Compare commits
3 Commits
9473c83679
...
d4adc1b538
| Author | SHA1 | Date | |
|---|---|---|---|
| d4adc1b538 | |||
| edfa3e63b9 | |||
| 7c58473ff1 |
@ -86,30 +86,55 @@ func (h *AuthHandler) login(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
claims := types.UserClaims{
|
||||
UserID: user.ID.String(),
|
||||
accessClaims := types.UserClaims{
|
||||
UserEmail: user.Email,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
Issuer: "hspguard",
|
||||
Subject: user.Email,
|
||||
Subject: user.ID.String(),
|
||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(15 * time.Minute)),
|
||||
},
|
||||
}
|
||||
|
||||
token, err := SignJwtToken(claims)
|
||||
accessToken, err := SignJwtToken(accessClaims)
|
||||
if err != nil {
|
||||
web.Error(w, fmt.Sprintf("failed to generate access token: %v", err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
refreshClaims := types.UserClaims{
|
||||
UserEmail: user.Email,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
Issuer: "hspguard",
|
||||
Subject: user.ID.String(),
|
||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(30 * 24 * time.Hour)),
|
||||
},
|
||||
}
|
||||
|
||||
refreshToken, err := SignJwtToken(refreshClaims)
|
||||
if err != nil {
|
||||
web.Error(w, fmt.Sprintf("failed to generate refresh token: %v", err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
encoder := json.NewEncoder(w)
|
||||
|
||||
type Response struct {
|
||||
Token string `json:"token"`
|
||||
AccessToken string `json:"access"`
|
||||
RefreshToken string `json:"refresh"`
|
||||
// fields required for UI in account selector, e.g. email, full name and avatar
|
||||
FullName string `json:"full_name"`
|
||||
Email string `json:"email"`
|
||||
// Avatar
|
||||
}
|
||||
|
||||
if err := encoder.Encode(Response{
|
||||
Token: token,
|
||||
AccessToken: accessToken,
|
||||
RefreshToken: refreshToken,
|
||||
FullName: user.FullName,
|
||||
Email: user.Email,
|
||||
// Avatar
|
||||
}); err != nil {
|
||||
web.Error(w, "failed to encode response", http.StatusInternalServerError)
|
||||
}
|
||||
|
||||
@ -26,13 +26,13 @@ func AuthMiddleware(next http.Handler) http.Handler {
|
||||
}
|
||||
|
||||
tokenStr := parts[1]
|
||||
token, userClaims, err := auth.VerifyToken(tokenStr)
|
||||
if err != nil || !token.Valid {
|
||||
token, userClaims, err := auth.VerifyToken(tokenStr)
|
||||
if err != nil || !token.Valid {
|
||||
http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
ctx := context.WithValue(r.Context(), types.UserIdKey, userClaims.UserID)
|
||||
ctx := context.WithValue(r.Context(), types.UserIdKey, userClaims.Subject)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
@ -50,4 +50,3 @@ func WithSkipper(mw func(http.Handler) http.Handler, excludedPaths ...string) fu
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -3,8 +3,17 @@ package types
|
||||
import "github.com/golang-jwt/jwt/v5"
|
||||
|
||||
type UserClaims struct {
|
||||
UserID string `json:"user_id"`
|
||||
// Role
|
||||
UserEmail string `json:"user_email"`
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
type ApiClaims struct {
|
||||
UserID string `json:"user_id"`
|
||||
// Permissions are guard's defined permissions
|
||||
// Examples:
|
||||
// 1. User MetaData (specifically some fields like email, profile picture and name)
|
||||
// 2. Actions on User, e.g. home permissions fetching, notifications emitting
|
||||
Permissions []string `json:"permissions"`
|
||||
// Subject is an API ID defined in guard's DB after registration
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user