feat: Add jwt token pkg

2024-10-13 13:21:09 +02:00
parent 71926b2197
commit 798b9a7695
4 changed files with 174 additions and 0 deletions
--- a/internal/pkg/middleware/authn.go
+++ b/internal/pkg/middleware/authn.go
@ -0,0 +1,56 @@
+// MIT License
+//
+// Copyright (c) 2024 vinchent <vinchent@vinchent.xyz>
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+
+package middleware
+
+import (
+	"net/http"
+
+	"git.vinchent.xyz/vinchent/howmuch/internal/pkg/core"
+	"git.vinchent.xyz/vinchent/howmuch/internal/pkg/errno"
+	"git.vinchent.xyz/vinchent/howmuch/internal/pkg/token"
+	"github.com/gin-gonic/gin"
+)
+
+var ErrTokenInvalid = &errno.Errno{
+	HTTP:    http.StatusUnauthorized,
+	Code:    errno.ErrorCode(errno.AuthFailureCode, "TokenInvalid"),
+	Message: "invalid token",
+}
+
+const XUserName = "X-Username"
+
+// Authn authenticates a user's access by validating their token.
+func Authn() gin.HandlerFunc {
+	return func(ctx *gin.Context) {
+		tk, err := token.ParseRequest(ctx)
+		if err != nil || tk == nil {
+			core.WriteResponse(ctx, ErrTokenInvalid, nil)
+			ctx.Abort()
+		}
+
+		// TODO: check if the key is on logout blacklist.
+
+		ctx.Header(XUserName, tk.Identity)
+		ctx.Next()
+	}
+}
--- a/internal/pkg/token/token.go
+++ b/internal/pkg/token/token.go
@ -0,0 +1,115 @@
+// MIT License
+//
+// Copyright (c) 2024 vinchent <vinchent@vinchent.xyz>
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+
+package token
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+type Config struct {
+	secretKey  string
+	expiryTime time.Duration
+}
+
+type Claims struct {
+	IdentityKey string `json:"identity_key"`
+	jwt.RegisteredClaims
+}
+
+type TokenResp struct {
+	Identity string
+	Expiry   time.Time
+}
+
+var (
+	once   sync.Once
+	config *Config
+)
+
+var ErrMissingHeader = errors.New("Authorization is needed in the header")
+
+func Init(secretKey string, expiryTime time.Duration) {
+	once.Do(func() {
+		config.secretKey = secretKey
+		config.expiryTime = expiryTime
+	})
+}
+
+func Sign(identityKey string) (string, error) {
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, Claims{
+		identityKey,
+		jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(config.expiryTime)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+		},
+	})
+
+	return token.SignedString([]byte(config.secretKey))
+}
+
+func Parse(tokenString string) (*TokenResp, error) {
+	token, err := jwt.ParseWithClaims(
+		tokenString,
+		&Claims{},
+		func(t *jwt.Token) (interface{}, error) {
+			if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
+				return nil, jwt.ErrSignatureInvalid
+			}
+			return []byte(config.secretKey), nil
+		},
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	if claims, ok := token.Claims.(*Claims); ok {
+		return &TokenResp{
+			claims.IdentityKey,
+			claims.ExpiresAt.Time,
+		}, nil
+	}
+
+	return nil, nil
+}
+
+func ParseRequest(c *gin.Context) (*TokenResp, error) {
+	// NOTE: Authorization: Bearer sdkfjlsfjlskdfjlsjdflk...slkdfjlka
+	header := c.GetHeader("Authorization")
+
+	if len(header) == 0 {
+		return nil, ErrMissingHeader
+	}
+
+	// get the token
+	var t string
+	fmt.Sscanf(header, "Bearer %s", &t)
+
+	return Parse(t)
+}