[perso/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front.git] / api / auth_jwt.go

package api

import (
	"fmt"
	"strings"
	"time"

	"immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db"

	"github.com/dgrijalva/jwt-go"
	"github.com/gin-gonic/gin"
)

// Static secret.
var JWT_SECRET []byte

type JwtClaims struct {
	Authorized bool  `json:"authorized"`
	Subject    int64 `json:"sub,omitempty"`
	jwt.StandardClaims
}

func SetJwtSecretKey(secret string) {
	JWT_SECRET = []byte(secret)
}

func VerifyJwtToken(token string) (JwtClaims, error) {
	if len(JWT_SECRET) == 0 {
		return JwtClaims{}, fmt.Errorf("not initialized jwt secret")
	}

	t, err := jwt.ParseWithClaims(token, &JwtClaims{}, func(t *jwt.Token) (interface{}, error) {
		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"])
		}

		return JWT_SECRET, nil
	})

	claims, ok := t.Claims.(*JwtClaims)

	if !ok || !t.Valid || err != nil {
		return JwtClaims{}, fmt.Errorf("invalid token (err: %v, claimsok: %v)", err, ok)
	}

	return *claims, nil
}

func SignJwt(claims JwtClaims) (string, error) {
	if len(JWT_SECRET) == 0 {
		return "", fmt.Errorf("not initialized jwt secret")
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, &claims)

	return token.SignedString(JWT_SECRET)
}

func CreateJwtToken(userId int64) (string, error) {
	claims := JwtClaims{
		false,
		userId,
		jwt.StandardClaims{
			ExpiresAt: time.Now().Add(time.Hour * 24).Unix(),
		},
	}

	return SignJwt(claims)
}

func GetBearerToken(header string) (string, error) {
	const prefix = "Bearer "

	if !strings.HasPrefix(header, prefix) {
		return "", fmt.Errorf("invalid authorization token")
	}

	return header[len(prefix):], nil
}

func JwtAuth(c *gin.Context) *Error {
	token, err := GetBearerToken(c.GetHeader("Authorization"))
	if err != nil {
		return &Error{NotAuthorized, "not authorized", err}
	}

	claims, err := VerifyJwtToken(token)
	if err != nil {
		return &Error{NotAuthorized, "not authorized", err}
	}

	user, err := db.GetUserById(claims.Subject)
	if err != nil {
		return &Error{NotAuthorized, "not authorized", err}
	}

	c.Set("user", *user)
	c.Set("claims", claims)

	return nil
}

func GetClaims(c *gin.Context) JwtClaims {
	claims, _ := c.Get("claims")

	return claims.(JwtClaims)
}
Commit	Line	Data
7a9e5112	1	package api
	2
	3	import (
	4	"fmt"
	5	"strings"
	6	"time"
	7
	8	"immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db"
	9
	10	"github.com/dgrijalva/jwt-go"
	11	"github.com/gin-gonic/gin"
	12	)
	13
	14	// Static secret.
	15	var JWT_SECRET []byte
	16
	17	type JwtClaims struct {
	18	Authorized bool `json:"authorized"`
	19	Subject int64 `json:"sub,omitempty"`
	20	jwt.StandardClaims
	21	}
	22
	23	func SetJwtSecretKey(secret string) {
	24	JWT_SECRET = []byte(secret)
	25	}
	26
	27	func VerifyJwtToken(token string) (JwtClaims, error) {
	28	if len(JWT_SECRET) == 0 {
	29	return JwtClaims{}, fmt.Errorf("not initialized jwt secret")
	30	}
	31
	32	t, err := jwt.ParseWithClaims(token, &JwtClaims{}, func(t *jwt.Token) (interface{}, error) {
	33	if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
	34	return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"])
	35	}
	36
	37	return JWT_SECRET, nil
	38	})
	39
	40	claims, ok := t.Claims.(*JwtClaims)
	41
	42	if !ok \|\| !t.Valid \|\| err != nil {
	43	return JwtClaims{}, fmt.Errorf("invalid token (err: %v, claimsok: %v)", err, ok)
	44	}
	45
	46	return *claims, nil
	47	}
	48
	49	func SignJwt(claims JwtClaims) (string, error) {
	50	if len(JWT_SECRET) == 0 {
	51	return "", fmt.Errorf("not initialized jwt secret")
	52	}
	53
	54	token := jwt.NewWithClaims(jwt.SigningMethodHS256, &claims)
	55
	56	return token.SignedString(JWT_SECRET)
	57	}
	58
	59	func CreateJwtToken(userId int64) (string, error) {
	60	claims := JwtClaims{
	61	false,
	62	userId,
	63	jwt.StandardClaims{
	64	ExpiresAt: time.Now().Add(time.Hour * 24).Unix(),
65	},
66	}
67
68	return SignJwt(claims)
69	}
70
71	func GetBearerToken(header string) (string, error) {
72	const prefix = "Bearer "
73
74	if !strings.HasPrefix(header, prefix) {
75	return "", fmt.Errorf("invalid authorization token")
76	}
77
78	return header[len(prefix):], nil
79	}
80
81	func JwtAuth(c gin.Context) Error {
82	token, err := GetBearerToken(c.GetHeader("Authorization"))
83	if err != nil {
84	return &Error{NotAuthorized, "not authorized", err}
85	}
86
87	claims, err := VerifyJwtToken(token)
88	if err != nil {
89	return &Error{NotAuthorized, "not authorized", err}
90	}
91
92	user, err := db.GetUserById(claims.Subject)
93	if err != nil {
94	return &Error{NotAuthorized, "not authorized", err}
95	}
96
97	c.Set("user", *user)
98	c.Set("claims", claims)
99
100	return nil
101	}
102
103	func GetClaims(c *gin.Context) JwtClaims {
104	claims, _ := c.Get("claims")
105
106	return claims.(JwtClaims)
107	}