134 lines
2.8 KiB
Go
134 lines
2.8 KiB
Go
package jwt_adapter
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"github.com/dgrijalva/jwt-go"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
var publicKey = strings.Replace(`-----BEGIN PUBLIC KEY-----
|
|
MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgHgnvr7O2tiApjJfid1orFnIGm69
|
|
80fZp+Lpbjo+NC/0whMFga2Biw5b1G2Q/B2u0tpO1Fs/E8z7Lv1nYfr5jx2S8x6B
|
|
dA4TS2kB9Kf0wn0+7wSlyikHoKhbtzwXHZl17GsyEi6wHnsqNBSauyIWhpha8i+Y
|
|
+3GyaOY536H47qyXAgMBAAE=
|
|
-----END PUBLIC KEY-----`, "\t", "", -1)
|
|
|
|
const (
|
|
DefaultAccessSecret = "awesomeAC"
|
|
DefaultHeaderKey = "Authorization"
|
|
)
|
|
|
|
var (
|
|
//_ cookie.Cookie = new(JwtAdapter)
|
|
accessSecret = publicKey
|
|
)
|
|
|
|
type JwtAdapter struct {
|
|
jwt.StandardClaims
|
|
Id string `json:"id"`
|
|
}
|
|
|
|
func init() {
|
|
aS := os.Getenv("JWT_SECRET")
|
|
fmt.Println("ASS", aS)
|
|
if len(aS) != 0 {
|
|
accessSecret = aS
|
|
}
|
|
}
|
|
|
|
func Get(ctx context.Context) *JwtAdapter {
|
|
if adapter, ok := ctx.Value(DefaultHeaderKey).(*JwtAdapter); ok {
|
|
return adapter
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (receiver *JwtAdapter) SetUserID(ID string) {
|
|
receiver.Id = ID
|
|
}
|
|
|
|
func (receiver *JwtAdapter) GetUserID() string {
|
|
return receiver.Id
|
|
}
|
|
|
|
func (receiver *JwtAdapter) Validate() error {
|
|
if err := receiver.Valid(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if !receiver.VerifyIssuer("pena-auth-service", true) {
|
|
return fmt.Errorf("invalid issuer")
|
|
}
|
|
|
|
if !receiver.VerifyAudience("pena", true) {
|
|
return fmt.Errorf("invalid audience")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func Decode(tokenString string) (*JwtAdapter, error) {
|
|
token, err := jwt.ParseWithClaims(tokenString, &JwtAdapter{}, func(token *jwt.Token) (interface{}, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
|
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
|
}
|
|
fmt.Println("ASSS", accessSecret)
|
|
return jwt.ParseRSAPublicKeyFromPEM([]byte(accessSecret))
|
|
})
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
claims, ok := token.Claims.(*JwtAdapter)
|
|
if !ok && !token.Valid {
|
|
return nil, fmt.Errorf("ErrorNoValidClaims")
|
|
}
|
|
|
|
if err := claims.Validate(); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return claims, nil
|
|
}
|
|
|
|
func Timestamp() int64 {
|
|
return time.Now().UnixNano() / int64(time.Millisecond)
|
|
}
|
|
|
|
type ForCreate struct {
|
|
PrivateKey []byte
|
|
PublicKey []byte
|
|
Algorithm *jwt.SigningMethodRSA
|
|
ExpiresIn time.Duration
|
|
Issuer string
|
|
Audience string
|
|
}
|
|
|
|
func Create(id string, forCreate ForCreate) (string, error) {
|
|
privateKey, err := jwt.ParseRSAPrivateKeyFromPEM(forCreate.PrivateKey)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to parse private key: %w", err)
|
|
}
|
|
|
|
now := time.Now().UTC()
|
|
|
|
claims := jwt.MapClaims{
|
|
"id": id,
|
|
"exp": now.Add(forCreate.ExpiresIn).Unix(),
|
|
"aud": forCreate.Audience,
|
|
"iss": forCreate.Issuer,
|
|
}
|
|
|
|
token, err := jwt.NewWithClaims(forCreate.Algorithm, claims).SignedString(privateKey)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed create jwt: %w", err)
|
|
}
|
|
|
|
return token, nil
|
|
}
|