debian-mirror-gitlab/lib/gitlab/conan_token.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

66 lines
1.8 KiB
Ruby
Raw Normal View History

2020-07-28 23:09:34 +05:30
# frozen_string_literal: true
# The Conan client uses a JWT for authenticating with remotes.
# This class encodes and decodes a user's personal access token or
# CI_JOB_TOKEN into a JWT that is used by the Conan client to
# authenticate with GitLab
module Gitlab
class ConanToken
2021-04-29 21:17:54 +05:30
HMAC_KEY = 'gitlab-conan-packages'
2021-06-08 01:23:25 +05:30
CONAN_TOKEN_EXPIRE_TIME = 1.day.freeze
2020-07-28 23:09:34 +05:30
attr_reader :access_token_id, :user_id
class << self
2022-05-03 16:02:30 +05:30
def from_personal_access_token(user_id, token)
new(access_token_id: token, user_id: user_id)
2020-07-28 23:09:34 +05:30
end
def from_job(job)
new(access_token_id: job.token, user_id: job.user.id)
end
def from_deploy_token(deploy_token)
new(access_token_id: deploy_token.token, user_id: deploy_token.username)
end
def decode(jwt)
payload = JSONWebToken::HMACToken.decode(jwt, secret).first
new(access_token_id: payload['access_token'], user_id: payload['user_id'])
rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature
# we return on expired and errored tokens because the Conan client
# will request a new token automatically.
end
def secret
OpenSSL::HMAC.hexdigest(
2021-03-11 19:13:27 +05:30
OpenSSL::Digest.new('SHA256'),
2020-07-28 23:09:34 +05:30
::Settings.attr_encrypted_db_key_base,
HMAC_KEY
)
end
end
def initialize(access_token_id:, user_id:)
@access_token_id = access_token_id
@user_id = user_id
end
def to_jwt
hmac_token.encoded
end
private
def hmac_token
JSONWebToken::HMACToken.new(self.class.secret).tap do |token|
token['access_token'] = access_token_id
token['user_id'] = user_id
2021-06-08 01:23:25 +05:30
token.expire_time = token.issued_at + CONAN_TOKEN_EXPIRE_TIME
2020-07-28 23:09:34 +05:30
end
end
end
end