/
auth.go
124 lines (104 loc) · 3.29 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
// Copyright (C) 2017, 2018, 2019 EGAAS S.A.
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or (at
// your option) any later version.
//
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
package api
import (
"errors"
"fmt"
"net/http"
"strings"
"github.com/AplaProject/go-apla/packages/converter"
"github.com/AplaProject/go-apla/packages/crypto"
"github.com/AplaProject/go-apla/packages/types"
"github.com/dgrijalva/jwt-go"
)
var (
jwtSecret = []byte(crypto.RandSeq(15))
jwtPrefix = "Bearer "
jwtExpire = 36000 // By default, seconds
errJWTAuthValue = errors.New("wrong authorization value")
errEcosystemNotFound = errors.New("ecosystem not found")
)
// JWTClaims is storing jwt claims
type JWTClaims struct {
UID string `json:"uid,omitempty"`
EcosystemID string `json:"ecosystem_id,omitempty"`
KeyID string `json:"key_id,omitempty"`
AccountID string `json:"account_id,omitempty"`
RoleID string `json:"role_id,omitempty"`
IsMobile bool `json:"is_mobile,omitempty"`
jwt.StandardClaims
}
func generateJWTToken(claims JWTClaims) (string, error) {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(jwtSecret)
}
func parseJWTToken(header string) (*jwt.Token, error) {
if len(header) == 0 {
return nil, nil
}
if strings.HasPrefix(header, jwtPrefix) {
header = header[len(jwtPrefix):]
} else {
return nil, errJWTAuthValue
}
return jwt.ParseWithClaims(header, &JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return []byte(jwtSecret), nil
})
}
func getClientFromToken(token *jwt.Token, ecosysNameService types.EcosystemNameGetter) (*Client, error) {
claims, ok := token.Claims.(*JWTClaims)
if !ok {
return nil, nil
}
if len(claims.KeyID) == 0 {
return nil, nil
}
client := &Client{
EcosystemID: converter.StrToInt64(claims.EcosystemID),
KeyID: converter.StrToInt64(claims.KeyID),
AccountID: claims.AccountID,
IsMobile: claims.IsMobile,
RoleID: converter.StrToInt64(claims.RoleID),
}
sID := converter.StrToInt64(claims.EcosystemID)
name, err := ecosysNameService.GetEcosystemName(sID)
if err != nil {
return nil, err
}
client.EcosystemName = name
return client, nil
}
type authStatusResponse struct {
IsActive bool `json:"active"`
ExpiresAt int64 `json:"exp,omitempty"`
}
func getAuthStatus(w http.ResponseWriter, r *http.Request) {
result := new(authStatusResponse)
defer jsonResponse(w, result)
token := getToken(r)
if token == nil {
return
}
claims, ok := token.Claims.(*JWTClaims)
if !ok {
return
}
result.IsActive = true
result.ExpiresAt = claims.ExpiresAt
}