preamble: this is cloned appleyboy's JWT middleware adapted for Atreugo framework
It uses jwt-go to provide a jwt authentication middleware. It provides additional handler functions to provide the login
api that will generate the token and an additional refresh
handler that can be used to refresh tokens.
Download and install using go module:
export GO111MODULE=on
go get github.com/LdDl/atreugo-jwt
Import it in your code:
import (
jwt "github.com/LdDl/atreugo-jwt"
)
Please see the example file
go run example/main.go
Demo server will start on port 8080.
Correct username/password and user access
curl -X POST 'http://localhost:8080/api/doauth' -d '{"username": "user", "password": "pass"}'
curl -X GET 'http://localhost:8080/api/v0.0.1/secret_page?token=PUT_RECIEVED_TOKEN'
Correct username/password but user has no access (banned)
curl -X POST 'http://localhost:8080/api/doauth' -d '{"username": "user2", "password": "pass"}'
Wrong user or password
curl -X POST 'http://localhost:8080/api/doauth' -d '{"username": "user", "password": "pass333"}'
curl -X GET 'http://localhost:8080/api/v0.0.1/refresh?token=PUT_RECIEVED_TOKEN'
- Authenticator: handles the login logic. On success LoginResponse is called, on failure Unauthorized is called.
- LoginResponse: optional, allows setting a custom response such as a redirect.
- PayloadFunc: maps the claims in the JWT.
- IdentityHandler: extracts identity from claims.
- Authorizator: receives identity and handles authorization logic.
- Unauthorized: handles unauthorized logic.