-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
21 changed files
with
739 additions
and
651 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
package auth | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/l10n-center/api/src/model" | ||
|
||
"github.com/dgrijalva/jwt-go" | ||
) | ||
|
||
type claimsCtxKey struct{} | ||
|
||
// Claims of authorization token | ||
type Claims struct { | ||
jwt.StandardClaims | ||
UserID int32 `json:"userId"` | ||
Email string `json:"email"` | ||
Role model.Role `json:"role"` | ||
} | ||
|
||
// ContextWithClaims store claims in context | ||
func ContextWithClaims(ctx context.Context, c *Claims) context.Context { | ||
return context.WithValue(ctx, claimsCtxKey{}, c) | ||
} | ||
|
||
// ClaimsFromContext try to extract authorization claims from context | ||
func ClaimsFromContext(ctx context.Context) (*Claims, bool) { | ||
c, ok := ctx.Value(claimsCtxKey{}).(*Claims) | ||
|
||
return c, ok | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
package auth | ||
|
||
import ( | ||
"context" | ||
"net/http" | ||
"strings" | ||
|
||
"github.com/l10n-center/api/src/tracing" | ||
|
||
"github.com/dgrijalva/jwt-go" | ||
"github.com/opentracing/opentracing-go" | ||
"github.com/pkg/errors" | ||
) | ||
|
||
// Middleware to check Authorization header and try to parse token | ||
func Middleware(secret []byte) func(http.Handler) http.Handler { | ||
// WithClaims check Authorization header and try to parse token | ||
return func(next http.Handler) http.Handler { | ||
fn := func(w http.ResponseWriter, r *http.Request) { | ||
var c *Claims | ||
ctx := r.Context() | ||
authHeader := r.Header.Get("Authorization") | ||
if len(authHeader) > 7 && strings.ToUpper(authHeader[:7]) == "BEARER " { | ||
l := tracing.Logger(ctx) | ||
sp := opentracing.SpanFromContext(ctx) | ||
tokenString := authHeader[7:] | ||
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(t *jwt.Token) (interface{}, error) { | ||
if t.Method != jwt.SigningMethodHS256 { | ||
|
||
return nil, errors.Errorf("unexpected signing method %q", t.Method) | ||
} | ||
|
||
return secret, nil | ||
}) | ||
if err != nil { | ||
l.Error(err.Error()) | ||
} else if token.Valid { | ||
c = token.Claims.(*Claims) | ||
sp.SetTag("claims", c) | ||
ctx = context.WithValue(r.Context(), claimsCtxKey{}, c) | ||
} | ||
} | ||
|
||
next.ServeHTTP(w, r.WithContext(ctx)) | ||
} | ||
|
||
return http.HandlerFunc(fn) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package auth | ||
|
||
import ( | ||
"net/http" | ||
|
||
"github.com/l10n-center/api/src/model" | ||
"github.com/l10n-center/api/src/tracing" | ||
) | ||
|
||
// Private check claims and given role to access control | ||
func Private(role model.Role) func(http.Handler) http.Handler { | ||
// Private check claims and given role to access control | ||
return func(next http.Handler) http.Handler { | ||
fn := func(w http.ResponseWriter, r *http.Request) { | ||
ctx := r.Context() | ||
l := tracing.Logger(ctx) | ||
c, ok := ClaimsFromContext(ctx) | ||
|
||
if !ok { | ||
l.Warn("unauthorized access") | ||
w.WriteHeader(http.StatusUnauthorized) | ||
|
||
return | ||
} | ||
|
||
if role > 0 && c.Role&role == 0 { | ||
l.Warn("forbidden access") | ||
w.WriteHeader(http.StatusForbidden) | ||
|
||
return | ||
} | ||
next.ServeHTTP(w, r) | ||
} | ||
|
||
return http.HandlerFunc(fn) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package auth | ||
|
||
import ( | ||
"context" | ||
"time" | ||
|
||
"github.com/l10n-center/api/src/model" | ||
"github.com/l10n-center/api/src/tracing" | ||
|
||
"github.com/dgrijalva/jwt-go" | ||
"github.com/pkg/errors" | ||
) | ||
|
||
// CreateToken from user and sign it | ||
func CreateToken(ctx context.Context, secret []byte, u *model.User) (string, error) { | ||
l := tracing.Logger(ctx) | ||
c := &Claims{ | ||
UserID: u.ID, | ||
Email: u.Email, | ||
Role: u.Role, | ||
} | ||
c.ExpiresAt = time.Now().AddDate(0, 0, 14).Unix() | ||
t := jwt.NewWithClaims(jwt.SigningMethodHS256, c) | ||
|
||
st, err := t.SignedString(secret) | ||
if err != nil { | ||
l.Error(err.Error()) | ||
|
||
return "", errors.WithStack(err) | ||
} | ||
|
||
return st, nil | ||
} |
Oops, something went wrong.