69 lines
1.5 KiB
Go
69 lines
1.5 KiB
Go
package auth
|
|
|
|
import (
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
type JwtTokenGenerator struct {
|
|
Key string
|
|
Issuer string
|
|
Audience string
|
|
}
|
|
|
|
func NewJwtTokenGenerator(key string, issuer string, audience string) *JwtTokenGenerator {
|
|
return &JwtTokenGenerator{
|
|
Key: key,
|
|
Issuer: issuer,
|
|
Audience: audience,
|
|
}
|
|
}
|
|
|
|
func (j *JwtTokenGenerator) GenerateToken(claims map[string]interface{}) (string, error) {
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
|
|
"exp": time.Now().AddDate(0, 0, 3).Unix(),
|
|
"iat": time.Now().Unix(),
|
|
"iss": j.Issuer,
|
|
"aud": j.Audience,
|
|
})
|
|
for k, v := range claims {
|
|
token.Claims.(jwt.MapClaims)[k] = v
|
|
}
|
|
|
|
return token.SignedString([]byte(j.Key))
|
|
}
|
|
|
|
// Gin middleware
|
|
func (j *JwtTokenGenerator) GinMiddleware() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
authHeader := c.GetHeader("Authorization")
|
|
if authHeader == "" {
|
|
c.AbortWithStatusJSON(401, gin.H{"error": "Unauthorized"})
|
|
return
|
|
}
|
|
|
|
tokenString := strings.TrimPrefix(authHeader, "Bearer ")
|
|
t, err := jwt.Parse(tokenString, func(t *jwt.Token) (interface{}, error) {
|
|
if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, jwt.ErrSignatureInvalid
|
|
}
|
|
return []byte(j.Key), nil
|
|
})
|
|
|
|
if err != nil {
|
|
c.AbortWithStatusJSON(401, gin.H{"error": "Unauthorized"})
|
|
return
|
|
}
|
|
|
|
claims, ok := t.Claims.(jwt.MapClaims)
|
|
if !ok || claims["role"] != "admin" {
|
|
c.AbortWithStatusJSON(401, gin.H{"error": "Unauthorized"})
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
} |