github.com/wrgl/wrgl@v0.14.0/pkg/auth/fs/jwt.go

github.com/wrgl/wrgl@v0.14.0/pkg/auth/fs/jwt.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright © 2022 Wrangle Ltd
     3  
     4  package authfs
     5  
     6  import (
     7  	"fmt"
     8  	"time"
     9  
    10  	"github.com/golang-jwt/jwt"
    11  	"github.com/wrgl/wrgl/pkg/auth"
    12  )
    13  
    14  func createIDToken(email, name string, jwtSecret []byte, duration time.Duration) (string, error) {
    15  	claims := &auth.Claims{
    16  		StandardClaims: jwt.StandardClaims{
    17  			Issuer:    "Wrgld",
    18  			ExpiresAt: time.Now().Add(duration).Unix(),
    19  			IssuedAt:  time.Now().Unix(),
    20  		},
    21  		Email: email,
    22  		Name:  name,
    23  	}
    24  	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
    25  	return token.SignedString(jwtSecret)
    26  }
    27  
    28  func validateIDToken(tokenString string, jwtSecret []byte) (claims *auth.Claims, err error) {
    29  	token, err := jwt.ParseWithClaims(tokenString, &auth.Claims{}, func(token *jwt.Token) (interface{}, error) {
    30  		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
    31  			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
    32  		}
    33  		return jwtSecret, nil
    34  	})
    35  	if err != nil {
    36  		return
    37  	}
    38  	if claims, ok := token.Claims.(*auth.Claims); ok && token.Valid {
    39  		return claims, nil
    40  	}
    41  	return nil, fmt.Errorf("invalid token")
    42  }