/
jwt.go
64 lines (60 loc) · 1.54 KB
/
jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package api
import (
"fmt"
"net/http"
"os"
"time"
"github.com/gofiber/fiber/v2"
"github.com/golang-jwt/jwt/v5"
"github.com/joshdstockdale/go-booking/db"
)
func JWTAuthentication(userStore db.UserStore) fiber.Handler {
return func(c *fiber.Ctx) error {
token, ok := c.GetReqHeaders()["X-Api-Token"]
if !ok {
fmt.Println("Token not present in the header")
return ErrUnAuthorized()
}
claims, err := validateToken(token[0])
if err != nil {
fmt.Println("Token not valid", err)
return ErrUnAuthorized()
}
expires := claims["expires"]
timeTime, err := time.Parse(time.RFC3339, expires.(string))
if err != nil {
return err
}
if time.Now().After(timeTime) {
return NewError(http.StatusUnauthorized, "Token expired.")
}
userID := claims["id"].(string)
user, err := userStore.GetUserByID(c.Context(), userID)
if err != nil {
return ErrUnAuthorized()
}
c.Context().SetUserValue("user", user)
return c.Next()
}
}
func validateToken(tokenString string) (jwt.MapClaims, error) {
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, ErrUnAuthorized()
}
secret := os.Getenv("JWT_SECRET")
return []byte(secret), nil
})
if err != nil {
fmt.Println("Failed to parse JWT Token:", err)
return nil, ErrUnAuthorized()
}
if !token.Valid {
fmt.Println("Invalid Token")
return nil, ErrUnAuthorized()
}
if claims, ok := token.Claims.(jwt.MapClaims); ok {
return claims, nil
}
return nil, ErrUnAuthorized()
}