mirror of
https://forgejo.merr.is/annika/isl-api.git
synced 2025-12-10 11:53:14 -05:00
Added JWT Auth
Wrote my own JWT auth middleware, since I could not get the go-chi middleware to accept a JWKS instead of a certificate.
This commit is contained in:
parent
ac18b94a86
commit
b5ea01729b
12 changed files with 336 additions and 132 deletions
|
|
@ -1,42 +0,0 @@
|
|||
package Routes
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"forgejo.merr.is/annika/isl-api/Controllers"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/moosetheory/jwtauth/v5"
|
||||
)
|
||||
|
||||
func SetupPowerItemRoutes(c Controllers.PowerItemController, tokenAuth *jwtauth.JWTAuth) *chi.Mux {
|
||||
r := chi.NewRouter()
|
||||
|
||||
r.Get("/", c.GetAll)
|
||||
r.Get("/asMap", c.GetAllAsMap)
|
||||
r.Get("/byType/{type:[1-3]}", c.GetAllByType)
|
||||
r.Get("/byType/{type:[1-3]}/asMap", c.GetAllByTypeAsMap)
|
||||
|
||||
ar := chi.NewRouter()
|
||||
ar.Group(func(r chi.Router) {
|
||||
r.Use(jwtauth.Verifier(tokenAuth))
|
||||
r.Use(jwtauth.Authenticator(tokenAuth))
|
||||
|
||||
r.Get("/test", authTest)
|
||||
r.Post("/", c.Add)
|
||||
r.Post("/multiple", c.AddMultiple)
|
||||
})
|
||||
r.Mount("/", ar)
|
||||
|
||||
return r
|
||||
}
|
||||
|
||||
func authTest(w http.ResponseWriter, r *http.Request) {
|
||||
token, claims, err := jwtauth.FromContext(r.Context())
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fmt.Printf("%+v\n", token)
|
||||
fmt.Printf("%+v\n", claims)
|
||||
fmt.Fprint(w, "hi")
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package Controllers
|
||||
package controllers
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
|
@ -6,16 +6,16 @@ import (
|
|||
"net/http"
|
||||
"strconv"
|
||||
|
||||
"forgejo.merr.is/annika/isl-api/Entities"
|
||||
"forgejo.merr.is/annika/isl-api/Services"
|
||||
"forgejo.merr.is/annika/isl-api/entities"
|
||||
"forgejo.merr.is/annika/isl-api/services"
|
||||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
type PowerItemController struct {
|
||||
powerItemService *Services.PowerItemService
|
||||
powerItemService *services.PowerItemService
|
||||
}
|
||||
|
||||
func NewPowerItemController(powerItemService *Services.PowerItemService) *PowerItemController {
|
||||
func NewPowerItemController(powerItemService *services.PowerItemService) *PowerItemController {
|
||||
controller := &PowerItemController{
|
||||
powerItemService: powerItemService,
|
||||
}
|
||||
|
|
@ -23,7 +23,7 @@ func NewPowerItemController(powerItemService *Services.PowerItemService) *PowerI
|
|||
}
|
||||
|
||||
func (p *PowerItemController) Add(w http.ResponseWriter, r *http.Request) {
|
||||
var newItem Entities.PowerItem
|
||||
var newItem entities.PowerItem
|
||||
err := json.NewDecoder(r.Body).Decode(&newItem)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
|
|
@ -48,7 +48,7 @@ func (p *PowerItemController) Add(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
func (p *PowerItemController) AddMultiple(w http.ResponseWriter, r *http.Request) {
|
||||
var itemType int32 = 3
|
||||
var newItems map[string]Entities.PowerItem
|
||||
var newItems map[string]entities.PowerItem
|
||||
err := json.NewDecoder(r.Body).Decode(&newItems)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
|
|
@ -98,7 +98,7 @@ func (p *PowerItemController) GetAllAsMap(w http.ResponseWriter, r *http.Request
|
|||
return
|
||||
}
|
||||
|
||||
resultMap := make(map[string]Entities.PowerItem)
|
||||
resultMap := make(map[string]entities.PowerItem)
|
||||
for _, curItem := range items {
|
||||
uuid := fmt.Sprintf("%x-%x-%x-%x-%x", curItem.ID.Bytes[0:4], curItem.ID.Bytes[4:6], curItem.ID.Bytes[6:8], curItem.ID.Bytes[8:10], curItem.ID.Bytes[10:16])
|
||||
resultMap[uuid] = curItem
|
||||
