first commit

1 month ago · 0fe1bd0b4d
11 changed files with 210 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,34 @@
+name: cognito-token-checker
+
+kind: pipeline
+type: docker
+
+steps:
+  - name: docker-test
+    image: plugins/docker
+    settings:
+      auto_tag: true
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo: r.vmaple.dev/red/server
+      registry: r.vmaple.dev
+      dry_run: true
+    when:
+      event:
+        exclude:
+          - tag
+  - name: docker-tag
+    image: plugins/docker
+    settings:
+      auto_tag: true
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo: r.vmaple.dev/stian/cognito-token-checker
+      registry: r.vmaple.dev
+    when:
+      event:
+        - tag
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+checker
+*.json
--- a/.idea/.gitignore
+++ b/.idea/.gitignore
@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
--- a/.idea/cognito-token-checker.iml
+++ b/.idea/cognito-token-checker.iml
@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="Go" enabled="true" />
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
--- a/.idea/modules.xml
+++ b/.idea/modules.xml
@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/cognito-token-checker.iml" filepath="$PROJECT_DIR$/.idea/cognito-token-checker.iml" />
+    </modules>
+  </component>
+</project>
--- a/.idea/vcs.xml
+++ b/.idea/vcs.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>
--- a/14
+++ b/14
@ -0,0 +1,14 @@
+FROM golang:1.23 AS build
+
+WORKDIR /build
+
+ENV CGO_ENABLED 0
+
+COPY . .
+
+RUN go build -ldflags "-w -s" -o checker main.go
+
+FROM alpine:3.20.1 AS run
+COPY --from=build /build/checker /bin/checker
+
+CMD checker
--- a/README.md
+++ b/README.md
@ -0,0 +1,18 @@
+# Cognito token checker
+
+Environment variables:
+
+- `COGNITO_REGION`
+- `COGNITO_POOL_ID`
+
+Location in docker container
+
+- `/bin/checker`
+
+Example:
+
+```bash
+FILE=/tmp/token-123
+verifier $FILE
+echo "$FILE.json" | jq
+```
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,7 @@
+module git.aiterp.net/stian/cognito-token-checker
+
+go 1.23
+
+require github.com/MicahParks/keyfunc v1.9.0
+
+require github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,4 @@
+github.com/MicahParks/keyfunc v1.9.0 h1:lhKd5xrFHLNOWrDc4Tyb/Q1AJ4LCzQ48GVJyVIID3+o=
+github.com/MicahParks/keyfunc v1.9.0/go.mod h1:IdnCilugA0O/99dW+/MkvlyrsX8+L8+x95xuVNtM5jw=
+github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
+github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
--- a/main.go
+++ b/main.go
@ -0,0 +1,100 @@
+package main
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"github.com/MicahParks/keyfunc"
+	"github.com/golang-jwt/jwt/v4"
+	"os"
+	"strings"
+)
+
+func main() {
+	region := os.Getenv("COGNITO_REGION")
+	poolId := os.Getenv("COGNITO_POOL_ID")
+
+	url := "https://cognito-idp." + region + ".amazonaws.com/" + poolId + "/.well-known/jwks.json"
+	tokenFile := os.Args[1]
+
+	tokenBytes, err := os.ReadFile(tokenFile)
+	if err != nil {
+		writeError(tokenFile, err)
+		return
+	}
+	token := string(tokenBytes)
+
+	jwks, err := keyfunc.Get(url, keyfunc.Options{})
+	if err != nil {
+		writeError(tokenFile, err)
+		return
+	}
+
+	parsed, err := jwt.Parse(token, func(t *jwt.Token) (interface{}, error) {
+		return jwks.Keyfunc(t)
+	})
+	if err != nil {
+		writeError(tokenFile, err)
+		return
+	}
+
+	err = parsed.Claims.Valid()
+	if err != nil {
+		writeError(tokenFile, err)
+		return
+	}
+
+	parts := strings.Split(parsed.Raw, ".")
+	payload := parts[1]
+	jsonPayload, err := base64.RawURLEncoding.DecodeString(payload)
+	if err != nil {
+		writeError(tokenFile, err)
+		return
+	}
+
+	var payloadData struct {
+		Sub string `json:"sub"`
+		Exp int    `json:"exp"`
+	}
+	err = json.NewDecoder(bytes.NewReader(jsonPayload)).Decode(&payloadData)
+	if err != nil {
+		writeError(tokenFile, err)
+		return
+	}
+
+	writeResult(tokenFile, Result{
+		Success: true,
+		Sub:     payloadData.Sub,
+		Expiry:  payloadData.Exp,
+	})
+}
+
+func writeResult(fileName string, result Result) {
+	_ = os.Remove(fileName + ".json")
+
+	file, err := os.OpenFile(fileName+".json", os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		panic(err)
+	}
+
+	data, err := json.Marshal(result)
+	if err != nil {
+		panic(err)
+	}
+
+	_, err = file.Write(data)
+	if err != nil {
+		panic(err)
+	}
+}
+
+func writeError(fileName string, err error) {
+	writeResult(fileName, Result{Error: err.Error()})
+}
+
+type Result struct {
+	Success bool   `json:"success"`
+	Error   string `json:"error"`
+	Sub     string `json:"sub"`
+	Expiry  int    `json:"exp"`
+}