mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
This change makes it so only metadata about tokens is stored. Tokens can still be resigned due to conversion methods that convert from the JWT type to the database type. This should be more efficient and should mean we don't have to encrypt tokens or token info in the database at least for now.
71 lines
2.0 KiB
Go
71 lines
2.0 KiB
Go
package models
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/golang-jwt/jwt/v4"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
// NewIdentityVerification creates a new IdentityVerification from a given username and action.
|
|
func NewIdentityVerification(username, action string) (verification IdentityVerification) {
|
|
return IdentityVerification{
|
|
JTI: uuid.New(),
|
|
IssuedAt: time.Now(),
|
|
ExpiresAt: time.Now().Add(5 * time.Minute),
|
|
Action: action,
|
|
Username: username,
|
|
}
|
|
}
|
|
|
|
// IdentityVerification represents an identity verification row in the database.
|
|
type IdentityVerification struct {
|
|
ID int `db:"id"`
|
|
JTI uuid.UUID `db:"jti"`
|
|
IssuedAt time.Time `db:"iat"`
|
|
ExpiresAt time.Time `db:"exp"`
|
|
Used *time.Time `db:"used"`
|
|
Action string `db:"action"`
|
|
Username string `db:"username"`
|
|
}
|
|
|
|
// ToIdentityVerificationClaim converts the IdentityVerification into a IdentityVerificationClaim.
|
|
func (v IdentityVerification) ToIdentityVerificationClaim() (claim *IdentityVerificationClaim) {
|
|
return &IdentityVerificationClaim{
|
|
RegisteredClaims: jwt.RegisteredClaims{
|
|
ID: v.JTI.String(),
|
|
Issuer: "Authelia",
|
|
IssuedAt: jwt.NewNumericDate(v.IssuedAt),
|
|
ExpiresAt: jwt.NewNumericDate(v.ExpiresAt),
|
|
},
|
|
Action: v.Action,
|
|
Username: v.Username,
|
|
}
|
|
}
|
|
|
|
// IdentityVerificationClaim custom claim for specifying the action claim.
|
|
// The action can be to register a TOTP device, a U2F device or reset one's password.
|
|
type IdentityVerificationClaim struct {
|
|
jwt.RegisteredClaims
|
|
|
|
// The action this token has been crafted for.
|
|
Action string `json:"action"`
|
|
// The user this token has been crafted for.
|
|
Username string `json:"username"`
|
|
}
|
|
|
|
// ToIdentityVerification converts the IdentityVerificationClaim into a IdentityVerification.
|
|
func (v IdentityVerificationClaim) ToIdentityVerification() (verification *IdentityVerification, err error) {
|
|
jti, err := uuid.Parse(v.ID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &IdentityVerification{
|
|
JTI: jti,
|
|
Username: v.Username,
|
|
Action: v.Action,
|
|
ExpiresAt: v.ExpiresAt.Time,
|
|
}, nil
|
|
}
|