You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

66 lines
1.5 KiB

10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
  1. package security
  2. import (
  3. "fmt"
  4. "net/http"
  5. "strings"
  6. "time"
  7. "github.com/joeslay/seaweedfs/weed/glog"
  8. jwt "github.com/dgrijalva/jwt-go"
  9. )
  10. type EncodedJwt string
  11. type SigningKey []byte
  12. type SeaweedFileIdClaims struct {
  13. Fid string `json:"fid"`
  14. jwt.StandardClaims
  15. }
  16. func GenJwt(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt {
  17. if len(signingKey) == 0 {
  18. return ""
  19. }
  20. claims := SeaweedFileIdClaims{
  21. fileId,
  22. jwt.StandardClaims{},
  23. }
  24. if expiresAfterSec > 0 {
  25. claims.ExpiresAt = time.Now().Add(time.Second * time.Duration(expiresAfterSec)).Unix()
  26. }
  27. t := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
  28. encoded, e := t.SignedString([]byte(signingKey))
  29. if e != nil {
  30. glog.V(0).Infof("Failed to sign claims %+v: %v", t.Claims, e)
  31. return ""
  32. }
  33. return EncodedJwt(encoded)
  34. }
  35. func GetJwt(r *http.Request) EncodedJwt {
  36. // Get token from query params
  37. tokenStr := r.URL.Query().Get("jwt")
  38. // Get token from authorization header
  39. if tokenStr == "" {
  40. bearer := r.Header.Get("Authorization")
  41. if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
  42. tokenStr = bearer[7:]
  43. }
  44. }
  45. return EncodedJwt(tokenStr)
  46. }
  47. func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error) {
  48. // check exp, nbf
  49. return jwt.ParseWithClaims(string(tokenString), &SeaweedFileIdClaims{}, func(token *jwt.Token) (interface{}, error) {
  50. if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
  51. return nil, fmt.Errorf("unknown token method")
  52. }
  53. return []byte(signingKey), nil
  54. })
  55. }