feat: change jwt decode method

2023-01-06 12:09:22 +03:00 · 2023-01-06 12:09:22 +03:00 · 67e9a7d067
commit 67e9a7d067
parent 9ad3863e7c
2 changed files with 42 additions and 70 deletions
--- a/go.mod
+++ b/go.mod
@ -3,8 +3,6 @@ module heruvym
 go 1.16
 require (
 	bitbucket.org/skeris/profile v0.0.0
 	github.com/BlackBroker/trashlog v0.1.1
 	github.com/aws/aws-sdk-go v1.44.126 // indirect
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/go-stack/stack v1.8.1 // indirect
--- a/jwt_adapter/jwt_adapter.go
+++ b/jwt_adapter/jwt_adapter.go
@ -3,49 +3,35 @@ package jwt_adapter
 import (
 	"context"
 	"fmt"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/rs/xid"
 	"github.com/skeris/identity/cookie"
 	"os"
 	"time"
 	"github.com/dgrijalva/jwt-go"
 	"github.com/skeris/identity/cookie"
 )
-var _ cookie.Cookie = new(JwtAdapter)
+const (
 	DefaultAccessSecret = "awesomeAC"
 	DefaultHeaderKey    = "Authorization"
 )
 var (
 	_            cookie.Cookie = new(JwtAdapter)
 	accessSecret               = DefaultAccessSecret
 )
 type JwtAdapter struct {
 	jwt.StandardClaims
 }
 func init() {
 	aS := os.Getenv("JWT_SECRET")
 	if len(aS) != 0 {
 		accessSecret = aS
 	}
 }
 type JwtAdapter struct {
 	ID      string
 	Session string
 	User    string
 	Tariff uint8
 	Created  int64
 	LastSeen int64
 	jwt.StandardClaims
 }
 func (c *JwtAdapter) Init() {
 	if c.ID == "" {
 		c.ID = xid.New().String()
 	}
 	c.Session = xid.New().String()
 	c.User = ""
 	c.Tariff = uint8(0)
 	t := Timestamp()
 	c.Created = t
 	c.LastSeen = t
 }
 func Get(ctx context.Context) *JwtAdapter {
 	if adapter, ok := ctx.Value(DefaultHeaderKey).(*JwtAdapter); ok {
 		return adapter
@ -54,53 +40,36 @@ func Get(ctx context.Context) *JwtAdapter {
 	return nil
 }
-func (c *JwtAdapter) SetUserID(id string) {
+func (receiver *JwtAdapter) SetUserID(ID string) {
-	c.User = id
+	receiver.Id = ID
 }
-func (c *JwtAdapter) GetUserID() string {
+func (receiver *JwtAdapter) GetUserID() string {
-	return c.User
+	return receiver.Id
 }
-func (c *JwtAdapter) GetTariff() uint8 {
+func (receiver *JwtAdapter) Validate() error {
-	return c.Tariff
+	if err := receiver.Valid(); err != nil {
-}
+		return err
 	}
-func (c *JwtAdapter) SetTariff(status uint8) {
+	if !receiver.VerifyIssuer("pena-auth-service", true) {
-	c.Tariff = status
+		return fmt.Errorf("invalid issuer")
-}
+	}
-func (c *JwtAdapter) GetSessionID() string {
+	if !receiver.VerifyAudience("pena", true) {
-	return c.Session
+		return fmt.Errorf("invalid audience")
-}
+	}
-func (c *JwtAdapter) SetSessionID(id string) {
+	return nil
 	c.Session = id
 	c.User = ""
 }
 const (
 	DefaultAccessSecret = "awesomeAC"
 	DefaultHeaderKey    = "Authorization"
 )
 var accessSecret = DefaultAccessSecret
 func (c *JwtAdapter) Encode() (string, error) {
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, c)
 	ss, err := token.SignedString([]byte(accessSecret))
 	return ss, err
 }
 func Decode(tokenString string) (*JwtAdapter, error) {
-	claims := JwtAdapter{}
+	token, err := jwt.ParseWithClaims(tokenString, &JwtAdapter{}, func(token *jwt.Token) (interface{}, error) {
-
+		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
 	token, err := jwt.ParseWithClaims(tokenString, &claims, func(token *jwt.Token) (interface{}, error) {
 		//Make sure that the token method conform to "SigningMethodHMAC"
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
 		return []byte(accessSecret), nil
 	})
@ -108,11 +77,16 @@ func Decode(tokenString string) (*JwtAdapter, error) {
 		return nil, err
 	}
-	if _, ok := token.Claims.(jwt.Claims); !ok && !token.Valid {
+	claims, ok := token.Claims.(*JwtAdapter)
 	if !ok && !token.Valid {
 		return nil, fmt.Errorf("ErrorNoValidClaims")
 	}
-	return &claims, nil
+	if err := claims.Validate(); err != nil {
 		return nil, err
 	}
 	return claims, nil
 }
 func Timestamp() int64 {