-
Notifications
You must be signed in to change notification settings - Fork 64
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
66 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,7 +3,7 @@ | |
|
|
||
| CREATE OR REPLACE FUNCTION url_encode(data bytea) RETURNS text LANGUAGE sql AS $$ | ||
| SELECT translate(encode(data, 'base64'), E'+/=\n', '-_'); | ||
| $$; | ||
| $$ IMMUTABLE; | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION url_decode(data text) RETURNS bytea LANGUAGE sql AS $$ | ||
|
|
@@ -15,7 +15,7 @@ WITH t AS (SELECT translate(data, '-_', '+/') AS trans), | |
| THEN repeat('=', (4 - rem.remainder)) | ||
| ELSE '' END, | ||
| 'base64') FROM t, rem; | ||
| $$; | ||
| $$ IMMUTABLE; | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION algorithm_sign(signables text, secret text, algorithm text) | ||
|
|
@@ -28,7 +28,7 @@ WITH | |
| WHEN algorithm = 'HS512' THEN 'sha512' | ||
| ELSE '' END AS id) -- hmac throws error | ||
| SELECT @[email protected]_encode(@[email protected](signables, secret, alg.id)) FROM alg; | ||
| $$; | ||
| $$ IMMUTABLE; | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION sign(payload json, secret text, algorithm text DEFAULT 'HS256') | ||
|
|
@@ -46,7 +46,7 @@ WITH | |
| SELECT | ||
| signables.data || '.' || | ||
| @[email protected]_sign(signables.data, secret, algorithm) FROM signables; | ||
| $$; | ||
| $$ IMMUTABLE; | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION verify(token text, secret text, algorithm text DEFAULT 'HS256') | ||
|
|
@@ -56,4 +56,4 @@ RETURNS table(header json, payload json, valid boolean) LANGUAGE sql AS $$ | |
| convert_from(@[email protected]_decode(r[2]), 'utf8')::json AS payload, | ||
| r[3] = @[email protected]_sign(r[1] || '.' || r[2], secret, algorithm) AS valid | ||
| FROM regexp_split_to_array(token, '\.') r; | ||
| $$; | ||
| $$ IMMUTABLE; | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| \echo Use "CREATE EXTENSION pgjwt" to load this file. \quit | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION url_encode(data bytea) RETURNS text LANGUAGE sql AS $$ | ||
| SELECT translate(encode(data, 'base64'), E'+/=\n', '-_'); | ||
| $$ IMMUTABLE; | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION url_decode(data text) RETURNS bytea LANGUAGE sql AS $$ | ||
| WITH t AS (SELECT translate(data, '-_', '+/') AS trans), | ||
| rem AS (SELECT length(t.trans) % 4 AS remainder FROM t) -- compute padding size | ||
| SELECT decode( | ||
| t.trans || | ||
| CASE WHEN rem.remainder > 0 | ||
| THEN repeat('=', (4 - rem.remainder)) | ||
| ELSE '' END, | ||
| 'base64') FROM t, rem; | ||
| $$ IMMUTABLE; | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION algorithm_sign(signables text, secret text, algorithm text) | ||
| RETURNS text LANGUAGE sql AS $$ | ||
| WITH | ||
| alg AS ( | ||
| SELECT CASE | ||
| WHEN algorithm = 'HS256' THEN 'sha256' | ||
| WHEN algorithm = 'HS384' THEN 'sha384' | ||
| WHEN algorithm = 'HS512' THEN 'sha512' | ||
| ELSE '' END AS id) -- hmac throws error | ||
| SELECT @[email protected]_encode(@[email protected](signables, secret, alg.id)) FROM alg; | ||
| $$ IMMUTABLE; | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION sign(payload json, secret text, algorithm text DEFAULT 'HS256') | ||
| RETURNS text LANGUAGE sql AS $$ | ||
| WITH | ||
| header AS ( | ||
| SELECT @[email protected]_encode(convert_to('{"alg":"' || algorithm || '","typ":"JWT"}', 'utf8')) AS data | ||
| ), | ||
| payload AS ( | ||
| SELECT @[email protected]_encode(convert_to(payload::text, 'utf8')) AS data | ||
| ), | ||
| signables AS ( | ||
| SELECT header.data || '.' || payload.data AS data FROM header, payload | ||
| ) | ||
| SELECT | ||
| signables.data || '.' || | ||
| @[email protected]_sign(signables.data, secret, algorithm) FROM signables; | ||
| $$ IMMUTABLE; | ||
|
|
||
|
|
||
| CREATE OR REPLACE FUNCTION verify(token text, secret text, algorithm text DEFAULT 'HS256') | ||
| RETURNS table(header json, payload json, valid boolean) LANGUAGE sql AS $$ | ||
| SELECT | ||
| convert_from(@[email protected]_decode(r[1]), 'utf8')::json AS header, | ||
| convert_from(@[email protected]_decode(r[2]), 'utf8')::json AS payload, | ||
| r[3] = @[email protected]_sign(r[1] || '.' || r[2], secret, algorithm) AS valid | ||
| FROM regexp_split_to_array(token, '\.') r; | ||
| $$ IMMUTABLE; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| # pgjwt extension | ||
| comment = 'JSON Web Token API for Postgresql' | ||
| default_version = '0.1.0' | ||
| default_version = '0.1.1' | ||
| relocatable = false | ||
| requires = pgcrypto |