admin/hspguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: allow custom claims for verify

Browse Source
This commit is contained in:
Amir Adal
2025-06-07 19:15:59 +02:00
parent 19d56159ba
commit b73bfd590b
3 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/auth/refresh.go
View File

@ -7,6 +7,7 @@ import (
"strings" "strings"
"time" "time"
"gitea.local/admin/hspguard/internal/types"
"gitea.local/admin/hspguard/internal/util" "gitea.local/admin/hspguard/internal/util"
"gitea.local/admin/hspguard/internal/web" "gitea.local/admin/hspguard/internal/web"
"github.com/google/uuid" "github.com/google/uuid"
@ -26,7 +27,9 @@ func (h *AuthHandler) refreshToken(w http.ResponseWriter, r *http.Request) {
} }
tokenStr := parts[1] tokenStr := parts[1]
token, userClaims, err := util.VerifyToken(tokenStr, h.cfg.Jwt.PublicKey) var userClaims types.UserClaims
token, err := util.VerifyToken(tokenStr, h.cfg.Jwt.PublicKey, &userClaims)
if err != nil || !token.Valid { if err != nil || !token.Valid {
http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized) http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized)
return return

4
internal/middleware/auth.go
View File

@ -37,7 +37,9 @@ func (m *AuthMiddleware) Runner(next http.Handler) http.Handler {
} }
tokenStr := parts[1] tokenStr := parts[1]
token, userClaims, err := util.VerifyToken(tokenStr, m.cfg.Jwt.PublicKey) var userClaims types.UserClaims
token, err := util.VerifyToken(tokenStr, m.cfg.Jwt.PublicKey, &userClaims)
if err != nil || !token.Valid { if err != nil || !token.Valid {
web.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized) web.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized)
return return

12
internal/util/jwt.go
View File

@ -6,7 +6,6 @@ import (
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"gitea.local/admin/hspguard/internal/types"
"github.com/golang-jwt/jwt/v5" "github.com/golang-jwt/jwt/v5"
) )
@ -57,13 +56,12 @@ func SignJwtToken(claims jwt.Claims, key string) (string, error) {
return s, nil return s, nil
} }
func VerifyToken(token string, key string) (*jwt.Token, *types.UserClaims, error) { func VerifyToken(token string, key string, claims jwt.Claims) (*jwt.Token, error) {
publicKey, err := ParseBase64PublicKey(key) publicKey, err := ParseBase64PublicKey(key)
if err != nil { if err != nil {
return nil, nil, err return nil, err
} }
claims := &types.UserClaims{}
parsed, err := jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) { parsed, err := jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
if _, ok := t.Method.(*jwt.SigningMethodRSA); !ok { if _, ok := t.Method.(*jwt.SigningMethodRSA); !ok {
return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"]) return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
@ -72,12 +70,12 @@ func VerifyToken(token string, key string) (*jwt.Token, *types.UserClaims, error
}) })
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("invalid token: %w", err) return nil, fmt.Errorf("invalid token: %w", err)
} }
if !parsed.Valid { if !parsed.Valid {
return nil, nil, fmt.Errorf("token is not valid") return nil, fmt.Errorf("token is not valid")
} }
return parsed, claims, nil return parsed, nil
} }