(jwtStr string)
| 28 | } |
| 29 | |
| 30 | func ParseJWT(jwtStr string) (jwt.MapClaims, error) { |
| 31 | token, err := jwt.Parse(jwtStr, func(token *jwt.Token) (interface{}, error) { |
| 32 | if WorkerConfig.AclJwtAlg == nil { |
| 33 | return nil, errors.Errorf("ACL is disabled") |
| 34 | } |
| 35 | if token.Method.Alg() != WorkerConfig.AclJwtAlg.Alg() { |
| 36 | return nil, errors.Errorf("unexpected signing method in token: %v", token.Header["alg"]) |
| 37 | } |
| 38 | return MaybeKeyToBytes(WorkerConfig.AclPublicKey), nil |
| 39 | }) |
| 40 | if err != nil { |
| 41 | // This is for backward compatibility in clients |
| 42 | if errors.Is(err, jwt.ErrTokenExpired) { |
| 43 | err = errors.Wrap(errTokenExpired, jwt.ErrTokenInvalidClaims.Error()) |
| 44 | } |
| 45 | return nil, errors.Wrapf(err, "unable to parse jwt token") |
| 46 | } |
| 47 | |
| 48 | claims, ok := token.Claims.(jwt.MapClaims) |
| 49 | if !ok || !token.Valid { |
| 50 | return nil, errors.Errorf("claims in jwt token is not map claims") |
| 51 | } |
| 52 | return claims, nil |
| 53 | } |
| 54 | |
| 55 | func ExtractUserName(jwtToken string) (string, error) { |
| 56 | claims, err := ParseJWT(jwtToken) |
no test coverage detected