def _make_access_token(self, request: HttpRequest, tokenreq: _TokenRequest,
rightnow: datetime.datetime, perms: TokenPermissions, for_user: MNUser) -> Dict[str, Any]:
# TODO: figure out if we need to support more than one access scope
# This implementation is based around this article, that, among other things,
# describes the "kid" field required by Docker. The JWK implementation provided
# by jwcrypto doesn't seem to work.
# https://umbrella.cisco.com/blog/blog/2016/02/23/implementing-oauth-for-registry-v2/
_x = [] # type: List[str]
jwtobj = {
'exp': int((rightnow + datetime.timedelta(minutes=2)).timestamp()),
'nbf': int((rightnow - datetime.timedelta(seconds=1)).timestamp()),
'iat': int(rightnow.timestamp()),
'iss': request.get_host(),
'aud': tokenreq.service,
'sub': str(for_user.pk),
'access': [{
"type": perms.type,
"name": perms.path,
"actions": _x + (["push"] if perms.push else []) +
(["pull"] if perms.pull else []) +
(["login"] if perms.type == "login" else [])
}]
} # type: Dict[str, Union[str, int, List[Dict[str, Union[str, List[str]]]]]]
return jwtobj
评论列表
文章目录
