Documentation
¶
Index ¶
- type Claims
- type Manager
- func (tm *Manager) Compose(c *gin.Context, u *api.User) (string, string, error)
- func (tm *Manager) GenerateRSA(ctx context.Context, db database.Interface) error
- func (tm *Manager) MintIDToken(ctx context.Context, mto *MintTokenOpts, db database.Interface) (string, error)
- func (tm *Manager) MintToken(mto *MintTokenOpts) (string, error)
- func (tm *Manager) ParseToken(token string) (*Claims, error)
- func (tm *Manager) Refresh(c *gin.Context, refreshToken string) (string, error)
- type MintTokenOpts
- type RSAKeySet
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct {
BuildID int64 `json:"build_id,omitempty"`
BuildNumber int64 `json:"build_number,omitempty"`
Actor string `json:"actor,omitempty"`
IsActive bool `json:"is_active,omitempty"`
IsAdmin bool `json:"is_admin,omitempty"`
Repo string `json:"repo,omitempty"`
PullFork bool `json:"pull_fork,omitempty"`
TokenType string `json:"token_type,omitempty"`
Image string `json:"image,omitempty"`
Request string `json:"request,omitempty"`
Commands bool `json:"commands,omitempty"`
jwt.RegisteredClaims
}
Claims struct is an extension of the JWT standard claims. It includes information about the user.
type Manager ¶
type Manager struct {
// PrivateKeyHMAC is the private key used to sign and validate closed-system tokens
PrivateKeyHMAC string
// RSAKeySet is the private key used to sign and validate open-system tokens (OIDC)
RSAKeySet RSAKeySet
// UserAccessTokenDuration specifies the token duration to use for users
UserAccessTokenDuration time.Duration
// UserRefreshTokenDuration specifies the token duration for user refresh
UserRefreshTokenDuration time.Duration
// BuildTokenBufferDuration specifies the additional token duration of build tokens beyond repo timeout
BuildTokenBufferDuration time.Duration
// WorkerAuthTokenDuration specifies the token duration for worker auth (check in)
WorkerAuthTokenDuration time.Duration
// WorkerRegisterTokenDuration specifies the token duration for worker register
WorkerRegisterTokenDuration time.Duration
// IDTokenDuration specifies the token duration for ID tokens
IDTokenDuration time.Duration
// Issuer specifies the issuer of the token
Issuer string
}
func (*Manager) Compose ¶
Compose generates a refresh and access token pair unique to the provided user and sets a secure cookie. It uses the user's hash to sign the token. to guarantee the signature is unique per token. The refresh token is returned to store with the user in the database.
func (*Manager) GenerateRSA ¶ added in v0.24.0
GenerateRSA creates an RSA key pair and sets it in the token manager and saves the JWK in the database.
func (*Manager) MintIDToken ¶ added in v0.24.0
func (tm *Manager) MintIDToken(ctx context.Context, mto *MintTokenOpts, db database.Interface) (string, error)
MintIDToken mints a Vela JWT ID Token for a build.
func (*Manager) MintToken ¶
func (tm *Manager) MintToken(mto *MintTokenOpts) (string, error)
MintToken mints a Vela JWT Token given a set of options.
func (*Manager) ParseToken ¶
ParseToken scans the signed JWT token as a string and extracts the user login from the claims to be looked up in the database. This function will return an error for a few different reasons:
* the token signature doesn't match what is expected * the token signing method doesn't match what is expected * the token is invalid (potentially expired or improper).
type MintTokenOpts ¶
type MintTokenOpts struct {
Build *api.Build
Hostname string
Repo string
TokenDuration time.Duration
TokenType string
User *api.User
Audience []string
Image string
Request string
Commands bool
}
MintTokenOpts is a type to inform the token minter how to construct the token.
type RSAKeySet ¶ added in v0.24.0
type RSAKeySet struct {
PrivateKey *rsa.PrivateKey
KID string
}
Source Files