core/oc-auth
6
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

after test

Browse Source
This commit is contained in:
mr
2024-11-05 10:11:39 +01:00
parent 8b8e5d92d7
commit d229d92b3b
9 changed files with 37 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
infrastructure/claims/hydra_claims.go
View File

@@ -4,12 +4,12 @@ import (
"crypto/sha256"
"encoding/pem"
"errors"
"fmt"
"oc-auth/conf"
"oc-auth/infrastructure/perms_connectors"
"oc-auth/infrastructure/utils"
"os"
"strings"
"time"
"cloud.o-forge.io/core/oc-lib/tools"
)
@@ -75,6 +75,11 @@ func (h HydraClaims) clearBlank(path []string) []string {
return newPath
}
func (a HydraClaims) CheckExpiry(exp int64) bool {
now := time.Now().UTC().Unix()
return now <= exp
}
func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error) {
idTokenClaims := sessionClaims.Session.IDToken
if idTokenClaims["signature"] == nil {
@@ -87,6 +92,9 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
claims := sessionClaims.Session.AccessToken
path := strings.ReplaceAll(forward, "http://"+host, "")
splittedPath := h.clearBlank(strings.Split(path, "/"))
if _, ok := claims["exp"].(float64); !ok || !h.CheckExpiry(int64(claims["exp"].(float64))) {
return false, errors.New("token is expired")
}
for m, p := range claims {
match := true
splittedP := h.clearBlank(strings.Split(p.(string), "/"))
@@ -94,7 +102,6 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str
continue
}
for i, v := range splittedP {
fmt.Println(v, splittedPath[i])
if strings.Contains(v, ":") { // is a param
continue
} else if v != splittedPath[i] {