2015-11-02 21:02:50 +00:00
|
|
|
-- Token authentication
|
|
|
|
|
-- Copyright (C) 2015 Atlassian
|
|
|
|
|
|
2016-08-02 17:34:32 +00:00
|
|
|
local jwt = require "luajwtjitsi";
|
2015-11-02 21:02:50 +00:00
|
|
|
|
|
|
|
|
local _M = {};
|
|
|
|
|
|
2016-08-23 19:42:49 +00:00
|
|
|
local function _verify_token(token, appId, appSecret, disableRoomNameConstraints)
|
2015-11-02 21:02:50 +00:00
|
|
|
|
2015-12-22 18:51:43 +00:00
|
|
|
local claims, err = jwt.decode(token, appSecret, true);
|
2015-11-18 18:49:36 +00:00
|
|
|
if claims == nil then
|
|
|
|
|
return nil, err;
|
2015-11-02 21:02:50 +00:00
|
|
|
end
|
|
|
|
|
|
2016-07-18 18:27:14 +00:00
|
|
|
local alg = claims["alg"];
|
|
|
|
|
if alg ~= nil and (alg == "none" or alg == "") then
|
|
|
|
|
return nil, "'alg' claim must not be empty";
|
|
|
|
|
end
|
|
|
|
|
|
2015-11-18 18:49:36 +00:00
|
|
|
local issClaim = claims["iss"];
|
|
|
|
|
if issClaim == nil then
|
2016-04-20 21:37:36 +00:00
|
|
|
return nil, "'iss' claim is missing";
|
2015-11-02 21:02:50 +00:00
|
|
|
end
|
2015-11-18 18:49:36 +00:00
|
|
|
if issClaim ~= appId then
|
|
|
|
|
return nil, "Invalid application ID('iss' claim)";
|
2015-11-02 21:02:50 +00:00
|
|
|
end
|
|
|
|
|
|
2015-11-18 18:49:36 +00:00
|
|
|
local roomClaim = claims["room"];
|
2016-06-13 21:11:44 +00:00
|
|
|
if roomClaim == nil and disableRoomNameConstraints ~= true then
|
2016-04-20 21:37:36 +00:00
|
|
|
return nil, "'room' claim is missing";
|
2015-11-18 18:49:36 +00:00
|
|
|
end
|
2015-12-22 18:51:43 +00:00
|
|
|
|
2015-11-18 18:49:36 +00:00
|
|
|
return true;
|
2015-11-02 21:02:50 +00:00
|
|
|
end
|
|
|
|
|
|
2016-08-23 19:42:49 +00:00
|
|
|
function _M.verify_token(token, appId, appSecret, disableRoomNameConstraints)
|
|
|
|
|
return _verify_token(token, appId, appSecret, disableRoomNameConstraints);
|
2015-11-02 21:02:50 +00:00
|
|
|
end
|
|
|
|
|
|
2016-06-13 21:11:44 +00:00
|
|
|
return _M;
|
