jwtverify

package
v5.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 7, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrTokenExpired = errors.New("token expired")
	ErrInvalidToken = errors.New("invalid token")
)

Functions

This section is empty.

Types

type BoolValue

type BoolValue struct {
	Value bool `json:"value,omitempty"`
}

BoolValue allows override boolean option.

type ConnectToken

type ConnectToken struct {
	// UserID tells an ID of connecting user.
	UserID string
	// ExpireAt allows setting time in future when connection must be validated.
	// Validation can be server-side using On().Refresh callback or client-side
	// if On().Refresh not set.
	ExpireAt int64
	// Info contains additional information about connection. It will be
	// included into Join/Leave messages, into Alive information, also
	// info becomes a part of published message if it was published from
	// client directly. In some cases having additional info can be an
	// overhead – but you are simply free to not use it.
	Info []byte
	// Meta is custom data to append to a connection. Can be retrieved later
	// for connection inspection. Never sent in a client protocol and accessible
	// from a backend-side only.
	Meta json.RawMessage
	// Subs is a map of channels to subscribe server-side with options.
	Subs map[string]centrifuge.SubscribeOptions
}

type ConnectTokenClaims

type ConnectTokenClaims struct {
	ExpireAt   *int64                      `json:"expire_at,omitempty"`
	Info       json.RawMessage             `json:"info,omitempty"`
	Base64Info string                      `json:"b64info,omitempty"`
	Channels   []string                    `json:"channels,omitempty"`
	Subs       map[string]SubscribeOptions `json:"subs,omitempty"`
	Meta       json.RawMessage             `json:"meta,omitempty"`
	// Channel must never be set in connection tokens. We check this on verifying.
	Channel string `json:"channel,omitempty"`
	jwt.RegisteredClaims
}

type Decoder

type Decoder struct{}

func (*Decoder) DecodeConnectClaims

func (d *Decoder) DecodeConnectClaims(data []byte) (*ConnectTokenClaims, error)

func (*Decoder) DecodeSubscribeClaims

func (d *Decoder) DecodeSubscribeClaims(data []byte) (*SubscribeTokenClaims, error)

type SubscribeOptionOverride

type SubscribeOptionOverride struct {
	// Presence turns on participating in channel presence.
	Presence *BoolValue `json:"presence,omitempty"`
	// JoinLeave enables sending Join and Leave messages for this client in channel.
	JoinLeave *BoolValue `json:"join_leave,omitempty"`
	// ForcePushJoinLeave forces sending join/leave for this client.
	ForcePushJoinLeave *BoolValue `json:"force_push_join_leave,omitempty"`
	// ForcePositioning on says that client will additionally sync its position inside
	// a stream to prevent message loss. Make sure you are enabling ForcePositioning in channels
	// that maintain Publication history stream. When ForcePositioning is on  Centrifuge will
	// include StreamPosition information to subscribe response - for a client to be able
	// to manually track its position inside a stream.
	ForcePositioning *BoolValue `json:"force_positioning,omitempty"`
	// ForceRecovery turns on recovery option for a channel. In this case client will try to
	// recover missed messages automatically upon resubscribe to a channel after reconnect
	// to a server. This option also enables client position tracking inside a stream
	// (like ForcePositioning option) to prevent occasional message loss. Make sure you are using
	// ForceRecovery in channels that maintain Publication history stream.
	ForceRecovery *BoolValue `json:"force_recovery,omitempty"`
}

SubscribeOptionOverride to override configured behaviour of subscriptions.

type SubscribeOptions

type SubscribeOptions struct {
	// Info defines custom channel information, zero value means no channel information.
	Info json.RawMessage `json:"info,omitempty"`
	// Base64Info is like Info but for binary.
	Base64Info string `json:"b64info,omitempty"`
	// Data to send to a client with Subscribe Push.
	Data json.RawMessage `json:"data,omitempty"`
	// Base64Data is like Data but for binary data.
	Base64Data string `json:"b64data,omitempty"`
	// Override channel options can contain channel options overrides.
	Override *SubscribeOptionOverride `json:"override,omitempty"`
}

SubscribeOptions define per-subscription options.

type SubscribeToken

type SubscribeToken struct {
	// UserID tells an ID of subscribing user.
	UserID string
	// Channel client wants to subscribe. Will be compared with channel in
	// subscribe command.
	Channel string
	// Client is a deprecated claim for compatibility with Centrifugo v3.
	Client string
	// Options for subscription.
	Options centrifuge.SubscribeOptions
}

type SubscribeTokenClaims

type SubscribeTokenClaims struct {
	jwt.RegisteredClaims
	SubscribeOptions
	Channel  string `json:"channel,omitempty"`
	Client   string `json:"client,omitempty"`
	ExpireAt *int64 `json:"expire_at,omitempty"`
}

type Verifier

type Verifier interface {
	VerifyConnectToken(token string) (ConnectToken, error)
	VerifySubscribeToken(token string) (SubscribeToken, error)
}

type VerifierConfig

type VerifierConfig struct {
	// HMACSecretKey is a secret key used to validate connection and subscription
	// tokens generated using HMAC. Zero value means that HMAC tokens won't be allowed.
	HMACSecretKey string

	// RSAPublicKey is a public key used to validate connection and subscription
	// tokens generated using RSA. Zero value means that RSA tokens won't be allowed.
	RSAPublicKey *rsa.PublicKey

	// ECDSAPublicKey is a public key used to validate connection and subscription
	// tokens generated using ECDSA. Zero value means that ECDSA tokens won't be allowed.
	ECDSAPublicKey *ecdsa.PublicKey

	// JWKSPublicEndpoint is a public url used to validate connection and subscription
	// tokens generated using rotating RSA public keys. Zero value means that JSON Web Key Sets
	// extension won't be used.
	JWKSPublicEndpoint string

	// Audience when set will enable audience token check. See
	// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3.
	Audience string

	// AudienceRegex allows setting Audience in form of Go language regex pattern. Regex groups
	// may be then used in constructing JWKSPublicEndpoint.
	AudienceRegex string

	// Issuer when set will enable a check that token issuer matches configured string.
	// See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1.
	Issuer string

	// IssuerRegex allows setting Issuer in form of Go language regex pattern. Regex groups
	// may be then used in constructing JWKSPublicEndpoint.
	IssuerRegex string
}

func (VerifierConfig) Validate

func (c VerifierConfig) Validate() error

type VerifierJWT

type VerifierJWT struct {
	// contains filtered or unexported fields
}

func NewTokenVerifierJWT

func NewTokenVerifierJWT(config VerifierConfig, ruleContainer *rule.Container) (*VerifierJWT, error)

func (*VerifierJWT) Reload

func (verifier *VerifierJWT) Reload(config VerifierConfig) error

func (*VerifierJWT) VerifyConnectToken

func (verifier *VerifierJWT) VerifyConnectToken(t string) (ConnectToken, error)

func (*VerifierJWT) VerifySubscribeToken

func (verifier *VerifierJWT) VerifySubscribeToken(t string) (SubscribeToken, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL