add jwt auth for future use
This commit is contained in:
parent
e12876b3ed
commit
fad6b6536a
|
|
@ -0,0 +1,34 @@
|
||||||
|
package security
|
||||||
|
|
||||||
|
import (
|
||||||
|
"cadoles/graphql/config"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
jwt "github.com/dgrijalva/jwt-go"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Handle security middleware aims to implement a JWT authentication.
|
||||||
|
func Handle(next http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
tokenString := r.Header.Get("Authorization")[7:] // 7 corresponds to "Bearer "
|
||||||
|
|
||||||
|
token, _ := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||||
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||||
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
||||||
|
}
|
||||||
|
conf := config.GetConfig()
|
||||||
|
|
||||||
|
var secret = conf.JWT_SECRET // Prefer to store this secret in a configuration file
|
||||||
|
|
||||||
|
return []byte(secret), nil
|
||||||
|
})
|
||||||
|
|
||||||
|
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
||||||
|
log.Printf("JWT Authenticated OK (app: %s)", claims["app"])
|
||||||
|
|
||||||
|
next.ServeHTTP(w, r)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue