mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-15 05:58:16 +00:00
35735bbef9
* Upgrade to golang-jwt 3.2.2 Upgrade to the latest version of golang-jwt Signed-off-by: Andrew Thornton <art27@cantab.net> * Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2. Further given golang-jwt/jwts stated policy of only supporting supported go versions we should just raise our minimal version of go to 1.16 for 1.16 as by time of release 1.15 will be out of support. Signed-off-by: Andrew Thornton <art27@cantab.net> * update minimal go required Signed-off-by: Andrew Thornton <art27@cantab.net> * update config.yaml Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
105 lines
3.2 KiB
Go
Vendored
105 lines
3.2 KiB
Go
Vendored
package jwt
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
// TimeFunc provides the current time when parsing token to validate "exp" claim (expiration time).
|
|
// You can override it to use another time value. This is useful for testing or if your
|
|
// server uses a different time zone than your tokens.
|
|
var TimeFunc = time.Now
|
|
|
|
// Parse methods use this callback function to supply
|
|
// the key for verification. The function receives the parsed,
|
|
// but unverified Token. This allows you to use properties in the
|
|
// Header of the token (such as `kid`) to identify which key to use.
|
|
type Keyfunc func(*Token) (interface{}, error)
|
|
|
|
// A JWT Token. Different fields will be used depending on whether you're
|
|
// creating or parsing/verifying a token.
|
|
type Token struct {
|
|
Raw string // The raw token. Populated when you Parse a token
|
|
Method SigningMethod // The signing method used or to be used
|
|
Header map[string]interface{} // The first segment of the token
|
|
Claims Claims // The second segment of the token
|
|
Signature string // The third segment of the token. Populated when you Parse a token
|
|
Valid bool // Is the token valid? Populated when you Parse/Verify a token
|
|
}
|
|
|
|
// Create a new Token. Takes a signing method
|
|
func New(method SigningMethod) *Token {
|
|
return NewWithClaims(method, MapClaims{})
|
|
}
|
|
|
|
func NewWithClaims(method SigningMethod, claims Claims) *Token {
|
|
return &Token{
|
|
Header: map[string]interface{}{
|
|
"typ": "JWT",
|
|
"alg": method.Alg(),
|
|
},
|
|
Claims: claims,
|
|
Method: method,
|
|
}
|
|
}
|
|
|
|
// Get the complete, signed token
|
|
func (t *Token) SignedString(key interface{}) (string, error) {
|
|
var sig, sstr string
|
|
var err error
|
|
if sstr, err = t.SigningString(); err != nil {
|
|
return "", err
|
|
}
|
|
if sig, err = t.Method.Sign(sstr, key); err != nil {
|
|
return "", err
|
|
}
|
|
return strings.Join([]string{sstr, sig}, "."), nil
|
|
}
|
|
|
|
// Generate the signing string. This is the
|
|
// most expensive part of the whole deal. Unless you
|
|
// need this for something special, just go straight for
|
|
// the SignedString.
|
|
func (t *Token) SigningString() (string, error) {
|
|
var err error
|
|
parts := make([]string, 2)
|
|
for i := range parts {
|
|
var jsonValue []byte
|
|
if i == 0 {
|
|
if jsonValue, err = json.Marshal(t.Header); err != nil {
|
|
return "", err
|
|
}
|
|
} else {
|
|
if jsonValue, err = json.Marshal(t.Claims); err != nil {
|
|
return "", err
|
|
}
|
|
}
|
|
|
|
parts[i] = EncodeSegment(jsonValue)
|
|
}
|
|
return strings.Join(parts, "."), nil
|
|
}
|
|
|
|
// Parse, validate, and return a token.
|
|
// keyFunc will receive the parsed token and should return the key for validating.
|
|
// If everything is kosher, err will be nil
|
|
func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
|
|
return new(Parser).Parse(tokenString, keyFunc)
|
|
}
|
|
|
|
func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
|
|
return new(Parser).ParseWithClaims(tokenString, claims, keyFunc)
|
|
}
|
|
|
|
// Encode JWT specific base64url encoding with padding stripped
|
|
func EncodeSegment(seg []byte) string {
|
|
return base64.RawURLEncoding.EncodeToString(seg)
|
|
}
|
|
|
|
// Decode JWT specific base64url encoding with padding stripped
|
|
func DecodeSegment(seg string) ([]byte, error) {
|
|
return base64.RawURLEncoding.DecodeString(seg)
|
|
}
|