include tenant in token (#61)

ice-blockchain · Oct 24, 2024 · 4ae5199 · 4ae5199
1 parent bf5ad8b
commit 4ae5199
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 63 deletions.
diff --git a/auth/auth.go b/auth/auth.go
@@ -23,7 +23,7 @@ func New(ctx context.Context, applicationYAMLKey string) Client {
 
 func (a *auth) VerifyToken(ctx context.Context, token string) (*Token, error) {
 	var authToken *Token
-	if err := iceauth.DetectIceToken(token); err != nil {
+	if _, err := iceauth.DetectIceToken(token); err != nil {
 		if a.fb == nil {
 			return nil, errors.Errorf("non-ice token, but firebase auth is disabled")
 		}
@@ -148,9 +148,14 @@ func (a *auth) GenerateMetadata(
 	return md, errors.Wrapf(err, "failed to generate metadata token for tokenID:%v", tokenID)
 }
 
-func (a *auth) ParseToken(token string) (*IceToken, error) {
-	res := new(IceToken)
-	err := a.ice.VerifyTokenFields(token, res)
+//nolint:revive // .
+func (a *auth) ParseToken(token string, verify bool) (res *IceToken, err error) {
+	if verify {
+		res = new(IceToken)
+		err = a.ice.VerifyTokenFields(token, res)
+	} else {
+		res, err = iceauth.DetectIceToken(token)
+	}
 
 	return res, errors.Wrapf(err, "can't verify token fields for:%v", token)
 }
diff --git a/auth/auth_test.go b/auth/auth_test.go
@@ -213,7 +213,7 @@ func TestParseToken_Parse(t *testing.T) { //nolint:funlen // .
 	assert.NotEmpty(t, refreshToken)
 	assert.NotEmpty(t, accessToken)
 
-	accessRes, err := client.ParseToken(accessToken)
+	accessRes, err := client.ParseToken(accessToken, true)
 	require.NoError(t, err)
 	issuer, err := accessRes.GetIssuer()
 	require.NoError(t, err)
@@ -228,9 +228,9 @@ func TestParseToken_Parse(t *testing.T) { //nolint:funlen // .
 	assert.Equal(t, hashCode, accessRes.HashCode)
 	assert.Equal(t, seq, accessRes.Seq)
 
-	refreshRes, err := client.ParseToken(refreshToken)
+	refreshRes, err := client.ParseToken(refreshToken, true)
 	require.NoError(t, err)
-	accessRes, err = client.ParseToken(accessToken)
+	accessRes, err = client.ParseToken(accessToken, true)
 	require.NoError(t, err)
 	issuer, err = refreshRes.GetIssuer()
 	require.NoError(t, err)

diff --git a/auth/contract.go b/auth/contract.go
@@ -36,7 +36,7 @@ type (
 	IceToken = iceauth.Token
 	Client   interface {
 		VerifyToken(ctx context.Context, token string) (*Token, error)
-		ParseToken(token string) (*IceToken, error)
+		ParseToken(token string, verify bool) (*IceToken, error)
 		UpdateCustomClaims(ctx context.Context, userID string, customClaims map[string]any) error
 		DeleteUser(ctx context.Context, userID string) error
 		UpdateEmail(ctx context.Context, userID, email string) error

diff --git a/auth/internal/ice/auth.go b/auth/internal/ice/auth.go
@@ -71,21 +71,21 @@ func (a *auth) VerifyTokenFields(jwtToken string, res jwt.Claims) error {
 	return nil
 }
 
-func DetectIceToken(jwtToken string) error {
+func DetectIceToken(jwtToken string) (*Token, error) {
 	parser := jwt.NewParser()
 	var claims Token
 	token, _, err := parser.ParseUnverified(jwtToken, &claims)
 	if err != nil {
-		return errors.Wrapf(err, "parse unverified error for token:%v", jwtToken)
+		return nil, errors.Wrapf(err, "parse unverified error for token:%v", jwtToken)
 	}
 	if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok || token.Method.Alg() != jwt.SigningMethodHS256.Name {
-		return errors.Errorf("unexpected signing method:%v", token.Header["alg"])
+		return nil, errors.Errorf("unexpected signing method:%v", token.Header["alg"])
 	}
 	if iss, iErr := token.Claims.GetIssuer(); iErr != nil || (iss != internal.AccessJwtIssuer && iss != internal.RefreshJwtIssuer) {
-		return errors.Wrapf(ErrInvalidToken, "invalid issuer:%v", iss)
+		return nil, errors.Wrapf(ErrInvalidToken, "invalid issuer:%v", iss)
 	}
 
