-
Notifications
You must be signed in to change notification settings - Fork 0
/
jwt_parser.go
116 lines (95 loc) · 2.77 KB
/
jwt_parser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package util
import (
"context"
firebase "firebase.google.com/go/v4"
"firebase.google.com/go/v4/auth"
"fmt"
"google.golang.org/api/option"
"net/http"
"github.com/rs/zerolog"
"google.golang.org/api/idtoken"
)
type UserPayload struct {
Username string
Email string
Name string
FirstName string
LastName string
}
type ExceptFn func(token string) *UserPayload
//go:generate mockgen -destination=mock_jwtparser.go -package util . JwtParser
type JwtParser interface {
TokenToPayload(token string) (payload UserPayload, err error)
}
// ---------------- google -------------------
type GoogleJwtParser struct {
log zerolog.Logger
ClientID string
exceptFn ExceptFn
}
var _ JwtParser = GoogleJwtParser{}
func NewGoogleJwtParser(clientID string, exceptFn ExceptFn) GoogleJwtParser {
return GoogleJwtParser{
log: NewLogger("auth.google-jwt-parser"),
ClientID: clientID,
exceptFn: exceptFn,
}
}
// TokenToUsername implements JwtParser
func (g GoogleJwtParser) TokenToPayload(token string) (ret UserPayload, err error) {
if g.exceptFn != nil {
if payload := g.exceptFn(token); payload != nil {
ret = *payload
return
}
}
payload, err := idtoken.Validate(context.Background(), token, g.ClientID)
if err != nil {
g.log.Err(err).Str("token", token).Str("client_id", g.ClientID).Msg("error validate jwt token")
err = NewErr(http.StatusUnauthorized, err.Error(), nil)
return
}
ret.Username = fmt.Sprint(payload.Claims["email"])
ret.Name = fmt.Sprint(payload.Claims["name"])
ret.FirstName = fmt.Sprint(payload.Claims["given_name"])
ret.LastName = fmt.Sprint(payload.Claims["family_name"])
return
}
// ---------------- firebase -------------------
type FirebaseJwtParser struct {
log zerolog.Logger
authClient *auth.Client
exceptFn ExceptFn
}
var _ JwtParser = FirebaseJwtParser{}
func NewFirebaseJwtParser(jsonCredential string, exceptFn ExceptFn) FirebaseJwtParser {
op := option.WithCredentialsJSON([]byte(jsonCredential))
firebaseApp, err := firebase.NewApp(context.Background(), nil, op)
Panic(err)
client, err := firebaseApp.Auth(context.Background())
Panic(err)
return FirebaseJwtParser{
log: NewLogger("auth.firebase-jwt-parser"),
authClient: client,
exceptFn: exceptFn,
}
}
// TokenToUsername implements JwtParser
func (g FirebaseJwtParser) TokenToPayload(token string) (ret UserPayload, err error) {
if g.exceptFn != nil {
if payload := g.exceptFn(token); payload != nil {
ret = *payload
return
}
}
verifiedToken, err := g.authClient.VerifyIDToken(context.Background(), token)
if err != nil {
g.log.Err(err).Str("token", token).Msg("error validate jwt token")
return
}
ret.Username = verifiedToken.UID
if email, ok := verifiedToken.Claims["email"]; ok {
ret.Email = fmt.Sprint(email)
}
return
}