summaryrefslogtreecommitdiffstats
path: root/services/packages/auth.go
diff options
context:
space:
mode:
Diffstat (limited to 'services/packages/auth.go')
-rw-r--r--services/packages/auth.go75
1 files changed, 75 insertions, 0 deletions
diff --git a/services/packages/auth.go b/services/packages/auth.go
new file mode 100644
index 0000000..c5bf5af
--- /dev/null
+++ b/services/packages/auth.go
@@ -0,0 +1,75 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package packages
+
+import (
+ "fmt"
+ "net/http"
+ "strings"
+ "time"
+
+ auth_model "code.gitea.io/gitea/models/auth"
+ user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/setting"
+
+ "github.com/golang-jwt/jwt/v5"
+)
+
+type packageClaims struct {
+ jwt.RegisteredClaims
+ UserID int64
+ Scope auth_model.AccessTokenScope
+}
+
+func CreateAuthorizationToken(u *user_model.User, scope auth_model.AccessTokenScope) (string, error) {
+ now := time.Now()
+
+ claims := packageClaims{
+ RegisteredClaims: jwt.RegisteredClaims{
+ ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
+ NotBefore: jwt.NewNumericDate(now),
+ },
+ UserID: u.ID,
+ Scope: scope,
+ }
+ token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+
+ tokenString, err := token.SignedString(setting.GetGeneralTokenSigningSecret())
+ if err != nil {
+ return "", err
+ }
+
+ return tokenString, nil
+}
+
+func ParseAuthorizationToken(req *http.Request) (int64, auth_model.AccessTokenScope, error) {
+ h := req.Header.Get("Authorization")
+ if h == "" {
+ return 0, "", nil
+ }
+
+ parts := strings.SplitN(h, " ", 2)
+ if len(parts) != 2 {
+ log.Error("split token failed: %s", h)
+ return 0, "", fmt.Errorf("split token failed")
+ }
+
+ token, err := jwt.ParseWithClaims(parts[1], &packageClaims{}, func(t *jwt.Token) (any, error) {
+ if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
+ return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
+ }
+ return setting.GetGeneralTokenSigningSecret(), nil
+ })
+ if err != nil {
+ return 0, "", err
+ }
+
+ c, ok := token.Claims.(*packageClaims)
+ if !token.Valid || !ok {
+ return 0, "", fmt.Errorf("invalid token claim")
+ }
+
+ return c.UserID, c.Scope, nil
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-20 09:56:27 +0200