api/auth_jwt.go

   1 package api
   2
   3 import (
   4         "fmt"
   5         "strings"
   6         "time"
   7
   8         "git.immae.eu/Cryptoportfolio/Front.git/db"
   9
  10         "github.com/dgrijalva/jwt-go"
  11         "github.com/gin-gonic/gin"
  12 )
  13
  14 // Static secret.
  15 var JWT_SECRET []byte
  16
  17 type JwtClaims struct {
  18         Authorized bool  `json:"authorized"`
  19         Subject    int64 `json:"sub,omitempty"`
  20         jwt.StandardClaims
  21 }
  22
  23 func VerifyJwtToken(token string) (JwtClaims, error) {
  24         if len(JWT_SECRET) == 0 {
  25                 return JwtClaims{}, fmt.Errorf("not initialized jwt secret")
  26         }
  27
  28         t, err := jwt.ParseWithClaims(token, &JwtClaims{}, func(t *jwt.Token) (interface{}, error) {
  29                 if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
  30                         return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"])
  31                 }
  32
  33                 return JWT_SECRET, nil
  34         })
  35
  36         claims, ok := t.Claims.(*JwtClaims)
  37
  38         if !ok || !t.Valid || err != nil {
  39                 return JwtClaims{}, fmt.Errorf("invalid token (err: %v, claimsok: %v)", err, ok)
  40         }
  41
  42         return *claims, nil
  43 }
  44
  45 func SignJwt(claims JwtClaims) (string, error) {
  46         if len(JWT_SECRET) == 0 {
  47                 return "", fmt.Errorf("not initialized jwt secret")
  48         }
  49
  50         token := jwt.NewWithClaims(jwt.SigningMethodHS256, &claims)
  51
  52         return token.SignedString(JWT_SECRET)
  53 }
  54
  55 func CreateJwtToken(userId int64) (string, error) {
  56         claims := JwtClaims{
  57                 false,
  58                 userId,
  59                 jwt.StandardClaims{
  60                         ExpiresAt: time.Now().Add(time.Hour * 24 * 7).Unix(),
  61                 },
  62         }
  63
  64         return SignJwt(claims)
  65 }
  66
  67 func GetBearerToken(header string) (string, error) {
  68         const prefix = "Bearer "
  69
  70         if !strings.HasPrefix(header, prefix) {
  71                 return "", fmt.Errorf("invalid authorization token")
  72         }
  73
  74         return header[len(prefix):], nil
  75 }
  76
  77 func JwtAuth(c *gin.Context) *Error {
  78         token, err := GetBearerToken(c.GetHeader("Authorization"))
  79         if err != nil {
  80                 return &Error{NotAuthorized, "not authorized", err}
  81         }
  82
  83         claims, err := VerifyJwtToken(token)
  84         if err != nil {
  85                 return &Error{NotAuthorized, "not authorized", err}
  86         }
  87
  88         user, err := db.GetUserById(claims.Subject)
  89         if err != nil {
  90                 return &Error{NotAuthorized, "not authorized", err}
  91         }
  92
  93         c.Set("user", *user)
  94         c.Set("claims", claims)
  95
  96         return nil
  97 }
  98
  99 func GetClaims(c *gin.Context) JwtClaims {
 100         claims, _ := c.Get("claims")
 101
 102         return claims.(JwtClaims)
 103 }