/
auth.go
48 lines (38 loc) · 1.12 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package internal
import (
"fmt"
"net/http"
"github.com/golang-jwt/jwt/v4"
"github.com/Ublius/HSOreCTF/database"
)
func (a *Application) GetLoggedInTeacher(r *http.Request) (*database.Teacher, error) {
jwtStr, err := r.Cookie("tok")
if err != nil {
return nil, err
}
token, err := jwt.ParseWithClaims(jwtStr.Value, &jwt.RegisteredClaims{}, func(token *jwt.Token) (any, error) {
// Don't forget to validate the alg is what you expect:
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return a.Config.ReadSecretKey(), nil
})
if err != nil {
return nil, err
}
claims, ok := token.Claims.(*jwt.RegisteredClaims)
if !token.Valid || !ok {
return nil, fmt.Errorf("invalid token")
}
if claims.Issuer != string(IssuerSessionToken) {
return nil, fmt.Errorf("token is not a session token")
}
user, err := a.DB.GetTeacherByEmail(r.Context(), claims.Subject)
if err != nil {
a.Log.Warn().Err(err).
Any("claims", claims).
Msg("couldn't find teacher with that session token")
return nil, err
}
return user, nil
}