|
|
@ -150,7 +150,7 @@ func (p *PowerItemController) GetAllByTypeAsMap(w http.ResponseWriter, r *http.R
|
|||
return
|
||||
}
|
||||
|
||||
resultMap := make(map[string]Entities.PowerItem)
|
||||
resultMap := make(map[string]entities.PowerItem)
|
||||
for _, curItem := range items {
|
||||
uuid := fmt.Sprintf("%x-%x-%x-%x-%x", curItem.ID.Bytes[0:4], curItem.ID.Bytes[4:6], curItem.ID.Bytes[6:8], curItem.ID.Bytes[8:10], curItem.ID.Bytes[10:16])
|
||||
resultMap[uuid] = curItem
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
package Entities
|
||||
package entities
|
||||
|
||||
import (
|
||||
"forgejo.merr.is/annika/isl-api/sql/powerItem"
|
||||
20
go.mod
20
go.mod
|
|
@ -3,19 +3,22 @@ module forgejo.merr.is/annika/isl-api
|
|||
go 1.21.6
|
||||
|
||||
require (
|
||||
github.com/google/uuid v1.6.0
|
||||
forgejo.merr.is/annika/jwtauth/v5 v5.1.0
|
||||
github.com/go-chi/chi/v5 v5.0.11
|
||||
github.com/go-chi/cors v1.2.1
|
||||
github.com/go-chi/httplog/v2 v2.0.9
|
||||
github.com/jackc/pgconn v1.14.1
|
||||
github.com/jackc/pgtype v1.14.1
|
||||
github.com/jackc/pgx/v4 v4.18.1
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.19
|
||||
github.com/lmittmann/tint v1.0.4
|
||||
github.com/moosetheory/jwtauth/v5 v5.1.1
|
||||
github.com/spf13/viper v1.18.2
|
||||
)
|
||||
|
||||
require (
|
||||
forgejo.merr.is/annika/jwtauth/v5 v5.1.0 // indirect
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
|
||||
github.com/fsnotify/fsnotify v1.7.0 // indirect
|
||||
github.com/go-chi/chi/v5 v5.0.11 // indirect
|
||||
github.com/go-chi/cors v1.2.1 // indirect
|
||||
github.com/go-chi/httplog/v2 v2.0.9 // indirect
|
||||
github.com/go-chi/jwtauth/v5 v5.3.0 // indirect
|
||||
github.com/goccy/go-json v0.10.2 // indirect
|
||||
github.com/hashicorp/hcl v1.0.0 // indirect
|
||||
|
|
@ -25,18 +28,15 @@ require (
|
|||
github.com/jackc/pgproto3/v2 v2.3.2 // indirect
|
||||
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
|
||||
github.com/jackc/puddle v1.3.0 // indirect
|
||||
github.com/julienschmidt/httprouter v1.3.0 // indirect
|
||||
github.com/lestrrat-go/blackmagic v1.0.2 // indirect
|
||||
github.com/lestrrat-go/httpcc v1.0.1 // indirect
|
||||
github.com/lestrrat-go/httprc v1.0.4 // indirect
|
||||
github.com/lestrrat-go/iter v1.0.2 // indirect
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.19 // indirect
|
||||
github.com/lestrrat-go/option v1.0.1 // indirect
|
||||
github.com/lmittmann/tint v1.0.4 // indirect
|
||||
github.com/magiconair/properties v1.8.7 // indirect
|
||||
github.com/mitchellh/mapstructure v1.5.0 // indirect
|
||||
github.com/moosetheory/jwtauth/v5 v5.1.1 // indirect
|
||||
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
|
||||
github.com/rogpeppe/go-internal v1.11.0 // indirect
|
||||
github.com/sagikazarmark/locafero v0.4.0 // indirect
|
||||
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
|
||||
github.com/segmentio/asm v1.2.0 // indirect
|
||||
|
|
@ -44,9 +44,7 @@ require (
|
|||
github.com/spf13/afero v1.11.0 // indirect
|
||||
github.com/spf13/cast v1.6.0 // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
github.com/spf13/viper v1.18.2 // indirect
|
||||
github.com/subosito/gotenv v1.6.0 // indirect
|
||||
github.com/zitadel/zitadel-go/v3 v3.0.0-next.2 // indirect
|
||||
go.uber.org/atomic v1.9.0 // indirect
|
||||
go.uber.org/multierr v1.9.0 // indirect
|
||||
golang.org/x/crypto v0.17.0 // indirect
|
||||
|
|
|
|||
46
go.sum
46
go.sum
|
|
@ -8,12 +8,13 @@ github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7
|
|||
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
|
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
|
||||
github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
|
||||
