-
Notifications
You must be signed in to change notification settings - Fork 0
/
jwt.go
75 lines (63 loc) · 1.61 KB
/
jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package security
import (
"crypto/rsa"
"errors"
"fmt"
"io/ioutil"
"log"
"github.com/dgrijalva/jwt-go"
)
const (
privateKeyPath = "keys/app.rsa" // openssl genrsa -out app.rsa keysize
publicKeyPath = "keys/app.rsa.pub" // openssl rsa -in app.rsa -pubout > app.rsa.pub
JWT_COOKIE_NAME = "merknerajwt"
)
var (
verifyKey *rsa.PublicKey
signKey *rsa.PrivateKey
)
// read the key files before starting http handlers
func init() {
signBytes, err := ioutil.ReadFile(privateKeyPath)
if err != nil {
log.Fatalf("1:\n%v\n", err)
}
signKey, err = jwt.ParseRSAPrivateKeyFromPEM(signBytes)
if err != nil {
log.Fatalf("2:\n%v\n", err)
}
verifyBytes, err := ioutil.ReadFile(publicKeyPath)
if err != nil {
log.Fatalf("3:\n%v\n", err)
}
verifyKey, err = jwt.ParseRSAPublicKeyFromPEM(verifyBytes)
if err != nil {
log.Fatalf("4:\n%v\n", err)
}
}
func NewJWTToken(userId int) (string, error) {
token := jwt.New(jwt.SigningMethodRS256)
token.Claims["userId"] = userId
tokenString, err := token.SignedString(signKey)
if err != nil {
return "", err
}
return tokenString, nil
}
func ValidateToken(tokenStr string) (*jwt.Token, error) {
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
fmt.Printf("Unexpected signing method: %v", token.Header["alg"])
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return verifyKey, nil
})
if err != nil {
return &jwt.Token{}, err
}
if token.Valid {
return token, nil
} else {
return &jwt.Token{}, errors.New("Unable to validate JWT.")
}
}