mirror of
https://github.com/kataras/iris.git
synced 2026-01-09 13:05:56 +00:00
As noticed in my previous commit, the existing jwt libraries added a lot of performance cost between jwt-featured requests and simple requests. That's why a new custom JWT parser was created. This commit adds our custom jwt parser as the underline token signer and verifier
This commit is contained in:
Gerasimos (Makis) Maropoulos
@@ -1,91 +1,105 @@
|
||||
package jwt
|
||||
|
||||
import (
|
||||
"github.com/square/go-jose/v3"
|
||||
"github.com/square/go-jose/v3/json"
|
||||
"github.com/square/go-jose/v3/jwt"
|
||||
"github.com/kataras/jwt"
|
||||
)
|
||||
|
||||
// Type alises for the underline jwt package.
|
||||
type (
|
||||
// Claims represents public claim values (as specified in RFC 7519).
|
||||
// Alg is the signature algorithm interface alias.
|
||||
Alg = jwt.Alg
|
||||
// Claims represents the standard claim values (as specified in RFC 7519).
|
||||
Claims = jwt.Claims
|
||||
// Audience represents the recipients that the token is intended for.
|
||||
Audience = jwt.Audience
|
||||
// NumericDate represents date and time as the number of seconds since the
|
||||
// epoch, including leap seconds. Non-integer values can be represented
|
||||
// in the serialized format, but we round to the nearest second.
|
||||
NumericDate = jwt.NumericDate
|
||||
// Expected defines values used for protected claims validation.
|
||||
// If field has zero value then validation is skipped.
|
||||
// Expected is a TokenValidator which performs simple checks
|
||||
// between standard claims values.
|
||||
//
|
||||
// Usage:
|
||||
// expecteed := jwt.Expected{
|
||||
// Issuer: "my-app",
|
||||
// }
|
||||
// verifiedToken, err := verifier.Verify(..., expected)
|
||||
Expected = jwt.Expected
|
||||
)
|
||||
|
||||
var (
|
||||
// NewNumericDate constructs NumericDate from time.Time value.
|
||||
NewNumericDate = jwt.NewNumericDate
|
||||
// Marshal returns the JSON encoding of v.
|
||||
Marshal = json.Marshal
|
||||
// Unmarshal parses the JSON-encoded data and stores the result
|
||||
// in the value pointed to by v.
|
||||
Unmarshal = json.Unmarshal
|
||||
)
|
||||
|
||||
type (
|
||||
// KeyAlgorithm represents a key management algorithm.
|
||||
KeyAlgorithm = jose.KeyAlgorithm
|
||||
|
||||
// SignatureAlgorithm represents a signature (or MAC) algorithm.
|
||||
SignatureAlgorithm = jose.SignatureAlgorithm
|
||||
|
||||
// ContentEncryption represents a content encryption algorithm.
|
||||
ContentEncryption = jose.ContentEncryption
|
||||
)
|
||||
|
||||
// Key management algorithms.
|
||||
const (
|
||||
ED25519 = jose.ED25519
|
||||
RSA15 = jose.RSA1_5
|
||||
RSAOAEP = jose.RSA_OAEP
|
||||
RSAOAEP256 = jose.RSA_OAEP_256
|
||||
A128KW = jose.A128KW
|
||||
A192KW = jose.A192KW
|
||||
A256KW = jose.A256KW
|
||||
DIRECT = jose.DIRECT
|
||||
ECDHES = jose.ECDH_ES
|
||||
ECDHESA128KW = jose.ECDH_ES_A128KW
|
||||
ECDHESA192KW = jose.ECDH_ES_A192KW
|
||||
ECDHESA256KW = jose.ECDH_ES_A256KW
|
||||
A128GCMKW = jose.A128GCMKW
|
||||
A192GCMKW = jose.A192GCMKW
|
||||
A256GCMKW = jose.A256GCMKW
|
||||
PBES2HS256A128KW = jose.PBES2_HS256_A128KW
|
||||
PBES2HS384A192KW = jose.PBES2_HS384_A192KW
|
||||
PBES2HS512A256KW = jose.PBES2_HS512_A256KW
|
||||
// TokenValidator is the token validator interface alias.
|
||||
TokenValidator = jwt.TokenValidator
|
||||
// VerifiedToken is the type alias for the verfieid token type,
|
||||
// the result of the VerifyToken function.
|
||||
VerifiedToken = jwt.VerifiedToken
|
||||
// SignOption used to set signing options at Sign function.
|
||||
SignOption = jwt.SignOption
|
||||
// TokenPair is just a helper structure which holds both access and refresh tokens.
|
||||
TokenPair = jwt.TokenPair
|
||||
)
|
||||
|
||||
// Signature algorithms.
