imported jwt module

jwt/tokengen.go

@@ -0,0 +1,79 @@
+package jwt
+
+import (
+	"time"
+
+	"github.com/golang-jwt/jwt"
+	"github.com/google/uuid"
+	"github.com/pkg/errors"
+)
+
+// Generates an access token for the provided subject
+func (gen *TokenGenerator) NewAccess(
+	subjectID int,
+	fresh bool,
+	rememberMe bool,
+) (tokenString string, expiresIn int64, err error) {
+	issuedAt := time.Now().Unix()
+	expiresAt := issuedAt + (gen.accessExpireAfter * 60)
+	var freshExpiresAt int64
+	if fresh {
+		freshExpiresAt = issuedAt + (gen.freshExpireAfter * 60)
+	} else {
+		freshExpiresAt = issuedAt
+	}
+	var ttl string
+	if rememberMe {
+		ttl = "exp"
+	} else {
+		ttl = "session"
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256,
+		jwt.MapClaims{
+			"iss":   gen.trustedHost,
+			"scope": "access",
+			"ttl":   ttl,
+			"jti":   uuid.New(),
+			"iat":   issuedAt,
+			"exp":   expiresAt,
+			"fresh": freshExpiresAt,
+			"sub":   subjectID,
+		})
+
+	signedToken, err := token.SignedString([]byte(gen.secretKey))
+	if err != nil {
+		return "", 0, errors.Wrap(err, "token.SignedString")
+	}
+	return signedToken, expiresAt, nil
+}
+
+// Generates a refresh token for the provided user
+func (gen *TokenGenerator) NewRefresh(
+	subjectID int,
+	rememberMe bool,
+) (tokenStr string, exp int64, err error) {
+	issuedAt := time.Now().Unix()
+	expiresAt := issuedAt + (gen.refreshExpireAfter * 60)
+	var ttl string
+	if rememberMe {
+		ttl = "exp"
+	} else {
+		ttl = "session"
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256,
+		jwt.MapClaims{
+			"iss":   gen.trustedHost,
+			"scope": "refresh",
+			"ttl":   ttl,
+			"jti":   uuid.New(),
+			"iat":   issuedAt,
+			"exp":   expiresAt,
+			"sub":   subjectID,
+		})
+
+	signedToken, err := token.SignedString([]byte(gen.secretKey))
+	if err != nil {
+		return "", 0, errors.Wrap(err, "token.SignedString")
+	}
+	return signedToken, expiresAt, nil
+}