2020-05-20 11:13:14 +02:00
|
|
|
package token
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"gopkg.in/square/go-jose.v2/jwt"
|
|
|
|
)
|
|
|
|
|
2020-05-26 11:11:53 +02:00
|
|
|
func Verify(signingKey, encryptionKey, raw string) (string, string, bool, error) {
|
2020-05-20 11:13:14 +02:00
|
|
|
token, err := jwt.ParseSignedAndEncrypted(raw)
|
|
|
|
if err != nil {
|
2020-05-26 11:11:53 +02:00
|
|
|
return "", "", false, errors.Wrap(err, "could not parse token")
|
2020-05-20 11:13:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
nested, err := token.Decrypt([]byte(encryptionKey))
|
|
|
|
if err != nil {
|
2020-05-26 11:11:53 +02:00
|
|
|
return "", "", false, errors.Wrap(err, "could not decrypt token")
|
2020-05-20 11:13:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
baseClaims := jwt.Claims{}
|
|
|
|
privateClaims := privateClaims{}
|
|
|
|
|
|
|
|
if err := nested.Claims([]byte(signingKey), &baseClaims, &privateClaims); err != nil {
|
2020-05-26 11:11:53 +02:00
|
|
|
return "", "", false, errors.Wrap(err, "could not validate claims")
|
2020-05-20 11:13:14 +02:00
|
|
|
}
|
|
|
|
|
2020-05-26 11:11:53 +02:00
|
|
|
return baseClaims.Subject, privateClaims.Challenge, privateClaims.RememberMe, nil
|
2020-05-20 11:13:14 +02:00
|
|
|
}
|