restapi_auth_jwt.go 1.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
  1. package httpservers
  2. import (
  3. "errors"
  4. "fmt"
  5. "github.com/golang-jwt/jwt/v4"
  6. log "github.com/sirupsen/logrus"
  7. "net/http"
  8. )
  9. func parseJwtToken(cookieValue string) (*jwt.Token, error) {
  10. return jwt.Parse(cookieValue, func(token *jwt.Token) (interface{}, error) {
  11. // Don't forget to validate the alg is what you expect:
  12. if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
  13. return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
  14. }
  15. // hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
  16. return []byte(cfg.AuthJwtSecret), nil
  17. })
  18. }
  19. func getClaimsFromJwtToken(cookieValue string) (jwt.MapClaims, error) {
  20. token, err := parseJwtToken(cookieValue)
  21. if err != nil {
  22. log.Errorf("jwt parse failure: %v", err)
  23. return nil, errors.New("jwt parse failure")
  24. }
  25. if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
  26. return claims, nil
  27. } else {
  28. return nil, errors.New("jwt token isn't valid")
  29. }
  30. }
  31. func lookupClaimValueOrDefault(claims jwt.MapClaims, key string, def string) string {
  32. if val, ok := claims[key]; ok {
  33. return fmt.Sprintf("%s", val)
  34. } else {
  35. return def
  36. }
  37. }
  38. func parseJwtCookie(request *http.Request) (string, string) {
  39. cookie, err := request.Cookie(cfg.AuthJwtCookieName)
  40. if err != nil {
  41. log.Debugf("jwt cookie check %v name: %v", err, cfg.AuthJwtCookieName)
  42. return "", ""
  43. }
  44. claims, err := getClaimsFromJwtToken(cookie.Value)
  45. log.Debugf("jwt claims data: %+v", claims)
  46. if err != nil {
  47. log.Warnf("jwt claim error: %+v", err)
  48. return "", ""
  49. }
  50. username := lookupClaimValueOrDefault(claims, cfg.AuthJwtClaimUsername, "")
  51. usergroup := lookupClaimValueOrDefault(claims, cfg.AuthJwtClaimUserGroup, "")
  52. return username, usergroup
  53. }