-
Notifications
You must be signed in to change notification settings - Fork 0
/
issuance.go
123 lines (108 loc) · 3.27 KB
/
issuance.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package main
import (
"context"
"encoding/json"
"fmt"
"log"
"net/http"
"slices"
"time"
"github.com/kataras/jwt"
"go.mongodb.org/mongo-driver/bson"
)
func issuance(w http.ResponseWriter, r *http.Request) {
uuid := r.URL.Query().Get("uuid")
name := r.URL.Query().Get("name")
token := r.URL.Query().Get("token")
currentTime := time.Now()
result := IssuanceResult{"", ""}
log.Println("Received request: ", r.URL)
if uuid != "" {
var user User
err := collection.FindOne(context.TODO(), bson.D{{Key: "uuid", Value: uuid}}).Decode(&user)
if err != nil {
errorMessage := "User does not exist"
http.Error(w, errorMessage, http.StatusForbidden)
result.Error = errorMessage
log.Println(errorMessage, err)
} else {
signedToken, err := jwt.Sign(jwt.HS256, []byte(jwtKey), map[string]interface{}{
"uuid": user.Uuid,
"tags": user.Tags,
"moderator": slices.Contains(user.Tags, "admin"),
"exp": currentTime.Unix() + 60*60*24,
"nbf": currentTime.Unix() - 10,
"iat": currentTime.Unix(),
})
if err != nil {
errorMessage := "Could not sign authentication token"
log.Println(errorMessage, err)
http.Error(w, errorMessage, http.StatusInternalServerError)
result.Error = errorMessage
} else {
result.Token = string(signedToken)
}
}
} else if name != "" && token != "" {
verifiedToken, err := jwt.Verify(jwt.HS256, []byte(jwtKey), []byte(token))
if err != nil {
errorMessage := "Could not verify provided token"
http.Error(w, errorMessage, http.StatusBadRequest)
log.Println(errorMessage, err)
} else {
var claims RulesCustomClaims
err = verifiedToken.Claims(&claims)
if err != nil {
errorMessage := "Could not fetch claims"
http.Error(w, errorMessage, http.StatusInternalServerError)
log.Println(errorMessage, err)
} else {
isModerator := decide("jitsiModerator", claims)
signedToken, err := jwt.Sign(jwt.HS256, []byte(jitsiKey), map[string]interface{}{
"context": map[string]interface{}{
"user": map[string]interface{}{
"id": jitsiId,
"name": name,
},
},
"nbf": currentTime.Unix() - 10,
"aud": "jitsi",
"iss": jitsiIssuer,
"room": "*",
"moderator": isModerator,
"sub": jitsiUrl,
"iat": currentTime.Unix(),
"exp": currentTime.Unix() + 60,
})
jitsiId += 1
if err != nil {
errorMessage := "Could not sign new token"
log.Println(errorMessage, err)
http.Error(w, errorMessage, http.StatusInternalServerError)
} else {
if slices.Contains(claims.Tags, "exam") {
signedToken = []byte("")
}
/* Set result headers */
result.Token = string(signedToken)
}
}
}
} else {
errorMessage := "No 'uuid || name && token' provided"
http.Error(w, errorMessage, http.StatusBadRequest)
result.Error = errorMessage
}
/* Encode token */
jsonToken, err := json.Marshal(result)
if err != nil {
errorMessage := "Could not encode token"
http.Error(w, errorMessage, http.StatusInternalServerError)
log.Println(errorMessage, err)
} else {
/* Return issued token */
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Content-Type", "application/json")
fmt.Fprint(w, string(jsonToken))
}
}