ce3b65e6dc
* abcdefghijklmnopqrstuvwxyz * accounting * additional * allowed * almost * already * appropriately * arise * bandwidth * behave * bidirectional * brackets * cached * characters * cloud * committing * concatenating * configured * constructs * current * cutoff * deferred * different * directory * disposition * dropbox * either way * error * excess * experiments * explicitly * externally * files * github * gzipped * hierarchies * huffman * hyphen * implicitly * independent * insensitive * integrity * libraries * literally * metadata * mimics * missing * modification * multipart * multiple * nightmare * nonexistent * number * obscure * ourselves * overridden * potatoes * preexisting * priority * received * remote * replacement * represents * reproducibility * response * satisfies * sensitive * separately * separator * specifying * string * successful * synchronization * syncing * šenfeld * take * temporarily * testcontents * that * the * themselves * throttling * timeout * transaction * transferred * unnecessary * using * webbrowser * which * with * workspace Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
112 lines
3 KiB
Go
112 lines
3 KiB
Go
// Package jwtutil provides JWT utilities.
|
|
package jwtutil
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/rclone/rclone/fs"
|
|
"github.com/rclone/rclone/fs/config/configmap"
|
|
"github.com/rclone/rclone/lib/oauthutil"
|
|
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/jws"
|
|
)
|
|
|
|
// RandomHex creates a random string of the given length
|
|
func RandomHex(n int) (string, error) {
|
|
bytes := make([]byte, n)
|
|
if _, err := rand.Read(bytes); err != nil {
|
|
return "", err
|
|
}
|
|
return hex.EncodeToString(bytes), nil
|
|
}
|
|
|
|
// Config configures rclone using JWT
|
|
func Config(id, name string, claims *jws.ClaimSet, header *jws.Header, queryParams map[string]string, privateKey *rsa.PrivateKey, m configmap.Mapper, client *http.Client) (err error) {
|
|
payload, err := jws.Encode(header, claims, privateKey)
|
|
if err != nil {
|
|
return fmt.Errorf("jwtutil: failed to encode payload: %w", err)
|
|
}
|
|
req, err := http.NewRequest("POST", claims.Aud, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("jwtutil: failed to create new request: %w", err)
|
|
}
|
|
q := req.URL.Query()
|
|
q.Add("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer")
|
|
q.Add("assertion", payload)
|
|
for key, value := range queryParams {
|
|
q.Add(key, value)
|
|
}
|
|
queryString := q.Encode()
|
|
|
|
req, err = http.NewRequest("POST", claims.Aud, bytes.NewBuffer([]byte(queryString)))
|
|
if err != nil {
|
|
return fmt.Errorf("jwtutil: failed to create new request: %w", err)
|
|
}
|
|
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
|
|
|
|
resp, err := client.Do(req)
|
|
if err != nil {
|
|
return fmt.Errorf("jwtutil: failed making auth request: %w", err)
|
|
}
|
|
|
|
s, err := bodyToString(resp.Body)
|
|
if err != nil {
|
|
fs.Debugf(nil, "jwtutil: failed to get response body")
|
|
}
|
|
if resp.StatusCode != 200 {
|
|
err = errors.New(resp.Status)
|
|
return fmt.Errorf("jwtutil: failed making auth request: %w", err)
|
|
}
|
|
defer func() {
|
|
deferredErr := resp.Body.Close()
|
|
if deferredErr != nil {
|
|
err = fmt.Errorf("jwtutil: failed to close resp.Body: %w", err)
|
|
}
|
|
}()
|
|
|
|
result := &response{}
|
|
err = json.NewDecoder(strings.NewReader(s)).Decode(result)
|
|
if result.AccessToken == "" && err == nil {
|
|
err = errors.New("no AccessToken in Response")
|
|
}
|
|
if err != nil {
|
|
return fmt.Errorf("jwtutil: failed to get token: %w", err)
|
|
}
|
|
token := &oauth2.Token{
|
|
AccessToken: result.AccessToken,
|
|
TokenType: result.TokenType,
|
|
}
|
|
e := result.ExpiresIn
|
|
if e != 0 {
|
|
token.Expiry = time.Now().Add(time.Duration(e) * time.Second)
|
|
}
|
|
return oauthutil.PutToken(name, m, token, true)
|
|
}
|
|
|
|
func bodyToString(responseBody io.Reader) (bodyString string, err error) {
|
|
bodyBytes, err := ioutil.ReadAll(responseBody)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
bodyString = string(bodyBytes)
|
|
fs.Debugf(nil, "jwtutil: Response Body: "+bodyString)
|
|
return bodyString, nil
|
|
}
|
|
|
|
type response struct {
|
|
AccessToken string `json:"access_token"`
|
|
TokenType string `json:"token_type"`
|
|
ExpiresIn int `json:"expires_in"`
|
|
}
|