-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
implement auth middleware and prop hooks
- Loading branch information
1 parent
6a0c0d5
commit 0de746f
Showing
25 changed files
with
581 additions
and
164 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
issues: | ||
exclude-rules: | ||
- path: pkg/user/handler_oauth.go | ||
- path: pkg/user/middleware.go | ||
text: 'SA1029: should not use built-in type string as key for value; define your own type to avoid collisions' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package cmd | ||
|
||
import ( | ||
"crypto/ed25519" | ||
"encoding/base64" | ||
"fmt" | ||
|
||
"github.com/spf13/cobra" | ||
) | ||
|
||
func init() { | ||
rootCmd.AddCommand(generateJWTKey) | ||
} | ||
|
||
var ( | ||
generateJWTKey = &cobra.Command{ | ||
Use: "key-gen", | ||
Short: "Generate a private and a public ED25519 key", | ||
RunE: func(cmd *cobra.Command, args []string) (err error) { | ||
pub, pk, err := ed25519.GenerateKey(nil) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
pkb64 := base64.StdEncoding.EncodeToString(pk) | ||
pubb64 := base64.StdEncoding.EncodeToString(pub) | ||
|
||
fmt.Printf("PK: %s\n", pkb64) | ||
fmt.Printf("PUB: %s\n", pubb64) | ||
return nil | ||
}, | ||
} | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package config | ||
|
||
import ( | ||
"encoding/base64" | ||
) | ||
|
||
type JWT struct { | ||
Private Cert `env:"PRIVATE_KEY,required"` | ||
Public Cert `env:"PUBLIC_KEY,required"` | ||
} | ||
|
||
type Cert []byte | ||
|
||
func (c *Cert) UnmarshalText(text []byte) error { | ||
out, err := base64.StdEncoding.DecodeString(string(text)) | ||
if err != nil { | ||
return err | ||
} | ||
*c = Cert(out) | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
package session | ||
|
||
import ( | ||
"crypto/ed25519" | ||
"encoding/json" | ||
"errors" | ||
"time" | ||
|
||
"github.com/golang-jwt/jwt" | ||
"github.com/marcopollivier/techagenda/lib/config" | ||
"github.com/markbates/goth" | ||
) | ||
|
||
type UserSession struct { | ||
ID uint `json:"id"` | ||
Provider string `json:"provider"` | ||
Token string `json:"token"` | ||
AuthUser goth.User `json:"auth_user"` | ||
} | ||
|
||
func GenerateJWT(userID uint, auth goth.User) (tokenString string, err error) { | ||
var ( | ||
pk = ed25519.PrivateKey(config.Get().JWT.Private) | ||
token = jwt.New(jwt.SigningMethodEdDSA) | ||
claims = token.Claims.(jwt.MapClaims) | ||
sess UserSession | ||
) | ||
|
||
sess = UserSession{ | ||
ID: userID, | ||
Provider: auth.Provider, | ||
Token: auth.AccessToken, | ||
AuthUser: auth, | ||
} | ||
claims["exp"] = float64(time.Now().Add(24 * time.Hour).UnixMilli()) | ||
claims["authorized"] = true | ||
claims["session"] = sess | ||
|
||
if tokenString, err = token.SignedString(pk); err != nil { | ||
return "", err | ||
} | ||
|
||
return tokenString, nil | ||
} | ||
|
||
func UnmarshalSession(tokenString string) (sess UserSession, err error) { | ||
var ( | ||
token *jwt.Token | ||
claims jwt.MapClaims | ||
ok bool | ||
bytes []byte | ||
) | ||
if token, err = jwt.Parse(tokenString, jwtParser); err != nil { | ||
return sess, err | ||
} | ||
if !token.Valid { | ||
return sess, errors.New("invalid token session") | ||
} | ||
if claims, ok = token.Claims.(jwt.MapClaims); !ok { | ||
return sess, errors.New("unable to extract claims") | ||
} | ||
if bytes, err = json.Marshal(claims["session"]); err != nil { | ||
return sess, errors.New("unable to extract session") | ||
} | ||
if err = json.Unmarshal(bytes, &sess); err != nil { | ||
return sess, errors.New("unable to parse session") | ||
} | ||
return sess, nil | ||
|
||
} | ||
|
||
func jwtParser(token *jwt.Token) (any, error) { | ||
key := ed25519.PublicKey(config.Get().JWT.Public) | ||
_, ok := token.Method.(*jwt.SigningMethodEd25519) | ||
if !ok { | ||
return "", errors.New("fail to open session token") | ||
} | ||
return key, nil | ||
} |
Oops, something went wrong.