micro/auth/jwt/jwt.go

152 lines
3.0 KiB
Go
Raw Normal View History

2020-07-19 10:53:38 +01:00
// Package jwt is a jwt implementation of the auth interface
2020-04-29 09:21:17 +01:00
package jwt
import (
2020-04-29 13:21:51 +01:00
"sync"
2020-05-14 13:56:51 +01:00
"time"
2020-04-29 09:21:17 +01:00
"github.com/unistack-org/micro/v3/auth"
"github.com/unistack-org/micro/v3/util/token"
"github.com/unistack-org/micro/v3/util/token/jwt"
2020-04-29 09:21:17 +01:00
)
// NewAuth returns a new instance of the Auth service
func NewAuth(opts ...auth.Option) auth.Auth {
2020-07-19 14:41:31 +01:00
j := new(jwtAuth)
2020-04-29 09:21:17 +01:00
j.Init(opts...)
return j
}
2020-07-19 14:41:31 +01:00
type jwtAuth struct {
2020-04-29 09:21:17 +01:00
options auth.Options
2020-07-19 14:41:31 +01:00
token token.Provider
2020-05-20 11:59:01 +01:00
rules []*auth.Rule
2020-04-29 13:21:51 +01:00
sync.Mutex
2020-04-29 09:21:17 +01:00
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) String() string {
2020-04-29 09:21:17 +01:00
return "jwt"
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Init(opts ...auth.Option) {
2020-04-29 13:21:51 +01:00
j.Lock()
defer j.Unlock()
2020-04-29 09:21:17 +01:00
for _, o := range opts {
o(&j.options)
}
2020-07-19 14:41:31 +01:00
j.token = jwt.NewTokenProvider(
2020-04-29 09:38:39 +01:00
token.WithPrivateKey(j.options.PrivateKey),
2020-04-29 09:21:17 +01:00
token.WithPublicKey(j.options.PublicKey),
)
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Options() auth.Options {
2020-04-29 13:21:51 +01:00
j.Lock()
defer j.Unlock()
2020-04-29 09:21:17 +01:00
return j.options
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
2020-04-29 13:21:51 +01:00
options := auth.NewGenerateOptions(opts...)
if len(options.Issuer) == 0 {
options.Issuer = j.Options().Issuer
}
2020-04-29 13:21:51 +01:00
account := &auth.Account{
ID: id,
Type: options.Type,
Scopes: options.Scopes,
Metadata: options.Metadata,
Issuer: options.Issuer,
2020-04-29 13:21:51 +01:00
}
// generate a JWT secret which can be provided to the Token() method
// and exchanged for an access token
2020-07-19 14:41:31 +01:00
secret, err := j.token.Generate(account, token.WithExpiry(time.Hour*24*365))
2020-04-29 13:21:51 +01:00
if err != nil {
return nil, err
}
account.Secret = secret.Token
// return the account
return account, nil
2020-04-29 09:21:17 +01:00
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Grant(rule *auth.Rule) error {
2020-04-29 13:21:51 +01:00
j.Lock()
defer j.Unlock()
2020-05-20 11:59:01 +01:00
j.rules = append(j.rules, rule)
2020-04-29 13:21:51 +01:00
return nil
2020-04-29 09:21:17 +01:00
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Revoke(rule *auth.Rule) error {
2020-04-29 13:21:51 +01:00
j.Lock()
defer j.Unlock()
2020-05-20 11:59:01 +01:00
rules := []*auth.Rule{}
2020-06-02 10:26:33 +08:00
for _, r := range j.rules {
2020-05-20 11:59:01 +01:00
if r.ID != rule.ID {
2020-04-29 13:21:51 +01:00
rules = append(rules, r)
}
}
j.rules = rules
return nil
2020-04-29 09:21:17 +01:00
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyOption) error {
j.Lock()
2020-05-20 11:59:01 +01:00
defer j.Unlock()
2020-05-20 16:49:52 +01:00
2020-05-21 16:41:55 +01:00
var options auth.VerifyOptions
2020-05-20 16:49:52 +01:00
for _, o := range opts {
o(&options)
}
2020-07-19 13:12:03 +01:00
return auth.VerifyAccess(j.rules, acc, res)
2020-05-20 11:59:01 +01:00
}
2020-04-29 13:21:51 +01:00
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Rules(opts ...auth.RulesOption) ([]*auth.Rule, error) {
2020-05-20 11:59:01 +01:00
j.Lock()
defer j.Unlock()
return j.rules, nil
2020-04-29 09:21:17 +01:00
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Inspect(token string) (*auth.Account, error) {
return j.token.Inspect(token)
2020-04-29 09:21:17 +01:00
}
2020-07-19 14:41:31 +01:00
func (j *jwtAuth) Token(opts ...auth.TokenOption) (*auth.Token, error) {
2020-04-29 09:21:17 +01:00
options := auth.NewTokenOptions(opts...)
2020-04-29 13:21:51 +01:00
secret := options.RefreshToken
if len(options.Secret) > 0 {
secret = options.Secret
}
2020-07-19 14:41:31 +01:00
account, err := j.token.Inspect(secret)
2020-04-29 13:21:51 +01:00
if err != nil {
return nil, err
2020-04-29 09:21:17 +01:00
}
2020-07-19 14:41:31 +01:00
access, err := j.token.Generate(account, token.WithExpiry(options.Expiry))
2020-05-14 13:56:51 +01:00
if err != nil {
return nil, err
}
2020-07-19 14:41:31 +01:00
refresh, err := j.token.Generate(account, token.WithExpiry(options.Expiry+time.Hour))
2020-04-29 09:21:17 +01:00
if err != nil {
return nil, err
}
return &auth.Token{
2020-05-14 13:56:51 +01:00
Created: access.Created,
Expiry: access.Expiry,
AccessToken: access.Token,
RefreshToken: refresh.Token,
2020-04-29 09:21:17 +01:00
}, nil
}