46 lines
894 B
Go
46 lines
894 B
Go
package auth
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/lestrrat-go/jwx/jwt"
|
|
)
|
|
|
|
const (
|
|
scopeDelimiter = " "
|
|
)
|
|
|
|
// CheckJwtScope verifies if required scope is in claim
|
|
// We're using interface{} and casting it if needed to simplify usage of the fn by directly
|
|
// using it with map[string]interface{} claims type
|
|
func CheckJwtScope(token jwt.Token, required ...string) bool {
|
|
if token == nil {
|
|
return false
|
|
}
|
|
|
|
scopeClaimRaw, has := token.Get("scope")
|
|
if !has {
|
|
return false
|
|
}
|
|
|
|
scopeClaim, ok := scopeClaimRaw.(string)
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
return CheckScope(scopeClaim, required...)
|
|
}
|
|
|
|
func CheckScope(scope string, required ...string) bool {
|
|
scope = scopeDelimiter + strings.TrimSpace(scope) + scopeDelimiter
|
|
|
|
for _, req := range required {
|
|
req = scopeDelimiter + strings.TrimSpace(req) + scopeDelimiter
|
|
if strings.Contains(scope, req) {
|
|
return true
|
|
}
|
|
}
|
|
|
|
return false
|
|
}
|