|
|
|
@ -23,8 +23,8 @@ func NewToken() *Token {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TokenFromString(token string) *Token {
|
|
|
|
|
parts := strings.SplitN(token, ".", 3)
|
|
|
|
|
func TokenFromString(tokenAsString string) *Token {
|
|
|
|
|
parts := strings.SplitN(tokenAsString, ".", 3)
|
|
|
|
|
if len(parts) != 3 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
@ -33,7 +33,7 @@ func TokenFromString(token string) *Token {
|
|
|
|
|
headerData, _ := base64.RawURLEncoding.DecodeString(parts[0])
|
|
|
|
|
json.Unmarshal(headerData, &header)
|
|
|
|
|
|
|
|
|
|
var claims map[string]interface{}
|
|
|
|
|
var claims map[string]any
|
|
|
|
|
claimsData, _ := base64.RawURLEncoding.DecodeString(parts[1])
|
|
|
|
|
json.Unmarshal(claimsData, &claims)
|
|
|
|
|
|
|
|
|
@ -70,7 +70,7 @@ func (t Token) Claim(key string) any {
|
|
|
|
|
return t.claims[key]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (t Token) Validate(secret []byte, conditions ClaimSet) error {
|
|
|
|
|
func (t Token) Validate(secret []byte, conditions []Condition) error {
|
|
|
|
|
if !bytes.Equal(t.sign(secret), t.signature) {
|
|
|
|
|
return ErrSignatureInvalid
|
|
|
|
|
}
|
|
|
|
@ -93,11 +93,45 @@ func (t Token) Validate(secret []byte, conditions ClaimSet) error {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for name, value := range conditions {
|
|
|
|
|
if claim, hasClaim := t.claims[name]; hasClaim {
|
|
|
|
|
if claim != value {
|
|
|
|
|
return ErrConditionsDoNotMatch
|
|
|
|
|
//Check extra conditions
|
|
|
|
|
for _, condition := range conditions {
|
|
|
|
|
if claim, hasClaim := t.claims[condition.Key]; hasClaim {
|
|
|
|
|
switch condition.Op {
|
|
|
|
|
case FilterOpEqual:
|
|
|
|
|
if claim == condition.Value {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
case FilterOpNotEqual:
|
|
|
|
|
if claim != condition.Value {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
case FilterOpGreaterThan:
|
|
|
|
|
claimAsNum, claimIsNum := anyToNum(claim)
|
|
|
|
|
conditionAsNum, conditionIsNum := anyToNum(condition.Value)
|
|
|
|
|
if claimIsNum && conditionIsNum && conditionAsNum > claimAsNum {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
case FilterOpLessThan:
|
|
|
|
|
claimAsNum, claimIsNum := anyToNum(claim)
|
|
|
|
|
conditionAsNum, conditionIsNum := anyToNum(condition.Value)
|
|
|
|
|
if claimIsNum && conditionIsNum && conditionAsNum < claimAsNum {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
case FilterOpGreaterOrEqual:
|
|
|
|
|
claimAsNum, claimIsNum := anyToNum(claim)
|
|
|
|
|
conditionAsNum, conditionIsNum := anyToNum(condition.Value)
|
|
|
|
|
if claimIsNum && conditionIsNum && conditionAsNum >= claimAsNum {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
case FilterOpLessOrEqual:
|
|
|
|
|
claimAsNum, claimIsNum := anyToNum(claim)
|
|
|
|
|
conditionAsNum, conditionIsNum := anyToNum(condition.Value)
|
|
|
|
|
if claimIsNum && conditionIsNum && conditionAsNum <= claimAsNum {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ErrConditionsDoNotMatch
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|