-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.go
95 lines (83 loc) · 3.24 KB
/
api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package authentication
import (
"errors"
"net/http"
"time"
jwt "github.com/dgrijalva/jwt-go"
)
// Role defines a perticular user role
type Role string
// Library errors
var (
ErrUnauthorized = errors.New("authentication: token is unauthorized")
ErrExpired = errors.New("authentication: token is expired")
ErrNBFInvalid = errors.New("authentication: token nbf validation failed")
ErrIATInvalid = errors.New("authentication: token iat validation failed")
ErrNoTokenFound = errors.New("authentication: no token found")
ErrAlgoInvalid = errors.New("authentication: algorithm mismatch")
)
// JWTAuth implements the JWTAuth methods
type JWTAuth interface {
// Functions to create JWTs
GenTokenPair(accessClaims *AppClaims, refreshClaims *RefreshClaims) (string, string, error)
CreateJWT(c *AppClaims) (string, error)
CreateRefreshJWT(c *RefreshClaims) (string, error)
// Middlewares for validating JWT tokens
Authenticate(next http.Handler) http.Handler
Verify() func(http.Handler) http.Handler
RequiresRole(role Role) func(next http.Handler) http.Handler
// Functions to extract tokens from http request
TokenFromCookie(r *http.Request) string
TokenFromHeader(r *http.Request) string
TokenFromQuery(r *http.Request) string
// Functions to encode and decode tokens
Encode(claims jwt.Claims) (t *jwt.Token, tokenString string, err error)
Decode(tokenString string) (t *jwt.Token, err error)
// Utility functions for setting token expiry
ExpireIn(tm time.Duration) int64
SetIssuedAt(claims jwt.MapClaims, tm time.Time)
SetIssuedNow(claims jwt.MapClaims)
SetExpiry(claims jwt.MapClaims, tm time.Time)
SetExpiryIn(claims jwt.MapClaims, tm time.Duration)
}
// Config holds the configuration for the jwtauth
type Config struct {
// Algorithm to be used for for signing and validating JWT token
JwtAuthAlgo string `json:"jwtAuthAlgo"`
// JWT token expiry duration
JwtExpiry time.Duration `json:"jwtExpiry"`
// Refresh token expiry duration
JwtRefreshExpiry time.Duration `json:"jwtRefreshExpiry"`
// Private key used for generating JWT token
SignKey interface{} `json:"signKey"`
// Public key used to validate the JWT token
VerifyKey interface{} `json:"verifyKey"`
// Custom JWT Parser *jwt.Parser is custom parser settings introduced in jwt-go/v2.4.0.
JwtParser *jwt.Parser `json:"jwtParser"`
}
// AppClaims represent the claims parsed from JWT access token.
type AppClaims struct {
// ID for the account
UserID string `json:"uid,omitempty"`
// Name of the account e.g. an email or username
Name string `json:"name,omitempty"`
// Roles the account has access too
Roles []Role `json:"roles,omitempty"`
// Type of the account, e.g. user
Type string `json:"type,omitempty"`
// Metadata associated with the account
Metadata map[string]interface{} `json:"metadata,omitempty"`
// https://tools.ietf.org/html/rfc7519#section-4.1
jwt.StandardClaims
}
// RefreshClaims represents the claims parsed from JWT refresh token.
type RefreshClaims struct {
// ID for the account
UserID string `json:"uid,omitempty"`
// Roles the account has access too
Roles []Role `json:"roles,omitempty"`
// Metadata associated with the account
Metadata map[string]interface{} `json:"metadata,omitempty"`
// https://tools.ietf.org/html/rfc7519#section-4.1
jwt.StandardClaims
}