-
Notifications
You must be signed in to change notification settings - Fork 0
/
jwt.go
158 lines (124 loc) · 3.56 KB
/
jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
package jwt
import (
"errors"
"fmt"
"net/http"
"strings"
"time"
"github.com/dgrijalva/jwt-go"
di "github.com/klasrak/data-integration"
"github.com/twinj/uuid"
)
type TokenManager struct{}
func NewTokenServer() *TokenManager {
return &TokenManager{}
}
type TokenInterface interface {
CreateToken(userID, email, jwtSecret string) (*di.TokenDetails, error)
ExtractTokenMetadata(r *http.Request, jwtSecret string) (*di.AccessDetails, error)
}
var _ TokenInterface = &TokenManager{}
func (t *TokenManager) CreateToken(userID, email, jwtSecret string) (*di.TokenDetails, error) {
td := &di.TokenDetails{}
td.AtExpires = time.Now().Add(time.Minute * 60).Unix() // expires after 1 hour
td.TokenUUID = uuid.NewV4().String()
td.RtExpires = time.Now().Add(time.Hour * 24 * 7).Unix()
td.RefreshUUID = fmt.Sprintf("%s++%s", td.TokenUUID, userID)
var err error
atClaims := jwt.MapClaims{}
atClaims["accessUUID"] = td.TokenUUID
atClaims["userID"] = userID
atClaims["email"] = email
atClaims["exp"] = td.AtExpires
at := jwt.NewWithClaims(jwt.SigningMethodHS256, atClaims)
td.AccessToken, err = at.SignedString([]byte(jwtSecret))
if err != nil {
return nil, err
}
// Create refresh token
td.RtExpires = time.Now().Add(time.Hour * 24 * 7).Unix()
td.RefreshUUID = fmt.Sprintf("%s++%s", td.TokenUUID, userID)
rtClaims := jwt.MapClaims{}
rtClaims["refreshUUID"] = td.RefreshUUID
rtClaims["userID"] = userID
rtClaims["email"] = email
rtClaims["exp"] = td.RtExpires
rt := jwt.NewWithClaims(jwt.SigningMethodHS256, rtClaims)
td.RefreshToken, err = rt.SignedString([]byte(jwtSecret))
if err != nil {
return nil, err
}
return td, nil
}
func (t *TokenManager) ExtractTokenMetadata(r *http.Request, jwtSecret string) (*di.AccessDetails, error) {
token, err := VerifyToken(r, jwtSecret)
if err != nil {
return nil, err
}
acc, err := Extract(token)
if err != nil {
return nil, err
}
return acc, nil
}
func TokenValid(r *http.Request, jwtSecret string) error {
token, err := VerifyToken(r, jwtSecret)
if err != nil {
return err
}
if _, ok := token.Claims.(jwt.Claims); !ok && !token.Valid {
return err
}
return nil
}
func VerifyToken(r *http.Request, jwtSecret string) (*jwt.Token, error) {
tokenString := ExtractToken(r)
token, err := jwt.Parse(tokenString, func(t *jwt.Token) (interface{}, error) {
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
}
return []byte(jwtSecret), nil
})
if err != nil {
return nil, err
}
return token, nil
}
// ExtractToken get the token from the request body
func ExtractToken(r *http.Request) string {
bearToken := r.Header.Get("Authorization")
strArr := strings.Split(bearToken, " ")
if len(strArr) == 2 {
return strArr[1]
}
return ""
}
func Extract(token *jwt.Token) (*di.AccessDetails, error) {
claims, ok := token.Claims.(jwt.MapClaims)
if ok && token.Valid {
accessUUID, ok := claims["accessUUID"].(string)
userID, userOK := claims["userID"].(string)
email, emailOk := claims["email"].(string)
if ok == false || userOK == false || emailOk == false {
return nil, errors.New("unauthorized")
} else {
return &di.AccessDetails{
TokenUUID: accessUUID,
UserID: userID,
Email: email,
}, nil
}
}
return nil, errors.New("something went wrong")
}
func ExtractTokenMetadata(r *http.Request, jwtSecret string) (*di.AccessDetails, error) {
token, err := VerifyToken(r, jwtSecret)
if err != nil {
return nil, err
}
acc, err := Extract(token)
if err != nil {
return nil, err
}
return acc, nil
}