func GetUserFromToken(token string) (*rbac.User, error) { _, err := jwt.Parse(token, func(token *jwt.Token) (interface{}, error) { // Don't forget to validate the alg is what you expect: if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, errors.New("Unexpected signing method") } expiredText, _ := token.Claims["expired"].(string) expiredTime, err := time.Parse(time.RFC3339, expiredText) if err != nil { log.Error("Fail to parse expired time. Token %v error %s", token, err) return nil, err } if expiredTime.Before(time.Now()) { log.Debug("Token is expired. Token %v ", token) return nil, errors.New("Token is expired") } return []byte(signingKey), nil }) if err != nil { return nil, err } else { user := rbac.GetCache(token) if user != nil { return user, nil } else { log.Error("User not in the cache. Token %v", token) return nil, errors.New("User not in the cache") } } }
func getCache(token string) (*rbac.User, error) { // Get from cache first user := rbac.GetCache(token) if user == nil { // Not exist. Ask the authorization server. cloudoneProtocol, ok := configuration.LocalConfiguration.GetString("cloudoneProtocol") if ok == false { log.Error("Unable to get configuration cloudoneProtocol") return nil, errors.New("Unable to get configuration cloudoneProtocol") } cloudoneHost, ok := configuration.LocalConfiguration.GetString("cloudoneHost") if ok == false { log.Error("Unable to get configuration cloudoneHost") return nil, errors.New("Unable to get configuration cloudoneHost") } cloudonePort, ok := configuration.LocalConfiguration.GetInt("cloudonePort") if ok == false { log.Error("Unable to get configuration cloudonePort") return nil, errors.New("Unable to get configuration cloudonePort") } url := cloudoneProtocol + "://" + cloudoneHost + ":" + strconv.Itoa(cloudonePort) + "/api/v1/authorizations/tokens/" + token + "/components/" + componentName user := &rbac.User{} _, err := restclient.RequestGetWithStructure(url, &user, nil) if err != nil { log.Debug(err) return nil, err } else { // Set Cache rbac.SetCache(token, user, cacheTTL) log.Info("Cache user %s", user.Name) return user, nil } } else { return user, nil } }
func getCache(token string) *rbac.User { // This is special case since cloudone own the authorization server so it doesn't need to ask authorization server and cache but just get data. return rbac.GetCache(token) }