-
Notifications
You must be signed in to change notification settings - Fork 0
/
accessTokenUtility.go
86 lines (71 loc) · 2.64 KB
/
accessTokenUtility.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package utils
import (
// "context"
"time"
"os"
// "fmt"
jwt "github.com/dgrijalva/jwt-go"
)
// The user claim embedded with the JWT standard claim.
type AccessTokenClaims struct {
UserId int64 `json:"user_id"`
ThingId int64 `json:"ThingId"`
jwt.StandardClaims
}
// Function returns the `secret key` used by our web service for signing
// our JWT standard claims.
func GetAccessTokenSecretKey() ([]byte) {
accessTokenString := os.Getenv("MIKAPONICS_SECRET_KEY")
accessTokenBytes := []byte(accessTokenString)
return accessTokenBytes
}
// Function returns token string which was generated. Set `durationInMinutes`
// to zero if you want to create an access token without expiration limit.
func GenerateAccessToken(
userId int64,
thingId int64,
durationInMinutes time.Duration,
) (string, error) {
jwtKey := GetAccessTokenSecretKey()
// If the duration is less then zero then we'll add an indefinete date
// in the future to grant no expiry date to our JWT token.
var customExpiresAt int64
if durationInMinutes > 0 {
customExpiresAt = time.Now().Add(time.Minute * durationInMinutes).Unix()
} else {
customExpiresAt = time.Now().AddDate(9999, 1, 1).Unix()
}
// Create the JWT claims, which includes the userId and expir.
claims := AccessTokenClaims{
userId,
thingId,
jwt.StandardClaims{
// In JWT, the expiry time is expressed as unix milliseconds
ExpiresAt: customExpiresAt,
Issuer: "server",
},
}
// Declare the token with the algorithm used for signing, and the claims
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
// Create the JWT string
tokenString, err := token.SignedString(jwtKey)
return tokenString, err
}
// Function returns the verified claims if the JWT claim was verified, else
// return the error.
func VerifyAccessTokenString(tokenString string) (*AccessTokenClaims, error) {
// Initialize a new instance of `Claims`
claims := &AccessTokenClaims{}
// Parse the JWT string and store the result in `claims`.
// Note that we are passing the key in this method as well. This method will return an error
// if the token is invalid (if it has expired according to the expiry time we set on sign in),
// or if the signature does not match
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
return GetAccessTokenSecretKey(), nil
})
// If the token is invalid then we'll return an error else return our results.
if !token.Valid || err != nil {
return nil, err
}
return claims, err
}