ホーム エクスプローラ ヘルプ
登録 サインイン
noa
/
rate-it-api
Watch 1
Star 0
Fork 0
ファイル 課題 0 プルリクエスト 0 Wiki
ブランチ: master
ブランチ タグ
rate-it-api
/
controllers
/
auth.go

auth.go 2.2 KB
パーマリンク 履歴 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. package controllers
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 	"rate-it-api/models"
    6. 

  6. 	"rate-it-api/utils"
    7. 

  7. 	"time"
    8. 

  8. 

  9. 	"github.com/auth0/go-jwt-middleware"
    10. 

  10. 	"github.com/dgrijalva/jwt-go"
    11. 

  11. 	"golang.org/x/crypto/bcrypt"
    12. 

  12. )
    13. 

  13. 

  14. // AuthToken return a JWT token
    15. 

  15. func AuthToken(w http.ResponseWriter, r *http.Request) {
    16. 

  16. 

  17. 	r.ParseForm()
    18. 

  18. 

  19. 	user, err := models.UserGetByEmail(r.Form.Get("email"))
    20. 

  20. 

  21. 	if err != nil {
    22. 

  22. 

  23. 		utils.SendJSONErrorResponse(w, "This user doesn't exist", http.StatusBadRequest)
    24. 

  24. 		return
    25. 

  25. 	}
    26. 

  26. 

  27. 	if user.Verify != 1 {
    28. 

  28. 

  29. 		utils.SendJSONErrorResponse(w, "Email must be verify", http.StatusUnauthorized)
    30. 

  30. 		return
    31. 

  31. 	}
    32. 

  32. 

  33. 	password := r.Form.Get("password")
    34. 

  34. 

  35. 	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
    36. 

  36. 

  37. 	if err != nil {
    38. 

  38. 

  39. 		utils.SendJSONErrorResponse(w, "Invalid password", http.StatusUnauthorized)
    40. 

  40. 		return
    41. 

  41. 	}
    42. 

  42. 

  43. 	/* Create the token */
    44. 

  44. 	token := jwt.New(jwt.SigningMethodHS256)
    45. 

  45. 	config := utils.GetConfig()
    46. 

  46. 

  47. 	/* Set token claims */
    48. 

  48. 	claims := make(jwt.MapClaims)
    49. 

  49. 	claims["email"] = user.Email
    50. 

  50. 	claims["expiresAt "] = time.Now().Add(time.Duration(config.JWT.Expiration)).Unix()
    51. 

  51. 

  52. 	token.Claims = claims
    53. 

  53. 

  54. 	/* Sign the token with our secret */
    55. 

  55. 	tokenString, _ := token.SignedString([]byte(config.JWT.Secret))
    56. 

  56. 	tokenResponse := utils.TokenResponseStruct{
    57. 

  57. 		Token:      tokenString,
    58. 

  58. 		Expiration: config.JWT.Expiration / (1000 * 1000 * 1000),
    59. 

  59. 	}
    60. 

  60. 

  61. 	/* Finally, write the token to the browser window */
    62. 

  62. 	utils.SendJSONTokenAcknowledgeResponse(w, tokenResponse, http.StatusOK)
    63. 

  63. }
    64. 

  64. 

  65. func jwtErrorHandler(w http.ResponseWriter, r *http.Request, err string) {
    66. 

  66. 

  67. 	utils.SendJSONErrorResponse(w, err, http.StatusUnauthorized)
    68. 

  68. }
    69. 

  69. 

  70. // JwtMiddleware check JWT signature
    71. 

  71. var JwtMiddleware = jwtmiddleware.New(jwtmiddleware.Options{
    72. 

  72. 	ValidationKeyGetter: func(token *jwt.Token) (interface{}, error) {
    73. 

  73. 		config := utils.GetConfig()
    74. 

  74. 		return []byte(config.JWT.Secret), nil
    75. 

  75. 	},
    76. 

  76. 	// When set, the middleware verifies that tokens are signed with the specific signing algorithm
    77. 

  77. 	// If the signing method is not constant the ValidationKeyGetter callback can be used to implement additional checks
    78. 

  78. 	// Important to avoid security issues described here: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
    79. 

  79. 	SigningMethod: jwt.SigningMethodHS256,
    80. 

  80. 	ErrorHandler:  jwtErrorHandler,
    81. 

  81. })
    82. 

  82.