agola/internal/services/common/jwt.go

// Copyright 2019 Sorint.lab
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
// See the License for the specific language governing permissions and
// limitations under the License.

package common

import (
	"crypto/rsa"
	"encoding/json"
	"time"

	"agola.io/agola/internal/errors"
	"github.com/golang-jwt/jwt/v4"
)

type TokenSigningData struct {
	Duration   time.Duration
	Method     jwt.SigningMethod
	PrivateKey *rsa.PrivateKey
	PublicKey  *rsa.PublicKey
	Key        []byte
}

func GenerateGenericJWTToken(sd *TokenSigningData, claims jwt.Claims) (string, error) {
	token := jwt.NewWithClaims(sd.Method, claims)

	var key interface{}
	switch sd.Method {
	case jwt.SigningMethodRS256:
		key = sd.PrivateKey
	case jwt.SigningMethodHS256:
		key = sd.Key
	default:
		return "", errors.Errorf("unsupported signing method %q", sd.Method.Alg())
	}
	// Sign and get the complete encoded token as a string
	ts, err := token.SignedString(key)
	return ts, errors.WithStack(err)
}

func GenerateOauth2JWTToken(sd *TokenSigningData, remoteSourceName, requestType string, request interface{}) (string, error) {
	requestj, err := json.Marshal(request)
	if err != nil {
		return "", errors.WithStack(err)
	}

	return GenerateGenericJWTToken(sd, jwt.MapClaims{
		"exp":                time.Now().Add(sd.Duration).Unix(),
		"remote_source_name": remoteSourceName,
		"request_type":       requestType,
		"request":            string(requestj),
	})
}

func GenerateLoginJWTToken(sd *TokenSigningData, userID string) (string, error) {
	return GenerateGenericJWTToken(sd, jwt.MapClaims{
		"sub": userID,
		"exp": time.Now().Add(sd.Duration).Unix(),
	})
}
gateway: initial implementation 2019-02-21 16:58:25 +00:00			`// Copyright 2019 Sorint.lab`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package common`

			`import (`
			`"crypto/rsa"`
			`"encoding/json"`
			`"time"`

: use new errors handling library Implement a new error handling library based on pkg/errors. It provides stack saving on wrapping and exports some function to add stack saving also to external errors. It also implements custom zerolog error formatting without adding too much verbosity by just printing the chain error file:line without a full stack trace of every error. Add a --detailed-errors options to print error with they full chain * Wrap all error returns. Use errors.WithStack to wrap without adding a new messsage and error.Wrap[f] to add a message. * Add golangci-lint wrapcheck to check that external packages errors are wrapped. This won't check that internal packages error are wrapped. But we want also to ensure this case so we'll have to find something else to check also these. 2022-02-22 14:01:29 +00:00			`"agola.io/agola/internal/errors"`
*: migrate to golang-jwt/jwt Migrate to the new community maintained version of github.com/dgrijalva/jwt-go 2021-09-10 10:33:59 +00:00			`"github.com/golang-jwt/jwt/v4"`
gateway: initial implementation 2019-02-21 16:58:25 +00:00			`)`

			`type TokenSigningData struct {`
			`Duration time.Duration`
			`Method jwt.SigningMethod`
			`PrivateKey *rsa.PrivateKey`
			`PublicKey *rsa.PublicKey`
			`Key []byte`
			`}`

jwt: unify token generation functions 2019-05-07 16:30:20 +00:00			`func GenerateGenericJWTToken(sd *TokenSigningData, claims jwt.Claims) (string, error) {`
			`token := jwt.NewWithClaims(sd.Method, claims)`
gateway: initial implementation 2019-02-21 16:58:25 +00:00
			`var key interface{}`
			`switch sd.Method {`
			`case jwt.SigningMethodRS256:`
			`key = sd.PrivateKey`
			`case jwt.SigningMethodHS256:`
			`key = sd.Key`
			`default:`
jwt: unify token generation functions 2019-05-07 16:30:20 +00:00			`return "", errors.Errorf("unsupported signing method %q", sd.Method.Alg())`
gateway: initial implementation 2019-02-21 16:58:25 +00:00			`}`
			`// Sign and get the complete encoded token as a string`
: use new errors handling library Implement a new error handling library based on pkg/errors. It provides stack saving on wrapping and exports some function to add stack saving also to external errors. It also implements custom zerolog error formatting without adding too much verbosity by just printing the chain error file:line without a full stack trace of every error. Add a --detailed-errors options to print error with they full chain * Wrap all error returns. Use errors.WithStack to wrap without adding a new messsage and error.Wrap[f] to add a message. * Add golangci-lint wrapcheck to check that external packages errors are wrapped. This won't check that internal packages error are wrapped. But we want also to ensure this case so we'll have to find something else to check also these. 2022-02-22 14:01:29 +00:00			`ts, err := token.SignedString(key)`
			`return ts, errors.WithStack(err)`
gateway: initial implementation 2019-02-21 16:58:25 +00:00			`}`

jwt: unify token generation functions 2019-05-07 16:30:20 +00:00			`func GenerateOauth2JWTToken(sd *TokenSigningData, remoteSourceName, requestType string, request interface{}) (string, error) {`
			`requestj, err := json.Marshal(request)`
			`if err != nil {`
: use new errors handling library Implement a new error handling library based on pkg/errors. It provides stack saving on wrapping and exports some function to add stack saving also to external errors. It also implements custom zerolog error formatting without adding too much verbosity by just printing the chain error file:line without a full stack trace of every error. Add a --detailed-errors options to print error with they full chain * Wrap all error returns. Use errors.WithStack to wrap without adding a new messsage and error.Wrap[f] to add a message. * Add golangci-lint wrapcheck to check that external packages errors are wrapped. This won't check that internal packages error are wrapped. But we want also to ensure this case so we'll have to find something else to check also these. 2022-02-22 14:01:29 +00:00			`return "", errors.WithStack(err)`
jwt: unify token generation functions 2019-05-07 16:30:20 +00:00			`}`

			`return GenerateGenericJWTToken(sd, jwt.MapClaims{`
			`"exp": time.Now().Add(sd.Duration).Unix(),`
			`"remote_source_name": remoteSourceName,`
			`"request_type": requestType,`
			`"request": string(requestj),`
			`})`
			`}`

gateway: initial implementation 2019-02-21 16:58:25 +00:00			`func GenerateLoginJWTToken(sd *TokenSigningData, userID string) (string, error) {`
jwt: unify token generation functions 2019-05-07 16:30:20 +00:00			`return GenerateGenericJWTToken(sd, jwt.MapClaims{`
gateway: initial implementation 2019-02-21 16:58:25 +00:00			`"sub": userID,`
			`"exp": time.Now().Add(sd.Duration).Unix(),`
			`})`
			`}`