OrgGo
/
Mainflux.mainflux
mirror of https://github.com/mainflux/mainflux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Mainflux.mainflux/manager/jwt/idp.go

74 lines
1.6 KiB
Go
Raw Normal View History

Integrate manager service Setup top-level glide dependencies file. Migrated all of the manager service code into this repository. Fixed docker build procedure. Extracted executable to the top-level. Signed-off-by: Dejan Mijic <dejan@mainflux.com>
2017-09-23 07:03:27 +08:00
package jwt
import (
"time"
jwt "github.com/dgrijalva/jwt-go"
"github.com/mainflux/mainflux/manager"
)
const (
issuer string = "mainflux"
duration time.Duration = 10 * time.Hour
)
var _ manager.IdentityProvider = (*jwtIdentityProvider)(nil)
type jwtIdentityProvider struct {
secret string
}
// NewIdentityProvider instantiates a JWT identity provider.
func NewIdentityProvider(secret string) manager.IdentityProvider {
return &jwtIdentityProvider{}
}
func (idp *jwtIdentityProvider) TemporaryKey(id string) (string, error) {
now := time.Now().UTC()
exp := now.Add(duration)
claims := jwt.StandardClaims{
Subject: id,
Issuer: issuer,
IssuedAt: now.Unix(),
ExpiresAt: exp.Unix(),
}
return idp.jwt(claims)
}
func (idp *jwtIdentityProvider) PermanentKey(id string) (string, error) {
claims := jwt.StandardClaims{
Subject: id,
Issuer: issuer,
IssuedAt: time.Now().UTC().Unix(),
}
return idp.jwt(claims)
}
func (idp *jwtIdentityProvider) jwt(claims jwt.StandardClaims) (string, error) {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString([]byte(idp.secret))
}
func (idp *jwtIdentityProvider) Identity(key string) (string, error) {
token, err := jwt.Parse(key, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, manager.ErrUnauthorizedAccess
}
return []byte(idp.secret), nil
})
if err != nil {
return "", manager.ErrUnauthorizedAccess
}
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
return claims["sub"].(string), nil
}
return "", manager.ErrUnauthorizedAccess
}