80 lines
1.7 KiB
Go
80 lines
1.7 KiB
Go
package jwt
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/golang-jwt/jwt"
|
|
"github.com/google/uuid"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// Generates an access token for the provided subject
|
|
func (gen *TokenGenerator) NewAccess(
|
|
subjectID int,
|
|
fresh bool,
|
|
rememberMe bool,
|
|
) (tokenString string, expiresIn int64, err error) {
|
|
issuedAt := time.Now().Unix()
|
|
expiresAt := issuedAt + (gen.accessExpireAfter * 60)
|
|
var freshExpiresAt int64
|
|
if fresh {
|
|
freshExpiresAt = issuedAt + (gen.freshExpireAfter * 60)
|
|
} else {
|
|
freshExpiresAt = issuedAt
|
|
}
|
|
var ttl string
|
|
if rememberMe {
|
|
ttl = "exp"
|
|
} else {
|
|
ttl = "session"
|
|
}
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256,
|
|
jwt.MapClaims{
|
|
"iss": gen.trustedHost,
|
|
"scope": "access",
|
|
"ttl": ttl,
|
|
"jti": uuid.New(),
|
|
"iat": issuedAt,
|
|
"exp": expiresAt,
|
|
"fresh": freshExpiresAt,
|
|
"sub": subjectID,
|
|
})
|
|
|
|
signedToken, err := token.SignedString([]byte(gen.secretKey))
|
|
if err != nil {
|
|
return "", 0, errors.Wrap(err, "token.SignedString")
|
|
}
|
|
return signedToken, expiresAt, nil
|
|
}
|
|
|
|
// Generates a refresh token for the provided user
|
|
func (gen *TokenGenerator) NewRefresh(
|
|
subjectID int,
|
|
rememberMe bool,
|
|
) (tokenStr string, exp int64, err error) {
|
|
issuedAt := time.Now().Unix()
|
|
expiresAt := issuedAt + (gen.refreshExpireAfter * 60)
|
|
var ttl string
|
|
if rememberMe {
|
|
ttl = "exp"
|
|
} else {
|
|
ttl = "session"
|
|
}
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256,
|
|
jwt.MapClaims{
|
|
"iss": gen.trustedHost,
|
|
"scope": "refresh",
|
|
"ttl": ttl,
|
|
"jti": uuid.New(),
|
|
"iat": issuedAt,
|
|
"exp": expiresAt,
|
|
"sub": subjectID,
|
|
})
|
|
|
|
signedToken, err := token.SignedString([]byte(gen.secretKey))
|
|
if err != nil {
|
|
return "", 0, errors.Wrap(err, "token.SignedString")
|
|
}
|
|
return signedToken, expiresAt, nil
|
|
}
|