-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathresource_server.go
64 lines (55 loc) · 1.41 KB
/
resource_server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package go_ciba
import (
"net/http"
"strings"
"github.com/adisazhar123/go-ciba/repository"
"github.com/adisazhar123/go-ciba/util"
)
type ResourceRequest struct {
accessToken string
}
func getTokenFromHeader(h http.Header) string {
// Implementation assumes that the access token
// is stored as:
// Authorization: Bearer access_token_here
val := h.Get("Authorization")
vals := strings.Split(val, " ")
if len(vals) != 2 {
return ""
}
return vals[1]
}
func NewResourceRequest(r *http.Request) *ResourceRequest {
return &ResourceRequest{
accessToken: getTokenFromHeader(r.Header),
}
}
type ResourceServerInterface interface {
HandleResourceRequest(r *ResourceRequest) error
}
type resourceServer struct {
accessTokenRepo repository.AccessTokenRepositoryInterface
scopeUtil util.ScopeUtil
}
func NewResourceServer(accessTokenRepo repository.AccessTokenRepositoryInterface) *resourceServer {
return &resourceServer{
accessTokenRepo: accessTokenRepo,
scopeUtil: util.ScopeUtil{},
}
}
func (rs *resourceServer) HandleResourceRequest(r *ResourceRequest, scope string) *util.OidcError {
token, err := rs.accessTokenRepo.Find(r.accessToken)
if err != nil {
return util.ErrGeneral
}
if token == nil {
return util.ErrInvalidToken
}
if scope != "" && !rs.scopeUtil.ScopeExist(token.Scope, scope) {
return util.ErrInsufficientScope
}
if token.IsExpired() {
return util.ErrInvalidToken
}
return nil
}