Refresh Token Support and package refactor based on best practice docs #18
@ -57,40 +57,28 @@ func (j JwtToken) hasScope(scope string) error {
|
||||
}
|
||||
|
||||
func (h *Handler) generateJwt(username, issuer string) (string, error) {
|
||||
return h.generateJwtWithExp(username, issuer, time.Now().Add(10 * time.Minute))
|
||||
}
|
||||
|
||||
func (h *Handler) generateJwtWithExp(username, issuer string, expiresAt time.Time) (string, error) {
|
||||
secret := []byte(h.Config.JwtSecret)
|
||||
|
||||
// Anyone who wants to decrypt the key needs to use the same method
|
||||
token := jwt.New(jwt.SigningMethodHS256)
|
||||
claims := token.Claims.(jwt.MapClaims)
|
||||
claims["exp"] = time.Now().Add(10 * time.Minute)
|
||||
claims["exp"] = expiresAt
|
||||
claims["authorized"] = true
|
||||
claims["username"] = username
|
||||
claims["iss"] = issuer
|
||||
|
||||
var scopes []string
|
||||
scopes = append(scopes, domain.ScopeRecipeRead)
|
||||
claims["scopes"] = scopes
|
||||
|
||||
tokenString, err := token.SignedString(secret)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return tokenString, nil
|
||||
}
|
||||
|
||||
func (h *Handler) generateAdminJwt(username string) (string, error) {
|
||||
secret := []byte(h.Config.JwtSecret)
|
||||
|
||||
token := jwt.New(jwt.SigningMethodHS256)
|
||||
claims := token.Claims.(jwt.MapClaims)
|
||||
claims["exp"] = time.Now().Add(10 * time.Minute)
|
||||
claims["authorized"] = true
|
||||
claims["username"] = username
|
||||
|
||||
var scopes []string
|
||||
scopes = append(scopes, domain.ScopeAll)
|
||||
claims["scopes"] = scopes
|
||||
if (username == "admin") {
|
||||
scopes = append(scopes, domain.ScopeAll)
|
||||
claims["scopes"] = scopes
|
||||
} else {
|
||||
scopes = append(scopes, domain.ScopeRecipeRead)
|
||||
claims["scopes"] = scopes
|
||||
}
|
||||
|
||||
tokenString, err := token.SignedString(secret)
|
||||
if err != nil {
|
||||
|
Loading…
Reference in New Issue
Block a user