66 lines
1.5 KiB

10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
  1. package security
  2. import (
  3. "fmt"
  4. "net/http"
  5. "strings"
  6. "time"
  7. "github.com/chrislusf/seaweedfs/weed/glog"
  8. jwt "github.com/dgrijalva/jwt-go"
  9. )
  10. type EncodedJwt string
  11. type SigningKey []byte
  12. type SeaweedFileIdClaims struct {
  13. Fid string `json:"fid"`
  14. jwt.StandardClaims
  15. }
  16. func GenJwt(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt {
  17. if len(signingKey) == 0 {
  18. return ""
  19. }
  20. claims := SeaweedFileIdClaims{
  21. fileId,
  22. jwt.StandardClaims{},
  23. }
  24. if expiresAfterSec > 0 {
  25. claims.ExpiresAt = time.Now().Add(time.Second * time.Duration(expiresAfterSec)).Unix()
  26. }
  27. t := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
  28. encoded, e := t.SignedString([]byte(signingKey))
  29. if e != nil {
  30. glog.V(0).Infof("Failed to sign claims %+v: %v", t.Claims, e)
  31. return ""
  32. }
  33. return EncodedJwt(encoded)
  34. }
  35. func GetJwt(r *http.Request) EncodedJwt {
  36. // Get token from query params
  37. tokenStr := r.URL.Query().Get("jwt")
  38. // Get token from authorization header
  39. if tokenStr == "" {
  40. bearer := r.Header.Get("Authorization")
  41. if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
  42. tokenStr = bearer[7:]
  43. }
  44. }
  45. return EncodedJwt(tokenStr)
  46. }
  47. func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error) {
  48. // check exp, nbf
  49. return jwt.ParseWithClaims(string(tokenString), &SeaweedFileIdClaims{}, func(token *jwt.Token) (interface{}, error) {
  50. if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
  51. return nil, fmt.Errorf("unknown token method")
  52. }
  53. return []byte(signingKey), nil
  54. })
  55. }