Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var JwtAuthentication = func(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { notAuth := []string{createUser, authUser, getNotes} mayAuth := []string{createNote, getNote} requestPath := r.URL.Path for _, value := range notAuth { if value == requestPath { next.ServeHTTP(w, r) return } if strings.Contains(requestPath, "/actions/") || strings.Contains(requestPath, "/assets/") || strings.Contains(requestPath, "/forms/") { next.ServeHTTP(w, r) return } } tokenHeader := r.Header.Get("Authorization") if tokenHeader == "" { for _, value := range mayAuth { if value == requestPath { next.ServeHTTP(w, r) } prefix := strings.TrimSuffix(value, "{id}") suffix := strings.TrimPrefix(requestPath, prefix) isUUID := false if _, err := uuid.FromString(suffix); err == nil { isUUID = true } if strings.HasPrefix(requestPath, prefix) && isUUID { next.ServeHTTP(w, r) return } } resp := u.Message(false, "Missing auth token") w.WriteHeader(http.StatusForbidden) w.Header().Add("Content-Type", "application/json") u.Respond(w, resp) return } splitted := strings.Split(tokenHeader, " ") if len(splitted) != 2 { resp := u.Message(false, "Invalid/Malformed auth token") w.WriteHeader(http.StatusForbidden) w.Header().Add("Content-Type", "application/json") u.Respond(w, resp) return } tokenPart := splitted[1] tk := &models.Token{} token, err := jwt.ParseWithClaims(tokenPart, tk, func(token *jwt.Token) (interface{}, error) { return []byte(os.Getenv("token_password")), nil }) if err != nil { resp := u.Message(false, "Malformed authentication token") w.WriteHeader(http.StatusForbidden) w.Header().Add("Content-Type", "application/json") u.Respond(w, resp) return } if !token.Valid { resp := u.Message(false, "Token is not valid.") w.WriteHeader(http.StatusForbidden) w.Header().Add("Content-Type", "application/json") u.Respond(w, resp) return } ctx := context.WithValue(r.Context(), controllers.UserKey, tk.UserID) r = r.WithContext(ctx) next.ServeHTTP(w, r) }) }
JwtAuthentication checks validity of the JWT
Functions ¶
This section is empty.
Types ¶
Click to show internal directories.
Click to hide internal directories.