관리-도구
편집 파일: jwt_token.py
# coding=utf-8 # # Copyright © Cloud Linux GmbH & Cloud Linux Software, Inc 2010-2020 All Rights Reserved # # Licensed under CLOUD LINUX LICENSE AGREEMENT # http://cloudlinux.com/docs/LICENCE.TXT # from jwt import decode, exceptions from clcommon.lib.consts import DEFAULT_JWT_ES_TOKEN_PATH def read_jwt(jwt_path): with open(jwt_path, mode='rb') as f: token_string = f.read().strip() return token_string def decode_jwt(token_string, verify_exp=True): jwt_token = decode(token_string, algorithms=['HS256'], options={'require_exp': True, "verify_exp": verify_exp, "verify_iss": True, 'verify_signature': False}, issuer='CloudLinux') if 'exp' not in jwt_token: raise exceptions.MissingRequiredClaimError('exp') return jwt_token def jwt_token_check(): """ JWT token check :return: Tuple: success_flag, error_message, token_string success_flag: True/False - OK, JWT is valid/Error, invalid error_message: Error message token_string: Token string """ success_flag, error_message, token_string = True, "OK", None try: token_string = read_jwt(DEFAULT_JWT_ES_TOKEN_PATH) except (OSError, IOError): return False, f"JWT file {DEFAULT_JWT_ES_TOKEN_PATH} read error", None # JWT read success try: jwt_token = decode_jwt(token_string) if jwt_token.get("cl_plus") is None: success_flag, error_message, token_string = False, "JWT token format error", None elif not jwt_token.get("cl_plus"): success_flag, error_message, token_string = False, "JWT token doesn't have CL+ service", None except exceptions.InvalidIssuerError: success_flag, error_message, token_string = False, "JWT token issuer is invalid", None except exceptions.ExpiredSignatureError: success_flag, error_message, token_string = False, "JWT token expired", None except exceptions.PyJWTError: success_flag, error_message, token_string = False, "JWT token format error", None return success_flag, error_message, token_string