2020-04-10 08:27:43 +02:00
|
|
|
package auth
|
2019-03-24 14:57:29 +01:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
"net/http"
|
2019-03-29 03:34:42 +01:00
|
|
|
"strings"
|
2019-03-24 14:57:29 +01:00
|
|
|
|
|
|
|
|
jwt "github.com/dgrijalva/jwt-go"
|
2020-04-10 08:27:43 +02:00
|
|
|
"github.com/dosco/super-graph/core"
|
2019-03-24 14:57:29 +01:00
|
|
|
)
|
|
|
|
|
|
2019-03-29 03:34:42 +01:00
|
|
|
const (
|
2019-04-10 07:38:48 +02:00
|
|
|
authHeader = "Authorization"
|
2019-11-28 07:25:46 +01:00
|
|
|
jwtAuth0 int = iota + 1
|
2019-03-29 03:34:42 +01:00
|
|
|
)
|
|
|
|
|
|
2020-04-11 08:45:06 +02:00
|
|
|
func JwtHandler(ac *Auth, next http.Handler) (http.HandlerFunc, error) {
|
2019-03-24 14:57:29 +01:00
|
|
|
var key interface{}
|
2019-03-29 03:34:42 +01:00
|
|
|
var jwtProvider int
|
2019-03-24 14:57:29 +01:00
|
|
|
|
2020-04-10 08:27:43 +02:00
|
|
|
cookie := ac.Cookie
|
2019-03-24 14:57:29 +01:00
|
|
|
|
2020-04-10 08:27:43 +02:00
|
|
|
if ac.JWT.Provider == "auth0" {
|
2019-03-29 03:34:42 +01:00
|
|
|
jwtProvider = jwtAuth0
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-10 08:27:43 +02:00
|
|
|
secret := ac.JWT.Secret
|
|
|
|
|
publicKeyFile := ac.JWT.PubKeyFile
|
2019-03-24 14:57:29 +01:00
|
|
|
|
|
|
|
|
switch {
|
|
|
|
|
case len(secret) != 0:
|
|
|
|
|
key = []byte(secret)
|
|
|
|
|
|
|
|
|
|
case len(publicKeyFile) != 0:
|
|
|
|
|
kd, err := ioutil.ReadFile(publicKeyFile)
|
|
|
|
|
if err != nil {
|
2020-04-10 08:27:43 +02:00
|
|
|
return nil, err
|
2019-03-24 14:57:29 +01:00
|
|
|
}
|
|
|
|
|
|
2020-04-10 08:27:43 +02:00
|
|
|
switch ac.JWT.PubKeyType {
|
2019-03-24 14:57:29 +01:00
|
|
|
case "ecdsa":
|
|
|
|
|
key, err = jwt.ParseECPublicKeyFromPEM(kd)
|
|
|
|
|
|
|
|
|
|
case "rsa":
|
|
|
|
|
key, err = jwt.ParseRSAPublicKeyFromPEM(kd)
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
key, err = jwt.ParseECPublicKeyFromPEM(kd)
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
2020-04-10 08:27:43 +02:00
|
|
|
return nil, err
|
2019-03-24 14:57:29 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
var tok string
|
|
|
|
|
|
|
|
|
|
if len(cookie) != 0 {
|
|
|
|
|
ck, err := r.Cookie(cookie)
|
|
|
|
|
if err != nil {
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
tok = ck.Value
|
|
|
|
|
} else {
|
|
|
|
|
ah := r.Header.Get(authHeader)
|
|
|
|
|
if len(ah) < 10 {
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
tok = ah[7:]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
token, err := jwt.ParseWithClaims(tok, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
|
return key, nil
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
next.ServeHTTP(w, r)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if claims, ok := token.Claims.(*jwt.StandardClaims); ok {
|
2019-03-29 03:34:42 +01:00
|
|
|
ctx := r.Context()
|
|
|
|
|
|
|
|
|
|
if jwtProvider == jwtAuth0 {
|
|
|
|
|
sub := strings.Split(claims.Subject, "|")
|
|
|
|
|
if len(sub) != 2 {
|
2020-04-10 08:27:43 +02:00
|
|
|
ctx = context.WithValue(ctx, core.UserIDProviderKey, sub[0])
|
|
|
|
|
ctx = context.WithValue(ctx, core.UserIDKey, sub[1])
|
2019-03-29 03:34:42 +01:00
|
|
|
}
|
|
|
|
|
} else {
|
2020-04-10 08:27:43 +02:00
|
|
|
ctx = context.WithValue(ctx, core.UserIDKey, claims.Subject)
|
2019-03-29 03:34:42 +01:00
|
|
|
}
|
2019-11-15 07:35:19 +01:00
|
|
|
|
2019-03-24 14:57:29 +01:00
|
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
2019-11-15 07:35:19 +01:00
|
|
|
return
|
2019-03-24 14:57:29 +01:00
|
|
|
}
|
2019-11-15 07:35:19 +01:00
|
|
|
|
2019-03-24 14:57:29 +01:00
|
|
|
next.ServeHTTP(w, r)
|
2020-04-10 08:27:43 +02:00
|
|
|
}, nil
|
2019-03-24 14:57:29 +01:00
|
|
|
}
|
