mirror of
https://git.rwth-aachen.de/acs/public/villas/web-backend-go/
synced 2025-03-30 00:00:12 +01:00
Simplifies authentication middleware
This commit is contained in:
smavros
parent
fc358d06c6
commit
cded4d672c
1 changed files with 7 additions and 30 deletions
|
|
@ -8,7 +8,6 @@ import (
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func UserToContext(ctx *gin.Context, user_id uint) {
|
func UserToContext(ctx *gin.Context, user_id uint) {
|
||||||
|
|
@ -21,47 +20,25 @@ func UserToContext(ctx *gin.Context, user_id uint) {
|
||||||
ctx.Set("user", user)
|
ctx.Set("user", user)
|
||||||
}
|
}
|
||||||
|
|
||||||
// func stripBearerPrefixFromTokenString()
|
|
||||||
// Originally is supposed to remove the 'BEARER' token from the Auth
|
|
||||||
// header "Authorization: Bearer <token>". Currently use curl's header
|
|
||||||
// like "$ curl -H 'Authorization: TOKEN <token> ..."
|
|
||||||
func removeTokenPrefix(tok string) (string, error) {
|
|
||||||
// if the prefix exists remove it from token
|
|
||||||
if len(tok) > 5 && strings.ToUpper(tok[0:6]) == "TOKEN " {
|
|
||||||
return tok[6:], nil
|
|
||||||
}
|
|
||||||
// otherwise return token
|
|
||||||
return tok, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Extractor of Authorization Header
|
|
||||||
// var AuthorizationHeaderExtractor
|
|
||||||
var GetAuthorizationHeader = &request.PostExtractionFilter{
|
|
||||||
request.HeaderExtractor{"Authorization"},
|
|
||||||
removeTokenPrefix,
|
|
||||||
}
|
|
||||||
|
|
||||||
// Extractor of OAuth2 tokens. Finds the 'access_token'
|
|
||||||
// var OAuth2Extractor
|
|
||||||
var GetAuth2 = &request.MultiExtractor{
|
|
||||||
GetAuthorizationHeader,
|
|
||||||
request.ArgumentExtractor{"access_token"},
|
|
||||||
}
|
|
||||||
|
|
||||||
func Authentication(unauthorized bool) gin.HandlerFunc {
|
func Authentication(unauthorized bool) gin.HandlerFunc {
|
||||||
return func(ctx *gin.Context) {
|
return func(ctx *gin.Context) {
|
||||||
// Initialize user_id and model in the context
|
// Initialize user_id and model in the context
|
||||||
UserToContext(ctx, 0)
|
UserToContext(ctx, 0)
|
||||||
|
|
||||||
// Authentication's access token extraction
|
// Authentication's access token extraction
|
||||||
token, err := request.ParseFromRequest(ctx.Request, GetAuth2,
|
// XXX: if we have a multi-header for Authorization (e.g. in
|
||||||
|
// case of OAuth2 use the request.OAuth2Extractor and make sure
|
||||||
|
// that the argument is 'access-token' or provide a custom one
|
||||||
|
token, err := request.ParseFromRequest(ctx.Request,
|
||||||
|
request.AuthorizationHeaderExtractor,
|
||||||
func(token *jwt.Token) (interface{}, error) {
|
func(token *jwt.Token) (interface{}, error) {
|
||||||
|
|
||||||
// validate alg for signing the jwt
|
// validate alg for signing the jwt
|
||||||
// XXX: whis is the default signing method?
|
|
||||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||||
return nil, fmt.Errorf("Unexpected signing alg: %v",
|
return nil, fmt.Errorf("Unexpected signing alg: %v",
|
||||||
token.Header["alg"])
|
token.Header["alg"])
|
||||||
}
|
}
|
||||||
|
|
||||||
// return secret in byte format
|
// return secret in byte format
|
||||||
secret := ([]byte(jwtSigningSecret))
|
secret := ([]byte(jwtSigningSecret))
|
||||||
return secret, nil
|
return secret, nil
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue