after test

infrastructure/auth_connector/auth_connector.go

@@ -2,6 +2,7 @@ package auth_connectors
 
 import (
 	"net/http"
+	"oc-auth/conf"
 
 	"cloud.o-forge.io/core/oc-lib/tools"
 )
@@ -18,7 +19,7 @@ type AuthConnector interface {
 type Token struct {
 	Active      bool   `json:"active"`
 	AccessToken string `json:"access_token"`
-	ExpiresIn   int    `json:"expires_in"`
+	ExpiresIn   int64  `json:"expires_in"`
 	TokenType   string `json:"token_type"`
 
 	Username string `json:"username,omitempty"`
@@ -28,3 +29,13 @@ type Token struct {
 type Redirect struct {
 	RedirectTo string `json:"redirect_to"`
 }
+
+var a = map[string]AuthConnector{
+	"hydra": HydraConnector{
+		Caller: tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{}),
+		State:  "12345678", ResponseType: "token", Scopes: "openid profile email roles"}, // base url
+}
+
+func GetAuthConnector() AuthConnector {
+	return a[conf.GetConfig().Auth]
+}

infrastructure/auth_connector/hydra_connector.go

@@ -13,6 +13,7 @@ import (
 	"regexp"
 	"strconv"
 	"strings"
+	"time"
 
 	oclib "cloud.o-forge.io/core/oc-lib"
 	"cloud.o-forge.io/core/oc-lib/models/peer"
@@ -179,8 +180,15 @@ func (a HydraConnector) Login(username string, cookies ...*http.Cookie) (t *Toke
 	if len(pp.Data) == 0 || pp.Code >= 300 || pp.Err != "" {
 		return nil, errors.New("peer not found")
 	}
+	now := time.Now().UTC()
+	now = now.Add(time.Duration(token.ExpiresIn) * time.Second)
+	token.ExpiresIn = now.Unix()
+
 	c := claims.GetClaims().AddClaimsToToken(username, pp.Data[0].(*peer.Peer).Url)
+	c.Session.AccessToken["exp"] = token.ExpiresIn
+
 	b, _ = json.Marshal(c)
+
 	token.AccessToken = strings.ReplaceAll(token.AccessToken, "ory_at_", "") + "." + base64.StdEncoding.EncodeToString(b)
 	token.Active = true
 	return token, nil

infrastructure/claims/hydra_claims.go

@@ -4,12 +4,12 @@ import (
 	"crypto/sha256"
 	"encoding/pem"
 	"errors"
-	"fmt"
 	"oc-auth/conf"
 	"oc-auth/infrastructure/perms_connectors"
 	"oc-auth/infrastructure/utils"
 	"os"
 	"strings"
+	"time"
 
 	"cloud.o-forge.io/core/oc-lib/tools"
 )
@@ -75,6 +75,11 @@ func (h HydraClaims) clearBlank(path []string) []string {
 	return newPath
 }
 
+func (a HydraClaims) CheckExpiry(exp int64) bool {
+	now := time.Now().UTC().Unix()
+	return now <= exp
+}
+
 func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error) {
 	idTokenClaims := sessionClaims.Session.IDToken
 	if idTokenClaims["signature"] == nil {
@@ -87,6 +92,9 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
 	claims := sessionClaims.Session.AccessToken
 	path := strings.ReplaceAll(forward, "http://"+host, "")
 	splittedPath := h.clearBlank(strings.Split(path, "/"))
+	if _, ok := claims["exp"].(float64); !ok || !h.CheckExpiry(int64(claims["exp"].(float64))) {
+		return false, errors.New("token is expired")
+	}
 	for m, p := range claims {
 		match := true
 		splittedP := h.clearBlank(strings.Split(p.(string), "/"))
@@ -94,7 +102,6 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
 			continue
 		}
 		for i, v := range splittedP {
-			fmt.Println(v, splittedPath[i])
 			if strings.Contains(v, ":") { // is a param
 				continue
 			} else if v != splittedPath[i] {

infrastructure/infrastructure.go

@@ -1,22 +1,13 @@
 package infrastructure
 
 import (
-	"oc-auth/conf"
 	auth_connectors "oc-auth/infrastructure/auth_connector"
 	"oc-auth/infrastructure/claims"
 	"oc-auth/infrastructure/perms_connectors"
-
-	"cloud.o-forge.io/core/oc-lib/tools"
 )
 
-var a = map[string]auth_connectors.AuthConnector{
-	"hydra": auth_connectors.HydraConnector{
-		Caller: tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{}),
-		State:  "12345678", ResponseType: "token", Scopes: "openid profile email roles"}, // base url
-}
-
 func GetAuthConnector() auth_connectors.AuthConnector {
-	return a[conf.GetConfig().Auth]
+	return auth_connectors.GetAuthConnector()
 }
 
 func GetPermissionConnector() perms_connectors.PermConnector {