2021-03-31 16:58:42 +00:00
|
|
|
package tokens
|
2021-01-25 14:26:08 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2021-03-30 22:46:33 +00:00
|
|
|
"context"
|
2021-01-25 14:26:08 +00:00
|
|
|
"encoding/base64"
|
2021-04-29 15:32:01 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
2021-01-25 14:26:08 +00:00
|
|
|
|
2023-03-07 14:08:53 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
|
2021-01-25 14:26:08 +00:00
|
|
|
"github.com/valyala/fasthttp"
|
|
|
|
)
|
|
|
|
|
|
|
|
type fromHandler = func(h *fasthttp.RequestHeader) []byte
|
|
|
|
|
2021-02-16 15:20:15 +00:00
|
|
|
const (
|
|
|
|
bearerTokenHdr = "Bearer"
|
|
|
|
bearerTokenKey = "__context_bearer_token_key"
|
|
|
|
)
|
2021-01-25 14:26:08 +00:00
|
|
|
|
|
|
|
// BearerToken usage:
|
|
|
|
//
|
2021-03-30 22:46:33 +00:00
|
|
|
// if err = storeBearerToken(ctx); err != nil {
|
2021-01-25 14:26:08 +00:00
|
|
|
// log.Error("could not fetch bearer token", zap.Error(err))
|
|
|
|
// c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
|
|
|
|
// return
|
|
|
|
// }
|
|
|
|
|
2022-04-21 08:35:57 +00:00
|
|
|
// BearerTokenFromHeader extracts a bearer token from Authorization request header.
|
2021-03-31 16:58:42 +00:00
|
|
|
func BearerTokenFromHeader(h *fasthttp.RequestHeader) []byte {
|
2021-01-25 14:26:08 +00:00
|
|
|
auth := h.Peek(fasthttp.HeaderAuthorization)
|
2021-02-16 15:20:15 +00:00
|
|
|
if auth == nil || !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) {
|
2021-01-25 14:26:08 +00:00
|
|
|
return nil
|
|
|
|
}
|
2021-02-16 15:20:15 +00:00
|
|
|
if auth = bytes.TrimPrefix(auth, []byte(bearerTokenHdr+" ")); len(auth) == 0 {
|
2021-01-25 14:26:08 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return auth
|
|
|
|
}
|
|
|
|
|
2022-04-21 08:35:57 +00:00
|
|
|
// BearerTokenFromCookie extracts a bearer token from cookies.
|
2021-03-31 16:58:42 +00:00
|
|
|
func BearerTokenFromCookie(h *fasthttp.RequestHeader) []byte {
|
2021-02-16 15:20:15 +00:00
|
|
|
auth := h.Cookie(bearerTokenHdr)
|
2021-01-25 14:26:08 +00:00
|
|
|
if len(auth) == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return auth
|
|
|
|
}
|
|
|
|
|
2022-04-21 08:35:57 +00:00
|
|
|
// StoreBearerToken extracts a bearer token from the header or cookie and stores
|
2021-05-13 12:22:03 +00:00
|
|
|
// it in the request context.
|
2021-03-31 16:58:42 +00:00
|
|
|
func StoreBearerToken(ctx *fasthttp.RequestCtx) error {
|
2021-02-16 15:20:15 +00:00
|
|
|
tkn, err := fetchBearerToken(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// This is an analog of context.WithValue.
|
|
|
|
ctx.SetUserValue(bearerTokenKey, tkn)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2023-05-05 08:19:35 +00:00
|
|
|
// StoreBearerTokenAppCtx extracts a bearer token from the header or cookie and stores
|
|
|
|
// it in the application context.
|
|
|
|
func StoreBearerTokenAppCtx(ctx *fasthttp.RequestCtx, appCtx context.Context) (context.Context, error) {
|
|
|
|
tkn, err := fetchBearerToken(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
newCtx := context.WithValue(appCtx, bearerTokenKey, tkn)
|
|
|
|
return newCtx, nil
|
|
|
|
}
|
|
|
|
|
2022-04-21 08:35:57 +00:00
|
|
|
// LoadBearerToken returns a bearer token stored in the context given (if it's
|
2021-05-13 12:22:03 +00:00
|
|
|
// present there).
|
2022-04-19 15:46:51 +00:00
|
|
|
func LoadBearerToken(ctx context.Context) (*bearer.Token, error) {
|
|
|
|
if tkn, ok := ctx.Value(bearerTokenKey).(*bearer.Token); ok && tkn != nil {
|
2021-03-31 16:58:42 +00:00
|
|
|
return tkn, nil
|
|
|
|
}
|
|
|
|
return nil, errors.New("found empty bearer token")
|
|
|
|
}
|
|
|
|
|
2022-04-19 15:46:51 +00:00
|
|
|
func fetchBearerToken(ctx *fasthttp.RequestCtx) (*bearer.Token, error) {
|
2021-01-25 14:26:08 +00:00
|
|
|
// ignore empty value
|
|
|
|
if ctx == nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
var (
|
|
|
|
lastErr error
|
|
|
|
|
|
|
|
buf []byte
|
2022-04-19 15:46:51 +00:00
|
|
|
tkn = new(bearer.Token)
|
2021-01-25 14:26:08 +00:00
|
|
|
)
|
2021-03-31 16:58:42 +00:00
|
|
|
for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
|
2021-01-25 14:26:08 +00:00
|
|
|
if buf = parse(&ctx.Request.Header); buf == nil {
|
|
|
|
continue
|
|
|
|
} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {
|
2021-04-29 15:32:01 +00:00
|
|
|
lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
|
2021-01-25 14:26:08 +00:00
|
|
|
continue
|
|
|
|
} else if err = tkn.Unmarshal(data); err != nil {
|
2021-04-29 15:32:01 +00:00
|
|
|
lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
|
2021-01-25 14:26:08 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
return tkn, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, lastErr
|
|
|
|
}
|