go.uber.org/cadence@v1.2.9/internal/jwt_authorization.go

go.uber.org/cadence@v1.2.9/internal/jwt_authorization.go (about)

     1  // Copyright (c) 2021 Uber Technologies Inc.
     2  //
     3  // Permission is hereby granted, free of charge, to any person obtaining a copy
     4  // of this software and associated documentation files (the "Software"), to deal
     5  // in the Software without restriction, including without limitation the rights
     6  // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
     7  // copies of the Software, and to permit persons to whom the Software is
     8  // furnished to do so, subject to the following conditions:
     9  //
    10  // The above copyright notice and this permission notice shall be included in
    11  // all copies or substantial portions of the Software.
    12  //
    13  // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    14  // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    15  // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    16  // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    17  // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    18  // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    19  // THE SOFTWARE.
    20  
    21  package internal
    22  
    23  import (
    24  	"time"
    25  
    26  	"github.com/golang-jwt/jwt/v5"
    27  
    28  	"go.uber.org/cadence/internal/common/auth"
    29  	"go.uber.org/cadence/internal/common/util"
    30  )
    31  
    32  const internalIssuer = "internal-jwt"
    33  
    34  type JWTAuthProvider struct {
    35  	PrivateKey []byte
    36  }
    37  
    38  func NewAdminJwtAuthorizationProvider(privateKey []byte) auth.AuthorizationProvider {
    39  	return &JWTAuthProvider{
    40  		PrivateKey: privateKey,
    41  	}
    42  }
    43  
    44  func (j *JWTAuthProvider) GetAuthToken() ([]byte, error) {
    45  	key, err := util.LoadRSAPrivateKey(j.PrivateKey)
    46  	if err != nil {
    47  		return nil, err
    48  	}
    49  
    50  	ttl := int64(60 * 10)
    51  	claims := auth.JWTClaims{
    52  		RegisteredClaims: jwt.RegisteredClaims{
    53  			Issuer:    internalIssuer,
    54  			IssuedAt:  jwt.NewNumericDate(time.Now()),
    55  			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Second * time.Duration(ttl))),
    56  		},
    57  		Admin: true,
    58  		TTL:   ttl, // keeping for backwards compatibility
    59  	}
    60  
    61  	tokenString, err := jwt.NewWithClaims(jwt.SigningMethodRS256, claims).SignedString(key)
    62  
    63  	if err != nil {
    64  		return nil, err
    65  	}
    66  
    67  	return []byte(tokenString), nil
    68  
    69  }