diff options
Diffstat (limited to 'cmd/ponzu/vendor/github.com/nilslice')
| m--------- | cmd/ponzu/vendor/github.com/nilslice/jwt | 0 | ||||
| -rw-r--r-- | cmd/ponzu/vendor/github.com/nilslice/jwt/LICENSE | 19 | ||||
| -rw-r--r-- | cmd/ponzu/vendor/github.com/nilslice/jwt/README.md | 43 | ||||
| -rw-r--r-- | cmd/ponzu/vendor/github.com/nilslice/jwt/doc.go | 40 | ||||
| -rw-r--r-- | cmd/ponzu/vendor/github.com/nilslice/jwt/jwt.go | 204 | ||||
| m--------- | cmd/ponzu/vendor/github.com/nilslice/rand | 0 | ||||
| -rw-r--r-- | cmd/ponzu/vendor/github.com/nilslice/rand/README.md | 2 | ||||
| -rw-r--r-- | cmd/ponzu/vendor/github.com/nilslice/rand/rand.go | 38 |
8 files changed, 346 insertions, 0 deletions
diff --git a/cmd/ponzu/vendor/github.com/nilslice/jwt b/cmd/ponzu/vendor/github.com/nilslice/jwt deleted file mode 160000 -Subproject dab3054ad0d56718877715dc429b95302cf4c7d diff --git a/cmd/ponzu/vendor/github.com/nilslice/jwt/LICENSE b/cmd/ponzu/vendor/github.com/nilslice/jwt/LICENSE new file mode 100644 index 0000000..f67119e --- /dev/null +++ b/cmd/ponzu/vendor/github.com/nilslice/jwt/LICENSE @@ -0,0 +1,19 @@ +Copyright (C) 2015 Steve Manuel <stevenhmanuel@gmail.com> + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/cmd/ponzu/vendor/github.com/nilslice/jwt/README.md b/cmd/ponzu/vendor/github.com/nilslice/jwt/README.md new file mode 100644 index 0000000..a384dd1 --- /dev/null +++ b/cmd/ponzu/vendor/github.com/nilslice/jwt/README.md @@ -0,0 +1,43 @@ +# JWT + +### Usage + $ go get github.com/nilslice/jwt + +package jwt provides methods to create and check JSON Web Tokens. It only implements HMAC 256 encryption and has a very small footprint, ideal for simple usage when authorizing clients + +```go + package main + + import ( + auth "github.com/nilslice/jwt" + "fmt" + "net/http" + "strings" + ) + + func main() { + http.HandleFunc("/auth/new", func(res http.ResponseWriter, req *http.Request) { + claims := map[string]interface{}{"exp": time.Now().Add(time.Hour * 24).Unix()} + token, err := auth.New(claims) + if err != nil { + http.Error(res, "Error", 500) + return + } + res.Header().Add("Authorization", "Bearer "+token) + + res.WriteHeader(http.StatusOK) + }) + + http.HandleFunc("/auth", func(res http.ResponseWriter, req *http.Request) { + userToken := strings.Split(req.Header.Get("Authorization"), " ")[1] + + if auth.Passes(userToken) { + fmt.Println("ok") + } else { + fmt.Println("no") + } + }) + + http.ListenAndServe(":8080", nil) + } +``` diff --git a/cmd/ponzu/vendor/github.com/nilslice/jwt/doc.go b/cmd/ponzu/vendor/github.com/nilslice/jwt/doc.go new file mode 100644 index 0000000..aa9a5c8 --- /dev/null +++ b/cmd/ponzu/vendor/github.com/nilslice/jwt/doc.go @@ -0,0 +1,40 @@ +// Package jwt provides methods to create and check JSON Web Tokens (JWT). It only implements HMAC 256 encryption and has a very small footprint, ideal for simple usage when authorizing clients +/* + + package main + + import ( + auth "github.com/nilslice/jwt" + "fmt" + "net/http" + "strings" + "time" + ) + + func main() { + http.HandleFunc("/auth/new", func(res http.ResponseWriter, req *http.Request) { + claims := map[string]interface{}{"exp": time.Now().Add(time.Hour * 24).Unix()} + token, err := auth.New(claims) + if err != nil { + http.Error(res, "Error", 500) + return + } + res.Header().Add("Authorization", "Bearer "+token) + + res.WriteHeader(http.StatusOK) + }) + + http.HandleFunc("/auth", func(res http.ResponseWriter, req *http.Request) { + userToken := strings.Split(req.Header.Get("Authorization"), " ")[1] + + if auth.Passes(userToken) { + fmt.Println("ok") + } else { + fmt.Println("no") + } + }) + + http.ListenAndServe(":8080", nil) + } +*/ +package jwt diff --git a/cmd/ponzu/vendor/github.com/nilslice/jwt/jwt.go b/cmd/ponzu/vendor/github.com/nilslice/jwt/jwt.go new file mode 100644 index 0000000..6d7eaa3 --- /dev/null +++ b/cmd/ponzu/vendor/github.com/nilslice/jwt/jwt.go @@ -0,0 +1,204 @@ +package jwt + +import ( + "crypto/hmac" + "crypto/sha256" + "encoding/base64" + "encoding/json" + "errors" + "fmt" + "strings" +) + +var ( + privateKey = []byte("") + defaultHeader = header{Typ: "JWT", Alg: "HS256"} + registeredClaims = []string{"iss", "sub", "aud", "exp", "nbf", "iat", "jti"} +) + +type header struct { + Typ string `json:"typ"` + Alg string `json:"alg"` +} + +type payload map[string]interface{} + +type encoded struct { + token string +} +type decoded struct { + header string + payload string +} + +type signedDecoded struct { + decoded + signature string +} + +func newEncoded(claims map[string]interface{}) (encoded, error) { + header, err := json.Marshal(defaultHeader) + if err != nil { + return encoded{}, err + } + + for _, claim := range registeredClaims { + if _, ok := claims[claim]; !ok { + claims[claim] = nil + } + } + + payload, err := json.Marshal(claims) + if err != nil { + return encoded{}, err + } + + d := decoded{header: string(header), payload: string(payload)} + + d.encodeInternal() + signed, err := d.sign() + if err != nil { + return encoded{}, err + } + + token := signed.token() + e := encoded{token: token} + return e, nil +} + +func newDecoded(token string) (decoded, error) { + e := encoded{token: token} + d, err := e.parseToken() + if err != nil { + return d, nil + } + + return d, nil +} + +func encodeToString(src []byte) string { + return base64.RawURLEncoding.EncodeToString(src) +} + +func (d decoded) getHeader() []byte { + return []byte(d.header) +} + +func (d decoded) getPayload() []byte { + return []byte(d.payload) +} + +func (sd signedDecoded) getSignature() []byte { + return []byte(sd.signature) +} + +func (d *decoded) encodeInternal() { + d.header = encodeToString(d.getHeader()) + d.payload = encodeToString(d.getPayload()) +} + +func (d decoded) dot(internals ...string) string { + return strings.Join(internals, ".") +} + +func (d *decoded) sign() (signedDecoded, error) { + if d.header == "" || d.payload == "" { + return signedDecoded{}, errors.New("Missing header or payload on Decoded") + } + + unsigned := d.dot(d.header, d.payload) + + hash := hmac.New(sha256.New, privateKey) + _, err := hash.Write([]byte(unsigned)) + if err != nil { + return signedDecoded{}, err + } + + signed := signedDecoded{decoded: *d} + signed.signature = encodeToString(hash.Sum(nil)) + + return signed, nil +} + +func (sd signedDecoded) token() string { + return fmt.Sprintf("%s.%s.%s", sd.getHeader(), sd.getPayload(), sd.getSignature()) +} + +func (sd signedDecoded) verify(enc encoded) bool { + if sd.token() == enc.token { + return true + } + return false +} + +func (e encoded) parseToken() (decoded, error) { + parts := strings.Split(e.token, ".") + if len(parts) != 3 { + return decoded{}, errors.New("Error: incorrect # of results from string parsing") + } + + d := decoded{ + header: parts[0], + payload: parts[1], + } + + return d, nil +} + +// New returns a token (string) and error. The token is a fully qualified JWT to be sent to a client via HTTP Header or other method. Error returned will be from the newEncoded unexported function. +func New(claims map[string]interface{}) (string, error) { + enc, err := newEncoded(claims) + if err != nil { + return "", err + } + + return enc.token, nil +} + +// Passes returns a bool indicating whether a token (string) provided has been signed by our server. If true, the client is authenticated and may proceed. +func Passes(token string) bool { + dec, err := newDecoded(token) + if err != nil { + // may want to log some error here so we have visibility + // intentionally simplifying return type to bool for ease + // of use in API. Caller should only do `if auth.Passes(str) {}` + return false + } + signed, err := dec.sign() + if err != nil { + return false + } + + return signed.verify(encoded{token: token}) +} + +// GetClaims() returns a token's claims, allowing +// you to check the values to make sure they match +func GetClaims(token string) map[string]interface{} { + // decode the token + dec, err := newDecoded(token) + if err != nil { + return nil + } + + // base64 decode payload + payload, err := base64.RawURLEncoding.DecodeString(dec.payload) + if err != nil { + return nil + } + + dst := map[string]interface{}{} + err = json.Unmarshal(payload, &dst) + if err != nil { + return nil + } + + return dst + +} + +// Secret is a helper function to set the unexported privateKey variable used when signing and verifying tokens. +// Its argument is type []byte since we expect users to read this value from a file which can be excluded from source code. +func Secret(key []byte) { + privateKey = key +} diff --git a/cmd/ponzu/vendor/github.com/nilslice/rand b/cmd/ponzu/vendor/github.com/nilslice/rand deleted file mode 160000 -Subproject 7bcefe633d436bb68eb327d81e47c255203a897 diff --git a/cmd/ponzu/vendor/github.com/nilslice/rand/README.md b/cmd/ponzu/vendor/github.com/nilslice/rand/README.md new file mode 100644 index 0000000..89cc36d --- /dev/null +++ b/cmd/ponzu/vendor/github.com/nilslice/rand/README.md @@ -0,0 +1,2 @@ +rand provides a convenient package to use crypto/rand as default +but falls back to math/rand if necessary
\ No newline at end of file diff --git a/cmd/ponzu/vendor/github.com/nilslice/rand/rand.go b/cmd/ponzu/vendor/github.com/nilslice/rand/rand.go new file mode 100644 index 0000000..cbff54a --- /dev/null +++ b/cmd/ponzu/vendor/github.com/nilslice/rand/rand.go @@ -0,0 +1,38 @@ +// rand provides a convenient package to use crypto/rand as default +// but falls back to math/rand if necessary +package rand + +import ( + crand "crypto/rand" + mrand "math/rand" + "time" +) + +var g_mathRand = mrand.New(mrand.NewSource(time.Now().Unix())) + +// Read fills the slice with random bytes +func Read(xs []byte) { + length := len(xs) + n, err := crand.Read(xs) + if n != length || err != nil { + for length > 0 { + length-- + xs[length] = byte(g_mathRand.Int31n(256)) + } + } +} + +// Int63 returns a non-negative 63-bit integer as an int64 +func Int63() int64 { + xs := make([]byte, 8) + var n int64 + + Read(xs) + xs[0] &= 0x7F + for _, x := range xs { + n <<= 4 + n |= int64(x) + } + + return n +} |