forked from aunefyren/wrapperr
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthorize.go
111 lines (90 loc) · 3.23 KB
/
authorize.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package modules
import (
"aunefyren/wrapperr/files"
"aunefyren/wrapperr/models"
"errors"
"log"
"net/http"
"strings"
"time"
"github.com/golang-jwt/jwt/v4"
)
// AuthorizeToken validates JWT tokens using the private key.
func AuthorizeToken(writer http.ResponseWriter, request *http.Request) (*models.Payload, error) {
PrivateKey, err := files.GetPrivateKey()
if err != nil {
log.Println("Failed to load JWT Token settings. Error: ")
log.Println(err)
return &models.Payload{}, errors.New("Failed to load JWT Token settings.")
}
// Check if Authorization header is available
header := request.Header.Get("Authorization")
if header == "" || !strings.Contains(header, " ") || !strings.Contains(strings.ToLower(header), "bearer") {
log.Println("No valid Authorization token found in header during API request.")
return &models.Payload{}, errors.New("No valid Authorization token found in header.")
}
headerParts := strings.Split(header, " ")
if len(headerParts) < 2 {
log.Println("Failed to parse header. Error: ")
log.Println(err)
return &models.Payload{}, errors.New("Failed to parse header.")
}
jwtToken := headerParts[1]
payload, err := VerifyToken(PrivateKey, jwtToken)
if err != nil {
log.Println("Session token not accepted. Error: ")
log.Println(err)
return &models.Payload{}, errors.New("Session token not accepted. Please relog.")
}
return payload, nil
}
// VerifyToken checks if the token is valid or not
func VerifyToken(PrivateKey string, token string) (*models.Payload, error) {
keyFunc := func(token *jwt.Token) (interface{}, error) {
_, ok := token.Method.(*jwt.SigningMethodHMAC)
if !ok {
return nil, models.ErrInvalidToken
}
return []byte(PrivateKey), nil
}
jwtToken, err := jwt.ParseWithClaims(token, &models.Payload{}, keyFunc)
if err != nil {
verr, ok := err.(*jwt.ValidationError)
if ok && errors.Is(verr.Inner, jwt.ErrTokenExpired) {
return nil, models.ErrExpiredToken
}
return nil, models.ErrInvalidToken
}
payload, ok := jwtToken.Claims.(*models.Payload)
if !ok {
return nil, models.ErrInvalidToken
}
return payload, nil
}
// CreateToken creates a new JWT token used to validate a users session. Valid for three days by default.
func CreateToken(username string, admin bool, authtoken string) (string, error) {
PrivateKey, err := files.GetPrivateKey()
if err != nil {
log.Println("Failed to load JWT Token settings. Error: ")
log.Println(err)
return "", errors.New("Failed to load JWT Token settings.")
}
duration := time.Minute * 60 * 24 * 3
token, _, err := CreateTokenTwo(PrivateKey, username, admin, authtoken, duration)
if err != nil {
log.Println("Failed to create session token. Error: ")
log.Println(err)
return "", errors.New("Failed to create session token.")
}
return token, nil
}
// CreateToken creates a new token for a specific username and duration
func CreateTokenTwo(PrivateKey string, username string, admin bool, authtoken string, duration time.Duration) (string, *models.Payload, error) {
payload, err := NewPayload(username, admin, authtoken, duration)
if err != nil {
return "", payload, err
}
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, payload)
token, err := jwtToken.SignedString([]byte(PrivateKey))
return token, payload, err
}