-
Notifications
You must be signed in to change notification settings - Fork 164
/
jwt.go
108 lines (87 loc) · 2.53 KB
/
jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package jwt
import (
"net/http"
"strings"
"time"
"github.com/ribice/gorsk/pkg/utl/model"
"github.com/labstack/echo"
jwt "github.com/dgrijalva/jwt-go"
)
// New generates new JWT service necessery for auth middleware
func New(secret, algo string, d int) *Service {
signingMethod := jwt.GetSigningMethod(algo)
if signingMethod == nil {
panic("invalid jwt signing method")
}
return &Service{
key: []byte(secret),
algo: signingMethod,
duration: time.Duration(d) * time.Minute,
}
}
// Service provides a Json-Web-Token authentication implementation
type Service struct {
// Secret key used for signing.
key []byte
// Duration for which the jwt token is valid.
duration time.Duration
// JWT signing algorithm
algo jwt.SigningMethod
}
// MWFunc makes JWT implement the Middleware interface.
func (j *Service) MWFunc() echo.MiddlewareFunc {
return func(next echo.HandlerFunc) echo.HandlerFunc {
return func(c echo.Context) error {
token, err := j.ParseToken(c)
if err != nil || !token.Valid {
return c.NoContent(http.StatusUnauthorized)
}
claims := token.Claims.(jwt.MapClaims)
id := int(claims["id"].(float64))
companyID := int(claims["c"].(float64))
locationID := int(claims["l"].(float64))
username := claims["u"].(string)
email := claims["e"].(string)
role := gorsk.AccessRole(claims["r"].(float64))
c.Set("id", id)
c.Set("company_id", companyID)
c.Set("location_id", locationID)
c.Set("username", username)
c.Set("email", email)
c.Set("role", role)
return next(c)
}
}
}
// ParseToken parses token from Authorization header
func (j *Service) ParseToken(c echo.Context) (*jwt.Token, error) {
token := c.Request().Header.Get("Authorization")
if token == "" {
return nil, gorsk.ErrGeneric
}
parts := strings.SplitN(token, " ", 2)
if !(len(parts) == 2 && parts[0] == "Bearer") {
return nil, gorsk.ErrGeneric
}
return jwt.Parse(parts[1], func(token *jwt.Token) (interface{}, error) {
if j.algo != token.Method {
return nil, gorsk.ErrGeneric
}
return j.key, nil
})
}
// GenerateToken generates new JWT token and populates it with user data
func (j *Service) GenerateToken(u *gorsk.User) (string, string, error) {
expire := time.Now().Add(j.duration)
token := jwt.NewWithClaims((j.algo), jwt.MapClaims{
"id": u.ID,
"u": u.Username,
"e": u.Email,
"r": u.Role.AccessLevel,
"c": u.CompanyID,
"l": u.LocationID,
"exp": expire.Unix(),
})
tokenString, err := token.SignedString(j.key)
return tokenString, expire.Format(time.RFC3339), err
}