44 lines
940 B
Go
44 lines
940 B
Go
package cluster
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"errors"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
const joinTokenHashPrefix = "sha256:"
|
|
|
|
func generateJoinToken() (string, error) {
|
|
var random [32]byte
|
|
if _, err := rand.Read(random[:]); err != nil {
|
|
return "", err
|
|
}
|
|
return "rap_join_" + base64.RawURLEncoding.EncodeToString(random[:]), nil
|
|
}
|
|
|
|
func hashJoinToken(token string) (string, error) {
|
|
trimmed := strings.TrimSpace(token)
|
|
if trimmed == "" {
|
|
return "", errors.New("join token is required")
|
|
}
|
|
sum := sha256.Sum256([]byte(trimmed))
|
|
return joinTokenHashPrefix + hex.EncodeToString(sum[:]), nil
|
|
}
|
|
|
|
func isPlatformAdminRole(role string) bool {
|
|
return role == PlatformRoleAdmin || role == PlatformRoleRecoveryAdmin
|
|
}
|
|
|
|
func isAllowedNodeRole(role string) bool {
|
|
_, ok := allowedNodeRoles[role]
|
|
return ok
|
|
}
|
|
|
|
func defaultJoinTokenExpiry(now time.Time) time.Time {
|
|
return now.Add(30 * time.Minute)
|
|
}
|