111 lines
2.5 KiB
Go
111 lines
2.5 KiB
Go
package jwt
|
||
|
||
import (
|
||
"fmt"
|
||
"time"
|
||
|
||
"git.javil.eu/jacob1123/budgeteer"
|
||
"git.javil.eu/jacob1123/budgeteer/postgres"
|
||
"github.com/dgrijalva/jwt-go"
|
||
"github.com/google/uuid"
|
||
)
|
||
|
||
// TokenVerifier verifies Tokens.
|
||
type TokenVerifier struct{}
|
||
|
||
// Token contains everything to authenticate a user.
|
||
type Token struct {
|
||
username string
|
||
name string
|
||
expiry float64
|
||
id uuid.UUID
|
||
}
|
||
|
||
const (
|
||
expiration = 72
|
||
secret = "uditapbzuditagscwxuqdflgzpbu´ßiaefnlmzeßtrubiadern"
|
||
)
|
||
|
||
// CreateToken creates a new token from username and name.
|
||
func (tv *TokenVerifier) CreateToken(user *postgres.User) (string, error) {
|
||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
||
"usr": user.Email,
|
||
"name": user.Name,
|
||
"exp": time.Now().Add(time.Hour * expiration).Unix(),
|
||
"id": user.ID,
|
||
})
|
||
|
||
// Generate encoded token and send it as response.
|
||
t, err := token.SignedString([]byte(secret))
|
||
if err != nil {
|
||
return "", fmt.Errorf("create token: %w", err)
|
||
}
|
||
|
||
return t, nil
|
||
}
|
||
|
||
var (
|
||
ErrUnexpectedSigningMethod = fmt.Errorf("unexpected signing method")
|
||
ErrInvalidToken = fmt.Errorf("token is invalid")
|
||
ErrTokenExpired = fmt.Errorf("token has expired")
|
||
)
|
||
|
||
// VerifyToken verifys a given string-token.
|
||
func (tv *TokenVerifier) VerifyToken(tokenString string) (budgeteer.Token, error) { //nolint:ireturn
|
||
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||
return nil, fmt.Errorf("method '%v': %w", token.Header["alg"], ErrUnexpectedSigningMethod)
|
||
}
|
||
return []byte(secret), nil
|
||
})
|
||
if err != nil {
|
||
return nil, fmt.Errorf("parse jwt: %w", err)
|
||
}
|
||
|
||
claims, err := verifyToken(token)
|
||
if err != nil {
|
||
return nil, fmt.Errorf("verify jwt: %w", err)
|
||
}
|
||
|
||
tkn := &Token{ //nolint:forcetypeassert
|
||
username: claims["usr"].(string),
|
||
name: claims["name"].(string),
|
||
expiry: claims["exp"].(float64),
|
||
id: uuid.MustParse(claims["id"].(string)),
|
||
}
|
||
return tkn, nil
|
||
}
|
||
|
||
func verifyToken(token *jwt.Token) (jwt.MapClaims, error) {
|
||
if !token.Valid {
|
||
return nil, ErrInvalidToken
|
||
}
|
||
|
||
claims, ok := token.Claims.(jwt.MapClaims)
|
||
if !ok {
|
||
return nil, ErrInvalidToken
|
||
}
|
||
|
||
if !claims.VerifyExpiresAt(time.Now().Unix(), true) {
|
||
return nil, ErrTokenExpired
|
||
}
|
||
|
||
return claims, nil
|
||
}
|
||
|
||
func (t *Token) GetName() string {
|
||
return t.name
|
||
}
|
||
|
||
func (t *Token) GetUsername() string {
|
||
return t.username
|
||
}
|
||
|
||
func (t *Token) GetExpiry() float64 {
|
||
return t.expiry
|
||
}
|
||
|
||
func (t *Token) GetID() uuid.UUID {
|
||
return t.id
|
||
}
|