]>
Commit | Line | Data |
---|---|---|
7a9e5112 | 1 | package api |
2 | ||
3 | import ( | |
4 | "fmt" | |
5 | "strings" | |
6 | "time" | |
7 | ||
8 | "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db" | |
9 | ||
10 | "github.com/dgrijalva/jwt-go" | |
11 | "github.com/gin-gonic/gin" | |
12 | ) | |
13 | ||
14 | // Static secret. | |
15 | var JWT_SECRET []byte | |
16 | ||
17 | type JwtClaims struct { | |
18 | Authorized bool `json:"authorized"` | |
19 | Subject int64 `json:"sub,omitempty"` | |
20 | jwt.StandardClaims | |
21 | } | |
22 | ||
7a9e5112 | 23 | func VerifyJwtToken(token string) (JwtClaims, error) { |
24 | if len(JWT_SECRET) == 0 { | |
25 | return JwtClaims{}, fmt.Errorf("not initialized jwt secret") | |
26 | } | |
27 | ||
28 | t, err := jwt.ParseWithClaims(token, &JwtClaims{}, func(t *jwt.Token) (interface{}, error) { | |
29 | if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok { | |
30 | return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"]) | |
31 | } | |
32 | ||
33 | return JWT_SECRET, nil | |
34 | }) | |
35 | ||
36 | claims, ok := t.Claims.(*JwtClaims) | |
37 | ||
38 | if !ok || !t.Valid || err != nil { | |
39 | return JwtClaims{}, fmt.Errorf("invalid token (err: %v, claimsok: %v)", err, ok) | |
40 | } | |
41 | ||
42 | return *claims, nil | |
43 | } | |
44 | ||
45 | func SignJwt(claims JwtClaims) (string, error) { | |
46 | if len(JWT_SECRET) == 0 { | |
47 | return "", fmt.Errorf("not initialized jwt secret") | |
48 | } | |
49 | ||
50 | token := jwt.NewWithClaims(jwt.SigningMethodHS256, &claims) | |
51 | ||
52 | return token.SignedString(JWT_SECRET) | |
53 | } | |
54 | ||
55 | func CreateJwtToken(userId int64) (string, error) { | |
56 | claims := JwtClaims{ | |
57 | false, | |
58 | userId, | |
59 | jwt.StandardClaims{ | |
1fc43bfa | 60 | ExpiresAt: time.Now().Add(time.Hour * 24 * 7).Unix(), |
7a9e5112 | 61 | }, |
62 | } | |
63 | ||
64 | return SignJwt(claims) | |
65 | } | |
66 | ||
67 | func GetBearerToken(header string) (string, error) { | |
68 | const prefix = "Bearer " | |
69 | ||
70 | if !strings.HasPrefix(header, prefix) { | |
71 | return "", fmt.Errorf("invalid authorization token") | |
72 | } | |
73 | ||
74 | return header[len(prefix):], nil | |
75 | } | |
76 | ||
77 | func JwtAuth(c *gin.Context) *Error { | |
78 | token, err := GetBearerToken(c.GetHeader("Authorization")) | |
79 | if err != nil { | |
80 | return &Error{NotAuthorized, "not authorized", err} | |
81 | } | |
82 | ||
83 | claims, err := VerifyJwtToken(token) | |
84 | if err != nil { | |
85 | return &Error{NotAuthorized, "not authorized", err} | |
86 | } | |
87 | ||
88 | user, err := db.GetUserById(claims.Subject) | |
89 | if err != nil { | |
90 | return &Error{NotAuthorized, "not authorized", err} | |
91 | } | |
92 | ||
93 | c.Set("user", *user) | |
94 | c.Set("claims", claims) | |
95 | ||
96 | return nil | |
97 | } | |
98 | ||
99 | func GetClaims(c *gin.Context) JwtClaims { | |
100 | claims, _ := c.Get("claims") | |
101 | ||
102 | return claims.(JwtClaims) | |
103 | } |