VladPolskiy/gitlabhq
1
0
Fork 0
mirror of https://github.com/gitlabhq/gitlabhq.git synced 2025-07-25 17:08:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
gitlabhq/lib/gitlab/conan_token.rb
GitLab Bot 094a8a9701 Add latest changes from gitlab-org/gitlab@master
2025-04-07 09:11:33 +00:00

71 lines
2.2 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
# The Conan client uses a JWT for authenticating with remotes.
# This class encodes and decodes a user's personal access token or
# CI_JOB_TOKEN into a JWT that is used by the Conan client to
# authenticate with GitLab
module Gitlab
class ConanToken
HMAC_KEY = 'gitlab-conan-packages'
MAX_CONAN_TOKEN_EXPIRE_TIME = 3.months.freeze
attr_reader :access_token_id, :user_id, :expire_at
class << self
def from_personal_access_token(token_id, personal_token)
return unless personal_token&.active?
new(access_token_id: token_id, user_id: personal_token.user_id,
expire_at: personal_token.expires_at&.at_beginning_of_day)
end
def from_job(job)
return unless job&.running?
new(access_token_id: job.token, user_id: job.user.id, expire_at: job.project.build_timeout.seconds.from_now)
end
def from_deploy_token(deploy_token)
new(access_token_id: deploy_token.token, user_id: deploy_token.username, expire_at: deploy_token.expires_at)
end
def decode(jwt)
payload = JSONWebToken::HMACToken.decode(jwt, secret).first
new(access_token_id: payload['access_token'], user_id: payload['user_id'])
rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature
# we return on expired and errored tokens because the Conan client
# will request a new token automatically.
end
def secret
OpenSSL::HMAC.hexdigest(
OpenSSL::Digest.new('SHA256'),
::Gitlab::Encryption::KeyProvider[:db_key_base].encryption_key.secret,
HMAC_KEY
)
end
end
def initialize(access_token_id:, user_id:, expire_at: nil)
@access_token_id = access_token_id
@user_id = user_id
@expire_at = [expire_at, MAX_CONAN_TOKEN_EXPIRE_TIME.from_now].select(&:present?).min
end
def to_jwt
hmac_token.encoded
end
private
def hmac_token
JSONWebToken::HMACToken.new(self.class.secret).tap do |token|
token['access_token'] = access_token_id
token['user_id'] = user_id
token.expire_time = expire_at
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink