thermokarst/jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

GH syntax highlighting

Browse source
This commit is contained in:
Matthew Dillon 2015-04-21 09:59:43 -08:00
parent 11c03db65e
commit dc58eb70a2
1 changed files with 73 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

138
README.md
View file

@ -3,74 +3,76 @@
A simple, opinionated Go net/http middleware for integrating JSON Web Tokens into A simple, opinionated Go net/http middleware for integrating JSON Web Tokens into
your application: your application:
package main ```go
package main
import ( import (
"errors" "errors"
"fmt" "fmt"
"net/http" "net/http"
"time" "time"
"github.com/thermokarst/jwt" "github.com/thermokarst/jwt"
) )
func protectMe(w http.ResponseWriter, r *http.Request) { func protectMe(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "secured") fmt.Fprintf(w, "secured")
}
func main() {
var authFunc = func(email string, password string) error {
// Hard-code a user --- this could easily be a database call, etc.
if email != "test" || password != "test" {
return errors.New("invalid credentials")
}
return nil
} }
func main() { var claimsFunc = func(userId string) (map[string]interface{}, error) {
var authFunc = func(email string, password string) error { currentTime := time.Now()
// Hard-code a user --- this could easily be a database call, etc. return map[string]interface{}{
if email != "test" || password != "test" { "iat": currentTime.Unix(),
return errors.New("invalid credentials") "exp": currentTime.Add(time.Minute * 60 * 24).Unix(),
} "sub": userId,
return nil }, nil
} }
var claimsFunc = func(userId string) (map[string]interface{}, error) { var verifyClaimsFunc = func(claims []byte) error {
currentTime := time.Now() currentTime := time.Now()
return map[string]interface{}{ var c struct {
"iat": currentTime.Unix(), Exp int64
"exp": currentTime.Add(time.Minute * 60 * 24).Unix(), Iat int64
"sub": userId, Sub string
}, nil
} }
err := json.Unmarshal(claims, &c)
var verifyClaimsFunc = func(claims []byte) error {
currentTime := time.Now()
var c struct {
Exp int64
Iat int64
Sub string
}
err := json.Unmarshal(claims, &c)
if err != nil {
return err
}
if currentTime.After(time.Unix(c.Exp, 0)) {
return errors.New("this token has expired!")
}
if c.Sub != "test" {
return errors.New("who are you??!")
}
return nil
}
config := &jwt.Config{
Secret: "password",
Auth: authFunc,
Claims: claimsFunc,
}
j, err := jwt.NewMiddleware(config)
if err != nil { if err != nil {
panic(err) return err
} }
protect := http.HandlerFunc(protectMe) if currentTime.After(time.Unix(c.Exp, 0)) {
http.Handle("/authenticate", j.GenerateToken()) return errors.New("this token has expired!")
http.Handle("/secure", j.Secure(protect, verifyClaimsFunc)) }
http.ListenAndServe(":8080", nil) if c.Sub != "test" {
return errors.New("who are you??!")
}
return nil
} }
config := &jwt.Config{
Secret: "password",
Auth: authFunc,
Claims: claimsFunc,
}
j, err := jwt.NewMiddleware(config)
if err != nil {
panic(err)
}
protect := http.HandlerFunc(protectMe)
http.Handle("/authenticate", j.GenerateToken())
http.Handle("/secure", j.Secure(protect, verifyClaimsFunc))
http.ListenAndServe(":8080", nil)
}
```
# Installation # Installation
$ go get github.com/thermokarst/jwt $ go get github.com/thermokarst/jwt
@ -85,17 +87,21 @@ tokens), a function for authenticating user, and a function for generating a
user's claims. The idea here is to be dead-simple for someone to drop this into user's claims. The idea here is to be dead-simple for someone to drop this into
a project and hit the ground running. a project and hit the ground running.
config := &jwt.Config{ ```go
Secret: "password", config := &jwt.Config{
Auth: authFunc, // func(string, string) error Secret: "password",
Claims: claimsFunc, // func(string) (map[string]interface{}) Auth: authFunc, // func(string, string) error
} Claims: claimsFunc, // func(string) (map[string]interface{})
j, err := jwt.NewMiddleware(config) }
j, err := jwt.NewMiddleware(config)
```
Once the middleware is instanciated, create a route for users to generate a JWT Once the middleware is instanciated, create a route for users to generate a JWT
at. at.
http.Handle("/authenticate", j.GenerateToken()) ```go
http.Handle("/authenticate", j.GenerateToken())
```
The auth function takes two arguments (the identity, and the authorization The auth function takes two arguments (the identity, and the authorization
key), POSTed as a JSON-encoded body: key), POSTed as a JSON-encoded body:
@ -112,7 +118,9 @@ function should return a `map[string]interface{}` with the desired claimset.
Routes are "secured" by calling the `Secure(http.Handler, jwt.VerifyClaimsFunc)` Routes are "secured" by calling the `Secure(http.Handler, jwt.VerifyClaimsFunc)`
handler: handler:
http.Handle("/secureendpoint", j.Secure(someHandler, verifyClaimsFunc)) ```go
http.Handle("/secureendpoint", j.Secure(someHandler, verifyClaimsFunc))
```
The claims verification function is called after the token has been parsed and The claims verification function is called after the token has been parsed and
validated: this is where you control how your application handles the claims validated: this is where you control how your application handles the claims