Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 07:10:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

JWT: add token audience

Browse Source 
a token released for API audience cannot be used for web pages and
vice-versa
This commit is contained in:
Nicola Murino
2021-02-02 09:14:10 +01:00
parent 78bf808322
commit 4f609cfa30
6 changed files with 299 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
httpd/auth_utils.go
View File

@@ -12,6 +12,13 @@ import (
"github.com/drakkan/sftpgo/utils"
)
type tokenAudience = string
const (
tokenAudienceWeb tokenAudience = "Web"
tokenAudienceAPI tokenAudience = "API"
)
const (
claimUsernameKey = "username"
claimPermissionsKey = "permissions"
@@ -87,13 +94,14 @@ func (c *jwtTokenClaims) hasPerm(perm string) bool {
return utils.IsStringInSlice(perm, c.Permissions)
}
func (c *jwtTokenClaims) createTokenResponse(tokenAuth *jwtauth.JWTAuth) (map[string]interface{}, error) {
func (c *jwtTokenClaims) createTokenResponse(tokenAuth *jwtauth.JWTAuth, audience tokenAudience) (map[string]interface{}, error) {
claims := c.asMap()
now := time.Now().UTC()
claims[jwt.JwtIDKey] = xid.New().String()
claims[jwt.NotBeforeKey] = now.Add(-30 * time.Second)
claims[jwt.ExpirationKey] = now.Add(tokenDuration)
claims[jwt.AudienceKey] = audience
token, tokenString, err := tokenAuth.Encode(claims)
if err != nil {
@@ -108,7 +116,7 @@ func (c *jwtTokenClaims) createTokenResponse(tokenAuth *jwtauth.JWTAuth) (map[st
}
func (c *jwtTokenClaims) createAndSetCookie(w http.ResponseWriter, r *http.Request, tokenAuth *jwtauth.JWTAuth) error {
resp, err := c.createTokenResponse(tokenAuth)
resp, err := c.createTokenResponse(tokenAuth, tokenAudienceWeb)
if err != nil {
return err
}