mirror of
https://github.com/harness/drone.git
synced 2025-05-06 13:11:55 +08:00
8c2f900c80
This change introduces the concept of a principal (abstraction of call identity), and adds a new service account type principal. Also adds support for different tokens (session, PAT, SAT, OAuth2) and adds auth.Session which is being used to capture information about the caller and call method.
112 lines
2.8 KiB
Go
112 lines
2.8 KiB
Go
// Copyright 2021 Harness Inc. All rights reserved.
|
|
// Use of this source code is governed by the Polyform Free Trial License
|
|
// that can be found in the LICENSE.md file for this repository.
|
|
|
|
package token
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/harness/gitness/internal/store"
|
|
"github.com/harness/gitness/types"
|
|
"github.com/harness/gitness/types/enum"
|
|
)
|
|
|
|
const (
|
|
userTokenLifeTime time.Duration = 24 * time.Hour // 1 day.
|
|
oathTokenLifeTime time.Duration = 30 * time.Minute // 30 min.
|
|
)
|
|
|
|
func CreateUserSession(ctx context.Context, tokenStore store.TokenStore,
|
|
user *types.User, name string) (*types.Token, string, error) {
|
|
principal := types.PrincipalFromUser(user)
|
|
return Create(
|
|
ctx,
|
|
tokenStore,
|
|
enum.TokenTypeSession,
|
|
principal,
|
|
principal,
|
|
name,
|
|
userTokenLifeTime,
|
|
enum.AccessGrantAll,
|
|
)
|
|
}
|
|
|
|
func CreatePAT(ctx context.Context, tokenStore store.TokenStore,
|
|
createdBy *types.Principal, createdFor *types.User,
|
|
name string, lifeTime time.Duration, grants enum.AccessGrant) (*types.Token, string, error) {
|
|
return Create(
|
|
ctx,
|
|
tokenStore,
|
|
enum.TokenTypePAT,
|
|
createdBy,
|
|
types.PrincipalFromUser(createdFor),
|
|
name,
|
|
lifeTime,
|
|
grants,
|
|
)
|
|
}
|
|
|
|
func CreateSAT(ctx context.Context, tokenStore store.TokenStore,
|
|
createdBy *types.Principal, createdFor *types.ServiceAccount,
|
|
name string, lifeTime time.Duration, grants enum.AccessGrant) (*types.Token, string, error) {
|
|
return Create(
|
|
ctx,
|
|
tokenStore,
|
|
enum.TokenTypeSAT,
|
|
createdBy,
|
|
types.PrincipalFromServiceAccount(createdFor),
|
|
name,
|
|
lifeTime,
|
|
grants,
|
|
)
|
|
}
|
|
|
|
func CreateOAuth(ctx context.Context, tokenStore store.TokenStore,
|
|
createdBy *types.Principal, createdFor *types.User,
|
|
name string, grants enum.AccessGrant) (*types.Token, string, error) {
|
|
return Create(
|
|
ctx,
|
|
tokenStore,
|
|
enum.TokenTypeOAuth2,
|
|
createdBy,
|
|
types.PrincipalFromUser(createdFor),
|
|
name,
|
|
oathTokenLifeTime,
|
|
grants,
|
|
)
|
|
}
|
|
|
|
func Create(ctx context.Context, tokenStore store.TokenStore,
|
|
tokenType enum.TokenType, createdBy *types.Principal, createdFor *types.Principal,
|
|
name string, lifeTime time.Duration, grants enum.AccessGrant) (*types.Token, string, error) {
|
|
issuedAt := time.Now()
|
|
expiresAt := issuedAt.Add(lifeTime)
|
|
|
|
// create db entry first so we get the id.
|
|
token := types.Token{
|
|
Type: tokenType,
|
|
Name: name,
|
|
PrincipalID: createdFor.ID,
|
|
IssuedAt: issuedAt.UnixMilli(),
|
|
ExpiresAt: expiresAt.UnixMilli(),
|
|
Grants: grants,
|
|
CreatedBy: createdBy.ID,
|
|
}
|
|
|
|
err := tokenStore.Create(ctx, &token)
|
|
if err != nil {
|
|
return nil, "", fmt.Errorf("failed to store token in db: %w", err)
|
|
}
|
|
|
|
// create jwt token.
|
|
jwtToken, err := GenerateJWTForToken(&token, createdFor.Salt)
|
|
if err != nil {
|
|
return nil, "", fmt.Errorf("failed to create jwt token: %w", err)
|
|
}
|
|
|
|
return &token, jwtToken, nil
|
|
}
|