Paseto middleware for GoLang
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
.travis.yml
Gopkg.lock
Gopkg.toml
LICENSE
README.md
options.go
pasetomiddleware.go

README.md

GO Paseto Middleware

License Travis Go Report Card GoDoc

A middleware that will check that a Paseto token is sent in a request. It will then set the contents of the token into the context of the request.

This module allows you authenticate HTTP requests using Paseto.

Installing

go get github.com/aaomidi/go-paseto-middleware

Using it

This library is written for use with o1egl's paseto library.

You can use the pasetomiddleware with default net/http as follows:

package auth

type Backend struct {
	secretKey string
}

func Auth() *Backend {
	if authBackendInstance == nil {
		authBackendInstance = &Backend{
			secretKey: "YELLOW SUBMARINE, BLACK WIZARDRY", // Obviously don't use this exact string.
		}
	}

	return authBackendInstance
}

func (backend *Backend) Middleware(optional bool) *pasetomiddleware.PasetoMiddleware {
	middleware, _ := pasetomiddleware.New(
		pasetomiddleware.Extractor(func(r *http.Request) (string, error) {
			cookie, err := r.Cookie("paseto")
			if err != nil {
				return "", err
			}
			return cookie.Value, nil
		}),

		pasetomiddleware.Decryptor(func(pas string, token *paseto.JSONToken, footer *string) error {
			v2 := paseto.NewV2()
			err := v2.Decrypt(pas, []byte(backend.secretKey), token, footer)
			return err
		}),
		pasetomiddleware.CredentialsOptional(optional),

		pasetomiddleware.Debug(optional),
	)

	return middleware
}
    package api

    router := mux.newRouter()

    router.Handle("/profile", auth.Auth().Middleware(false).NextFunc(profile)).Methods("GET")
    // You can also use .Next(http.Handler) to add another middleware.

To get the token from the request, you will do the following:

// This is initiated before.
var authedMiddleware *pasetomiddleware.PasetoMiddleware

func getUUIDFromRequest(r *http.Request) (uuid.UUID, error) {
	t, ok := r.Context().Value(authedMiddleware.TokenProperty).(*paseto.JSONToken)
	if !ok {
		return uuid.New(), errors.New("token not valid")
	}

    // I put the UUID string with the user key into the token Map
	id := t.Get("user")
	if id == "" {
		return uuid.New(), errors.New("token not valid")
	}

    // Parses the UUID
	uid, err := uuid.Parse(fmt.Sprint(id))
	return uid, err
}

Inspiration

This project was heavily inspired by GO-JWT-Middleware.