Add Namespace to Auth (#1438)

Co-authored-by: Ben Toogood <ben@micro.mu>
2020-03-30 09:51:37 +01:00
parent 3d7d5ce6b4
commit 4db2f5e79d
8 changed files with 120 additions and 64 deletions
--- a/auth/token/basic/basic.go
+++ b/auth/token/basic/basic.go
@@ -40,13 +40,14 @@ func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.To

 	// construct the token
 	token := auth.Token{
-		Subject:  subject,
-		Type:     b.String(),
-		Token:    uuid.New().String(),
-		Created:  time.Now(),
-		Expiry:   time.Now().Add(options.Expiry),
-		Metadata: options.Metadata,
-		Roles:    options.Roles,
+		Subject:   subject,
+		Type:      b.String(),
+		Token:     uuid.New().String(),
+		Created:   time.Now(),
+		Expiry:    time.Now().Add(options.Expiry),
+		Metadata:  options.Metadata,
+		Roles:     options.Roles,
+		Namespace: options.Namespace,
 	}

 	// marshal the account to bytes
--- a/auth/token/jwt/jwt.go
+++ b/auth/token/jwt/jwt.go
@@ -11,8 +11,9 @@ import (

 // authClaims to be encoded in the JWT
 type authClaims struct {
-	Roles    []string          `json:"roles"`
-	Metadata map[string]string `json:"metadata"`
+	Roles     []string          `json:"roles"`
+	Metadata  map[string]string `json:"metadata"`
+	Namespace string            `json:"namespace"`

 	jwt.StandardClaims
 }
@@ -49,7 +50,7 @@ func (j *JWT) Generate(subject string, opts ...token.GenerateOption) (*auth.Toke
 	// generate the JWT
 	expiry := time.Now().Add(options.Expiry)
 	t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
-		options.Roles, options.Metadata, jwt.StandardClaims{
+		options.Roles, options.Metadata, options.Namespace, jwt.StandardClaims{
 			Subject:   subject,
 			ExpiresAt: expiry.Unix(),
 		},
@@ -61,13 +62,14 @@ func (j *JWT) Generate(subject string, opts ...token.GenerateOption) (*auth.Toke

 	// return the token
 	return &auth.Token{
-		Subject:  subject,
-		Token:    tok,
-		Type:     j.String(),
-		Created:  time.Now(),
-		Expiry:   expiry,
-		Roles:    options.Roles,
-		Metadata: options.Metadata,
+		Subject:   subject,
+		Token:     tok,
+		Type:      j.String(),
+		Created:   time.Now(),
+		Expiry:    expiry,
+		Roles:     options.Roles,
+		Metadata:  options.Metadata,
+		Namespace: options.Namespace,
 	}, nil
 }

@@ -98,10 +100,11 @@ func (j *JWT) Inspect(t string) (*auth.Token, error) {

 	// return the token
 	return &auth.Token{
-		Token:    t,
-		Subject:  claims.Subject,
-		Metadata: claims.Metadata,
-		Roles:    claims.Roles,
+		Token:     t,
+		Subject:   claims.Subject,
+		Metadata:  claims.Metadata,
+		Roles:     claims.Roles,
+		Namespace: claims.Namespace,
 	}, nil
 }

--- a/auth/token/options.go
+++ b/auth/token/options.go
@@ -57,6 +57,8 @@ type GenerateOptions struct {
 	Metadata map[string]string
 	// Roles/scopes associated with the account
 	Roles []string
+	// Namespace the account belongs too
+	Namespace string
 }

 type GenerateOption func(o *GenerateOptions)
@@ -82,6 +84,13 @@ func WithRoles(rs ...string) func(o *GenerateOptions) {
 	}
 }

+// WithNamespace for the token
+func WithNamespace(n string) func(o *GenerateOptions) {
+	return func(o *GenerateOptions) {
+		o.Namespace = n
+	}
+}
+
 // NewGenerateOptions from a slice of options
 func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
 	var options GenerateOptions