the portal can now validate jwt tokens and return errors when needed
This commit is contained in:
parent
bdd9c8d963
commit
04acb45c76
1
go.mod
1
go.mod
@ -9,6 +9,7 @@ require (
|
|||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/a-h/templ v0.2.648
|
github.com/a-h/templ v0.2.648
|
||||||
|
github.com/golang-jwt/jwt/v5 v5.2.1
|
||||||
github.com/gorilla/sessions v1.2.2
|
github.com/gorilla/sessions v1.2.2
|
||||||
github.com/labstack/echo-contrib v0.16.0
|
github.com/labstack/echo-contrib v0.16.0
|
||||||
github.com/labstack/echo/v4 v4.11.4
|
github.com/labstack/echo/v4 v4.11.4
|
||||||
|
2
go.sum
2
go.sum
@ -6,6 +6,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
|
|||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
|
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
|
||||||
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
|
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
|
||||||
|
github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
|
||||||
|
github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
|
||||||
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||||
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
|
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
|
||||||
|
@ -1,12 +1,15 @@
|
|||||||
package handlers
|
package handlers
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"templ-test/client"
|
"templ-test/client"
|
||||||
"templ-test/models"
|
"templ-test/models"
|
||||||
"templ-test/services"
|
"templ-test/services"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/a-h/templ"
|
"github.com/a-h/templ"
|
||||||
|
|
||||||
|
"github.com/golang-jwt/jwt/v5"
|
||||||
"github.com/labstack/echo/v4"
|
"github.com/labstack/echo/v4"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -32,7 +35,9 @@ func NewHandlerClient(api client.ApiClient, cfg services.EnvConfig) *Handlers {
|
|||||||
|
|
||||||
func (h *Handlers) Register(group echo.Group) {
|
func (h *Handlers) Register(group echo.Group) {
|
||||||
group.GET("/", h.HomeHandler)
|
group.GET("/", h.HomeHandler)
|
||||||
group.GET("/list", h.ListHandler)
|
group.GET("/settings", h.Settings)
|
||||||
|
group.POST("/settings", h.SettingsPost)
|
||||||
|
//group.GET("/list", h.ListHandler)
|
||||||
|
|
||||||
auth := group.Group("/auth")
|
auth := group.Group("/auth")
|
||||||
auth.GET("/login", h.AuthLogin)
|
auth.GET("/login", h.AuthLogin)
|
||||||
@ -46,6 +51,43 @@ func Render(ctx echo.Context, statusCode int, t templ.Component) error {
|
|||||||
return t.Render(ctx.Request().Context(), ctx.Response().Writer)
|
return t.Render(ctx.Request().Context(), ctx.Response().Writer)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type jwtToken struct {
|
||||||
|
Exp time.Time `json:"exp"`
|
||||||
|
Iss string `json:"iss"`
|
||||||
|
Authorized bool `json:"authorized"`
|
||||||
|
UserName string `json:"username"`
|
||||||
|
Scopes []string `json:"scopes"`
|
||||||
|
jwt.RegisteredClaims
|
||||||
|
}
|
||||||
|
|
||||||
|
func ValidateJwt(ctx echo.Context, sharedSecret, issuer string) (jwtToken, error) {
|
||||||
|
cookies := GetCookieValues(ctx)
|
||||||
|
if cookies.Token == "" {
|
||||||
|
return jwtToken{}, errors.New("JWT Bearer Token is missing")
|
||||||
|
}
|
||||||
|
|
||||||
|
token, err := jwt.ParseWithClaims(cookies.Token, &jwtToken{}, func(token *jwt.Token) (interface{}, error) {
|
||||||
|
return []byte(sharedSecret), nil
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return jwtToken{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if !token.Valid {
|
||||||
|
return jwtToken{}, errors.New("invalid jwt token")
|
||||||
|
}
|
||||||
|
|
||||||
|
claims := token.Claims.(*jwtToken)
|
||||||
|
if !claims.Exp.After(time.Now()) {
|
||||||
|
return jwtToken{}, errors.New("the jwt token has expired")
|
||||||
|
}
|
||||||
|
if claims.Iss != issuer {
|
||||||
|
return jwtToken{}, errors.New("the issuer was invalid")
|
||||||
|
}
|
||||||
|
|
||||||
|
return *claims, nil
|
||||||
|
}
|
||||||
|
|
||||||
func GetCookieValues(ctx echo.Context) models.AllCookies {
|
func GetCookieValues(ctx echo.Context) models.AllCookies {
|
||||||
m := models.AllCookies{}
|
m := models.AllCookies{}
|
||||||
|
|
||||||
|
@ -9,6 +9,7 @@ import (
|
|||||||
|
|
||||||
type EnvConfig struct {
|
type EnvConfig struct {
|
||||||
ApiServerUri string
|
ApiServerUri string
|
||||||
|
SharedApiSecret string
|
||||||
CookieSecret string
|
CookieSecret string
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -23,6 +24,7 @@ func NewEnvConfig() EnvConfig {
|
|||||||
|
|
||||||
return EnvConfig{
|
return EnvConfig{
|
||||||
ApiServerUri: os.Getenv("ApiServerUri"),
|
ApiServerUri: os.Getenv("ApiServerUri"),
|
||||||
|
SharedApiSecret: os.Getenv("SharedApiSecret"),
|
||||||
CookieSecret: os.Getenv("CookieSecret"),
|
CookieSecret: os.Getenv("CookieSecret"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user