kuma

zone_validator_adapter.go
50 строк · 1.3 Кб
Перенос по словам
1
package zoneingress
2

3
import (
4
	"context"
5

6
	"github.com/golang-jwt/jwt/v4"
7

8
	"github.com/kumahq/kuma/pkg/tokens/builtin/zone"
9
)
10

11
type zoneValidatorAdapter struct {
12
	zoneIngressValidator Validator
13
	zoneValidator        zone.Validator
14
}
15

16
var _ zone.Validator = &zoneValidatorAdapter{}
17

18
// NewZoneValidatorAdapter returns Zone Token Validator that has a fallback on Zone Ingress Validator
19
// This is used for backwards compatibility to still support old ingress token.
20
// This should be deleted if we delete zone ingress token.
21
func NewZoneValidatorAdapter(zoneIngressValidator Validator, zoneValidator zone.Validator) zone.Validator {
22
	return &zoneValidatorAdapter{
23
		zoneIngressValidator: zoneIngressValidator,
24
		zoneValidator:        zoneValidator,
25
	}
26
}
27

28
func (z *zoneValidatorAdapter) Validate(ctx context.Context, token zone.Token) (zone.Identity, error) {
29
	if isZoneToken(token) {
30
		return z.zoneValidator.Validate(ctx, token)
31
	}
32
	id, err := z.zoneIngressValidator.Validate(ctx, token)
33
	if err != nil {
34
		return zone.Identity{}, err
35
	}
36
	return zone.Identity{
37
		Zone:  id.Zone,
38
		Scope: []string{zone.IngressScope},
39
	}, nil
40
}
41

42
func isZoneToken(token zone.Token) bool {
43
	parser := jwt.Parser{}
44
	claims := zone.ZoneClaims{}
45
	_, _, err := parser.ParseUnverified(token, &claims)
46
	if err != nil {
47
		return false
48
	}
49
	return len(claims.Scope) > 0 // zone token has to contain Scope
50
}
51
kuma

Использование cookies
