first commit

1 month ago · 0fe1bd0b4d
11 changed files with 210 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,34 @@
 name: cognito-token-checker
 kind: pipeline
 type: docker
 steps:
  - name: docker-test
    image: plugins/docker
    settings:
      auto_tag: true
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
      repo: r.vmaple.dev/red/server
      registry: r.vmaple.dev
      dry_run: true
    when:
      event:
        exclude:
          - tag
  - name: docker-tag
    image: plugins/docker
    settings:
      auto_tag: true
      username:
        from_secret: docker_username
      password:
        from_secret: docker_password
      repo: r.vmaple.dev/stian/cognito-token-checker
      registry: r.vmaple.dev
    when:
      event:
        - tag
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 checker
 *.json
--- a/.idea/.gitignore
+++ b/.idea/.gitignore
@ -0,0 +1,8 @@
 # Default ignored files
 /shelf/
 /workspace.xml
 # Editor-based HTTP Client requests
 /httpRequests/
 # Datasource local storage ignored files
 /dataSources/
 /dataSources.local.xml
--- a/.idea/cognito-token-checker.iml
+++ b/.idea/cognito-token-checker.iml
@ -0,0 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <module type="WEB_MODULE" version="4">
  <component name="Go" enabled="true" />
  <component name="NewModuleRootManager">
    <content url="file://$MODULE_DIR$" />
    <orderEntry type="inheritedJdk" />
    <orderEntry type="sourceFolder" forTests="false" />
  </component>
 </module>
--- a/.idea/modules.xml
+++ b/.idea/modules.xml
@ -0,0 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="ProjectModuleManager">
    <modules>
      <module fileurl="file://$PROJECT_DIR$/.idea/cognito-token-checker.iml" filepath="$PROJECT_DIR$/.idea/cognito-token-checker.iml" />
    </modules>
  </component>
 </project>
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@ -0,0 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
  <component name="VcsDirectoryMappings">
    <mapping directory="$PROJECT_DIR$" vcs="Git" />
  </component>
 </project>
--- a/14
+++ b/14
@ -0,0 +1,14 @@
 FROM golang:1.23 AS build
 WORKDIR /build
 ENV CGO_ENABLED 0
 COPY . .
 RUN go build -ldflags "-w -s" -o checker main.go
 FROM alpine:3.20.1 AS run
 COPY --from=build /build/checker /bin/checker
 CMD checker
--- a/README.md
+++ b/README.md
@ -0,0 +1,18 @@
 # Cognito token checker
 Environment variables:
 - `COGNITO_REGION`
 - `COGNITO_POOL_ID`
 Location in docker container
 - `/bin/checker`
 Example:
 ```bash
 FILE=/tmp/token-123
 verifier $FILE
 echo "$FILE.json" | jq
 ```
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,7 @@
 module git.aiterp.net/stian/cognito-token-checker
 go 1.23
 require github.com/MicahParks/keyfunc v1.9.0
 require github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,4 @@
 github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o=
 github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw=
 github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
--- a/main.go
+++ b/main.go
@ -0,0 +1,100 @@
 package main
 import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
 	"github.com/MicahParks/keyfunc"
 	"github.com/golang-jwt/jwt/v4"
 	"os"
 	"strings"
 )
 func main() {
 	region := os.Getenv("COGNITO_REGION")
 	poolId := os.Getenv("COGNITO_POOL_ID")
 	url := "https://cognito-idp." + region + ".amazonaws.com/" + poolId + "/.well-known/jwks.json"
 	tokenFile := os.Args[1]
 	tokenBytes, err := os.ReadFile(tokenFile)
 	if err != nil {
 		writeError(tokenFile, err)
 		return
 	}
 	token := string(tokenBytes)
 	jwks, err := keyfunc.Get(url, keyfunc.Options{})
 	if err != nil {
 		writeError(tokenFile, err)
 		return
 	}
 	parsed, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {
 		return jwks.Keyfunc(t)
 	})
 	if err != nil {
 		writeError(tokenFile, err)
 		return
 	}
 	err = parsed.Claims.Valid()
 	if err != nil {
 		writeError(tokenFile, err)
 		return
 	}
 	parts := strings.Split(parsed.Raw, ".")
 	payload := parts[1]
 	jsonPayload, err := base64.RawURLEncoding.DecodeString(payload)
 	if err != nil {
 		writeError(tokenFile, err)
 		return
 	}
 	var payloadData struct {
 		Sub string `json:"sub"`
 		Exp int    `json:"exp"`
 	}
 	err = json.NewDecoder(bytes.NewReader(jsonPayload)).Decode(&payloadData)
 	if err != nil {
 		writeError(tokenFile, err)
 		return
 	}
 	writeResult(tokenFile, Result{
 		Success: true,
 		Sub:     payloadData.Sub,
 		Expiry:  payloadData.Exp,
 	})
 }
 func writeResult(fileName string, result Result) {
 	_ = os.Remove(fileName + ".json")
 	file, err := os.OpenFile(fileName+".json", os.O_CREATE|os.O_WRONLY, 0644)
 	if err != nil {
 		panic(err)
 	}
 	data, err := json.Marshal(result)
 	if err != nil {
 		panic(err)
 	}
 	_, err = file.Write(data)
 	if err != nil {
 		panic(err)
 	}
 }
 func writeError(fileName string, err error) {
 	writeResult(fileName, Result{Error: err.Error()})
 }
 type Result struct {
 	Success bool   `json:"success"`
 	Error   string `json:"error"`
 	Sub     string `json:"sub"`
 	Expiry  int    `json:"exp"`
 }