jwt.go raw

   1  package auth
   2  
   3  import (
   4  	"net/http"
   5  	"strings"
   6  )
   7  
   8  // JWT is the session token used in browser.
   9  type JWT struct {
  10  	Token string
  11  }
  12  
  13  // XSessionTokenHeader is Scaleway auth header for browser
  14  const XSessionTokenHeader = "X-Session-Token" // #nosec G101
  15  
  16  // NewJWT create a token authentication from a jwt
  17  func NewJWT(token string) *JWT {
  18  	return &JWT{Token: token}
  19  }
  20  
  21  // Headers returns headers that must be added to the http request
  22  func (j *JWT) Headers() http.Header {
  23  	headers := http.Header{}
  24  	headers.Set(XSessionTokenHeader, j.Token)
  25  	return headers
  26  }
  27  
  28  func AnonymizeJWTHeaders(headers http.Header) http.Header {
  29  	token := headers.Get(XSessionTokenHeader)
  30  
  31  	if token != "" {
  32  		headers.Set(XSessionTokenHeader, HideJWT(token))
  33  	}
  34  
  35  	return headers
  36  }
  37  
  38  // AnonymizedHeaders returns an anonymized version of Headers()
  39  // This method could be used for logging purpose.
  40  func (j *JWT) AnonymizedHeaders() http.Header {
  41  	return AnonymizeJWTHeaders(j.Headers())
  42  }
  43  
  44  func HideJWT(token string) string {
  45  	if len(token) == 0 {
  46  		return ""
  47  	}
  48  	// token should be (header).(payload).(signature)
  49  	lastDot := strings.LastIndex(token, ".")
  50  	if lastDot != -1 {
  51  		token = token[:lastDot]
  52  	}
  53  
  54  	return token
  55  }
  56