micro/auth/jwt/jwt.go

// Package jwt is a jwt implementation of the auth interface
package jwt

import (
	"sync"
	"time"

	"github.com/micro/go-micro/v3/auth"
	"github.com/micro/go-micro/v3/util/token"
	"github.com/micro/go-micro/v3/util/token/jwt"
)

// NewAuth returns a new instance of the Auth service
func NewAuth(opts ...auth.Option) auth.Auth {
	j := new(jwtAuth)
	j.Init(opts...)
	return j
}

type jwtAuth struct {
	options auth.Options
	token   token.Provider
	rules   []*auth.Rule

	sync.Mutex
}

func (j *jwtAuth) String() string {
	return "jwt"
}

func (j *jwtAuth) Init(opts ...auth.Option) {
	j.Lock()
	defer j.Unlock()

	for _, o := range opts {
		o(&j.options)
	}

	j.token = jwt.NewTokenProvider(
		token.WithPrivateKey(j.options.PrivateKey),
		token.WithPublicKey(j.options.PublicKey),
	)
}

func (j *jwtAuth) Options() auth.Options {
	j.Lock()
	defer j.Unlock()
	return j.options
}

func (j *jwtAuth) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
	options := auth.NewGenerateOptions(opts...)
	if len(options.Issuer) == 0 {
		options.Issuer = j.Options().Issuer
	}

	account := &auth.Account{
		ID:       id,
		Type:     options.Type,
		Scopes:   options.Scopes,
		Metadata: options.Metadata,
		Issuer:   options.Issuer,
	}

	// generate a JWT secret which can be provided to the Token() method
	// and exchanged for an access token
	secret, err := j.token.Generate(account, token.WithExpiry(time.Hour*24*365))
	if err != nil {
		return nil, err
	}
	account.Secret = secret.Token

	// return the account
	return account, nil
}

func (j *jwtAuth) Grant(rule *auth.Rule) error {
	j.Lock()
	defer j.Unlock()
	j.rules = append(j.rules, rule)
	return nil
}

func (j *jwtAuth) Revoke(rule *auth.Rule) error {
	j.Lock()
	defer j.Unlock()

	rules := []*auth.Rule{}
	for _, r := range j.rules {
		if r.ID != rule.ID {
			rules = append(rules, r)
		}
	}

	j.rules = rules
	return nil
}

func (j *jwtAuth) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
	j.Lock()
	defer j.Unlock()

	var options auth.VerifyOptions
	for _, o := range opts {
		o(&options)
	}

	return auth.VerifyAccess(j.rules, acc, res)
}

func (j *jwtAuth) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
	j.Lock()
	defer j.Unlock()
	return j.rules, nil
}

func (j *jwtAuth) Inspect(token string) (*auth.Account, error) {
	return j.token.Inspect(token)
}

func (j *jwtAuth) Token(opts ...auth.TokenOption) (*auth.Token, error) {
	options := auth.NewTokenOptions(opts...)

	secret := options.RefreshToken
	if len(options.Secret) > 0 {
		secret = options.Secret
	}

	account, err := j.token.Inspect(secret)
	if err != nil {
		return nil, err
	}

	access, err := j.token.Generate(account, token.WithExpiry(options.Expiry))
	if err != nil {
		return nil, err
	}

	refresh, err := j.token.Generate(account, token.WithExpiry(options.Expiry+time.Hour))
	if err != nil {
		return nil, err
	}

	return &auth.Token{
		Created:      access.Created,
		Expiry:       access.Expiry,
		AccessToken:  access.Token,
		RefreshToken: refresh.Token,
	}, nil
}
auth jwt / service package comments 2020-07-19 12:53:38 +03:00			`// Package jwt is a jwt implementation of the auth interface`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`package jwt`

			`import (`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`"sync"`
Seperate JWT refresh / access tokens 2020-05-14 15:56:51 +03:00			`"time"`
JWT auth implementation 2020-04-29 11:21:17 +03:00
v3 refactor (#1868) * Move to v3 Co-authored-by: Ben Toogood <bentoogood@gmail.com> 2020-07-27 15:22:00 +03:00			`"github.com/micro/go-micro/v3/auth"`
			`"github.com/micro/go-micro/v3/util/token"`
			`"github.com/micro/go-micro/v3/util/token/jwt"`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`)`

			`// NewAuth returns a new instance of the Auth service`
			`func NewAuth(opts ...auth.Option) auth.Auth {`
some renaming of types in auth 2020-07-19 16:41:31 +03:00			`j := new(jwtAuth)`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`j.Init(opts...)`
			`return j`
			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`type jwtAuth struct {`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`options auth.Options`
some renaming of types in auth 2020-07-19 16:41:31 +03:00			`token token.Provider`
Add Rule to Auth interface 2020-05-20 13:59:01 +03:00			`rules []*auth.Rule`
Complete JWT implementation 2020-04-29 15:21:51 +03:00
			`sync.Mutex`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j *jwtAuth) String() string {`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`return "jwt"`
			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j *jwtAuth) Init(opts ...auth.Option) {`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`j.Lock()`
			`defer j.Unlock()`

