kuma
50 строк · 1.3 Кб
1package zoneingress
2
3import (
4"context"
5
6"github.com/golang-jwt/jwt/v4"
7
8"github.com/kumahq/kuma/pkg/tokens/builtin/zone"
9)
10
11type zoneValidatorAdapter struct {
12zoneIngressValidator Validator
13zoneValidator zone.Validator
14}
15
16var _ zone.Validator = &zoneValidatorAdapter{}
17
18// NewZoneValidatorAdapter returns Zone Token Validator that has a fallback on Zone Ingress Validator
19// This is used for backwards compatibility to still support old ingress token.
20// This should be deleted if we delete zone ingress token.
21func NewZoneValidatorAdapter(zoneIngressValidator Validator, zoneValidator zone.Validator) zone.Validator {
22return &zoneValidatorAdapter{
23zoneIngressValidator: zoneIngressValidator,
24zoneValidator: zoneValidator,
25}
26}
27
28func (z *zoneValidatorAdapter) Validate(ctx context.Context, token zone.Token) (zone.Identity, error) {
29if isZoneToken(token) {
30return z.zoneValidator.Validate(ctx, token)
31}
32id, err := z.zoneIngressValidator.Validate(ctx, token)
33if err != nil {
34return zone.Identity{}, err
35}
36return zone.Identity{
37Zone: id.Zone,
38Scope: []string{zone.IngressScope},
39}, nil
40}
41
42func isZoneToken(token zone.Token) bool {
43parser := jwt.Parser{}
44claims := zone.ZoneClaims{}
45_, _, err := parser.ParseUnverified(token, &claims)
46if err != nil {
47return false
48}
49return len(claims.Scope) > 0 // zone token has to contain Scope
50}
51