-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdecoder.go
122 lines (109 loc) · 2.83 KB
/
decoder.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package jwt
import (
"crypto/subtle"
"encoding/base64"
"encoding/json"
"strings"
)
type Decoder struct {
secret func(id string) []byte
algorithms map[string]Algorithm
validators []Validator
}
func NewDecoder(options ...DecoderOption) *Decoder {
this := &Decoder{algorithms: map[string]Algorithm{}}
this.setOptions(options)
this.setDefaultOptions()
return this
}
func (this *Decoder) setOptions(options []DecoderOption) {
for _, option := range options {
option(this)
}
}
func (this *Decoder) setDefaultOptions() {
this.setDefaultValidator()
this.setDefaultSecretCallback()
this.setDefaultAlgorithm()
}
func (this *Decoder) setDefaultAlgorithm() {
if len(this.algorithms) == 0 {
WithDecodingAlgorithm(HS256{})(this)
}
}
func (this *Decoder) setDefaultSecretCallback() {
if this.secret == nil {
WithDecodingSecrets(noSecret)(this)
}
}
func (this *Decoder) setDefaultValidator() {
if len(this.validators) == 0 {
WithDecodingValidator(NewDefaultValidator())(this)
}
}
func (this Decoder) Decode(token string, claims interface{}) error {
payloadBytes, err := this.parseToken(token)
if err != nil {
return err
}
if err = deserializeClaims(payloadBytes, claims); err != nil {
return err
}
return this.validateClaims(claims)
}
func (this Decoder) validateClaims(claims interface{}) error {
for _, validator := range this.validators {
if err := validator.Validate(claims); err != nil {
return err
}
}
return nil
}
func (this *Decoder) parseToken(token string) ([]byte, error) {
segments := strings.Split(token, ".")
if len(segments) != 3 {
return nil, SegmentCountErr
}
var header headers
if err := unmarshalHeader(segments[0], &header); err != nil {
return nil, err
}
if err := this.validateSignature(header, segments); err != nil {
return nil, err
}
return base64Decode(segments[1])
}
func unmarshalHeader(data string, header *headers) error {
headerBytes, err := base64Decode(data)
if err != nil {
return MalformedHeaderErr
}
if json.Unmarshal(headerBytes, header) != nil {
return MalformedHeaderContentErr
}
return nil
}
func (this *Decoder) validateSignature(header headers, segments []string) error {
algorithm, found := this.algorithms[header.Algorithm]
if !found {
return UnrecognizedAlgorithmErr
}
providedSignature, err := base64Decode(segments[2])
if err != nil {
return MalformedSignatureErr
}
computedSignature := algorithm.ComputeHash([]byte(segments[0]+"."+segments[1]), this.secret(header.KeyID))
if subtle.ConstantTimeCompare(providedSignature, computedSignature) != 1 {
return UnrecognizedSignatureErr
}
return nil
}
func deserializeClaims(payload []byte, claims interface{}) error {
if json.Unmarshal(payload, &claims) != nil {
return MalformedPayloadContentErr
}
return nil
}
func base64Decode(value string) ([]byte, error) {
return base64.RawURLEncoding.DecodeString(value)
}