-
Notifications
You must be signed in to change notification settings - Fork 1
/
usergetterproxy.go
62 lines (50 loc) · 1.48 KB
/
usergetterproxy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package security
import "net/http"
// UserGetterProxy switches between UserGetters depending on issuer/clientid of the token in the request.
type UserGetterProxy struct {
ugs map[string]UserGetter
defaultUG UserGetter
}
// UserGetterProxyOption defines the signature of init option-parameter
type UserGetterProxyOption func(ug *UserGetterProxy)
// NewUserGetterProxy creates a new UserGetterProxy with the given default UserGetter which is
// used if no other match is found.
func NewUserGetterProxy(defaultUG UserGetter, opts ...UserGetterProxyOption) *UserGetterProxy {
ugp := &UserGetterProxy{
ugs: make(map[string]UserGetter),
defaultUG: defaultUG,
}
for _, o := range opts {
o(ugp)
}
return ugp
}
// UserGetterProxyMapping adds the given UserGetter for the specified issuer/clientid combination that takes precedence
// over the default UserGetter if matched.
func UserGetterProxyMapping(issuer, clientid string, userGetter UserGetter) UserGetterProxyOption {
return func(ug *UserGetterProxy) {
ug.ugs[cacheKey(issuer, clientid)] = userGetter
}
}
func (u *UserGetterProxy) User(rq *http.Request) (*User, error) {
claims, err := ParseTokenClaimsUnvalidated(rq)
if err != nil {
return nil, err
}
issuer := claims.Issuer
aud := claims.Audience
var ug UserGetter
for _, clientID := range aud {
ug = u.ugs[cacheKey(issuer, clientID)]
if ug != nil {
break
}
}
if ug == nil {
ug = u.defaultUG
}
if ug == nil {
return nil, nil
}
return ug.User(rq)
}