Skip to content
master
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

GO Paseto Middleware

License Travis Go Report Card GoDoc

A middleware that will check that a Paseto token is sent in a request. It will then set the contents of the token into the context of the request.

This module allows you authenticate HTTP requests using Paseto.

Installing

go get github.com/aaomidi/go-paseto-middleware

Using it

This library is written for use with o1egl's paseto library.

You can use the pasetomiddleware with default net/http as follows:

package auth

type Backend struct {
	secretKey string
}

func Auth() *Backend {
	if authBackendInstance == nil {
		authBackendInstance = &Backend{
			secretKey: "YELLOW SUBMARINE, BLACK WIZARDRY", // Obviously don't use this exact string.
		}
	}

	return authBackendInstance
}

func (backend *Backend) Middleware(optional bool) *pasetomiddleware.PasetoMiddleware {
	middleware, _ := pasetomiddleware.New(
		pasetomiddleware.Extractor(func(r *http.Request) (string, error) {
			cookie, err := r.Cookie("paseto")
			if err != nil {
				return "", err
			}
			return cookie.Value, nil
		}),

		pasetomiddleware.Decryptor(func(pas string, token *paseto.JSONToken, footer *string) error {
			v2 := paseto.NewV2()
			err := v2.Decrypt(pas, []byte(backend.secretKey), token, footer)
			return err
		}),
		pasetomiddleware.CredentialsOptional(optional),

		pasetomiddleware.Debug(optional),
	)

	return middleware
}
    package api

    router := mux.newRouter()

    router.Handle("/profile", auth.Auth().Middleware(false).NextFunc(profile)).Methods("GET")
    // You can also use .Next(http.Handler) to add another middleware.

To get the token from the request, you will do the following:

// This is initiated before.
var authedMiddleware *pasetomiddleware.PasetoMiddleware

func getUUIDFromRequest(r *http.Request) (uuid.UUID, error) {
	t, ok := r.Context().Value(authedMiddleware.TokenProperty).(*paseto.JSONToken)
	if !ok {
		return uuid.New(), errors.New("token not valid")
	}

    // I put the UUID string with the user key into the token Map
	id := t.Get("user")
	if id == "" {
		return uuid.New(), errors.New("token not valid")
	}

    // Parses the UUID
	uid, err := uuid.Parse(fmt.Sprint(id))
	return uid, err
}

Inspiration

This project was heavily inspired by GO-JWT-Middleware.

Releases

No releases published

Packages

No packages published

Languages