GO-2024-2648: Server/API for Vela Insecure Variable Substitution in github.com/go-vela/server

token

package

v0.22.2 Latest Latest Go to latest Published: Nov 16, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-vela/server

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Claims ¶

type Claims struct {
	BuildID   int64  `json:"build_id"`
	IsActive  bool   `json:"is_active"`
	IsAdmin   bool   `json:"is_admin"`
	Repo      string `json:"repo"`
	TokenType string `json:"token_type"`
	jwt.RegisteredClaims
}

Claims struct is an extension of the JWT standard claims. It includes information about the user.

type Manager ¶

type Manager struct {
	// PrivateKey key used to sign tokens
	PrivateKey string

	// SignMethod method to sign tokens
	SignMethod jwt.SigningMethod

	// UserAccessTokenDuration specifies the token duration to use for users
	UserAccessTokenDuration time.Duration

	// UserRefreshTokenDuration specifies the token duration for user refresh
	UserRefreshTokenDuration time.Duration

	// BuildTokenBufferDuration specifies the additional token duration of build tokens beyond repo timeout
	BuildTokenBufferDuration time.Duration

	// WorkerAuthTokenDuration specifies the token duration for worker auth (check in)
	WorkerAuthTokenDuration time.Duration

	// WorkerRegisterTokenDuration specifies the token duration for worker register
	WorkerRegisterTokenDuration time.Duration
}

func (*Manager) Compose ¶

func (tm *Manager) Compose(c *gin.Context, u *library.User) (string, string, error)

Compose generates a refresh and access token pair unique to the provided user and sets a secure cookie. It uses the user's hash to sign the token. to guarantee the signature is unique per token. The refresh token is returned to store with the user in the database.

func (*Manager) MintToken ¶

func (tm *Manager) MintToken(mto *MintTokenOpts) (string, error)

MintToken mints a Vela JWT Token given a set of options.

func (*Manager) ParseToken ¶

func (tm *Manager) ParseToken(token string) (*Claims, error)

ParseToken scans the signed JWT token as a string and extracts the user login from the claims to be looked up in the database. This function will return an error for a few different reasons:

* the token signature doesn't match what is expected * the token signing method doesn't match what is expected * the token is invalid (potentially expired or improper).

func (*Manager) Refresh ¶

func (tm *Manager) Refresh(c *gin.Context, refreshToken string) (string, error)

Refresh returns a new access token, if the provided refreshToken is valid.

type MintTokenOpts ¶

type MintTokenOpts struct {
	BuildID       int64
	Hostname      string
	Repo          string
	TokenDuration time.Duration
	TokenType     string
	User          *library.User
}

MintTokenOpts is a type to inform the token minter how to construct the token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL