diff options
author | jloup <jean-loup.jamet@trainline.com> | 2018-02-14 14:19:09 +0100 |
---|---|---|
committer | jloup <jean-loup.jamet@trainline.com> | 2018-02-14 14:19:09 +0100 |
commit | 7a9e5112eaaea58d55f181d3e5296e4ff839921c (patch) | |
tree | 968ed193f42a1fad759cc89ad2f8ad5b0091291e /api/auth_jwt.go | |
download | Front-7a9e5112eaaea58d55f181d3e5296e4ff839921c.tar.gz Front-7a9e5112eaaea58d55f181d3e5296e4ff839921c.tar.zst Front-7a9e5112eaaea58d55f181d3e5296e4ff839921c.zip |
initial commit
Diffstat (limited to 'api/auth_jwt.go')
-rw-r--r-- | api/auth_jwt.go | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/api/auth_jwt.go b/api/auth_jwt.go new file mode 100644 index 0000000..f713f4e --- /dev/null +++ b/api/auth_jwt.go | |||
@@ -0,0 +1,107 @@ | |||
1 | package api | ||
2 | |||
3 | import ( | ||
4 | "fmt" | ||
5 | "strings" | ||
6 | "time" | ||
7 | |||
8 | "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db" | ||
9 | |||
10 | "github.com/dgrijalva/jwt-go" | ||
11 | "github.com/gin-gonic/gin" | ||
12 | ) | ||
13 | |||
14 | // Static secret. | ||
15 | var JWT_SECRET []byte | ||
16 | |||
17 | type JwtClaims struct { | ||
18 | Authorized bool `json:"authorized"` | ||
19 | Subject int64 `json:"sub,omitempty"` | ||
20 | jwt.StandardClaims | ||
21 | } | ||
22 | |||
23 | func SetJwtSecretKey(secret string) { | ||
24 | JWT_SECRET = []byte(secret) | ||
25 | } | ||
26 | |||
27 | func VerifyJwtToken(token string) (JwtClaims, error) { | ||
28 | if len(JWT_SECRET) == 0 { | ||
29 | return JwtClaims{}, fmt.Errorf("not initialized jwt secret") | ||
30 | } | ||
31 | |||
32 | t, err := jwt.ParseWithClaims(token, &JwtClaims{}, func(t *jwt.Token) (interface{}, error) { | ||
33 | if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok { | ||
34 | return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"]) | ||
35 | } | ||
36 | |||
37 | return JWT_SECRET, nil | ||
38 | }) | ||
39 | |||
40 | claims, ok := t.Claims.(*JwtClaims) | ||
41 | |||
42 | if !ok || !t.Valid || err != nil { | ||
43 | return JwtClaims{}, fmt.Errorf("invalid token (err: %v, claimsok: %v)", err, ok) | ||
44 | } | ||
45 | |||
46 | return *claims, nil | ||
47 | } | ||
48 | |||
49 | func SignJwt(claims JwtClaims) (string, error) { | ||
50 | if len(JWT_SECRET) == 0 { | ||
51 | return "", fmt.Errorf("not initialized jwt secret") | ||
52 | } | ||
53 | |||
54 | token := jwt.NewWithClaims(jwt.SigningMethodHS256, &claims) | ||
55 | |||
56 | return token.SignedString(JWT_SECRET) | ||
57 | } | ||
58 | |||
59 | func CreateJwtToken(userId int64) (string, error) { | ||
60 | claims := JwtClaims{ | ||
61 | false, | ||
62 | userId, | ||
63 | jwt.StandardClaims{ | ||
64 | ExpiresAt: time.Now().Add(time.Hour * 24).Unix(), | ||
65 | }, | ||
66 | } | ||
67 | |||
68 | return SignJwt(claims) | ||
69 | } | ||
70 | |||
71 | func GetBearerToken(header string) (string, error) { | ||
72 | const prefix = "Bearer " | ||
73 | |||
74 | if !strings.HasPrefix(header, prefix) { | ||
75 | return "", fmt.Errorf("invalid authorization token") | ||
76 | } | ||
77 | |||
78 | return header[len(prefix):], nil | ||
79 | } | ||
80 | |||
81 | func JwtAuth(c *gin.Context) *Error { | ||
82 | token, err := GetBearerToken(c.GetHeader("Authorization")) | ||
83 | if err != nil { | ||
84 | return &Error{NotAuthorized, "not authorized", err} | ||
85 | } | ||
86 | |||
87 | claims, err := VerifyJwtToken(token) | ||
88 | if err != nil { | ||
89 | return &Error{NotAuthorized, "not authorized", err} | ||
90 | } | ||
91 | |||
92 | user, err := db.GetUserById(claims.Subject) | ||
93 | if err != nil { | ||
94 | return &Error{NotAuthorized, "not authorized", err} | ||
95 | } | ||
96 | |||
97 | c.Set("user", *user) | ||
98 | c.Set("claims", claims) | ||
99 | |||
100 | return nil | ||
101 | } | ||
102 | |||
103 | func GetClaims(c *gin.Context) JwtClaims { | ||
104 | claims, _ := c.Get("claims") | ||
105 | |||
106 | return claims.(JwtClaims) | ||
107 | } | ||