guildgate/token.go

package main

import (
	"errors"
	"log"
	"strings"
	"time"

	"github.com/dgrijalva/jwt-go"
)

type tokenClaim struct {
	Sponsor string `json:"sponsor_username"`
	jwt.StandardClaims
}

func generateToken(sponsor string) (string, error) {
	claim := tokenClaim{
		Sponsor: sponsor,
		StandardClaims: jwt.StandardClaims{
			ExpiresAt: time.Now().UTC().Unix() + 86400,
			Issuer:    "GuildGate",
		},
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)
	signedToken, err := token.SignedString([]byte(Conf.Secret))
	if err != nil {
		return "", err
	} else {
		return signedToken, nil
	}
}

func generatePasswordToken(sponsor string) (string, error) {
	claim := tokenClaim{
		Sponsor: sponsor,
		StandardClaims: jwt.StandardClaims{
			ExpiresAt: time.Now().UTC().Unix() + 3600,
			Issuer:    "GuildGate",
		},
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)
	signedToken, err := token.SignedString([]byte(Conf.Secret))
	if err != nil {
		return "", err
	} else {
		passwordTokenSet[signedToken] = true
		return signedToken, nil
	}
}

func validateToken(tok string, pass bool) (string, error) {
	token, err := jwt.ParseWithClaims(
		strings.TrimSpace(tok),
		&tokenClaim{},
		func(token *jwt.Token) (interface{}, error) {
			return []byte(Conf.Secret), nil
		},
	)
	if err != nil {
		return "", err
	}
	claims, ok := token.Claims.(*tokenClaim)
	if !ok {
		return "", errors.New("Invalid token sponsor passed")
	}
	if claims.ExpiresAt < time.Now().UTC().Unix() {
		return "", errors.New("Token has expired")
	}
	if pass {
		if !passwordTokenSet[tok] {
			return "", errors.New("Password token already used")
		} else {
			log.Printf("Valid Password token received; sponsored by %v\n", claims.Sponsor)
			delete(passwordTokenSet, tok)
			return claims.Sponsor, nil
		}
	}

	log.Printf("Valid token received; sponsored by %v\n", claims.Sponsor)
	return claims.Sponsor, nil
}