/
jwt.go
98 lines (85 loc) · 2.73 KB
/
jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package services
import (
"errors"
"github.com/astaxie/beego"
"github.com/dgrijalva/jwt-go"
"github.com/scmo/apayment-backend/models"
"strings"
"time"
)
func IssueToken(user *models.User) map[string]string {
var roles []string
for _, role := range user.Roles {
roles = append(roles, role.Name)
}
//Expires the token and cookie in 1 hour
expiryHour, err := beego.AppConfig.Int64("jwt_expiry_hour")
if err != nil {
beego.Critical("JWT Expiry Time not found")
}
expireToken := time.Now().Add(time.Duration(int64(time.Hour) * expiryHour)).Unix()
claims := models.Claim{
roles,
jwt.StandardClaims{
Subject: user.Username,
ExpiresAt: expireToken,
Issuer: "localhost:9000",
IssuedAt: time.Now().Unix(),
}}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
// Signs the token with a secret.
signedToken, _ := token.SignedString([]byte(beego.AppConfig.String("jwt_secret_secret")))
return map[string]string{"token": signedToken}
}
// middleware to protect private pages
func Validate(signedTokenWithBearer string) bool {
signedToken, err := stripBearerPrefixFromTokenString(signedTokenWithBearer)
if err != nil {
beego.Error("Error while stripBearerPrefixFromTokenString.", err.Error())
return false
}
token, err := jwt.ParseWithClaims(signedToken, &models.Claim{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, errors.New("Unexpected signing method")
}
return []byte(beego.AppConfig.String("jwt_secret_secret")), nil
})
if err != nil {
beego.Error(err)
return false
}
if _, ok := token.Claims.(*models.Claim); ok && token.Valid {
return true
}
return false
}
func ParseToken(signedTokenWithBearer string) (models.Claim, error) {
claims := models.Claim{}
signedToken, err := stripBearerPrefixFromTokenString(signedTokenWithBearer)
if err != nil {
beego.Error("Error while stripBearerPrefixFromTokenString.", err.Error())
return claims, err
}
token, err := jwt.ParseWithClaims(signedToken, &claims, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, errors.New("Unexpected signing method")
}
return []byte(beego.AppConfig.String("jwt_secret_secret")), nil
})
if err != nil {
beego.Error("Error while parsing JWT Token.", err.Error())
return claims, err
}
if _, ok := token.Claims.(*models.Claim); ok && token.Valid {
return claims, err
}
return claims, errors.New("Error while Parsing token")
}
// Strips 'Bearer ' prefix from bearer token string
func stripBearerPrefixFromTokenString(tok string) (string, error) {
// Should be a bearer token
if len(tok) > 6 && strings.ToUpper(tok[0:7]) == "BEARER " {
return tok[7:], nil
}
return tok, nil
}