summaryrefslogtreecommitdiffstats
path: root/services/packages/auth.go
diff options
context:
space:
mode:
Diffstat (limited to 'services/packages/auth.go')
-rw-r--r--services/packages/auth.go66
1 files changed, 66 insertions, 0 deletions
diff --git a/services/packages/auth.go b/services/packages/auth.go
new file mode 100644
index 0000000000..50212fccfd
--- /dev/null
+++ b/services/packages/auth.go
@@ -0,0 +1,66 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package packages
+
+import (
+ "fmt"
+ "net/http"
+ "strings"
+ "time"
+
+ user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/setting"
+
+ "github.com/golang-jwt/jwt/v4"
+)
+
+type packageClaims struct {
+ jwt.RegisteredClaims
+ UserID int64
+}
+
+func CreateAuthorizationToken(u *user_model.User) (string, error) {
+ now := time.Now()
+
+ claims := packageClaims{
+ RegisteredClaims: jwt.RegisteredClaims{
+ ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
+ NotBefore: jwt.NewNumericDate(now),
+ },
+ UserID: u.ID,
+ }
+ token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+
+ tokenString, err := token.SignedString([]byte(setting.SecretKey))
+ if err != nil {
+ return "", err
+ }
+
+ return tokenString, nil
+}
+
+func ParseAuthorizationToken(req *http.Request) (int64, error) {
+ parts := strings.SplitN(req.Header.Get("Authorization"), " ", 2)
+ if len(parts) != 2 {
+ return 0, fmt.Errorf("no token")
+ }
+
+ token, err := jwt.ParseWithClaims(parts[1], &packageClaims{}, func(t *jwt.Token) (interface{}, error) {
+ if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
+ return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
+ }
+ return []byte(setting.SecretKey), nil
+ })
+ if err != nil {
+ return 0, err
+ }
+
+ c, ok := token.Claims.(*packageClaims)
+ if !token.Valid || !ok {
+ return 0, fmt.Errorf("invalid token claim")
+ }
+
+ return c.UserID, nil
+}