super-graph/serv/auth_jwt.go

package serv

import (
	"context"
	"io/ioutil"
	"net/http"

	jwt "github.com/dgrijalva/jwt-go"
)

func jwtHandler(next http.HandlerFunc) http.HandlerFunc {
	var key interface{}

	cookie := conf.GetString("auth.cookie")

	conf.BindEnv("auth.secret", "SG_AUTH_SECRET")
	secret := conf.GetString("auth.secret")

	conf.BindEnv("auth.public_key_file", "SG_AUTH_PUBLIC_KEY_FILE")
	publicKeyFile := conf.GetString("auth.public_key_file")

	switch {
	case len(secret) != 0:
		key = []byte(secret)

	case len(publicKeyFile) != 0:
		kd, err := ioutil.ReadFile(publicKeyFile)
		if err != nil {
			panic(err)
		}

		switch conf.GetString("auth.public_key_type") {
		case "ecdsa":
			key, err = jwt.ParseECPublicKeyFromPEM(kd)

		case "rsa":
			key, err = jwt.ParseRSAPublicKeyFromPEM(kd)

		default:
			key, err = jwt.ParseECPublicKeyFromPEM(kd)

		}

		if err != nil {
			panic(err)
		}
	}

	return func(w http.ResponseWriter, r *http.Request) {
		var tok string

		if len(cookie) != 0 {
			ck, err := r.Cookie(cookie)
			if err != nil {
				next.ServeHTTP(w, r)
				return
			}
			tok = ck.Value
		} else {
			ah := r.Header.Get(authHeader)
			if len(ah) < 10 {
				next.ServeHTTP(w, r)
				return
			}
			tok = ah[7:]
		}

		token, err := jwt.ParseWithClaims(tok, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
			return key, nil
		})

		if err != nil {
			next.ServeHTTP(w, r)
			return
		}

		if claims, ok := token.Claims.(*jwt.StandardClaims); ok {
			ctx := context.WithValue(r.Context(), userIDKey, claims.Id)
			next.ServeHTTP(w, r.WithContext(ctx))
		}

		next.ServeHTTP(w, r)
	}
}
First commit 2019-03-24 14:57:29 +01:00			`package serv`

			`import (`
			`"context"`
			`"io/ioutil"`
			`"net/http"`

			`jwt "github.com/dgrijalva/jwt-go"`
			`)`

			`func jwtHandler(next http.HandlerFunc) http.HandlerFunc {`
			`var key interface{}`

			`cookie := conf.GetString("auth.cookie")`

			`conf.BindEnv("auth.secret", "SG_AUTH_SECRET")`
			`secret := conf.GetString("auth.secret")`

			`conf.BindEnv("auth.public_key_file", "SG_AUTH_PUBLIC_KEY_FILE")`
			`publicKeyFile := conf.GetString("auth.public_key_file")`

			`switch {`
			`case len(secret) != 0:`
			`key = []byte(secret)`

			`case len(publicKeyFile) != 0:`
			`kd, err := ioutil.ReadFile(publicKeyFile)`
			`if err != nil {`
			`panic(err)`
			`}`

			`switch conf.GetString("auth.public_key_type") {`
			`case "ecdsa":`
			`key, err = jwt.ParseECPublicKeyFromPEM(kd)`

			`case "rsa":`
			`key, err = jwt.ParseRSAPublicKeyFromPEM(kd)`

			`default:`
			`key, err = jwt.ParseECPublicKeyFromPEM(kd)`

			`}`

			`if err != nil {`
			`panic(err)`
			`}`
			`}`

			`return func(w http.ResponseWriter, r *http.Request) {`
			`var tok string`

			`if len(cookie) != 0 {`
			`ck, err := r.Cookie(cookie)`
			`if err != nil {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`
			`tok = ck.Value`
			`} else {`
			`ah := r.Header.Get(authHeader)`
			`if len(ah) < 10 {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`
			`tok = ah[7:]`
			`}`

			`token, err := jwt.ParseWithClaims(tok, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {`
			`return key, nil`
			`})`

			`if err != nil {`
			`next.ServeHTTP(w, r)`
			`return`
			`}`

			`if claims, ok := token.Claims.(*jwt.StandardClaims); ok {`
			`ctx := context.WithValue(r.Context(), userIDKey, claims.Id)`
			`next.ServeHTTP(w, r.WithContext(ctx))`
			`}`

			`next.ServeHTTP(w, r)`
			`}`
			`}`