evan/imagini
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

More

Browse Source
This commit is contained in:
Evan Reichard
2021-01-19 15:50:48 -05:00
parent 3fd6e7b957
commit 45d7adbd8b
14 changed files with 203 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
internal/auth/auth.go
View File

@@ -62,26 +62,11 @@ func (auth *AuthManager) AuthenticateUser(creds models.APICredentials) (bool, mo
}
}
func (auth *AuthManager) getRole(user models.User) string {
// TODO: Lookup role of user
return "User"
}
func (auth *AuthManager) ValidateJWTAccessToken(accessJWT string) (jwt.Token, bool) {
byteAccessJWT := []byte(accessJWT)
verifiedToken, err := jwt.ParseBytes(byteAccessJWT, jwt.WithVerify(jwa.HS256, []byte(auth.Config.JWTSecret)))
if err != nil {
fmt.Println("failed to parse payload: ", err)
return nil, false
}
return verifiedToken, true
}
func (auth *AuthManager) RevokeRefreshToken() {
}
func (auth *AuthManager) ValidateJWTRefreshToken(refreshJWT string) (jwt.Token, bool) {
byteRefreshJWT := []byte(refreshJWT)
@@ -100,8 +85,11 @@ func (auth *AuthManager) ValidateJWTRefreshToken(refreshJWT string) (jwt.Token,
return nil, false
}
// Verify Token
verifiedToken, err := jwt.ParseBytes(byteRefreshJWT, jwt.WithVerify(jwa.HS256, []byte(device.RefreshKey)))
// Verify & Validate Token
verifiedToken, err := jwt.ParseBytes(byteRefreshJWT,
jwt.WithValidate(true),
jwt.WithVerify(jwa.HS256, []byte(device.RefreshKey)),
)
if err != nil {
fmt.Println("failed to parse payload: ", err)
return nil, false
@@ -109,11 +97,17 @@ func (auth *AuthManager) ValidateJWTRefreshToken(refreshJWT string) (jwt.Token,
return verifiedToken, true
}
func (auth *AuthManager) UpdateRefreshToken(deviceID string) error {
// TODO:
// - Remove Refresh token from Session AND DB
// - Call CreateRefreshToken
return nil
func (auth *AuthManager) ValidateJWTAccessToken(accessJWT string) (jwt.Token, bool) {
byteAccessJWT := []byte(accessJWT)
verifiedToken, err := jwt.ParseBytes(byteAccessJWT,
jwt.WithValidate(true),
jwt.WithVerify(jwa.HS256, []byte(auth.Config.JWTSecret)),
)
if err != nil {
fmt.Println("failed to parse payload: ", err)
return nil, false
}
return verifiedToken, true
}
func (auth *AuthManager) CreateJWTRefreshToken(user models.User, device models.Device) (string, error) {
@@ -123,13 +117,15 @@ func (auth *AuthManager) CreateJWTRefreshToken(user models.User, device models.D
// Create New Token
tm := time.Now()
t := jwt.New()
t.Set(`did`, device.UUID) // Device ID
t.Set(jwt.SubjectKey, user.UUID) // User ID
t.Set(jwt.AudienceKey, `imagini`) // App ID
t.Set(jwt.IssuedAtKey, tm) // Issued At
t.Set(`did`, device.UUID.String()) // Device ID
t.Set(jwt.SubjectKey, user.UUID.String()) // User ID
t.Set(jwt.AudienceKey, `imagini`) // App ID
t.Set(jwt.IssuedAtKey, tm) // Issued At
// TODO: Depends on Device
t.Set(jwt.ExpirationKey, tm.Add(time.Hour * 24)) // 1 Day Access Key
// iOS & Android = Never Expiring Refresh Token
if device.Type != "iOS" && device.Type != "Android" {
t.Set(jwt.ExpirationKey, tm.Add(time.Hour * 24)) // 1 Day Access Key
}
// Validate Token Creation
_, err := json.MarshalIndent(t, "", " ")
@@ -150,18 +146,15 @@ func (auth *AuthManager) CreateJWTRefreshToken(user models.User, device models.D
}
func (auth *AuthManager) CreateJWTAccessToken(user models.User, device models.Device) (string, error) {
// Acquire Role
role := auth.getRole(user)
// Create New Token
tm := time.Now()
t := jwt.New()
t.Set(`did`, device.UUID) // Device ID
t.Set(`role`, role) // User Role (Admin / User)
t.Set(jwt.SubjectKey, user.UUID) // User ID
t.Set(`did`, device.UUID.String()) // Device ID
t.Set(`role`, auth.getRole(user)) // User Role (Admin / User)
t.Set(jwt.SubjectKey, user.UUID.String()) // User ID
t.Set(jwt.AudienceKey, `imagini`) // App ID
t.Set(jwt.IssuedAtKey, tm) // Issued At
t.Set(jwt.ExpirationKey, tm.Add(time.Minute * 30)) // 30 Minute Access Key
t.Set(jwt.ExpirationKey, tm.Add(time.Hour * 2)) // 2 Hour Access Key
// Validate Token Creation
_, err := json.MarshalIndent(t, "", " ")