示例#1
0
文件: handler.go 项目: thanzen/hydra
func (h *Handler) IntrospectHandler(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()

	bearer := osin.CheckBearerAuth(r)
	if bearer == nil {
		log.WithField("introspect", "fail").Warn("No authorization header given.")
		http.Error(w, "No bearer given.", http.StatusUnauthorized)
		return
	} else if bearer.Code == "" {
		log.WithField("introspect", "fail").Warn("No authorization bearer is empty.")
		http.Error(w, "No bearer token given.", http.StatusUnauthorized)
		return
	}

	token, err := h.JWT.VerifyToken([]byte(bearer.Code))
	if err != nil {
		log.WithField("introspect", "fail").Warn("Bearer token is invalid.")
		http.Error(w, "Bearer token is not valid.", http.StatusForbidden)
		return
	}

	result := token.Claims
	defer func() {
		out, err := json.Marshal(result)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		w.Header().Set("Content-Type", "application/json")
		w.Write(out)
	}()

	result["active"] = false
	claims := jwt.ClaimsCarrier(token.Claims)
	if claims.GetAudience() != h.Audience {
		log.WithFields(log.Fields{
			"introspect": "fail",
			"expted":     h.Audience,
			"actual":     claims.GetAudience(),
		}).Warn(`Token audience mismatch.`)
		return
	} else {
		result["active"] = token.Valid
		return
	}
}
示例#2
0
文件: auth.go 项目: thanzen/hydra
func NewContextFromAuthorization(ctx context.Context, req *http.Request, j *hjwt.JWT, p policy.Storage) context.Context {
	bearer := osin.CheckBearerAuth(req)
	if bearer == nil {
		log.Warn("No authorization bearer given.")
		return NewContextFromAuthValues(ctx, nil, nil, nil)
	}

	t, err := j.VerifyToken([]byte(bearer.Code))
	if err != nil {
		log.Warnf(`Token validation errored: "%v".`, err)
		return NewContextFromAuthValues(ctx, nil, nil, nil)
	} else if !t.Valid {
		log.Warn("Token is invalid.")
		return NewContextFromAuthValues(ctx, nil, nil, nil)
	}

	claims := hjwt.ClaimsCarrier(t.Claims)
	user := claims.GetSubject()
	if user == "" {
		log.Warnf(`sub claim may not be empty, to: "%v".`, t.Claims)
		return NewContextFromAuthValues(ctx, nil, nil, nil)
	}

	policies, err := p.FindPoliciesForSubject(user)
	if err != nil {
		log.Warnf(`Policies for "%s" could not be retrieved: "%v"`, user, err)
		return NewContextFromAuthValues(ctx, nil, nil, nil)
	}

	//	user, err := s.Get(id)
	//	if err != nil {
	//		log.Warnf("Subject not found in store: %v %v", t.Claims, err)
	//		return NewContextFromAuthValues(ctx, nil, nil, nil)
	//	}

	return NewContextFromAuthValues(ctx, claims, t, policies)
}