114 lines
2.8 KiB
Go
114 lines
2.8 KiB
Go
|
package service
|
||
|
|
|
||
|
|
import (
|
||
|
|
"encoding/json"
|
||
|
|
"errors"
|
||
|
|
"fmt"
|
||
|
|
"log"
|
||
|
|
"net/http"
|
||
|
|
"strconv"
|
||
|
|
"time"
|
||
|
|
|
||
|
|
"git.pbiernat.dev/egommerce/application/services/identity/internal/app/config"
|
||
|
|
def "git.pbiernat.dev/egommerce/application/services/identity/internal/app/definition"
|
||
|
|
"github.com/golang-jwt/jwt"
|
||
|
|
)
|
||
|
|
|
||
|
|
var (
|
||
|
|
AuthService *Auth
|
||
|
|
|
||
|
|
ErrUserNotFound = errors.New("user not found")
|
||
|
|
ErrTokenError = errors.New("failed to generate JWT token")
|
||
|
|
)
|
||
|
|
|
||
|
|
func init() {
|
||
|
|
expire, _ := strconv.Atoi(config.GetEnv("AUTH_TOKEN_EXPIRE_TIME", "5"))
|
||
|
|
secret := []byte(config.GetEnv("AUTH_SECRET_HMAC", "B413IlIv9nKQfsMCXTE0Cteo4yHgUEfqaLfjg73sNlh"))
|
||
|
|
|
||
|
|
AuthService = &Auth{expire, "jwt_token", "jwt_token_refresh", secret}
|
||
|
|
}
|
||
|
|
|
||
|
|
type Auth struct {
|
||
|
|
ExpireTime int // token expire time in minutes
|
||
|
|
TokenCookieName string
|
||
|
|
RefreshTokenCookieName string
|
||
|
|
|
||
|
|
secret []byte // signing key
|
||
|
|
}
|
||
|
|
|
||
|
|
func (a *Auth) Login(r *def.AuthLoginRequest) (string, error) {
|
||
|
|
if r.Username == "admin" && r.Password == "secret" {
|
||
|
|
token, err := a.createToken()
|
||
|
|
if err != nil {
|
||
|
|
return "", ErrTokenError
|
||
|
|
}
|
||
|
|
|
||
|
|
return token, nil
|
||
|
|
}
|
||
|
|
|
||
|
|
return "", ErrUserNotFound
|
||
|
|
}
|
||
|
|
|
||
|
|
// SetCookie appends cookie header to response
|
||
|
|
func (a *Auth) SetCookie(w http.ResponseWriter, name, token string) {
|
||
|
|
c := &http.Cookie{
|
||
|
|
Name: name,
|
||
|
|
Value: token,
|
||
|
|
MaxAge: a.ExpireTime * 60,
|
||
|
|
Path: "/",
|
||
|
|
}
|
||
|
|
http.SetCookie(w, c)
|
||
|
|
}
|
||
|
|
|
||
|
|
func (a Auth) createToken() (string, error) {
|
||
|
|
// log.Println("now:", time.Now().Unix())
|
||
|
|
// log.Println("expire at:", time.Now().Add(time.Duration(a.ExpireTime)*time.Minute).Unix())
|
||
|
|
claims := &jwt.StandardClaims{
|
||
|
|
ExpiresAt: time.Now().Add(time.Duration(a.ExpireTime) * time.Minute).Unix(),
|
||
|
|
}
|
||
|
|
|
||
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||
|
|
return token.SignedString(a.secret)
|
||
|
|
}
|
||
|
|
|
||
|
|
func (a *Auth) validateToken(tokenStr string) error {
|
||
|
|
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
|
||
|
|
// Don't forget to validate the alg is what you expect:
|
||
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||
|
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
||
|
|
}
|
||
|
|
|
||
|
|
// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
|
||
|
|
return a.secret, nil
|
||
|
|
})
|
||
|
|
|
||
|
|
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
||
|
|
log.Println(claims)
|
||
|
|
} else {
|
||
|
|
return err
|
||
|
|
}
|
||
|
|
|
||
|
|
return nil
|
||
|
|
}
|
||
|
|
|
||
|
|
func (a Auth) ValidateUserTokenMiddleware(next http.Handler) http.Handler {
|
||
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||
|
|
cToken, err := r.Cookie(a.TokenCookieName)
|
||
|
|
if err != nil {
|
||
|
|
w.WriteHeader(http.StatusUnauthorized)
|
||
|
|
json.NewEncoder(w).Encode(def.Error("Missing JWT Token cookie"))
|
||
|
|
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
if err := a.validateToken(cToken.Value); err != nil {
|
||
|
|
w.WriteHeader(http.StatusUnauthorized)
|
||
|
|
json.NewEncoder(w).Encode(def.Error(err.Error()))
|
||
|
|
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
next.ServeHTTP(w, r)
|
||
|
|
})
|
||
|
|
}
|