go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/pprof/token.go (about)

     1  // Copyright 2017 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package pprof
    16  
    17  import (
    18  	"context"
    19  	"time"
    20  
    21  	"go.chromium.org/luci/common/logging"
    22  
    23  	"go.chromium.org/luci/server/auth"
    24  	"go.chromium.org/luci/server/tokens"
    25  )
    26  
    27  // pprofToken described how to generate tokens.
    28  var pprofToken = tokens.TokenKind{
    29  	Algo:       tokens.TokenAlgoHmacSHA256,
    30  	Expiration: 12 * time.Hour,
    31  	SecretKey:  "pprof_token",
    32  	Version:    1,
    33  }
    34  
    35  // generateToken generates new pprof token.
    36  //
    37  // The token is URL safe base64 encoded string. Possession of such token allows
    38  // to call pprof endpoints.
    39  //
    40  // The token expires after 12 hours.
    41  func generateToken(c context.Context) (string, error) {
    42  	logging.Warningf(c, "%q is generating pprof token", auth.CurrentIdentity(c))
    43  	return pprofToken.Generate(c, nil, nil, 0)
    44  }
    45  
    46  // checkToken succeeds if the given pprof token is valid and non-expired.
    47  func checkToken(c context.Context, tok string) error {
    48  	_, err := pprofToken.Validate(c, tok, nil)
    49  	return err
    50  }