From 46f6747558c21c7553fd3bda7b1d1e3e53c55852 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Tue, 21 Sep 2021 12:55:25 +0200 Subject: [PATCH] Migrate jwt token lib (#332) * migrate from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt * migrate --- go.mod | 2 +- go.sum | 4 ++-- shared/token/token.go | 21 +++++++++++++++------ 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 740957b16..80e1a421a 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,6 @@ require ( github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect - github.com/dgrijalva/jwt-go v0.0.0-20150904212456-c1da56349675 github.com/dimfeld/httptreemux v5.0.1+incompatible github.com/docker/cli v0.0.0-20200303215952-eb310fca4956 github.com/docker/distribution v2.7.1+incompatible @@ -26,6 +25,7 @@ require ( github.com/go-sql-driver/mysql v1.5.0 github.com/gogits/go-gogs-client v0.0.0-20160212212711-d584b1e0fb4d github.com/gogo/protobuf v1.3.1 // indirect + github.com/golang-jwt/jwt v3.2.2+incompatible github.com/golang/protobuf v1.5.2 github.com/google/go-github v0.0.0-20151120211125-47f2593dad19 github.com/google/go-querystring v1.0.0 // indirect diff --git a/go.sum b/go.sum index a04166a0a..16d409194 100644 --- a/go.sum +++ b/go.sum @@ -30,8 +30,6 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v0.0.0-20150904212456-c1da56349675 h1:MIkcjohFTgoQVDHtspV6VlbdH47ArW++NRDaAHKillo= -github.com/dgrijalva/jwt-go v0.0.0-20150904212456-c1da56349675/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dimfeld/httptreemux v5.0.1+incompatible h1:Qj3gVcDNoOthBAqftuD596rm4wg/adLLz5xh5CmpiCA= github.com/dimfeld/httptreemux v5.0.1+incompatible/go.mod h1:rbUlSV+CCpv/SuqUTP/8Bk2O3LyUV436/yaRGkhP6Z0= github.com/docker/cli v0.0.0-20200303215952-eb310fca4956 h1:5/ZRsUbguX7xFNLlbxVQY/yhD3Psy+vylKZrNme5BJs= @@ -86,6 +84,8 @@ github.com/gogits/go-gogs-client v0.0.0-20160212212711-d584b1e0fb4d/go.mod h1:cY github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= diff --git a/shared/token/token.go b/shared/token/token.go index 0753a1846..1bc5dce34 100644 --- a/shared/token/token.go +++ b/shared/token/token.go @@ -18,7 +18,7 @@ import ( "fmt" "net/http" - "github.com/dgrijalva/jwt-go" + "github.com/golang-jwt/jwt" ) type SecretFunc func(*Token) (string, error) @@ -106,16 +106,25 @@ func (t *Token) Sign(secret string) (string, error) { // with an expiration date. func (t *Token) SignExpires(secret string, exp int64) (string, error) { token := jwt.New(jwt.SigningMethodHS256) - token.Claims["type"] = t.Kind - token.Claims["text"] = t.Text + claims, ok := token.Claims.(jwt.MapClaims) + if !ok { + return "", fmt.Errorf("token claim is not a MapClaims") + } + claims["type"] = t.Kind + claims["text"] = t.Text if exp > 0 { - token.Claims["exp"] = float64(exp) + claims["exp"] = float64(exp) } return token.SignedString([]byte(secret)) } func keyFunc(token *Token, fn SecretFunc) jwt.Keyfunc { return func(t *jwt.Token) (interface{}, error) { + claims, ok := t.Claims.(jwt.MapClaims) + if !ok { + return nil, fmt.Errorf("token claim is not a MapClaims") + } + // validate the correct algorithm is being used if t.Method.Alg() != SignerAlgo { return nil, jwt.ErrSignatureInvalid @@ -123,7 +132,7 @@ func keyFunc(token *Token, fn SecretFunc) jwt.Keyfunc { // extract the token kind and cast to // the expected type. - kindv, ok := t.Claims["type"] + kindv, ok := claims["type"] if !ok { return nil, jwt.ValidationError{} } @@ -131,7 +140,7 @@ func keyFunc(token *Token, fn SecretFunc) jwt.Keyfunc { // extract the token value and cast to // exepected type. - textv, ok := t.Claims["text"] + textv, ok := claims["text"] if !ok { return nil, jwt.ValidationError{} }