1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 |
- package zllauth1
- import (
- "crypto/subtle"
- "fmt"
- "github.com/dgrijalva/jwt-go"
- "time"
- )
- type ZLLAuthJwtClaim struct {
- ExpiresAt int64 `json:"exp,omitempty"`
- Id string `json:"jti"`
- IssuedAt int64 `json:"iat,omitempty"`
- Issuer string `json:"iss,omitempty"`
- NotBefore int64 `json:"nbf,omitempty"`
- Subject string `json:"sub,omitempty"`
- ExtendInfo map[string]interface{} `json:"exi"`
- }
- func (c *ZLLAuthJwtClaim) Valid() error {
- now := jwt.TimeFunc().Unix()
- if c.VerifyExpiresAt(now, true) == false {
- delta := time.Unix(now, 0).Sub(time.Unix(c.ExpiresAt, 0))
- return fmt.Errorf("token is expired by %v", delta)
- }
- if c.VerifyIssuedAt(now, true) == false {
- return fmt.Errorf("Token used before issued")
- }
- if c.VerifyNotBefore(now, true) == false {
- return fmt.Errorf("token is not valid yet")
- }
- return nil
- }
- func (c *ZLLAuthJwtClaim) VerifyExpiresAt(cmp int64, req bool) bool {
- if c.ExpiresAt == 0 {
- return !req
- }
- return cmp <= c.ExpiresAt
- }
- func (c *ZLLAuthJwtClaim) VerifyIssuedAt(cmp int64, req bool) bool {
- if c.IssuedAt == 0 {
- return !req
- }
- return cmp >= c.IssuedAt
- }
- func (c *ZLLAuthJwtClaim) VerifyIssuer(cmp string, req bool) bool {
- if c.Issuer == "" {
- return !req
- }
- if subtle.ConstantTimeCompare([]byte(c.Issuer), []byte(cmp)) != 0 {
- return true
- } else {
- return false
- }
- }
- func (c *ZLLAuthJwtClaim) VerifyNotBefore(cmp int64, req bool) bool {
- if c.NotBefore == 0 {
- return !req
- }
- return cmp >= c.NotBefore
- }
- func (c *ZLLAuthJwtClaim) VerifySubject(cmp string, req bool) bool {
- if c.Subject == "" {
- return !req
- }
- if subtle.ConstantTimeCompare([]byte(c.Subject), []byte(cmp)) != 0 {
- return true
- } else {
- return false
- }
- }
|