package main
import (
b64 "encoding/base64"
"io/ioutil"
"time"
jwt "github.com/appleboy/gin-jwt/v2"
"github.com/gin-gonic/gin"
gojwt "github.com/golang-jwt/jwt/v4"
log "github.com/sirupsen/logrus"
)
// func makeTokenString(SigningAlgorithm string, username string, cfg *Config) string {
// if SigningAlgorithm == "" {
// SigningAlgorithm = "HS256"
// }
// token := jwt.New(jwt.GetSigningMethod(SigningAlgorithm))
// claims := token.Claims.(jwt.MapClaims)
// claims["identity"] = username
// claims["exp"] = time.Now().Add(time.Hour).Unix()
// claims["orig_iat"] = time.Now().Unix()
// var tokenString string
// if SigningAlgorithm == "RS256" {
// keyData, _ := ioutil.ReadFile(cfg.KeyPem)
// signKey, _ := jwt.ParseRSAPrivateKeyFromPEM(keyData)
// tokenString, _ = token.SignedString(signKey)
// } else {
// tokenString, _ = token.SignedString(key)
// }
// return tokenString
// }
// func makeTokenString(mw *jwt.GinJWTMiddleware,data interface{}) (string,error) {
func makeTokenString(rtenv *RouteEnv,data interface{}) (string,error) {
if rtenv.AuthMiddleware == nil {
return "", nil
}
token := gojwt.New(gojwt.GetSigningMethod(rtenv.AuthMiddleware.SigningAlgorithm))
claims := token.Claims.(gojwt.MapClaims)
if rtenv.AuthMiddleware.PayloadFunc != nil {
for key, value := range rtenv.AuthMiddleware.PayloadFunc(data) {
claims[key] = value
}
}
expire := rtenv.AuthMiddleware.TimeFunc().Add(rtenv.AuthMiddleware.Timeout)
claims["exp"] = expire.Unix()
claims["orig_iat"] = rtenv.AuthMiddleware.TimeFunc().Unix()
var tokenString string
var err error
if rtenv.Cfg.SigningAlgorithm == "RS256" {
// if mw.usingPublicKeyAlgo() {
keyData, _ := ioutil.ReadFile(rtenv.Cfg.JwtKeyPem)
signKey, _ := gojwt.ParseRSAPrivateKeyFromPEM(keyData)
tokenString, err = token.SignedString(signKey)
} else {
tokenString, err = token.SignedString(rtenv.AuthMiddleware.Key)
}
return tokenString, err
}
func getJwt(rtenv *RouteEnv)*jwt.GinJWTMiddleware {
// the jwt middleware
authMiddleware, err := jwt.New(&jwt.GinJWTMiddleware{
Realm: rtenv.Cfg.JwtRealm,
Key: []byte(rtenv.Cfg.JwtKey),
Timeout: time.Duration(rtenv.Cfg.JwtTimeout) * time.Minute,
MaxRefresh: time.Duration(rtenv.Cfg.JwtMaxRefresh) * time.Minute,
IdentityKey: rtenv.Cfg.IdentityKey,
PrivKeyFile: rtenv.Cfg.KeyPem,
PubKeyFile: rtenv.Cfg.CertPem,
PayloadFunc: func(data interface{}) jwt.MapClaims {
if v, ok := data.(*User); ok {
return jwt.MapClaims{
rtenv.Cfg.IdentityKey: v.UserName,
"uuid": v.UUID,
"data": v.Data,
}
}
return jwt.MapClaims{}
},
IdentityHandler: func(c *gin.Context) interface{} {
claims := jwt.ExtractClaims(c)
username := ""
name, okname := claims[rtenv.Cfg.IdentityKey].(string)
if (okname) {
username = name
}
return &User{ UserName: username }
},
Authenticator: func(c *gin.Context) (interface{}, error) {
var loginVals Login
if err := c.ShouldBind(&loginVals); err != nil {
return "", jwt.ErrMissingLoginValues
}
userID := loginVals.Username
password := loginVals.Password
if val, ok := rtenv.Users.Accounts[userID]; ok {
pasw,_ := b64.StdEncoding.DecodeString(password)
pass := string(pasw)
txtdata,err := decrypt(val.Passwd, string(CRYPTKEY))
if err == nil && txtdata == pass {
return &User{
UserName: val.Id,
LastName: "",
FirstName: "",
}, nil
}
}
return nil, jwt.ErrFailedAuthentication
},
Authorizator: func(data interface{}, c *gin.Context) bool {
if v, ok := data.(*User); ok {
if v.UserName == rtenv.Cfg.PubUser {
return true
}
if _, ok := rtenv.Users.Accounts[v.UserName]; ok {
return true
} else {
return false
}
}
return false
},
Unauthorized: func(c *gin.Context, code int, message string) {
c.JSON(code, gin.H{
"code": code,
"message": message,
})
},
// TokenLookup is a string in the form of "<source>:<name>" that is used
// to extract token from the request.
// Optional. Default value "header:Authorization".
// Possible values:
// - "header:<name>"
// - "query:<name>"
// - "cookie:<name>"
// - "param:<name>"
TokenLookup: "header: Authorization, query: token, cookie: jwt",
// TokenLookup: "query:token",
// TokenLookup: "cookie:token",
// TokenHeadName is a string in the header. Default value is "Bearer"
TokenHeadName: "Bearer",
// TimeFunc provides the current time. You can override it to use another time value. This is useful for testing or if your server uses a different time zone than your tokens.
TimeFunc: time.Now,
})
if err != nil {
log.Fatal("JWT Error:" + err.Error())
}
return authMiddleware
}
// func refreshToken(c *gin.Context, rtenv *RouteEnv,data interface{}) (string, time.Time, error) {
// var expire time.Time
// claims, err := rtenv.AuthMiddleware.CheckIfTokenExpire(c)
// if err != nil {
// return "", expire, err
// }
// fmt.Printf("Refresh token: %v\n",claims)
// var token string
// token,err = makeTokenString(rtenv.AuthMiddleware,data)
// expire = time.Now()
// // // set cookie
// // if rtenv.AuthMiddleware.SendCookie {
// // expireCookie := rtenv.AuthMiddleware.TimeFunc().Add(rtenv.AuthMiddleware.CookieMaxAge)
// // maxage := int(expireCookie.Unix() - time.Now().Unix())
// // if rtenv.AuthMiddleware.CookieSameSite != 0 {
// // c.SetSameSite(rtenv.AuthMiddleware.CookieSameSite)
// // }
// // c.SetCookie(
// // rtenv.AuthMiddleware.CookieName,
// // tokenString,
// // maxage,
// // "/",
// // rtenv.AuthMiddleware.CookieDomain,
// // rtenv.AuthMiddleware.SecureCookie,
// // rtenv.AuthMiddleware.CookieHTTPOnly,
// // )
// // }
// return token, expire, nil
// }