identity-service/internal/app/service/auth.go

114 lines
2.8 KiB
Go

package service
import (
"encoding/json"
"errors"
"fmt"
"log"
"net/http"
"strconv"
"time"
"git.pbiernat.dev/egommerce/application/services/identity/internal/app/config"
def "git.pbiernat.dev/egommerce/application/services/identity/internal/app/definition"
"github.com/golang-jwt/jwt"
)
var (
AuthService *Auth
ErrUserNotFound = errors.New("user not found")
ErrTokenError = errors.New("failed to generate JWT token")
)
func init() {
expire, _ := strconv.Atoi(config.GetEnv("AUTH_TOKEN_EXPIRE_TIME", "5"))
secret := []byte(config.GetEnv("AUTH_SECRET_HMAC", "B413IlIv9nKQfsMCXTE0Cteo4yHgUEfqaLfjg73sNlh"))
AuthService = &Auth{expire, "jwt_token", "jwt_token_refresh", secret}
}
type Auth struct {
ExpireTime int // token expire time in minutes
TokenCookieName string
RefreshTokenCookieName string
secret []byte // signing key
}
func (a *Auth) Login(r *def.AuthLoginRequest) (string, error) {
if r.Username == "admin" && r.Password == "secret" {
token, err := a.createToken()
if err != nil {
return "", ErrTokenError
}
return token, nil
}
return "", ErrUserNotFound
}
// SetCookie appends cookie header to response
func (a *Auth) SetCookie(w http.ResponseWriter, name, token string) {
c := &http.Cookie{
Name: name,
Value: token,
MaxAge: a.ExpireTime * 60,
Path: "/",
}
http.SetCookie(w, c)
}
func (a Auth) createToken() (string, error) {
// log.Println("now:", time.Now().Unix())
// log.Println("expire at:", time.Now().Add(time.Duration(a.ExpireTime)*time.Minute).Unix())
claims := &jwt.StandardClaims{
ExpiresAt: time.Now().Add(time.Duration(a.ExpireTime) * time.Minute).Unix(),
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(a.secret)
}
func (a *Auth) validateToken(tokenStr string) error {
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
// Don't forget to validate the alg is what you expect:
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
return a.secret, nil
})
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
log.Println(claims)
} else {
return err
}
return nil
}
func (a Auth) ValidateUserTokenMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
cToken, err := r.Cookie(a.TokenCookieName)
if err != nil {
w.WriteHeader(http.StatusUnauthorized)
json.NewEncoder(w).Encode(def.Error("Missing JWT Token cookie"))
return
}
if err := a.validateToken(cToken.Value); err != nil {
w.WriteHeader(http.StatusUnauthorized)
json.NewEncoder(w).Encode(def.Error(err.Error()))
return
}
next.ServeHTTP(w, r)
})
}