admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: allow custom claims for verify

Browse Source
This commit is contained in:
Amir Adal
2025-06-07 19:15:59 +02:00
parent 19d56159ba
commit b73bfd590b
3 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/auth/refresh.go
View File

@ -7,6 +7,7 @@ import (
"strings"
"time"
"gitea.local/admin/hspguard/internal/types"
"gitea.local/admin/hspguard/internal/util"
"gitea.local/admin/hspguard/internal/web"
"github.com/google/uuid"
@ -26,7 +27,9 @@ func (h *AuthHandler) refreshToken(w http.ResponseWriter, r *http.Request) {
}
tokenStr := parts[1]
token, userClaims, err := util.VerifyToken(tokenStr, h.cfg.Jwt.PublicKey)
var userClaims types.UserClaims
token, err := util.VerifyToken(tokenStr, h.cfg.Jwt.PublicKey, &userClaims)
if err != nil || !token.Valid {
http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized)
return

4
internal/middleware/auth.go
View File

@ -37,7 +37,9 @@ func (m *AuthMiddleware) Runner(next http.Handler) http.Handler {
}
tokenStr := parts[1]
token, userClaims, err := util.VerifyToken(tokenStr, m.cfg.Jwt.PublicKey)
var userClaims types.UserClaims
token, err := util.VerifyToken(tokenStr, m.cfg.Jwt.PublicKey, &userClaims)
if err != nil || !token.Valid {
web.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized)
return

12
internal/util/jwt.go
View File

@ -6,7 +6,6 @@ import (
"encoding/base64"
"fmt"
"gitea.local/admin/hspguard/internal/types"
"github.com/golang-jwt/jwt/v5"
)
@ -57,13 +56,12 @@ func SignJwtToken(claims jwt.Claims, key string) (string, error) {
return s, nil
}
func VerifyToken(token string, key string) (*jwt.Token, *types.UserClaims, error) {
func VerifyToken(token string, key string, claims jwt.Claims) (*jwt.Token, error) {
publicKey, err := ParseBase64PublicKey(key)
if err != nil {
return nil, nil, err
return nil, err
}
claims := &types.UserClaims{}
parsed, err := jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
if _, ok := t.Method.(*jwt.SigningMethodRSA); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
@ -72,12 +70,12 @@ func VerifyToken(token string, key string) (*jwt.Token, *types.UserClaims, error
})
if err != nil {
return nil, nil, fmt.Errorf("invalid token: %w", err)
return nil, fmt.Errorf("invalid token: %w", err)
}
if !parsed.Valid {
return nil, nil, fmt.Errorf("token is not valid")
return nil, fmt.Errorf("token is not valid")
}
return parsed, claims, nil
return parsed, nil
}