|
||||
const (
|
||||
EdDSA = jose.EdDSA
|
||||
HS256 = jose.HS256
|
||||
HS384 = jose.HS384
|
||||
HS512 = jose.HS512
|
||||
RS256 = jose.RS256
|
||||
RS384 = jose.RS384
|
||||
RS512 = jose.RS512
|
||||
ES256 = jose.ES256
|
||||
ES384 = jose.ES384
|
||||
ES512 = jose.ES512
|
||||
PS256 = jose.PS256
|
||||
PS384 = jose.PS384
|
||||
PS512 = jose.PS512
|
||||
var (
|
||||
EdDSA = jwt.EdDSA
|
||||
HS256 = jwt.HS256
|
||||
HS384 = jwt.HS384
|
||||
HS512 = jwt.HS512
|
||||
RS256 = jwt.RS256
|
||||
RS384 = jwt.RS384
|
||||
RS512 = jwt.RS512
|
||||
ES256 = jwt.ES256
|
||||
ES384 = jwt.ES384
|
||||
ES512 = jwt.ES512
|
||||
PS256 = jwt.PS256
|
||||
PS384 = jwt.PS384
|
||||
PS512 = jwt.PS512
|
||||
)
|
||||
|
||||
// Content encryption algorithms.
|
||||
const (
|
||||
A128CBCHS256 = jose.A128CBC_HS256
|
||||
A192CBCHS384 = jose.A192CBC_HS384
|
||||
A256CBCHS512 = jose.A256CBC_HS512
|
||||
A128GCM = jose.A128GCM
|
||||
A192GCM = jose.A192GCM
|
||||
A256GCM = jose.A256GCM
|
||||
// Encryption algorithms.
|
||||
var (
|
||||
GCM = jwt.GCM
|
||||
// Helper to generate random key,
|
||||
// can be used to generate hmac signature key and GCM+AES for testing.
|
||||
MustGenerateRandom = jwt.MustGenerateRandom
|
||||
)
|
||||
|
||||
var (
|
||||
// Leeway adds validation for a leeway expiration time.
|
||||
// If the token was not expired then a comparison between
|
||||
// this "leeway" and the token's "exp" one is expected to pass instead (now+leeway > exp).
|
||||
// Example of use case: disallow tokens that are going to be expired in 3 seconds from now,
|
||||
// this is useful to make sure that the token is valid when the when the user fires a database call for example.
|
||||
// Usage:
|
||||
// verifiedToken, err := verifier.Verify(..., jwt.Leeway(5*time.Second))
|
||||
Leeway = jwt.Leeway
|
||||
// MaxAge is a SignOption to set the expiration "exp", "iat" JWT standard claims.
|
||||
// Can be passed as last input argument of the `Sign` function.
|
||||
//
|
||||
// If maxAge > second then sets expiration to the token.
|
||||
// It's a helper field to set the "exp" and "iat" claim values.
|
||||
// Usage:
|
||||
// signer.Sign(..., jwt.MaxAge(15*time.Minute))
|
||||
MaxAge = jwt.MaxAge
|
||||
)
|
||||
|
||||
// Shortcuts for Signing and Verifying.
|
||||
var (
|
||||
VerifyToken = jwt.Verify
|
||||
VerifyEncryptedToken = jwt.VerifyEncrypted
|
||||
Sign = jwt.Sign
|
||||
SignEncrypted = jwt.SignEncrypted
|
||||
)
|
||||
|
||||
// Signature algorithm helpers.
|
||||
var (
|
||||
MustLoadHMAC = jwt.MustLoadHMAC
|
||||
LoadHMAC = jwt.LoadHMAC
|
||||
MustLoadRSA = jwt.MustLoadRSA
|
||||
LoadPrivateKeyRSA = jwt.LoadPrivateKeyRSA
|
||||
LoadPublicKeyRSA = jwt.LoadPublicKeyRSA
|
||||
ParsePrivateKeyRSA = jwt.ParsePrivateKeyRSA
|
||||
ParsePublicKeyRSA = jwt.ParsePublicKeyRSA
|
||||
MustLoadECDSA = jwt.MustLoadECDSA
|
||||
LoadPrivateKeyECDSA = jwt.LoadPrivateKeyECDSA
|
||||
LoadPublicKeyECDSA = jwt.LoadPublicKeyECDSA
|
||||
ParsePrivateKeyECDSA = jwt.ParsePrivateKeyECDSA
|
||||
ParsePublicKeyECDSA = jwt.ParsePublicKeyECDSA
|
||||
MustLoadEdDSA = jwt.MustLoadEdDSA
|
||||
LoadPrivateKeyEdDSA = jwt.LoadPrivateKeyEdDSA
|
||||
LoadPublicKeyEdDSA = jwt.LoadPublicKeyEdDSA
|
||||
ParsePrivateKeyEdDSA = jwt.ParsePrivateKeyEdDSA
|
||||
ParsePublicKeyEdDSA = jwt.ParsePublicKeyEdDSA
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user