mirror of
https://github.com/1f349/tulip.git
synced 2024-12-23 00:34:07 +00:00
Use JWT access tokens
This commit is contained in:
parent
23a49e5a6a
commit
b6d5bef56c
35
server/jwt.go
Normal file
35
server/jwt.go
Normal file
@ -0,0 +1,35 @@
|
||||
package server
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"github.com/1f349/mjwt"
|
||||
"github.com/1f349/mjwt/auth"
|
||||
"github.com/go-oauth2/oauth2/v4"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/google/uuid"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type JWTAccessGenerate struct {
|
||||
signer mjwt.Signer
|
||||
}
|
||||
|
||||
func NewJWTAccessGenerate(signer mjwt.Signer) *JWTAccessGenerate {
|
||||
return &JWTAccessGenerate{signer}
|
||||
}
|
||||
|
||||
var _ oauth2.AccessGenerate = &JWTAccessGenerate{}
|
||||
|
||||
func (j JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (access, refresh string, err error) {
|
||||
access, err = j.signer.GenerateJwt(data.UserID, "", jwt.ClaimStrings{data.Client.GetID()}, data.TokenInfo.GetAccessExpiresIn(), auth.AccessTokenClaims{})
|
||||
|
||||
if isGenRefresh {
|
||||
t := uuid.NewHash(sha256.New(), uuid.New(), []byte(access), 5).String()
|
||||
refresh = base64.URLEncoding.EncodeToString([]byte(t))
|
||||
refresh = strings.ToUpper(strings.TrimRight(refresh, "="))
|
||||
}
|
||||
|
||||
return
|
||||
}
|
@ -14,7 +14,6 @@ import (
|
||||
scope2 "github.com/1f349/tulip/scope"
|
||||
"github.com/1f349/tulip/theme"
|
||||
"github.com/go-oauth2/oauth2/v4/errors"
|
||||
"github.com/go-oauth2/oauth2/v4/generates"
|
||||
"github.com/go-oauth2/oauth2/v4/manage"
|
||||
"github.com/go-oauth2/oauth2/v4/server"
|
||||
"github.com/go-oauth2/oauth2/v4/store"
|
||||
@ -86,7 +85,7 @@ func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Ser
|
||||
|
||||
oauthManager.SetAuthorizeCodeTokenCfg(manage.DefaultAuthorizeCodeTokenCfg)
|
||||
oauthManager.MustTokenStorage(store.NewMemoryTokenStore())
|
||||
oauthManager.MapAccessGenerate(generates.NewAccessGenerate())
|
||||
oauthManager.MapAccessGenerate(NewJWTAccessGenerate(hs.signingKey))
|
||||
oauthManager.MapClientStorage(clientStore.New(db))
|
||||
|
||||
oauthSrv.SetResponseErrorHandler(func(re *errors.Response) {
|
||||
|
Loading…
Reference in New Issue
Block a user