Update thermokarst/jwt
This commit is contained in:
parent
1e1d577878
commit
4ba6595d2a
4 changed files with 21 additions and 17 deletions
2
Godeps/Godeps.json
generated
2
Godeps/Godeps.json
generated
|
|
@ -51,7 +51,7 @@
|
|||
},
|
||||
{
|
||||
"ImportPath": "github.com/thermokarst/jwt",
|
||||
"Rev": "9d3638db601e499627271fe06273aab0aa67e7b3"
|
||||
"Rev": "0c914e9b3a7ff6a8629e6ccf21012244ff344452"
|
||||
},
|
||||
{
|
||||
"ImportPath": "golang.org/x/crypto/bcrypt",
|
||||
|
|
|
|||
2
Godeps/_workspace/src/github.com/thermokarst/jwt/LICENSE
generated
vendored
2
Godeps/_workspace/src/github.com/thermokarst/jwt/LICENSE
generated
vendored
|
|
@ -1,6 +1,6 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2015 Matthew Dillon
|
||||
Copyright (c) 2015, 2016 Matthew Dillon
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
|
|
|||
4
Godeps/_workspace/src/github.com/thermokarst/jwt/README.md
generated
vendored
4
Godeps/_workspace/src/github.com/thermokarst/jwt/README.md
generated
vendored
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
[](https://godoc.org/github.com/thermokarst/jwt)
|
||||
|
||||
A simple, opinionated Go net/http middleware for integrating JSON Web Tokens into
|
||||
your application:
|
||||
A simple (bring your own logic), opinionated Go net/http middleware for integrating
|
||||
JSON Web Tokens into your application:
|
||||
|
||||
```go
|
||||
package main
|
||||
|
|
|
|||
30
Godeps/_workspace/src/github.com/thermokarst/jwt/jwt.go
generated
vendored
30
Godeps/_workspace/src/github.com/thermokarst/jwt/jwt.go
generated
vendored
|
|
@ -107,14 +107,18 @@ func (m *Middleware) Secure(h http.Handler, v VerifyClaimsFunc) http.Handler {
|
|||
return &jwtError{status: http.StatusUnauthorized, err: ErrMissingToken}
|
||||
}
|
||||
} else {
|
||||
token = strings.Split(authHeader, " ")[1]
|
||||
tokenParts := strings.Split(authHeader, " ")
|
||||
if len(tokenParts) != 2 {
|
||||
return &jwtError{status: http.StatusUnauthorized, err: ErrMalformedToken}
|
||||
}
|
||||
token = tokenParts[1]
|
||||
}
|
||||
|
||||
if status, err, message := m.VerifyToken(token, v, r); err != nil {
|
||||
if status, message, err := m.VerifyToken(token, v, r); err != nil {
|
||||
return &jwtError{
|
||||
status: status,
|
||||
err: err,
|
||||
message: message,
|
||||
err: err,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -238,16 +242,16 @@ func (m *Middleware) CreateToken(identity string) (string, error) {
|
|||
}
|
||||
|
||||
// VerifyToken verifies a token
|
||||
func (m *Middleware) VerifyToken(token string, v VerifyClaimsFunc, r *http.Request) (int, error, string) {
|
||||
func (m *Middleware) VerifyToken(token string, v VerifyClaimsFunc, r *http.Request) (int, string, error) {
|
||||
tokenParts := strings.Split(token, ".")
|
||||
if len(tokenParts) != 3 {
|
||||
return http.StatusUnauthorized, ErrMalformedToken, ""
|
||||
return http.StatusUnauthorized, "", ErrMalformedToken
|
||||
}
|
||||
|
||||
// First, verify JOSE header
|
||||
header, err := decode(tokenParts[0])
|
||||
if err != nil {
|
||||
return http.StatusInternalServerError, err, fmt.Sprintf("decoding header (%v)", tokenParts[0])
|
||||
return http.StatusInternalServerError, fmt.Sprintf("decoding header (%v)", tokenParts[0]), err
|
||||
}
|
||||
var t struct {
|
||||
Typ string
|
||||
|
|
@ -255,7 +259,7 @@ func (m *Middleware) VerifyToken(token string, v VerifyClaimsFunc, r *http.Reque
|
|||
}
|
||||
err = json.Unmarshal(header, &t)
|
||||
if err != nil {
|
||||
return http.StatusInternalServerError, ErrMalformedToken, fmt.Sprintf("unmarshalling header (%s)", header)
|
||||
return http.StatusInternalServerError, fmt.Sprintf("unmarshalling header (%s)", header), ErrMalformedToken
|
||||
}
|
||||
|
||||
// Then, verify signature
|
||||
|
|
@ -264,29 +268,29 @@ func (m *Middleware) VerifyToken(token string, v VerifyClaimsFunc, r *http.Reque
|
|||
mac.Write(message)
|
||||
expectedMac, err := encode(mac.Sum(nil))
|
||||
if err != nil {
|
||||
return http.StatusInternalServerError, err, ""
|
||||
return http.StatusInternalServerError, "", err
|
||||
}
|
||||
if !hmac.Equal([]byte(tokenParts[2]), []byte(expectedMac)) {
|
||||
return http.StatusUnauthorized, ErrInvalidSignature, fmt.Sprintf("checking signature (%v)", tokenParts[2])
|
||||
return http.StatusUnauthorized, fmt.Sprintf("checking signature (%v)", tokenParts[2]), ErrInvalidSignature
|
||||
}
|
||||
|
||||
// Finally, check claims
|
||||
claimSet, err := decode(tokenParts[1])
|
||||
if err != nil {
|
||||
return http.StatusInternalServerError, ErrDecoding, "decoding claims"
|
||||
return http.StatusInternalServerError, "decoding claims", ErrDecoding
|
||||
}
|
||||
err = v(claimSet, r)
|
||||
if err != nil {
|
||||
return http.StatusUnauthorized, err, "handling claims callback"
|
||||
return http.StatusUnauthorized, "handling claims callback", err
|
||||
}
|
||||
|
||||
return 200, nil, ""
|
||||
return 200, "", nil
|
||||
}
|
||||
|
||||
type jwtError struct {
|
||||
status int
|
||||
err error
|
||||
message string
|
||||
err error
|
||||
}
|
||||
|
||||
type errorHandler func(http.ResponseWriter, *http.Request) *jwtError
|
||||
|
|
|
|||
Reference in a new issue