diff options
Diffstat (limited to 'go/vendor/gitlab.com/gitlab-org/gitaly/auth/rpccredentials.go')
-rw-r--r-- | go/vendor/gitlab.com/gitlab-org/gitaly/auth/rpccredentials.go | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/go/vendor/gitlab.com/gitlab-org/gitaly/auth/rpccredentials.go b/go/vendor/gitlab.com/gitlab-org/gitaly/auth/rpccredentials.go index cbe94c2..c35cd4d 100644 --- a/go/vendor/gitlab.com/gitlab-org/gitaly/auth/rpccredentials.go +++ b/go/vendor/gitlab.com/gitlab-org/gitaly/auth/rpccredentials.go @@ -2,6 +2,9 @@ package gitalyauth import ( "encoding/base64" + "fmt" + "strconv" + "time" "golang.org/x/net/context" "google.golang.org/grpc/credentials" @@ -23,3 +26,31 @@ func (*rpcCredentials) RequireTransportSecurity() bool { return false } func (rc *rpcCredentials) GetRequestMetadata(context.Context, ...string) (map[string]string, error) { return map[string]string{"authorization": "Bearer " + rc.token}, nil } + +// RPCCredentialsV2 can be used with grpc.WithPerRPCCredentials to create a +// grpc.DialOption that inserts an HMAC token with the current timestamp +// for authentication with a Gitaly server. +func RPCCredentialsV2(token string) credentials.PerRPCCredentials { + return &rpcCredentialsV2{token: token} +} + +type rpcCredentialsV2 struct { + token string +} + +func (*rpcCredentialsV2) RequireTransportSecurity() bool { return false } + +func (rc *rpcCredentialsV2) GetRequestMetadata(context.Context, ...string) (map[string]string, error) { + return map[string]string{"authorization": "Bearer " + rc.hmacToken()}, nil +} + +func (rc *rpcCredentialsV2) hmacToken() string { + return hmacToken("v2", []byte(rc.token), time.Now()) +} + +func hmacToken(version string, secret []byte, timestamp time.Time) string { + intTime := timestamp.Unix() + signedTimestamp := hmacSign(secret, strconv.FormatInt(intTime, 10)) + + return fmt.Sprintf("%s.%x.%d", version, signedTimestamp, intTime) +} |