIKeyTokenVerifier{
    28  		token:    tok,
    29  		apiKey:   out.Issuer,
    30  		identity: out.Subject,
    31  	}
    32  	if v.identity == "" {
    33  		v.identity = out.ID
    34  	}
    35  	return v, nil
    36  }
    37  
    38  // APIKey returns the API key this token was signed with
    39  func (v *APIKeyTokenVerifier) APIKey() string {
    40  	return v.apiKey
    41  }
    42  
    43  func (v *APIKeyTokenVerifier) Identity() string {
    44  	return v.identity
    45  }
    46  
    47  func (v *APIKeyTokenVerifier) Verify(key interface{}) (*ClaimGrants, error) {
    48  	if key == nil || key == "" {
    49  		return nil, ErrKeysMissing
    50  	}
    51  	if s, ok := key.(string); ok {
    52  		key = []byte(s)
    53  	}
    54  	out := jwt.Claims{}
    55  	claims := ClaimGrants{}
    56  	if err := v.token.Claims(key, &out, &claims); err != nil {
    57  		return nil, err
    58  	}
    59  	if err := out.Validate(jwt.Expected{Issuer: v.apiKey, Time: time.Now()}); err != nil {
    60  		return nil, err
    61  	}
    62  
    63  	// copy over identity
    64  	claims.Identity = v.identity
    65  	return &claims, nil
    66  }