Better core logic for JWT; supports a more generic structure

2020-04-05 18:44:16 -07:00
parent cf2ef1a173
commit ccbb119948
3 changed files with 59 additions and 34 deletions
--- a/router/tokens/parser.go
+++ b/router/tokens/parser.go
@@ -0,0 +1,33 @@
+package tokens
+
+import (
+	"github.com/gbrlsnchs/jwt/v3"
+	"github.com/pterodactyl/wings/config"
+	"time"
+)
+
+var alg *jwt.HMACSHA
+
+type TokenData interface {
+	GetPayload() *jwt.Payload
+}
+
+// Validates the provided JWT against the known secret for the Daemon and returns the
+// parsed data. This function DOES NOT validate that the token is valid for the connected
+// server, nor does it ensure that the user providing the token is able to actually do things.
+//
+// This simply returns a parsed token.
+func ParseToken(token []byte, data TokenData) error {
+	if alg == nil {
+		alg = jwt.NewHS256([]byte(config.Get().AuthenticationToken))
+	}
+
+	verifyOptions := jwt.ValidatePayload(
+		data.GetPayload(),
+		jwt.ExpirationTimeValidator(time.Now()),
+	)
+
+	_, err := jwt.Verify(token, alg, &data, verifyOptions)
+
+	return err
+}
--- a/router/tokens/websocket.go
+++ b/router/tokens/websocket.go
@@ -0,0 +1,29 @@
+package tokens
+
+import (
+	"encoding/json"
+	"github.com/gbrlsnchs/jwt/v3"
+)
+
+type WebsocketPayload struct {
+	jwt.Payload
+	UserID      json.Number `json:"user_id"`
+	ServerUUID  string      `json:"server_uuid"`
+	Permissions []string    `json:"permissions"`
+}
+
+// Returns the JWT payload.
+func (p *WebsocketPayload) GetPayload() *jwt.Payload {
+	return &p.Payload
+}
+
+// Checks if the given token payload has a permission string.
+func (p *WebsocketPayload) HasPermission(permission string) bool {
+	for _, k := range p.Permissions {
+		if k == permission {
+			return true
+		}
+	}
+
+	return false
+}