...

Source file src/github.com/golang-jwt/jwt/v4/map_claims.go

Documentation: github.com/golang-jwt/jwt/v4 

     1  package jwt
     2  
     3  import (
     4  	"encoding/json"
     5  	"errors"
     6  	"time"
     7  	// "fmt"
     8  )
     9  
    10  // MapClaims is a claims type that uses the map[string]interface{} for JSON decoding.
    11  // This is the default claims type if you don't supply one
    12  type MapClaims map[string]interface{}
    13  
    14  // VerifyAudience Compares the aud claim against cmp.
    15  // If required is false, this method will return true if the value matches or is unset
    16  func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
    17  	var aud []string
    18  	switch v := m["aud"].(type) {
    19  	case string:
    20  		aud = append(aud, v)
    21  	case []string:
    22  		aud = v
    23  	case []interface{}:
    24  		for _, a := range v {
    25  			vs, ok := a.(string)
    26  			if !ok {
    27  				return false
    28  			}
    29  			aud = append(aud, vs)
    30  		}
    31  	}
    32  	return verifyAud(aud, cmp, req)
    33  }
    34  
    35  // VerifyExpiresAt compares the exp claim against cmp (cmp <= exp).
    36  // If req is false, it will return true, if exp is unset.
    37  func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
    38  	cmpTime := time.Unix(cmp, 0)
    39  
    40  	v, ok := m["exp"]
    41  	if !ok {
    42  		return !req
    43  	}
    44  
    45  	switch exp := v.(type) {
    46  	case float64:
    47  		if exp == 0 {
    48  			return verifyExp(nil, cmpTime, req)
    49  		}
    50  
    51  		return verifyExp(&newNumericDateFromSeconds(exp).Time, cmpTime, req)
    52  	case json.Number:
    53  		v, _ := exp.Float64()
    54  
    55  		return verifyExp(&newNumericDateFromSeconds(v).Time, cmpTime, req)
    56  	}
    57  
    58  	return false
    59  }
    60  
    61  // VerifyIssuedAt compares the exp claim against cmp (cmp >= iat).
    62  // If req is false, it will return true, if iat is unset.
    63  func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
    64  	cmpTime := time.Unix(cmp, 0)
    65  
    66  	v, ok := m["iat"]
    67  	if !ok {
    68  		return !req
    69  	}
    70  
    71  	switch iat := v.(type) {
    72  	case float64:
    73  		if iat == 0 {
    74  			return verifyIat(nil, cmpTime, req)
    75  		}
    76  
    77  		return verifyIat(&newNumericDateFromSeconds(iat).Time, cmpTime, req)
    78  	case json.Number:
    79  		v, _ := iat.Float64()
    80  
    81  		return verifyIat(&newNumericDateFromSeconds(v).Time, cmpTime, req)
    82  	}
    83  
    84  	return false
    85  }
    86  
    87  // VerifyNotBefore compares the nbf claim against cmp (cmp >= nbf).
    88  // If req is false, it will return true, if nbf is unset.
    89  func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
    90  	cmpTime := time.Unix(cmp, 0)
    91  
    92  	v, ok := m["nbf"]
    93  	if !ok {
    94  		return !req
    95  	}
    96  
    97  	switch nbf := v.(type) {
    98  	case float64:
    99  		if nbf == 0 {
   100  			return verifyNbf(nil, cmpTime, req)
   101  		}
   102  
   103  		return verifyNbf(&newNumericDateFromSeconds(nbf).Time, cmpTime, req)
   104  	case json.Number:
   105  		v, _ := nbf.Float64()
   106  
   107  		return verifyNbf(&newNumericDateFromSeconds(v).Time, cmpTime, req)
   108  	}
   109  
   110  	return false
   111  }
   112  
   113  // VerifyIssuer compares the iss claim against cmp.
   114  // If required is false, this method will return true if the value matches or is unset
   115  func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
   116  	iss, _ := m["iss"].(string)
   117  	return verifyIss(iss, cmp, req)
   118  }
   119  
   120  // Valid validates time based claims "exp, iat, nbf".
   121  // There is no accounting for clock skew.
   122  // As well, if any of the above claims are not in the token, it will still
   123  // be considered a valid claim.
   124  func (m MapClaims) Valid() error {
   125  	vErr := new(ValidationError)
   126  	now := TimeFunc().Unix()
   127  
   128  	if !m.VerifyExpiresAt(now, false) {
   129  		// TODO(oxisto): this should be replaced with ErrTokenExpired
   130  		vErr.Inner = errors.New("Token is expired")
   131  		vErr.Errors |= ValidationErrorExpired
   132  	}
   133  
   134  	if !m.VerifyIssuedAt(now, false) {
   135  		// TODO(oxisto): this should be replaced with ErrTokenUsedBeforeIssued
   136  		vErr.Inner = errors.New("Token used before issued")
   137  		vErr.Errors |= ValidationErrorIssuedAt
   138  	}
   139  
   140  	if !m.VerifyNotBefore(now, false) {
   141  		// TODO(oxisto): this should be replaced with ErrTokenNotValidYet
   142  		vErr.Inner = errors.New("Token is not valid yet")
   143  		vErr.Errors |= ValidationErrorNotValidYet
   144  	}
   145  
   146  	if vErr.valid() {
   147  		return nil
   148  	}
   149  
   150  	return vErr
   151  }
   152  

View as plain text