update

Signed-off-by: hongming <talonwan@yunify.com>

pkg/api/auth/token/issuer.go

@@ -1,10 +0,0 @@
-package token
-
-// Issuer issues token to user, tokens are required to perform mutating requests to resources
-type Issuer interface {
-	// IssueTo issues a token a User, return error if issuing process failed
-	IssueTo(User) (string, error)
-
-	// Verify verifies a token, and return a User if it's a valid token, otherwise return error
-	Verify(string) (User, error)
-}

pkg/api/auth/token/jwt.go

@@ -1,77 +0,0 @@
-package token
-
-import (
-	"fmt"
-	"github.com/dgrijalva/jwt-go"
-	"kubesphere.io/kubesphere/pkg/api/iam"
-	"kubesphere.io/kubesphere/pkg/server/errors"
-	"time"
-)
-
-const DefaultIssuerName = "kubesphere"
-
-var errInvalidToken = errors.New("invalid token")
-
-type claims struct {
-	Username string `json:"username"`
-	UID      string `json:"uid"`
-	Email    string `json:"email"`
-	// Currently, we are not using any field in jwt.StandardClaims
-	jwt.StandardClaims
-}
-
-type jwtTokenIssuer struct {
-	name    string
-	secret  []byte
-	keyFunc jwt.Keyfunc
-}
-
-func (s *jwtTokenIssuer) Verify(tokenString string) (User, error) {
-	if len(tokenString) == 0 {
-		return nil, errInvalidToken
-	}
-
-	clm := &claims{}
-
-	_, err := jwt.ParseWithClaims(tokenString, clm, s.keyFunc)
-	if err != nil {
-		return nil, err
-	}
-
-	return &iam.User{Name: clm.Username, UID: clm.UID, Email: clm.Email}, nil
-}
-
-func (s *jwtTokenIssuer) IssueTo(user User) (string, error) {
-	clm := &claims{
-		Username: user.GetName(),
-		UID:      user.GetUID(),
-		Email:    user.GetEmail(),
-		StandardClaims: jwt.StandardClaims{
-			IssuedAt:  time.Now().Unix(),
-			Issuer:    s.name,
-			NotBefore: time.Now().Unix(),
-		},
-	}
-
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, clm)
-	tokenString, err := token.SignedString(s.secret)
-	if err != nil {
-		return "", err
-	}
-
-	return tokenString, nil
-}
-
-func NewJwtTokenIssuer(issuerName string, secret []byte) Issuer {
-	return &jwtTokenIssuer{
-		name:   issuerName,
-		secret: secret,
-		keyFunc: func(token *jwt.Token) (i interface{}, err error) {
-			if _, ok := token.Method.(*jwt.SigningMethodHMAC); ok {
-				return secret, nil
-			} else {
-				return nil, fmt.Errorf("expect token signed with HMAC but got %v", token.Header["alg"])
-			}
-		},
-	}
-}

pkg/api/auth/token/jwt_test.go

@@ -1,52 +0,0 @@
-package token
-
-import (
-	"github.com/google/go-cmp/cmp"
-	"kubesphere.io/kubesphere/pkg/api/iam"
-	"testing"
-)
-
-func TestJwtTokenIssuer(t *testing.T) {
-	issuer := NewJwtTokenIssuer(DefaultIssuerName, []byte("kubesphere"))
-
-	testCases := []struct {
-		description string
-		name        string
-		uid         string
-		email       string
-	}{
-		{
-			name:  "admin",
-			uid:   "b8be6edd-2c92-4535-9b2a-df6326474458",
-			email: "admin@kubesphere.io",
-		},
-		{
-			name:  "bar",
-			uid:   "b8be6edd-2c92-4535-9b2a-df6326474452",
-			email: "bar@kubesphere.io",
-		},
-	}
-
-	for _, testCase := range testCases {
-		user := &iam.User{
-			Name: testCase.name,
-			UID:  testCase.uid,
-		}
-
-		t.Run(testCase.description, func(t *testing.T) {
-			token, err := issuer.IssueTo(user)
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			got, err := issuer.Verify(token)
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			if diff := cmp.Diff(user, got); len(diff) != 0 {
-				t.Errorf("%T differ (-got, +expected), %s", user, diff)
-			}
-		})
-	}
-}

pkg/api/auth/token/user.go

@@ -1,12 +0,0 @@
-package token
-
-type User interface {
-	// Name
-	GetName() string
-
-	// UID
-	GetUID() string
-
-	// Email
-	GetEmail() string
-}