From 218ccaf9ec4d2d114a00e83d9162725640375461 Mon Sep 17 00:00:00 2001 From: James Tombleson Date: Sat, 18 May 2024 22:38:12 -0700 Subject: [PATCH] starting to enforce the jwt on the client --- internal/handlers/articles.go | 14 +++++++--- internal/handlers/util.go | 50 ++++++++++++++++++++++++++++++++++- 2 files changed, 59 insertions(+), 5 deletions(-) diff --git a/internal/handlers/articles.go b/internal/handlers/articles.go index b3edda7..0643350 100644 --- a/internal/handlers/articles.go +++ b/internal/handlers/articles.go @@ -6,23 +6,29 @@ import ( "git.jamestombleson.com/jtom38/newsbot-portal/internal/domain" "git.jamestombleson.com/jtom38/newsbot-portal/internal/models" "git.jamestombleson.com/jtom38/newsbot-portal/internal/views/articles" + "git.jamestombleson.com/jtom38/newsbot-portal/internal/views/layout" "github.com/labstack/echo/v4" ) func (h *Handler) ArticlesList(c echo.Context) error { + _, err := ValidateJwt(c, h.config.JwtSecret, h.config.ServerAddress) + if err != nil { + return Render(c, http.StatusBadRequest, layout.Error(err)) + } + userToken, err := c.Cookie(domain.CookieToken) if err != nil { - return err + return Render(c, http.StatusBadRequest, layout.Error(err)) } resp, err := h.api.Articles.List(userToken.Value, 0) if err != nil { - return err + return Render(c, http.StatusBadRequest, layout.Error(err)) } - vm := models.ListArticlesViewModel { + vm := models.ListArticlesViewModel{ Items: resp.Payload, } return Render(c, http.StatusOK, articles.List(vm)) -} \ No newline at end of file +} diff --git a/internal/handlers/util.go b/internal/handlers/util.go index 7eb19a8..f4d1281 100644 --- a/internal/handlers/util.go +++ b/internal/handlers/util.go @@ -1,14 +1,62 @@ package handlers import ( + "errors" "net/http" + "time" + "git.jamestombleson.com/jtom38/newsbot-portal/internal/domain" + "github.com/golang-jwt/jwt/v4" "github.com/labstack/echo/v4" ) -func SetCookie(c echo.Context, key string, value string) { +func SetCookie(c echo.Context, key, value, path string) { cookie := new(http.Cookie) cookie.Name = key cookie.Value = value + if path != "" { + cookie.Path = path + } c.SetCookie(cookie) } + +type jwtToken struct { + Exp time.Time `json:"exp"` + Iss string `json:"iss"` + Authorized bool `json:"authorized"` + UserName string `json:"username"` + Scopes []string `json:"scopes"` + jwt.RegisteredClaims +} + +func ValidateJwt(ctx echo.Context, sharedSecret, issuer string) (jwtToken, error) { + cookie, err := ctx.Cookie(domain.CookieToken) + if err != nil { + return jwtToken{}, err + } + + if cookie.Value == "" { + return jwtToken{}, errors.New("JWT Bearer Token is missing") + } + + token, err := jwt.ParseWithClaims(cookie.Value, &jwtToken{}, func(token *jwt.Token) (interface{}, error) { + return []byte(sharedSecret), nil + }) + if err != nil { + return jwtToken{}, err + } + + if !token.Valid { + return jwtToken{}, errors.New("invalid jwt token") + } + + claims := token.Claims.(*jwtToken) + if !claims.Exp.After(time.Now()) { + return jwtToken{}, errors.New("the jwt token has expired") + } + //if claims.Iss != issuer { + // return jwtToken{}, errors.New("the issuer was invalid") + //} + + return *claims, nil +}