|
1 | 1 | package auth |
2 | 2 |
|
3 | 3 | import ( |
4 | | - "fmt" |
5 | 4 | "net/http" |
6 | | - "strings" |
7 | | - "time" |
8 | 5 |
|
9 | | - "github.com/PythonHacker24/linux-acl-management-backend/config" |
10 | | - "github.com/golang-jwt/jwt/v5" |
| 6 | + "github.com/PythonHacker24/linux-acl-management-backend/internal/token" |
11 | 7 | ) |
12 | 8 |
|
13 | | -/* generating jwt token for user identification with specified configs */ |
14 | | -func GenerateJWT(username string) (string, error) { |
15 | | - expiryHours := config.BackendConfig.BackendSecurity.JWTExpiry |
16 | | - |
17 | | - /* generate JWT token with claims */ |
18 | | - token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{ |
19 | | - "username": username, |
20 | | - "exp": time.Now().Add(time.Hour * time.Duration(expiryHours)).Unix(), |
21 | | - }) |
22 | | - |
23 | | - return token.SignedString([]byte(config.BackendConfig.BackendSecurity.JWTTokenSecret)) |
24 | | -} |
25 | | - |
26 | | -/* validate JWT token and return claims */ |
27 | | -func ValidateJWT(tokenString string) (jwt.MapClaims, error) { |
28 | | - |
29 | | - /* parse the token */ |
30 | | - token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { |
31 | | - if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { |
32 | | - return nil, fmt.Errorf("unexpected signing method") |
33 | | - } |
34 | | - return []byte(config.BackendConfig.BackendSecurity.JWTTokenSecret), nil |
35 | | - }) |
36 | | - |
37 | | - /* check if token is valid */ |
38 | | - if err != nil { |
39 | | - return nil, fmt.Errorf("JWT parsing error: %w", err) |
40 | | - } |
41 | | - |
42 | | - /* check if token is valid */ |
43 | | - if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { |
44 | | - return claims, nil |
45 | | - } |
46 | | - |
47 | | - return nil, fmt.Errorf("invalid token") |
48 | | -} |
49 | | - |
50 | | -/* extracts username from JWT token */ |
51 | | -func GetUsernameFromJWT(tokenString string) (string, error) { |
52 | | - |
53 | | - /* get claims from JWT Token */ |
54 | | - claims, err := ValidateJWT(tokenString) |
55 | | - if err != nil { |
56 | | - return "", fmt.Errorf("JWT validation error: %w", err) |
57 | | - } |
58 | | - |
59 | | - /* extract username from JWT Token */ |
60 | | - username, ok := claims["username"].(string) |
61 | | - if !ok { |
62 | | - return "", fmt.Errorf("username not found in token") |
63 | | - } |
64 | | - |
65 | | - return username, nil |
66 | | -} |
67 | | - |
68 | | -/* extract username from http request (wrapper around GetUsernameFromJWT for http requests) */ |
| 9 | +/* extract username from http request */ |
69 | 10 | func ExtractUsernameFromRequest(r *http.Request) (string, error) { |
70 | | - |
71 | | - /* extract authentication hearder from http request */ |
72 | | - authHeader := r.Header.Get("Authorization") |
73 | | - if authHeader == "" { |
74 | | - return "", fmt.Errorf("missing Authorization header") |
75 | | - } |
76 | | - |
77 | | - /* parse the token from the header */ |
78 | | - tokenParts := strings.Split(authHeader, " ") |
79 | | - if len(tokenParts) != 2 || tokenParts[0] != "Bearer" { |
80 | | - return "", fmt.Errorf("invalid Authorization header format") |
81 | | - } |
82 | | - |
83 | | - return GetUsernameFromJWT(tokenParts[1]) |
| 11 | + return token.ExtractUsernameFromRequest(r) |
84 | 12 | } |
0 commit comments