-	return nil
+	return &claims, nil
 }
 
 func (a *auth) verify() func(token *jwt.Token) (any, error) {

diff --git a/go.mod b/go.mod
@@ -38,19 +38,19 @@ require (
 	github.com/xlzd/gotp v0.1.0
 	github.com/zeebo/xxh3 v1.0.2
 	golang.org/x/net v0.30.0
-	google.golang.org/api v0.201.0
+	google.golang.org/api v0.203.0
 )
 
 require (
-	cel.dev/expr v0.16.2 // indirect
+	cel.dev/expr v0.18.0 // indirect
 	cloud.google.com/go v0.116.0 // indirect
-	cloud.google.com/go/auth v0.9.8 // indirect
+	cloud.google.com/go/auth v0.9.9 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	cloud.google.com/go/firestore v1.17.0 // indirect
-	cloud.google.com/go/iam v1.2.1 // indirect
-	cloud.google.com/go/longrunning v0.6.1 // indirect
-	cloud.google.com/go/monitoring v1.21.1 // indirect
+	cloud.google.com/go/iam v1.2.2 // indirect
+	cloud.google.com/go/longrunning v0.6.2 // indirect
+	cloud.google.com/go/monitoring v1.21.2 // indirect
 	cloud.google.com/go/storage v1.45.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.3 // indirect
@@ -59,10 +59,10 @@ require (
 	github.com/KyleBanks/depth v1.2.1 // indirect
 	github.com/MicahParks/keyfunc v1.9.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/Microsoft/hcsshim v0.12.7 // indirect
+	github.com/Microsoft/hcsshim v0.12.8 // indirect
 	github.com/andybalholm/brotli v1.1.1 // indirect
 	github.com/bytedance/sonic v1.12.3 // indirect
-	github.com/bytedance/sonic/loader v0.2.0 // indirect
+	github.com/bytedance/sonic/loader v0.2.1 // indirect
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudflare/circl v1.5.0 // indirect
@@ -71,7 +71,6 @@ require (
 	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
 	github.com/containerd/cgroups/v3 v3.0.3 // indirect
 	github.com/containerd/containerd v1.7.23 // indirect
-	github.com/containerd/errdefs v0.3.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.6.0 // indirect
@@ -102,7 +101,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/mock v1.6.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/pprof v0.0.0-20241017200806-017d972448fc // indirect
+	github.com/google/pprof v0.0.0-20241023014458-598669927662 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/tink/go v1.7.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
@@ -124,20 +123,21 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/sys/mount v0.3.4 // indirect
 	github.com/moby/sys/mountinfo v0.7.2 // indirect
+	github.com/moby/sys/user v0.3.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/onsi/ginkgo/v2 v2.20.2 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/opencontainers/runc v1.1.15 // indirect
+	github.com/opencontainers/runc v1.2.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/quic-go/qpack v0.5.1 // indirect
-	github.com/quic-go/quic-go v0.48.0 // indirect
+	github.com/quic-go/quic-go v0.48.1 // indirect
 	github.com/refraction-networking/utls v1.6.7 // indirect
 	github.com/sagikazarmark/locafero v0.6.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
@@ -174,11 +174,11 @@ require (
 	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
 	google.golang.org/appengine/v2 v2.0.6 // indirect
-	google.golang.org/genproto v0.0.0-20241015192408-796eee8c2d53 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
 	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/grpc/stats/opentelemetry v0.0.0-20241018153737-98959d9a4904 // indirect
+	google.golang.org/grpc/stats/opentelemetry v0.0.0-20241023165937-8212cf037683 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect