the portal can now validate jwt tokens and return errors when needed

This commit is contained in:
James Tombleson 2024-04-13 11:51:00 -07:00
parent bdd9c8d963
commit 04acb45c76
4 changed files with 52 additions and 5 deletions

1
go.mod
View File

@ -9,6 +9,7 @@ require (
require (
github.com/a-h/templ v0.2.648
github.com/golang-jwt/jwt/v5 v5.2.1
github.com/gorilla/sessions v1.2.2
github.com/labstack/echo-contrib v0.16.0
github.com/labstack/echo/v4 v4.11.4

2
go.sum
View File

@ -6,6 +6,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=

View File

@ -1,12 +1,15 @@
package handlers
import (
"errors"
"templ-test/client"
"templ-test/models"
"templ-test/services"
"time"
"github.com/a-h/templ"
"github.com/golang-jwt/jwt/v5"
"github.com/labstack/echo/v4"
)
@ -32,7 +35,9 @@ func NewHandlerClient(api client.ApiClient, cfg services.EnvConfig) *Handlers {
func (h *Handlers) Register(group echo.Group) {
group.GET("/", h.HomeHandler)
group.GET("/list", h.ListHandler)
group.GET("/settings", h.Settings)
group.POST("/settings", h.SettingsPost)
//group.GET("/list", h.ListHandler)
auth := group.Group("/auth")
auth.GET("/login", h.AuthLogin)
@ -46,6 +51,43 @@ func Render(ctx echo.Context, statusCode int, t templ.Component) error {
return t.Render(ctx.Request().Context(), ctx.Response().Writer)
}
type jwtToken struct {
Exp time.Time `json:"exp"`
Iss string `json:"iss"`
Authorized bool `json:"authorized"`
UserName string `json:"username"`
Scopes []string `json:"scopes"`
jwt.RegisteredClaims
}
func ValidateJwt(ctx echo.Context, sharedSecret, issuer string) (jwtToken, error) {
cookies := GetCookieValues(ctx)
if cookies.Token == "" {
return jwtToken{}, errors.New("JWT Bearer Token is missing")
}
token, err := jwt.ParseWithClaims(cookies.Token, &jwtToken{}, func(token *jwt.Token) (interface{}, error) {
return []byte(sharedSecret), nil
})
if err != nil {
return jwtToken{}, err
}
if !token.Valid {
return jwtToken{}, errors.New("invalid jwt token")
}
claims := token.Claims.(*jwtToken)
if !claims.Exp.After(time.Now()) {
return jwtToken{}, errors.New("the jwt token has expired")
}
if claims.Iss != issuer {
return jwtToken{}, errors.New("the issuer was invalid")
}
return *claims, nil
}
func GetCookieValues(ctx echo.Context) models.AllCookies {
m := models.AllCookies{}

View File

@ -8,8 +8,9 @@ import (
)
type EnvConfig struct {
ApiServerUri string
CookieSecret string
ApiServerUri string
SharedApiSecret string
CookieSecret string
}
func NewEnvConfig() EnvConfig {
@ -22,7 +23,8 @@ func NewEnvConfig() EnvConfig {
}
return EnvConfig{
ApiServerUri: os.Getenv("ApiServerUri"),
CookieSecret: os.Getenv("CookieSecret"),
ApiServerUri: os.Getenv("ApiServerUri"),
SharedApiSecret: os.Getenv("SharedApiSecret"),
CookieSecret: os.Getenv("CookieSecret"),
}
}