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
|
||||
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
|
||||
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
|
||||
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
|
||||
github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
|
||||
github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
|
||||
github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA=
|
||||
|
|
@ -31,9 +32,9 @@ github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
|
|||
github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
|
||||
github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
|
||||
github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
|
||||
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
|
||||
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
|
||||
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
|
||||
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
|
||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||
github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
|
||||
|
|
@ -87,15 +88,17 @@ github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0f
|
|||
github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
|
||||
github.com/jackc/puddle v1.3.0 h1:eHK/5clGOatcjX3oWGBO/MpxpbHzSwud5EWTSCI+MX0=
|
||||
github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
|
||||
github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
|
||||
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
|
||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
|
||||
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
|
||||
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
|
||||
github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
|
||||
github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
|
||||
github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
|
||||
|
|
@ -104,11 +107,8 @@ github.com/lestrrat-go/httprc v1.0.4 h1:bAZymwoZQb+Oq8MEbyipag7iSq6YIga8Wj6GOiJG
|
|||
github.com/lestrrat-go/httprc v1.0.4/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo=
|
||||
github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI=
|
||||
github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4=
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.17 h1:+WavkdKVWO90ECnIzUetOnjY+kcqqw4WXEUmil7sMCE=
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.17/go.mod h1:G8randPHLGAqhcNCqtt6/V/7E6fvJRl3Sf9z777eTQ0=
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.19 h1:ekv1qEZE6BVct89QA+pRF6+4pCpfVrOnEJnTnT4RXoY=
|
||||
github.com/lestrrat-go/jwx/v2 v2.0.19/go.mod h1:l3im3coce1lL2cDeAjqmaR+Awx+X8Ih+2k8BuHNJ4CU=
|
||||
github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
|
||||
github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
|
||||
github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
|
||||
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
|
||||
|
|
@ -131,13 +131,15 @@ github.com/moosetheory/jwtauth/v5 v5.1.1 h1:uj4PJWiKpLkKhr9WfsVjgUAT5izGojJhs7y0
|
|||
github.com/moosetheory/jwtauth/v5 v5.1.1/go.mod h1:S1z/wAXZwfzqfeQa8umtAt1rwSKekNVfyqTt7+IAVSY=
|
||||
github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
|
||||
github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
|
||||
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
|
||||
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||
github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
|
||||
github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
|
||||
github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
|
||||
github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
|
||||
github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
|
||||
|
|
@ -176,7 +178,6 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
|
|||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||
github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
|
||||
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
||||
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
|
||||
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||
|
|
@ -184,8 +185,6 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8
|
|||
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
|
||||
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
|
||||
github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
|
||||
github.com/zitadel/zitadel-go/v3 v3.0.0-next.2 h1:w0lnLvijwQwkrUEA74loenNR9udRAaq6rccjlMSA+4U=
|
||||
github.com/zitadel/zitadel-go/v3 v3.0.0-next.2/go.mod h1:SY9IZuDw/766mwEobCX7JNwXawIQxVseo679JG1U0c0=
|
||||
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
|
||||
|
|
@ -211,22 +210,15 @@ golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWP
|
|||
golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
|
||||
golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
|
||||
golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
|
||||
golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
|
||||
golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
|
||||
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
|
||||
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
|
||||
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
|
||||
golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
|
||||
golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 h1:+iq7lrkxmFNBM7xx+Rae2W6uyPfhPeDWD+n+JgppptE=
|
||||
golang.org/x/exp v0.0.0-20231219180239-dc181d75b848/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
|
||||
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
|
||||
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
|
||||
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
|
||||
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
|
|
@ -234,10 +226,8 @@ golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLL
|
|||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
|
|
@ -250,29 +240,22 @@ golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7w
|
|||
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
|
||||
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
|
||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
|
|
@ -285,7 +268,6 @@ golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtn
|
|||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
|
||||
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
|
||||
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
|
|
@ -293,6 +275,8 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
|
|||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
|
||||
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
|
||||
gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
|
||||
gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
|
||||
|
|
|
|||
22
helpers/jwtHelpers.go
Normal file
22
helpers/jwtHelpers.go
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
package helpers
|
||||
|
||||
func JwtHasClaim(claims map[string]interface{}, role string) bool {
|
||||
zitadelRoles, ok := claims["urn:zitadel:iam:org:project:roles"].(map[string]interface{})
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
_, ok = zitadelRoles[role]
|
||||
return ok
|
||||
}
|
||||
|
||||
func GetJwtClaim(claims map[string]interface{}, role string) interface{} {
|
||||
zitadelRoles, ok := claims["urn:zitadel:iam:org:project:roles"].(map[string]interface{})
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
claim, ok := zitadelRoles[role]
|
||||
if !ok {
|
||||
return nil
