summaryrefslogtreecommitdiff
path: root/vendor/code.superseriousbusiness.org/oauth2/v4/generates
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/code.superseriousbusiness.org/oauth2/v4/generates')
-rw-r--r--vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go38
-rw-r--r--vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go30
-rw-r--r--vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go104
3 files changed, 172 insertions, 0 deletions
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go
new file mode 100644
index 000000000..972b5dce1
--- /dev/null
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/access.go
@@ -0,0 +1,38 @@
+package generates
+
+import (
+ "bytes"
+ "context"
+ "encoding/base64"
+ "strconv"
+ "strings"
+
+ "code.superseriousbusiness.org/oauth2/v4"
+ "github.com/google/uuid"
+)
+
+// NewAccessGenerate create to generate the access token instance
+func NewAccessGenerate() *AccessGenerate {
+ return &AccessGenerate{}
+}
+
+// AccessGenerate generate the access token
+type AccessGenerate struct {
+}
+
+// Token based on the UUID generated token
+func (ag *AccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) {
+ buf := bytes.NewBufferString(data.Client.GetID())
+ buf.WriteString(data.UserID)
+ buf.WriteString(strconv.FormatInt(data.CreateAt.UnixNano(), 10))
+
+ access := base64.URLEncoding.EncodeToString([]byte(uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
+ access = strings.ToUpper(strings.TrimRight(access, "="))
+ refresh := ""
+ if isGenRefresh {
+ refresh = base64.URLEncoding.EncodeToString([]byte(uuid.NewSHA1(uuid.Must(uuid.NewRandom()), buf.Bytes()).String()))
+ refresh = strings.ToUpper(strings.TrimRight(refresh, "="))
+ }
+
+ return access, refresh, nil
+}
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go
new file mode 100644
index 000000000..9d8f3fb45
--- /dev/null
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/authorize.go
@@ -0,0 +1,30 @@
+package generates
+
+import (
+ "bytes"
+ "context"
+ "encoding/base64"
+ "strings"
+
+ "code.superseriousbusiness.org/oauth2/v4"
+ "github.com/google/uuid"
+)
+
+// NewAuthorizeGenerate create to generate the authorize code instance
+func NewAuthorizeGenerate() *AuthorizeGenerate {
+ return &AuthorizeGenerate{}
+}
+
+// AuthorizeGenerate generate the authorize code
+type AuthorizeGenerate struct{}
+
+// Token based on the UUID generated token
+func (ag *AuthorizeGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic) (string, error) {
+ buf := bytes.NewBufferString(data.Client.GetID())
+ buf.WriteString(data.UserID)
+ token := uuid.NewMD5(uuid.Must(uuid.NewRandom()), buf.Bytes())
+ code := base64.URLEncoding.EncodeToString([]byte(token.String()))
+ code = strings.ToUpper(strings.TrimRight(code, "="))
+
+ return code, nil
+}
diff --git a/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
new file mode 100644
index 000000000..57c2950f0
--- /dev/null
+++ b/vendor/code.superseriousbusiness.org/oauth2/v4/generates/jwt_access.go
@@ -0,0 +1,104 @@
+package generates
+
+import (
+ "context"
+ "encoding/base64"
+ "strings"
+ "time"
+
+ "code.superseriousbusiness.org/oauth2/v4"
+ "code.superseriousbusiness.org/oauth2/v4/errors"
+ "github.com/golang-jwt/jwt"
+ "github.com/google/uuid"
+)
+
+// JWTAccessClaims jwt claims
+type JWTAccessClaims struct {
+ jwt.StandardClaims
+}
+
+// Valid claims verification
+func (a *JWTAccessClaims) Valid() error {
+ if time.Unix(a.ExpiresAt, 0).Before(time.Now()) {
+ return errors.ErrInvalidAccessToken
+ }
+ return nil
+}
+
+// NewJWTAccessGenerate create to generate the jwt access token instance
+func NewJWTAccessGenerate(kid string, key []byte, method jwt.SigningMethod) *JWTAccessGenerate {
+ return &JWTAccessGenerate{
+ SignedKeyID: kid,
+ SignedKey: key,
+ SignedMethod: method,
+ }
+}
+
+// JWTAccessGenerate generate the jwt access token
+type JWTAccessGenerate struct {
+ SignedKeyID string
+ SignedKey []byte
+ SignedMethod jwt.SigningMethod
+}
+
+// Token based on the UUID generated token
+func (a *JWTAccessGenerate) Token(ctx context.Context, data *oauth2.GenerateBasic, isGenRefresh bool) (string, string, error) {
+ claims := &JWTAccessClaims{
+ StandardClaims: jwt.StandardClaims{
+ Audience: data.Client.GetID(),
+ Subject: data.UserID,
+ ExpiresAt: data.TokenInfo.GetAccessCreateAt().Add(data.TokenInfo.GetAccessExpiresIn()).Unix(),
+ },
+ }
+
+ token := jwt.NewWithClaims(a.SignedMethod, claims)
+ if a.SignedKeyID != "" {
+ token.Header["kid"] = a.SignedKeyID
+ }
+ var key interface{}
+ if a.isEs() {
+ v, err := jwt.ParseECPrivateKeyFromPEM(a.SignedKey)
+ if err != nil {
+ return "", "", err
+ }
+ key = v
+ } else if a.isRsOrPS() {
+ v, err := jwt.ParseRSAPrivateKeyFromPEM(a.SignedKey)
+ if err != nil {
+ return "", "", err
+ }
+ key = v
+ } else if a.isHs() {
+ key = a.SignedKey
+ } else {
+ return "", "", errors.New("unsupported sign method")
+ }
+
+ access, err := token.SignedString(key)
+ if err != nil {
+ return "", "", err
+ }
+ refresh := ""
+
+ if isGenRefresh {
+ t := uuid.NewSHA1(uuid.Must(uuid.NewRandom()), []byte(access)).String()
+ refresh = base64.URLEncoding.EncodeToString([]byte(t))
+ refresh = strings.ToUpper(strings.TrimRight(refresh, "="))
+ }
+
+ return access, refresh, nil
+}
+
+func (a *JWTAccessGenerate) isEs() bool {
+ return strings.HasPrefix(a.SignedMethod.Alg(), "ES")
+}
+
+func (a *JWTAccessGenerate) isRsOrPS() bool {
+ isRs := strings.HasPrefix(a.SignedMethod.Alg(), "RS")
+ isPs := strings.HasPrefix(a.SignedMethod.Alg(), "PS")
+ return isRs || isPs
+}
+
+func (a *JWTAccessGenerate) isHs() bool {
+ return strings.HasPrefix(a.SignedMethod.Alg(), "HS")
+}
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-02 10:09:04 +0000