mirror of
https://github.com/stefanprodan/podinfo.git
synced 2026-05-17 06:56:32 +00:00
104 lines
2.6 KiB
Go
104 lines
2.6 KiB
Go
package grpc
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/golang-jwt/jwt/v4"
|
|
"go.uber.org/zap"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/metadata"
|
|
"google.golang.org/grpc/status"
|
|
|
|
pb "github.com/stefanprodan/podinfo/pkg/api/grpc/token"
|
|
)
|
|
|
|
type TokenServer struct {
|
|
pb.UnimplementedTokenServiceServer
|
|
config *Config
|
|
logger *zap.Logger
|
|
}
|
|
|
|
type jwtCustomClaims struct {
|
|
Name string `json:"name"`
|
|
jwt.StandardClaims
|
|
}
|
|
|
|
func (s *TokenServer) TokenGenerate(ctx context.Context, req *pb.TokenRequest) (*pb.TokenResponse, error) {
|
|
|
|
user := "anonymous"
|
|
expiresAt := time.Now().Add(time.Minute * 1).Unix()
|
|
|
|
claims := &jwtCustomClaims{
|
|
user,
|
|
jwt.StandardClaims{
|
|
Issuer: "podinfo",
|
|
ExpiresAt: expiresAt,
|
|
},
|
|
}
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
t, err := token.SignedString([]byte(s.config.JWTSecret))
|
|
|
|
if err != nil {
|
|
s.logger.Error("Failed to generate token", zap.Error(err))
|
|
return &pb.TokenResponse{}, err
|
|
}
|
|
|
|
var result = pb.TokenResponse{
|
|
Token: t,
|
|
ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt, 0).String(),
|
|
Message: "Token generated successfully",
|
|
}
|
|
|
|
return &result, nil
|
|
}
|
|
|
|
func (s *TokenServer) TokenValidate(ctx context.Context, req *pb.TokenRequest) (*pb.TokenResponse, error) {
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
if !ok {
|
|
return nil, status.Errorf(codes.DataLoss, "UnaryEcho: failed to get metadata")
|
|
}
|
|
|
|
authorization := md.Get("authorization")
|
|
|
|
if len(authorization) == 0 {
|
|
return nil, status.Errorf(codes.Unauthenticated, "Authorization token not found in metadata")
|
|
}
|
|
|
|
token := strings.TrimSpace(strings.TrimPrefix(authorization[0], "Bearer"))
|
|
|
|
claims := jwtCustomClaims{}
|
|
|
|
parsed_token, err := jwt.ParseWithClaims(token, &claims, func(parsed_token *jwt.Token) (interface{}, error) {
|
|
if _, ok := parsed_token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, status.Errorf(codes.Canceled, "invalid signing method")
|
|
}
|
|
return []byte(s.config.JWTSecret), nil
|
|
})
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "token is expired") || strings.Contains(err.Error(), "signature is invalid") {
|
|
return &pb.TokenResponse{
|
|
Message: err.Error(),
|
|
}, nil
|
|
}
|
|
return nil, status.Errorf(codes.Unauthenticated, "Unable to parse token")
|
|
|
|
}
|
|
|
|
if parsed_token.Valid {
|
|
if claims.StandardClaims.Issuer != "podinfo" {
|
|
return nil, status.Errorf(codes.OK, "Invalid issuer")
|
|
} else {
|
|
var result = pb.TokenResponse{
|
|
Token: claims.Name,
|
|
ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt, 0).String(),
|
|
}
|
|
return &result, nil
|
|
}
|
|
} else {
|
|
return nil, status.Errorf(codes.Unauthenticated, "Unauthenticated")
|
|
}
|
|
}
|