|
||||
}
|
||||
return claim
|
||||
}
|
||||
33
main.go
33
main.go
|
|
@ -9,18 +9,17 @@ import (
|
|||
"os"
|
||||
"time"
|
||||
|
||||
"forgejo.merr.is/annika/isl-api/Controllers"
|
||||
"forgejo.merr.is/annika/isl-api/Routes"
|
||||
"forgejo.merr.is/annika/isl-api/Services"
|
||||
"forgejo.merr.is/annika/isl-api/controllers"
|
||||
"forgejo.merr.is/annika/isl-api/middlewares"
|
||||
"forgejo.merr.is/annika/isl-api/routes"
|
||||
"forgejo.merr.is/annika/isl-api/services"
|
||||
"forgejo.merr.is/annika/isl-api/sql/powerItem"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/go-chi/cors"
|
||||
"github.com/go-chi/httplog/v2"
|
||||
"github.com/jackc/pgx/v4/pgxpool"
|
||||
"github.com/lestrrat-go/jwx/v2/jwk"
|
||||
"github.com/lestrrat-go/jwx/v2/jwt"
|
||||
"github.com/lmittmann/tint"
|
||||
"github.com/moosetheory/jwtauth/v5"
|
||||
"github.com/spf13/viper"
|
||||
)
|
||||
|
||||
|
|
@ -81,22 +80,14 @@ type dependencies struct {
|
|||
context context.Context
|
||||
jwkContext context.Context
|
||||
powerItemQuerier *powerItem.DBQuerier
|
||||
powerItemService *Services.PowerItemService
|
||||
powerItemController *Controllers.PowerItemController
|
||||
powerItemService *services.PowerItemService
|
||||
powerItemController *controllers.PowerItemController
|
||||
jwkCache *jwk.Cache
|
||||
}
|
||||
|
||||
func (d *dependencies) initializeDependencies() error {
|
||||
logger.Info("Initializing dependencies")
|
||||
var err error
|
||||
d.jwkContext = context.Background()
|
||||
d.jwkCache = jwk.NewCache(d.jwkContext)
|
||||
d.jwkCache.Register(conf.JWKSURI, jwk.WithMinRefreshInterval(15*time.Minute))
|
||||
_, err = d.jwkCache.Refresh(d.jwkContext, conf.JWKSURI)
|
||||
if err != nil {
|
||||
logger.Error("Error setting up JWK cache", "error", err)
|
||||
return err
|
||||
}
|
||||
|
||||
d.router = chi.NewRouter()
|
||||
|
||||
|
|
@ -119,17 +110,15 @@ func (d *dependencies) initializeDependencies() error {
|
|||
return err
|
||||
}
|
||||
d.powerItemQuerier = powerItem.NewQuerier(d.postgresConnection)
|
||||
d.powerItemService = Services.NewPowerItemService(d.powerItemQuerier)
|
||||
d.powerItemController = Controllers.NewPowerItemController(d.powerItemService)
|
||||
d.powerItemService = services.NewPowerItemService(d.powerItemQuerier)
|
||||
d.powerItemController = controllers.NewPowerItemController(d.powerItemService)
|
||||
|
||||
jwkSet, err := d.jwkCache.Get(d.jwkContext, conf.JWKSURI)
|
||||
tokenAuth, err := middlewares.New(conf.JWKSURI, d.context)
|
||||
if err != nil {
|
||||
logger.Error("Error getting JWKS", "error", err)
|
||||
return err
|
||||
logger.Error("Error setting up JWT authentication middleware", "error", err)
|
||||
}
|
||||
|
||||
tokenAuth := jwtauth.New("HS256", nil, nil, jwkSet, jwt.WithAcceptableSkew(30*time.Second))
|
||||
d.router.Mount("/powerItems", Routes.SetupPowerItemRoutes(*d.powerItemController, tokenAuth))
|
||||
d.router.Mount("/powerItems", routes.SetupPowerItemRoutes(*d.powerItemController, tokenAuth))
|
||||
logger.Info("Finished initializing dependencies")
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
224
middlewares/jwtAuth.go
Normal file
224
middlewares/jwtAuth.go
Normal file
|
|
@ -0,0 +1,224 @@
|
|||
package middlewares
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"forgejo.merr.is/annika/isl-api/helpers"
|
||||
"github.com/lestrrat-go/jwx/v2/jwk"
|
||||
"github.com/lestrrat-go/jwx/v2/jwt"
|
||||
)
|
||||
|
||||
type JWTAuth struct {
|
||||
jwksUri string
|
||||
jwksCache *jwk.Cache
|
||||
jwksContext context.Context
|
||||
jwkKeySet jwk.Set
|
||||
verifier jwt.ParseOption
|
||||
validateOptions []jwt.ValidateOption
|
||||
}
|
||||
|
||||
type ContextKey struct {
|
||||
name string
|
||||
}
|
||||
|
||||
// Errors!
