/
jwt-def.go
94 lines (79 loc) · 2.87 KB
/
jwt-def.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package middlewareUtils
import (
"errors"
"fmt"
"github.com/kataras/iris/v12"
"github.com/kataras/iris/v12/context"
"strings"
)
func init() {
context.SetHandlerName("github.com/iris-contrib/middleware/jwt.*", "iris-contrib.jwt")
}
var (
// ErrTokenMissing is the error value that it's returned when
// a token is not found based on the token extractor.
ErrTokenMissing = errors.New("required authorization token not found")
// ErrTokenInvalid is the error value that it's returned when
// a token is not valid.
ErrTokenInvalid = errors.New("token is invalid")
// ErrTokenExpired is the error value that it's returned when
// a token value is found and it's valid but it's expired.
ErrTokenExpired = errors.New("token is expired")
)
// A function called whenever an error is encountered
type errorHandler func(iris.Context, error)
// TokenExtractor is a function that takes a context as input and returns
// either a token or an error. An error should only be returned if an attempt
// to specify a token was found, but the information was somehow incorrectly
// formed. In the case where a token is simply not present, this should not
// be treated as an error. An empty string should be returned in that case.
type TokenExtractor func(iris.Context) (string, error)
// FromAuthHeader is a "TokenExtractor" that takes a give context and extracts
// the JWT token from the Authorization header.
func FromAuthHeader(ctx iris.Context) (string, error) {
authHeader := ctx.GetHeader("Authorization")
if authHeader == "" {
return "", nil // No error, just no token
}
// TODO: Make this a bit more robust, parsing-wise
authHeaderParts := strings.Split(authHeader, " ")
if len(authHeaderParts) != 2 || strings.ToLower(authHeaderParts[0]) != "bearer" {
return "", fmt.Errorf("Authorization header format must be Bearer {token}")
}
return authHeaderParts[1], nil
}
// FromParameter returns a function that extracts the token from the specified query string parameter
func FromParameter(param string) TokenExtractor {
return func(ctx iris.Context) (string, error) {
return ctx.URLParam(param), nil
}
}
// FromFirst returns a function that runs multiple token extractors and takes the first token it finds
func FromFirst(extractors ...TokenExtractor) TokenExtractor {
return func(ctx iris.Context) (string, error) {
for _, ex := range extractors {
token, err := ex(ctx)
if err != nil {
return "", err
}
if token != "" {
return token, nil
}
}
return "", nil
}
}
// OnError is the default error handler.
// Use it to change the behavior for each error.
// See `Config.ErrorHandler`.
func OnError(ctx iris.Context, err error) {
if err == nil {
return
}
ctx.StopExecution()
ctx.StatusCode(iris.StatusUnauthorized)
ctx.WriteString(err.Error())
}
func Logf(ctx iris.Context, format string, args ...interface{}) {
ctx.Application().Logger().Debugf(format, args...)
}