mirror of
https://github.com/coder/coder.git
synced 2025-07-03 16:13:58 +00:00
feat: add cache abstraction for fetching signing keys (#14777)
- Adds the database implementation for fetching and caching keys used for JWT signing. It's been merged into the `keyrotate` pkg and renamed to `cryptokeys` since they're coupled concepts.
This commit is contained in:
@ -1,6 +1,7 @@
|
||||
package database
|
||||
|
||||
import (
|
||||
"encoding/hex"
|
||||
"sort"
|
||||
"strconv"
|
||||
"time"
|
||||
@ -451,3 +452,18 @@ func (r GetAuthorizationUserRolesRow) RoleNames() ([]rbac.RoleIdentifier, error)
|
||||
func (k CryptoKey) ExpiresAt(keyDuration time.Duration) time.Time {
|
||||
return k.StartsAt.Add(keyDuration).UTC()
|
||||
}
|
||||
|
||||
func (k CryptoKey) DecodeString() ([]byte, error) {
|
||||
return hex.DecodeString(k.Secret.String)
|
||||
}
|
||||
|
||||
func (k CryptoKey) CanSign(now time.Time) bool {
|
||||
isAfterStart := !k.StartsAt.IsZero() && !now.Before(k.StartsAt)
|
||||
return isAfterStart && k.CanVerify(now)
|
||||
}
|
||||
|
||||
func (k CryptoKey) CanVerify(now time.Time) bool {
|
||||
hasSecret := k.Secret.Valid
|
||||
isBeforeDeletion := !k.DeletesAt.Valid || now.Before(k.DeletesAt.Time)
|
||||
return hasSecret && isBeforeDeletion
|
||||
}
|
||||
|
Reference in New Issue
Block a user