|
||||
var (
|
||||
ErrUnauthorized = errors.New("token is unauthorized")
|
||||
ErrExpired = errors.New("token is expired")
|
||||
ErrNBFInvalid = errors.New("token nbf validation failed")
|
||||
ErrIATInvalid = errors.New("token iat validation failed")
|
||||
ErrNoTokenFound = errors.New("no token found")
|
||||
ErrAlgoInvalid = errors.New("algorithm mismatch")
|
||||
)
|
||||
|
||||
func ErrorReason(err error) error {
|
||||
switch {
|
||||
case errors.Is(err, jwt.ErrTokenExpired()), err == ErrExpired:
|
||||
return ErrExpired
|
||||
case errors.Is(err, jwt.ErrInvalidIssuedAt()), err == ErrIATInvalid:
|
||||
return ErrIATInvalid
|
||||
case errors.Is(err, jwt.ErrTokenNotYetValid()), err == ErrNBFInvalid:
|
||||
return ErrNBFInvalid
|
||||
default:
|
||||
return ErrUnauthorized
|
||||
}
|
||||
}
|
||||
|
||||
var TokenContextKey = &ContextKey{"Token"}
|
||||
var ErrorContextKey = &ContextKey{"Error"}
|
||||
|
||||
func New(jwksUri string, ctx context.Context) (*JWTAuth, error) {
|
||||
jwtAuth := &JWTAuth{
|
||||
jwksContext: ctx,
|
||||
jwksUri: jwksUri,
|
||||
}
|
||||
|
||||
if jwtAuth.jwksUri != "" {
|
||||
jwtAuth.jwksCache = jwk.NewCache(jwtAuth.jwksContext)
|
||||
jwtAuth.jwksCache.Register(jwtAuth.jwksUri, jwk.WithRefreshInterval(15*time.Minute))
|
||||
var err error
|
||||
jwtAuth.jwkKeySet, err = jwtAuth.jwksCache.Refresh(jwtAuth.jwksContext, jwtAuth.jwksUri)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
jwtAuth.verifier = jwt.WithKeySet(jwtAuth.jwkKeySet)
|
||||
}
|
||||
|
||||
return jwtAuth, nil
|
||||
}
|
||||
|
||||
func (ja *JWTAuth) Verifier() func(http.Handler) http.Handler {
|
||||
return ja.Verify(TokenFromHeader, TokenFromCookie)
|
||||
}
|
||||
|
||||
func (ja *JWTAuth) Verify(findTokenFns ...func(r *http.Request) string) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
handlerFunc := func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := r.Context()
|
||||
// Refresh the JWKS keyset
|
||||
var err error
|
||||
ja.jwkKeySet, err = ja.jwksCache.Get(ctx, ja.jwksUri)
|
||||
ja.verifier = jwt.WithKeySet(ja.jwkKeySet)
|
||||
if err != nil {
|
||||
ctx = context.WithValue(ctx, ErrorContextKey, err)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
return
|
||||
}
|
||||
// Now we do stuff with it
|
||||
token, err := ja.VerifyRequest(r, findTokenFns...)
|
||||
ctx = context.WithValue(ctx, TokenContextKey, token)
|
||||
ctx = context.WithValue(ctx, ErrorContextKey, err)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
}
|
||||
return http.HandlerFunc(handlerFunc)
|
||||
}
|
||||
}
|
||||
|
||||
func (ja *JWTAuth) VerifyRequest(r *http.Request, findTokenFns ...func(r *http.Request) string) (jwt.Token, error) {
|
||||
var tokenString string
|
||||
|
||||
for _, fn := range findTokenFns {
|
||||
tokenString = fn(r)
|
||||
if tokenString != "" {
|
||||
break
|
||||
}
|
||||
}
|
||||
if tokenString == "" {
|
||||
return nil, ErrNoTokenFound
|
||||
}
|
||||
|
||||
return ja.VerifyToken(tokenString)
|
||||
}
|
||||
|
||||
func (ja *JWTAuth) VerifyToken(tokenString string) (jwt.Token, error) {
|
||||
token, err := ja.Decode(tokenString)
|
||||
if err != nil {
|
||||
return token, err
|
||||
}
|
||||
if token == nil {
|
||||
return nil, ErrUnauthorized
|
||||
}
|
||||
if err := jwt.Validate(token, ja.validateOptions...); err != nil {
|
||||
return token, err
|
||||
}
|
||||
|
||||
return token, nil
|
||||
}
|
||||
|
||||
func (ja *JWTAuth) Decode(tokenString string) (jwt.Token, error) {
|
||||
return ja.parse([]byte(tokenString))
|
