/
verify.go
72 lines (63 loc) · 1.92 KB
/
verify.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package handlers
import (
"net/http"
"github.com/form3tech-oss/jwt-go"
"github.com/spf13/viper"
"github.com/JohnnyS318/RoyalAfgInGo/pkg/config"
"github.com/JohnnyS318/RoyalAfgInGo/pkg/dtos"
"github.com/JohnnyS318/RoyalAfgInGo/pkg/mw"
"github.com/JohnnyS318/RoyalAfgInGo/pkg/utils"
)
// VerifyLoggedIn verifies and validates the cookie and it's jwt token. returns 401 if you are not signed in and 200 if everything is valid-
// swagger:route GET /account/verify authentication account verifyLoggedIn
//
// Verify that the user is logged in
//
// This will return either status code 401 Unauthorized if user is not signed in and 200 when the login token is valid
//
// Consumes:
//
// Produces:
// - application/json
//
// Schemes: http, https
//
// Security:
//
// Responses:
// default: SessionInfo
// 200: NoContentResponse
func (h *Auth) VerifyLoggedIn(rw http.ResponseWriter, r *http.Request) {
rw.Header().Set("Content-Type", "application/json; charset=utf-8")
rw.Header().Set("X-Content-Type-Options", "nosniff")
//Get token string from cookie
tokenRaw, err := mw.ExtractFromCookie(r)
if err != nil {
h.l.Infow("Session cookie not found", "error", err)
_ = utils.ToJSON(&dtos.SessionInfo{
Authenticated: false,
}, rw)
return
}
//Verify signature of the token
token, err := jwt.Parse(tokenRaw, mw.GetKeyGetter(viper.GetString(config.JWTSigningKey)))
if err != nil {
h.l.Infow("Session token not signed", "error", err)
_ = utils.ToJSON(&dtos.SessionInfo{
Authenticated: false,
}, rw)
return
}
//Check authentication or authorization with other services. (currently a NoOp)
authenticated := h.Auth.VerifyAuthentication(mw.FromUserTokenContext(token))
if !authenticated {
h.l.Errorw("A error during login verification", "error", err)
_ = utils.ToJSON(&dtos.SessionInfo{
Authenticated: false,
}, rw)
}
rw.WriteHeader(http.StatusOK)
_ = utils.ToJSON(&dtos.SessionInfo{
Authenticated: true,
}, rw)
}