diff --git a/go.mod b/go.mod index 89bd3a6..d1783c3 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,6 @@ module heruvym go 1.16 require ( - bitbucket.org/skeris/profile v0.0.0 - github.com/BlackBroker/trashlog v0.1.1 github.com/aws/aws-sdk-go v1.44.126 // indirect github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/go-stack/stack v1.8.1 // indirect diff --git a/jwt_adapter/jwt_adapter.go b/jwt_adapter/jwt_adapter.go index 59653d9..b74acca 100644 --- a/jwt_adapter/jwt_adapter.go +++ b/jwt_adapter/jwt_adapter.go @@ -3,49 +3,35 @@ package jwt_adapter import ( "context" "fmt" - "github.com/dgrijalva/jwt-go" - "github.com/rs/xid" - "github.com/skeris/identity/cookie" "os" "time" + + "github.com/dgrijalva/jwt-go" + "github.com/skeris/identity/cookie" ) -var _ cookie.Cookie = new(JwtAdapter) +const ( + DefaultAccessSecret = "awesomeAC" + DefaultHeaderKey = "Authorization" +) + +var ( + _ cookie.Cookie = new(JwtAdapter) + accessSecret = DefaultAccessSecret +) + +type JwtAdapter struct { + jwt.StandardClaims +} func init() { aS := os.Getenv("JWT_SECRET") + if len(aS) != 0 { accessSecret = aS } } -type JwtAdapter struct { - ID string - Session string - User string - - Tariff uint8 - - Created int64 - LastSeen int64 - jwt.StandardClaims -} - -func (c *JwtAdapter) Init() { - if c.ID == "" { - c.ID = xid.New().String() - } - - c.Session = xid.New().String() - c.User = "" - c.Tariff = uint8(0) - - t := Timestamp() - c.Created = t - c.LastSeen = t -} - - func Get(ctx context.Context) *JwtAdapter { if adapter, ok := ctx.Value(DefaultHeaderKey).(*JwtAdapter); ok { return adapter @@ -54,53 +40,36 @@ func Get(ctx context.Context) *JwtAdapter { return nil } -func (c *JwtAdapter) SetUserID(id string) { - c.User = id +func (receiver *JwtAdapter) SetUserID(ID string) { + receiver.Id = ID } -func (c *JwtAdapter) GetUserID() string { - return c.User +func (receiver *JwtAdapter) GetUserID() string { + return receiver.Id } -func (c *JwtAdapter) GetTariff() uint8 { - return c.Tariff -} +func (receiver *JwtAdapter) Validate() error { + if err := receiver.Valid(); err != nil { + return err + } -func (c *JwtAdapter) SetTariff(status uint8) { - c.Tariff = status -} + if !receiver.VerifyIssuer("pena-auth-service", true) { + return fmt.Errorf("invalid issuer") + } -func (c *JwtAdapter) GetSessionID() string { - return c.Session -} + if !receiver.VerifyAudience("pena", true) { + return fmt.Errorf("invalid audience") + } -func (c *JwtAdapter) SetSessionID(id string) { - c.Session = id - c.User = "" -} - -const ( - DefaultAccessSecret = "awesomeAC" - DefaultHeaderKey = "Authorization" -) - -var accessSecret = DefaultAccessSecret - -func (c *JwtAdapter) Encode() (string, error) { - token := jwt.NewWithClaims(jwt.SigningMethodHS256, c) - ss, err := token.SignedString([]byte(accessSecret)) - - return ss, err + return nil } func Decode(tokenString string) (*JwtAdapter, error) { - claims := JwtAdapter{} - - token, err := jwt.ParseWithClaims(tokenString, &claims, func(token *jwt.Token) (interface{}, error) { - //Make sure that the token method conform to "SigningMethodHMAC" - if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { + token, err := jwt.ParseWithClaims(tokenString, &JwtAdapter{}, func(token *jwt.Token) (interface{}, error) { + if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } + return []byte(accessSecret), nil }) @@ -108,11 +77,16 @@ func Decode(tokenString string) (*JwtAdapter, error) { return nil, err } - if _, ok := token.Claims.(jwt.Claims); !ok && !token.Valid { + claims, ok := token.Claims.(*JwtAdapter) + if !ok && !token.Valid { return nil, fmt.Errorf("ErrorNoValidClaims") } - return &claims, nil + if err := claims.Validate(); err != nil { + return nil, err + } + + return claims, nil } func Timestamp() int64 {