||||
}
|
||||
|
||||
func (ja *JWTAuth) parse(payload []byte) (jwt.Token, error) {
|
||||
return jwt.Parse(payload, ja.verifier, jwt.WithValidate(false))
|
||||
}
|
||||
|
||||
func (ja *JWTAuth) Authenticator() func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
handlerFunc := func(w http.ResponseWriter, r *http.Request) {
|
||||
token, _, err := FromContext(r.Context())
|
||||
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
if token == nil || jwt.Validate(token, ja.validateOptions...) != nil {
|
||||
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
// Token is authenticated, pass it through
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
return http.HandlerFunc(handlerFunc)
|
||||
}
|
||||
}
|
||||
|
||||
func (ja *JWTAuth) AuthorizeRoles(roles []string) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
handlerFunc := func(w http.ResponseWriter, r *http.Request) {
|
||||
token := r.Context().Value(TokenContextKey).(jwt.Token)
|
||||
hasAllRoles := true
|
||||
privateClaims := token.PrivateClaims()
|
||||
for _, role := range roles {
|
||||
hasRole := helpers.JwtHasClaim(privateClaims, role)
|
||||
if !hasRole {
|
||||
hasAllRoles = false
|
||||
break
|
||||
}
|
||||
}
|
||||
if !hasAllRoles {
|
||||
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
next.ServeHTTP(w, r)
|
||||
}
|
||||
return http.HandlerFunc(handlerFunc)
|
||||
}
|
||||
}
|
||||
|
||||
func FromContext(ctx context.Context) (jwt.Token, map[string]interface{}, error) {
|
||||
token, _ := ctx.Value(TokenContextKey).(jwt.Token)
|
||||
|
||||
var err error
|
||||
var claims map[string]interface{}
|
||||
|
||||
if token != nil {
|
||||
claims, err = token.AsMap(context.Background())
|
||||
if err != nil {
|
||||
return token, nil, err
|
||||
}
|
||||
} else {
|
||||
claims = map[string]interface{}{}
|
||||
}
|
||||
|
||||
err, _ = ctx.Value(ErrorContextKey).(error)
|
||||
return token, claims, err
|
||||
}
|
||||
|
||||
func TokenFromCookie(r *http.Request) string {
|
||||
cookie, err := r.Cookie("jwt")
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
return cookie.Value
|
||||
}
|
||||
|
||||
func TokenFromHeader(r *http.Request) string {
|
||||
// Get token from authorization header.
|
||||
bearer := r.Header.Get("Authorization")
|
||||
if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
|
||||
return bearer[7:]
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func TokenFromQuery(r *http.Request) string {
|
||||
// Get token from query param named "jwt".
|
||||
return r.URL.Query().Get("jwt")
|
||||
}
|
||||
29
routes/PowerItemRoutes.go
Normal file
29
routes/PowerItemRoutes.go
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
package routes
|
||||
|
||||
import (
|
||||
"forgejo.merr.is/annika/isl-api/controllers"
|
||||
"forgejo.merr.is/annika/isl-api/middlewares"
|
||||
"github.com/go-chi/chi/v5"
|
||||
)
|
||||
|
||||
func SetupPowerItemRoutes(c controllers.PowerItemController, tokenAuth *middlewares.JWTAuth) *chi.Mux {
|
||||
r := chi.NewRouter()
|
||||
|
||||
r.Get("/", c.GetAll)
|
||||
r.Get("/asMap", c.GetAllAsMap)
|
||||
r.Get("/byType/{type:[1-3]}", c.GetAllByType)
|
||||
r.Get("/byType/{type:[1-3]}/asMap", c.GetAllByTypeAsMap)
|
||||
|
||||
ar := chi.NewRouter()
|
||||
ar.Group(func(r chi.Router) {
|
||||
r.Use(tokenAuth.Verifier())
|
||||
r.Use(tokenAuth.Authenticator())
|
||||
r.Use(tokenAuth.AuthorizeRoles([]string{"add_item"}))
|
||||
|
||||
r.Post("/", c.Add)
|
||||
r.Post("/multiple", c.AddMultiple)
|
||||
})
|
||||
r.Mount("/", ar)
|
||||
