| 1234567891011121314151617181920212223242526272829303132333435363738 |
- -- Token authentication
- -- Copyright (C) 2015 Atlassian
-
- local jwt = require "luajwt";
-
- local _M = {};
-
- local function verify_password_impl(password, appId, appSecret, roomName)
-
- local claims, err = jwt.decode(password, appSecret, true);
- if claims == nil then
- return nil, err;
- end
-
- local issClaim = claims["iss"];
- if issClaim == nil then
- return nil, "Issuer field is missing";
- end
- if issClaim ~= appId then
- return nil, "Invalid application ID('iss' claim)";
- end
-
- local roomClaim = claims["room"];
- if roomClaim == nil then
- return nil, "Room field is missing";
- end
- if roomName ~= nil and roomName ~= roomClaim then
- return nil, "Invalid room name('room' claim)";
- end
-
- return true;
- end
-
- function _M.verify_password(password, appId, appSecret, roomName)
- return verify_password_impl(password, appId, appSecret, roomName);
- end
-
- return _M;
|
