mirror of
https://github.com/penpot/penpot.git
synced 2025-08-07 14:38:33 +02:00
56 lines
1.5 KiB
Clojure
56 lines
1.5 KiB
Clojure
;; This Source Code Form is subject to the terms of the Mozilla Public
|
|
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
;;
|
|
;; Copyright (c) KALEIDOS INC
|
|
|
|
(ns app.tokens
|
|
"Tokens generation API."
|
|
(:require
|
|
[app.common.data :as d]
|
|
[app.common.data.macros :as dm]
|
|
[app.common.exceptions :as ex]
|
|
[app.common.transit :as t]
|
|
[app.util.time :as dt]
|
|
[buddy.sign.jwe :as jwe]))
|
|
|
|
(defn generate
|
|
[{:keys [tokens-key]} claims]
|
|
|
|
(dm/assert!
|
|
"expexted token-key to be bytes instance"
|
|
(bytes? tokens-key))
|
|
|
|
(let [payload (-> claims
|
|
(assoc :iat (dt/now))
|
|
(d/without-nils)
|
|
(t/encode))]
|
|
(jwe/encrypt payload tokens-key {:alg :a256kw :enc :a256gcm})))
|
|
|
|
(defn decode
|
|
[{:keys [tokens-key]} token]
|
|
(let [payload (jwe/decrypt token tokens-key {:alg :a256kw :enc :a256gcm})]
|
|
(t/decode payload)))
|
|
|
|
(defn verify
|
|
[sprops {:keys [token] :as params}]
|
|
(let [claims (decode sprops token)]
|
|
(when (and (dt/instant? (:exp claims))
|
|
(dt/is-before? (:exp claims) (dt/now)))
|
|
(ex/raise :type :validation
|
|
:code :invalid-token
|
|
:reason :token-expired
|
|
:params params))
|
|
(when (and (contains? params :iss)
|
|
(not= (:iss claims)
|
|
(:iss params)))
|
|
(ex/raise :type :validation
|
|
:code :invalid-token
|
|
:reason :invalid-issuer
|
|
:params params))
|
|
claims))
|
|
|
|
|
|
|
|
|
|
|