|
||||
return r
|
||||
}
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
package Services
|
||||
package services
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"forgejo.merr.is/annika/isl-api/Entities"
|
||||
"forgejo.merr.is/annika/isl-api/entities"
|
||||
"forgejo.merr.is/annika/isl-api/sql/powerItem"
|
||||
"github.com/jackc/pgtype"
|
||||
)
|
||||
|
|
@ -20,31 +20,31 @@ func NewPowerItemService(querier *powerItem.DBQuerier) *PowerItemService {
|
|||
}
|
||||
}
|
||||
|
||||
func (p *PowerItemService) GetAll() ([]Entities.PowerItem, error) {
|
||||
func (p *PowerItemService) GetAll() ([]entities.PowerItem, error) {
|
||||
rows, err := p.querier.GetAllItems(p.context)
|
||||
if err != nil {
|
||||
return []Entities.PowerItem{}, err
|
||||
return []entities.PowerItem{}, err
|
||||
}
|
||||
var powerItems []Entities.PowerItem
|
||||
var powerItems []entities.PowerItem
|
||||
for _, sqlItem := range rows {
|
||||
powerItems = append(powerItems, Entities.FromGetAllItemsRow(sqlItem))
|
||||
powerItems = append(powerItems, entities.FromGetAllItemsRow(sqlItem))
|
||||
}
|
||||
return powerItems, nil
|
||||
}
|
||||
|
||||
func (p *PowerItemService) GetAllByType(itemType int) ([]Entities.PowerItem, error) {
|
||||
func (p *PowerItemService) GetAllByType(itemType int) ([]entities.PowerItem, error) {
|
||||
rows, err := p.querier.GetAllByType(p.context, int32(itemType))
|
||||
if err != nil {
|
||||
return []Entities.PowerItem{}, err
|
||||
return []entities.PowerItem{}, err
|
||||
}
|
||||
var powerItems []Entities.PowerItem
|
||||
var powerItems []entities.PowerItem
|
||||
for _, sqlItem := range rows {
|
||||
powerItems = append(powerItems, Entities.FromGetAllItemsByTypeRow(sqlItem))
|
||||
powerItems = append(powerItems, entities.FromGetAllItemsByTypeRow(sqlItem))
|
||||
}
|
||||
return powerItems, nil
|
||||
}
|
||||
|
||||
func (p *PowerItemService) Add(newItem Entities.PowerItem) (Entities.PowerItem, error) {
|
||||
func (p *PowerItemService) Add(newItem entities.PowerItem) (entities.PowerItem, error) {
|
||||
sqlItem := powerItem.AddNewItemWithIDParams{
|
||||
ID: newItem.ID,
|
||||
ItemType: newItem.ItemType,
|
||||
|
|
@ -59,14 +59,14 @@ func (p *PowerItemService) Add(newItem Entities.PowerItem) (Entities.PowerItem,
|
|||
}
|
||||
row, err := p.querier.AddNewItemWithID(p.context, powerItem.AddNewItemWithIDParams(sqlItem))
|
||||
if err != nil {
|
||||
return Entities.PowerItem{}, err
|
||||
return entities.PowerItem{}, err
|
||||
}
|
||||
return Entities.FromAddNewItemWithIDParams(row), nil
|
||||
return entities.FromAddNewItemWithIDParams(row), nil
|
||||
}
|
||||
|
||||
func (p *PowerItemService) AddMultipile(newItems map[string]Entities.PowerItem, itemType int32) ([]Entities.PowerItem, []error) {
|
||||
func (p *PowerItemService) AddMultipile(newItems map[string]entities.PowerItem, itemType int32) ([]entities.PowerItem, []error) {
|
||||
var errors []error
|
||||
var addedItems []Entities.PowerItem
|
||||
var addedItems []entities.PowerItem
|
||||
for key, value := range newItems {
|
||||
id := pgtype.UUID{}
|
||||
id.Set(key)
|
||||
|
|
@ -87,7 +87,7 @@ func (p *PowerItemService) AddMultipile(newItems map[string]Entities.PowerItem,
|
|||
errors = append(errors, err)
|
||||
continue
|
||||
}
|
||||
addedItems = append(addedItems, Entities.FromAddNewItemWithIDParams(row))
|
||||
addedItems = append(addedItems, entities.FromAddNewItemWithIDParams(row))
|
||||
}
|
||||
return addedItems, errors
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue