-
Notifications
You must be signed in to change notification settings - Fork 348
Expand file tree
/
Copy pathdebug_auth.go
More file actions
139 lines (118 loc) · 3.52 KB
/
debug_auth.go
File metadata and controls
139 lines (118 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package root
import (
"encoding/json"
"fmt"
"io"
"time"
"github.com/golang-jwt/jwt/v5"
"github.com/spf13/cobra"
"github.com/docker/docker-agent/pkg/desktop"
"github.com/docker/docker-agent/pkg/telemetry"
)
// authInfo holds the parsed JWT authentication information.
type authInfo struct {
Token string `json:"token"`
Subject string `json:"subject,omitempty"`
Issuer string `json:"issuer,omitempty"`
IssuedAt time.Time `json:"issued_at,omitzero"`
ExpiresAt time.Time `json:"expires_at,omitzero"`
Expired bool `json:"expired"`
Username string `json:"username,omitempty"`
Email string `json:"email,omitempty"`
}
func newDebugAuthCmd() *cobra.Command {
var jsonOutput bool
cmd := &cobra.Command{
Use: "auth",
Short: "Print Docker Desktop authentication information",
Args: cobra.NoArgs,
RunE: func(cmd *cobra.Command, _ []string) (commandErr error) {
ctx := cmd.Context()
telemetry.TrackCommand(ctx, "debug", []string{"auth"})
defer func() { // do not inline this defer so that commandErr is not resolved early
telemetry.TrackCommandError(ctx, "debug", []string{"auth"}, commandErr)
}()
w := cmd.OutOrStdout()
token := desktop.GetToken(ctx)
if token == "" {
if jsonOutput {
return json.NewEncoder(w).Encode(map[string]string{
"error": "no token found (is Docker Desktop running and are you logged in?)",
})
}
fmt.Fprintln(w, "No token found. Is Docker Desktop running and are you logged in?")
return nil
}
info, err := parseAuthInfo(token)
if err != nil {
return fmt.Errorf("failed to parse JWT: %w", err)
}
userInfo := desktop.GetUserInfo(ctx)
info.Username = userInfo.Username
info.Email = userInfo.Email
if jsonOutput {
enc := json.NewEncoder(w)
enc.SetIndent("", " ")
return enc.Encode(info)
}
printAuthInfoText(w, info)
return nil
},
}
cmd.Flags().BoolVar(&jsonOutput, "json", false, "Output in JSON format")
return cmd
}
func parseAuthInfo(token string) (*authInfo, error) {
parsed, _, err := jwt.NewParser().ParseUnverified(token, jwt.MapClaims{})
if err != nil {
return nil, err
}
info := &authInfo{
Token: token,
}
if sub, err := parsed.Claims.GetSubject(); err == nil {
info.Subject = sub
}
if iss, err := parsed.Claims.GetIssuer(); err == nil {
info.Issuer = iss
}
if iat, err := parsed.Claims.GetIssuedAt(); err == nil && iat != nil {
info.IssuedAt = iat.Time
}
if exp, err := parsed.Claims.GetExpirationTime(); err == nil && exp != nil {
info.ExpiresAt = exp.Time
info.Expired = exp.Before(time.Now())
}
return info, nil
}
func printAuthInfoText(w io.Writer, info *authInfo) {
const previewLen = 10
if len(info.Token) <= previewLen*2 {
fmt.Fprintf(w, "Token: %s\n", info.Token)
} else {
fmt.Fprintf(w, "Token: %s...%s\n", info.Token[:previewLen], info.Token[len(info.Token)-previewLen:])
}
if info.Username != "" {
fmt.Fprintf(w, "Username: %s\n", info.Username)
}
if info.Email != "" {
fmt.Fprintf(w, "Email: %s\n", info.Email)
}
if info.Subject != "" {
fmt.Fprintf(w, "Subject: %s\n", info.Subject)
}
if info.Issuer != "" {
fmt.Fprintf(w, "Issuer: %s\n", info.Issuer)
}
if !info.IssuedAt.IsZero() {
fmt.Fprintf(w, "Issued at: %s\n", info.IssuedAt.Local().Format(time.RFC3339))
}
if !info.ExpiresAt.IsZero() {
fmt.Fprintf(w, "Expires at: %s\n", info.ExpiresAt.Local().Format(time.RFC3339))
}
if info.Expired {
fmt.Fprintln(w, "Status: ❌ Expired")
} else {
fmt.Fprintln(w, "Status: ✅ Valid")
}
}