JWT auth implementation 2020-04-29 11:21:17 +03:00			`for _, o := range opts {`
			`o(&j.options)`
			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`j.token = jwt.NewTokenProvider(`
Fix Typo 2020-04-29 11:38:39 +03:00			`token.WithPrivateKey(j.options.PrivateKey),`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`token.WithPublicKey(j.options.PublicKey),`
			`)`
			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j *jwtAuth) Options() auth.Options {`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`j.Lock()`
			`defer j.Unlock()`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`return j.options`
			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j jwtAuth) Generate(id string, opts ...auth.GenerateOption) (auth.Account, error) {`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`options := auth.NewGenerateOptions(opts...)`
runtime: provide credentials to services (#1817) * runtime: inject credentials into service * util/auth: self generate accounts (needed for jwt) * runtime/kubernetes: add logging for creds * runtime/kubernetes: serialize secret name * runtime/kubernetes: remove unused code * runtime/kubernetes: base64 encode secret * runtime/kubernetes: remove metadata from secret * util/kubernetes/client: omit empty secret metadata * util/kubernetes/client: fix secret template * util/kubernetes/client: fix secrets * web: update auth util * util/auth: fix missing arg * extend token expiry * extend token expiry 2020-07-10 18:25:46 +03:00			`if len(options.Issuer) == 0 {`
			`options.Issuer = j.Options().Issuer`
			`}`

Complete JWT implementation 2020-04-29 15:21:51 +03:00			`account := &auth.Account{`
Replace auth account.Namespace with account.Scopes 2020-05-19 20:17:17 +03:00			`ID: id,`
			`Type: options.Type,`
			`Scopes: options.Scopes,`
			`Metadata: options.Metadata,`
runtime: provide credentials to services (#1817) * runtime: inject credentials into service * util/auth: self generate accounts (needed for jwt) * runtime/kubernetes: add logging for creds * runtime/kubernetes: serialize secret name * runtime/kubernetes: remove unused code * runtime/kubernetes: base64 encode secret * runtime/kubernetes: remove metadata from secret * util/kubernetes/client: omit empty secret metadata * util/kubernetes/client: fix secret template * util/kubernetes/client: fix secrets * web: update auth util * util/auth: fix missing arg * extend token expiry * extend token expiry 2020-07-10 18:25:46 +03:00			`Issuer: options.Issuer,`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`}`

			`// generate a JWT secret which can be provided to the Token() method`
			`// and exchanged for an access token`
some renaming of types in auth 2020-07-19 16:41:31 +03:00			`secret, err := j.token.Generate(account, token.WithExpiry(time.Hour24365))`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`if err != nil {`
			`return nil, err`
			`}`
			`account.Secret = secret.Token`

			`// return the account`
			`return account, nil`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j jwtAuth) Grant(rule auth.Rule) error {`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`j.Lock()`
			`defer j.Unlock()`
Add Rule to Auth interface 2020-05-20 13:59:01 +03:00			`j.rules = append(j.rules, rule)`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`return nil`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j jwtAuth) Revoke(rule auth.Rule) error {`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`j.Lock()`
			`defer j.Unlock()`

Add Rule to Auth interface 2020-05-20 13:59:01 +03:00			`rules := []*auth.Rule{}`
fix jwt revoke 2020-06-02 05:26:33 +03:00			`for _, r := range j.rules {`
Add Rule to Auth interface 2020-05-20 13:59:01 +03:00			`if r.ID != rule.ID {`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`rules = append(rules, r)`
			`}`
			`}`

			`j.rules = rules`
			`return nil`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j jwtAuth) Verify(acc auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {`
Replace auth account.Namespace with account.Scopes 2020-05-19 20:17:17 +03:00			`j.Lock()`
Add Rule to Auth interface 2020-05-20 13:59:01 +03:00			`defer j.Unlock()`
Verify Options 2020-05-20 18:49:52 +03:00
Add account issuers 2020-05-21 18:41:55 +03:00			`var options auth.VerifyOptions`
Verify Options 2020-05-20 18:49:52 +03:00			`for _, o := range opts {`
			`o(&options)`
			`}`

Move rules.Verify to auth.VerifyAccess 2020-07-19 15:12:03 +03:00			`return auth.VerifyAccess(j.rules, acc, res)`
Add Rule to Auth interface 2020-05-20 13:59:01 +03:00			`}`
Complete JWT implementation 2020-04-29 15:21:51 +03:00
some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j jwtAuth) Rules(opts ...auth.RulesOption) ([]auth.Rule, error) {`
Add Rule to Auth interface 2020-05-20 13:59:01 +03:00			`j.Lock()`
			`defer j.Unlock()`
			`return j.rules, nil`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j jwtAuth) Inspect(token string) (auth.Account, error) {`
			`return j.token.Inspect(token)`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`func (j jwtAuth) Token(opts ...auth.TokenOption) (auth.Token, error) {`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`options := auth.NewTokenOptions(opts...)`
Complete JWT implementation 2020-04-29 15:21:51 +03:00
			`secret := options.RefreshToken`
			`if len(options.Secret) > 0 {`
			`secret = options.Secret`
			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`account, err := j.token.Inspect(secret)`
Complete JWT implementation 2020-04-29 15:21:51 +03:00			`if err != nil {`
			`return nil, err`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`access, err := j.token.Generate(account, token.WithExpiry(options.Expiry))`
Seperate JWT refresh / access tokens 2020-05-14 15:56:51 +03:00			`if err != nil {`
			`return nil, err`
			`}`

some renaming of types in auth 2020-07-19 16:41:31 +03:00			`refresh, err := j.token.Generate(account, token.WithExpiry(options.Expiry+time.Hour))`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`if err != nil {`
			`return nil, err`
			`}`

			`return &auth.Token{`
Seperate JWT refresh / access tokens 2020-05-14 15:56:51 +03:00			`Created: access.Created,`
			`Expiry: access.Expiry,`
			`AccessToken: access.Token,`
			`RefreshToken: refresh.Token,`
JWT auth implementation 2020-04-29 11:21:17 +03:00			`}, nil`
			`}`