feat: change jwt decode method

2023-01-06 12:09:22 +03:00 · 2023-01-06 12:09:22 +03:00 · 67e9a7d067
commit 67e9a7d067
parent 9ad3863e7c
2 changed files with 42 additions and 70 deletions
--- a/go.mod
+++ b/go.mod
@ -3,8 +3,6 @@ module heruvym
 go 1.16

 require (
-	bitbucket.org/skeris/profile v0.0.0
-	github.com/BlackBroker/trashlog v0.1.1
 	github.com/aws/aws-sdk-go v1.44.126 // indirect
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/go-stack/stack v1.8.1 // indirect
--- a/jwt_adapter/jwt_adapter.go
+++ b/jwt_adapter/jwt_adapter.go
@ -3,49 +3,35 @@ package jwt_adapter
 import (
 	"context"
 	"fmt"
-	"github.com/dgrijalva/jwt-go"
-	"github.com/rs/xid"
-	"github.com/skeris/identity/cookie"
 	"os"
 	"time"
+
+	"github.com/dgrijalva/jwt-go"
+	"github.com/skeris/identity/cookie"
 )

-var _ cookie.Cookie = new(JwtAdapter)
+const (
+	DefaultAccessSecret = "awesomeAC"
+	DefaultHeaderKey    = "Authorization"
+)
+
+var (
+	_            cookie.Cookie = new(JwtAdapter)
+	accessSecret               = DefaultAccessSecret
+)
+
+type JwtAdapter struct {
+	jwt.StandardClaims
+}

 func init() {
 	aS := os.Getenv("JWT_SECRET")
+
 	if len(aS) != 0 {
 		accessSecret = aS
 	}
 }

-type JwtAdapter struct {
-	ID      string
-	Session string
-	User    string
-
-	Tariff uint8
-
-	Created  int64
-	LastSeen int64
-	jwt.StandardClaims
-}
-
-func (c *JwtAdapter) Init() {
-	if c.ID == "" {
-		c.ID = xid.New().String()
-	}
-
-	c.Session = xid.New().String()
-	c.User = ""
-	c.Tariff = uint8(0)
-
-	t := Timestamp()
-	c.Created = t
-	c.LastSeen = t
-}
-
-
 func Get(ctx context.Context) *JwtAdapter {
 	if adapter, ok := ctx.Value(DefaultHeaderKey).(*JwtAdapter); ok {
 		return adapter
@ -54,53 +40,36 @@ func Get(ctx context.Context) *JwtAdapter {
 	return nil
 }

-func (c *JwtAdapter) SetUserID(id string) {
-	c.User = id
+func (receiver *JwtAdapter) SetUserID(ID string) {
+	receiver.Id = ID
 }

-func (c *JwtAdapter) GetUserID() string {
-	return c.User
+func (receiver *JwtAdapter) GetUserID() string {
+	return receiver.Id
 }

-func (c *JwtAdapter) GetTariff() uint8 {
-	return c.Tariff
-}
+func (receiver *JwtAdapter) Validate() error {
+	if err := receiver.Valid(); err != nil {
+		return err
+	}

-func (c *JwtAdapter) SetTariff(status uint8) {
-	c.Tariff = status
-}
+	if !receiver.VerifyIssuer("pena-auth-service", true) {
+		return fmt.Errorf("invalid issuer")
+	}

-func (c *JwtAdapter) GetSessionID() string {
-	return c.Session
-}
+	if !receiver.VerifyAudience("pena", true) {
+		return fmt.Errorf("invalid audience")
+	}

-func (c *JwtAdapter) SetSessionID(id string) {
-	c.Session = id
-	c.User = ""
-}
-
-const (
-	DefaultAccessSecret = "awesomeAC"
-	DefaultHeaderKey    = "Authorization"
-)
-
-var accessSecret = DefaultAccessSecret
-
-func (c *JwtAdapter) Encode() (string, error) {
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, c)
-	ss, err := token.SignedString([]byte(accessSecret))
-
-	return ss, err
+	return nil
 }

 func Decode(tokenString string) (*JwtAdapter, error) {
-	claims := JwtAdapter{}
-
-	token, err := jwt.ParseWithClaims(tokenString, &claims, func(token *jwt.Token) (interface{}, error) {
-		//Make sure that the token method conform to "SigningMethodHMAC"
-		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+	token, err := jwt.ParseWithClaims(tokenString, &JwtAdapter{}, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
+
 		return []byte(accessSecret), nil
 	})

@ -108,11 +77,16 @@ func Decode(tokenString string) (*JwtAdapter, error) {
 		return nil, err
 	}

-	if _, ok := token.Claims.(jwt.Claims); !ok && !token.Valid {
+	claims, ok := token.Claims.(*JwtAdapter)
+	if !ok && !token.Valid {
 		return nil, fmt.Errorf("ErrorNoValidClaims")
 	}

-	return &claims, nil
+	if err := claims.Validate(); err != nil {
+		return nil, err
+	}
+	
+	return claims, nil
 }

 func Timestamp() int64 {