OneAuth/libs/auth/jwt.go

//
// jwt.go
// Copyright (C) 2024 veypi <i@veypi.com>
// 2024-09-23 18:28
// Distributed under terms of the MIT license.
//

package auth

import (
	"errors"
	"fmt"
	"strings"
	"time"

	"github.com/golang-jwt/jwt/v5"
	"github.com/veypi/OneAuth/cfg"
	"github.com/veypi/OneAuth/errs"
	"github.com/veypi/OneBD/rest"
)

func GenJwt(claim *Claims) (string, error) {
	return GenJwtWithKey(claim, cfg.Config.Key)
}
func GenJwtWithKey(claim *Claims, key string) (string, error) {
	if claim.ExpiresAt == nil {
		claim.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Hour))
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)
	return token.SignedString([]byte(key))

}

func ParseJwt(tokenString string) (*Claims, error) {
	claims := &Claims{}
	token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
		}
		return []byte(cfg.Config.Key), nil
	})
	if errors.Is(err, jwt.ErrTokenExpired) {
		return nil, errs.AuthExpired
	}

	if err != nil || !token.Valid {
		return nil, errs.AuthInvalid
	}
	return claims, nil
}

func checkJWT(x *rest.X) (*Claims, error) {
	authHeader := x.Request.Header.Get("Authorization")
	if authHeader == "" {
		authHeader = x.Request.URL.Query().Get("Authorization")
		if authHeader == "" {
			return nil, errs.AuthNotFound
		}
	}
	// Token is typically in the format "Bearer <token>"
	tokenString := strings.TrimPrefix(authHeader, "Bearer ")

	// Parse the token
	claims, err := ParseJwt(tokenString)
	if err != nil {
		return nil, err
	}
	x.Set("token", claims)

	return claims, nil
}

func CheckJWT(x *rest.X) (any, error) {
	return checkJWT(x)
}

func Check(target string, pid string, l AuthLevel) func(x *rest.X) (any, error) {
	return func(x *rest.X) (any, error) {
		claims, err := checkJWT(x)
		if err != nil {
			return nil, err
			// return nil, err
		}
		tid := ""
		if pid != "" {
			tid = x.Params.Get(pid)
		}
		if !claims.Access.Check(target, tid, l) {
			// return nil, errs.AuthNoPerm
		}
		return claims, nil
	}
}
update 7 months ago			`//`
			`// jwt.go`
			`// Copyright (C) 2024 veypi <i@veypi.com>`
			`// 2024-09-23 18:28`
			`// Distributed under terms of the MIT license.`
			`//`

			`package auth`

			`import (`
			`"errors"`
			`"fmt"`
			`"strings"`
			`"time"`

			`"github.com/golang-jwt/jwt/v5"`
update 6 months ago			`"github.com/veypi/OneAuth/cfg"`
			`"github.com/veypi/OneAuth/errs"`
update 7 months ago			`"github.com/veypi/OneBD/rest"`
			`)`

			`func GenJwt(claim *Claims) (string, error) {`
			`return GenJwtWithKey(claim, cfg.Config.Key)`
			`}`
			`func GenJwtWithKey(claim *Claims, key string) (string, error) {`
			`if claim.ExpiresAt == nil {`
			`claim.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Hour))`
			`}`
			`token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)`
			`return token.SignedString([]byte(key))`

			`}`

			`func ParseJwt(tokenString string) (*Claims, error) {`
			`claims := &Claims{}`
			`token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {`
			`if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {`
			`return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])`
			`}`
			`return []byte(cfg.Config.Key), nil`
			`})`
			`if errors.Is(err, jwt.ErrTokenExpired) {`
			`return nil, errs.AuthExpired`
			`}`

			`if err != nil \|\| !token.Valid {`
			`return nil, errs.AuthInvalid`
			`}`
			`return claims, nil`
			`}`

feat: change axios and add auth refresh 4 months ago			`func checkJWT(x rest.X) (Claims, error) {`
update 7 months ago			`authHeader := x.Request.Header.Get("Authorization")`
			`if authHeader == "" {`
feat: change axios and add auth refresh 4 months ago			`authHeader = x.Request.URL.Query().Get("Authorization")`
			`if authHeader == "" {`
			`return nil, errs.AuthNotFound`
			`}`
update 7 months ago			`}`
			`// Token is typically in the format "Bearer <token>"`
			`tokenString := strings.TrimPrefix(authHeader, "Bearer ")`

			`// Parse the token`
			`claims, err := ParseJwt(tokenString)`
			`if err != nil {`
			`return nil, err`
			`}`
feat: change axios and add auth refresh 4 months ago			`x.Set("token", claims)`
update 7 months ago
			`return claims, nil`
			`}`

feat: change axios and add auth refresh 4 months ago			`func CheckJWT(x *rest.X) (any, error) {`
			`return checkJWT(x)`
			`}`

			`func Check(target string, pid string, l AuthLevel) func(x *rest.X) (any, error) {`
			`return func(x *rest.X) (any, error) {`
			`claims, err := checkJWT(x)`
update 7 months ago			`if err != nil {`
feat: change axios and add auth refresh 4 months ago			`return nil, err`
			`// return nil, err`
update 7 months ago			`}`
			`tid := ""`
			`if pid != "" {`
update 7 months ago			`tid = x.Params.Get(pid)`
update 7 months ago			`}`
			`if !claims.Access.Check(target, tid, l) {`
feat: change axios and add auth refresh 4 months ago			`// return nil, errs.AuthNoPerm`
update 7 months ago			`}`
feat: change axios and add auth refresh 4 months ago			`return claims, nil`
update 7 months ago			`}`
			`}`