-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.go
74 lines (63 loc) · 1.6 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package main
import (
"errors"
"log"
"net/http"
"regexp"
"strings"
"github.com/dgrijalva/jwt-go"
)
type Claims struct {
Username string `json:"username"`
Service string `json:"service"`
jwt.StandardClaims
}
var SubAccValid = regexp.MustCompile(`^[a-zA-Z\-_]+$`).MatchString
func getUsername(req *http.Request) (string, error) {
username := getMainUsername(req)
subacc := req.Header.Get("X-Geegle-SubAcc")
if subacc != "" {
if !(SubAccValid(subacc) && len(subacc) < 10) {
return "", errors.New("invalid subacc")
}
s := strings.Split(username, "@")
username = s[0] + "+" + subacc + "@" + s[1]
}
return username, nil
}
func getMainUsername(req *http.Request) string {
c, err := req.Cookie("uberproxy_auth")
var tknStr string
if err != nil {
if tknStr = req.Header.Get("X-Geegle-JWT"); tknStr == "" {
sn, err := getServiceNameFromIP(strings.Split(req.RemoteAddr, ":")[0])
if err != nil {
return "[email protected]"
}
return sn
}
} else {
tknStr = c.Value
}
claims := &Claims{}
tkn, err := jwt.ParseWithClaims(tknStr, claims, func(token *jwt.Token) (interface{}, error) {
return _configuration.VerifyKey, nil
})
if err != nil {
if err == jwt.ErrSignatureInvalid {
log.Println("Signature Invalid")
return "[email protected]"
}
log.Println("JWT Error")
log.Println(err.Error())
return "[email protected]"
}
if !tkn.Valid {
log.Println("JWT Invalid")
return "[email protected]"
}
if claims.Service != "[email protected]" {
return "[email protected]"
}
return claims.Username
}