add jwt
This commit is contained in:
parent
24de27a714
commit
5864585b61
50
webserver/authmod/jwt.go
Normal file
50
webserver/authmod/jwt.go
Normal file
@ -0,0 +1,50 @@
|
||||
package authmod
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/coreos/go-oidc"
|
||||
"github.com/golang-jwt/jwt/v4"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
type AuthTokenClaims struct {
|
||||
jwt.RegisteredClaims // 표준 토큰 Claims
|
||||
UserInfo *oidc.UserInfo
|
||||
}
|
||||
|
||||
var TknHmacSecret []byte = nil
|
||||
|
||||
func init() {
|
||||
TknHmacSecret = []byte(uuid.New().String())
|
||||
}
|
||||
|
||||
func IssueJWT(userInfo *oidc.UserInfo, period time.Duration) (string, error) {
|
||||
claims := AuthTokenClaims{
|
||||
UserInfo: userInfo,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(period)),
|
||||
IssuedAt: jwt.NewNumericDate(time.Now()),
|
||||
NotBefore: jwt.NewNumericDate(time.Now()),
|
||||
},
|
||||
}
|
||||
|
||||
tkn := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
ss, err := tkn.SignedString([]byte(TknHmacSecret))
|
||||
|
||||
return ss, err
|
||||
}
|
||||
|
||||
func ParseJWTwithClaims(ss string) (*AuthTokenClaims, error) {
|
||||
claims := AuthTokenClaims{}
|
||||
|
||||
_, err := jwt.ParseWithClaims(ss, &claims, func(token *jwt.Token) (interface{}, error) {
|
||||
return TknHmacSecret, nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &claims, nil
|
||||
}
|
||||
@ -4,7 +4,9 @@ import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"io"
|
||||
"iothomepage/authmod"
|
||||
"log"
|
||||
"net/http"
|
||||
"time"
|
||||
@ -93,11 +95,17 @@ func authCallback(ctx *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
_ = userInfo
|
||||
ss, err := authmod.IssueJWT(userInfo, time.Second)
|
||||
if err != nil {
|
||||
http.Error(ctx.Writer, "generate jwt error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
fmt.Println(userInfo)
|
||||
|
||||
c := &http.Cookie{
|
||||
Name: "__edit_access_token_",
|
||||
Value: "temporary-token",
|
||||
Value: ss,
|
||||
MaxAge: int(time.Hour.Seconds()),
|
||||
Secure: ctx.Request.TLS != nil,
|
||||
HttpOnly: true,
|
||||
|
||||
@ -2,6 +2,7 @@ package router
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"iothomepage/authmod"
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
@ -28,7 +29,7 @@ func NewRouter() *gin.Engine {
|
||||
r.Any("/*any", func(c *gin.Context) {
|
||||
defer handleError(c)
|
||||
path := c.Param("any")
|
||||
if strings.HasPrefix(path, "/home") {
|
||||
if strings.HasPrefix(path, "/dashboard") {
|
||||
assetEngine.HandleContext(c)
|
||||
return
|
||||
} else if strings.HasPrefix(path, "/auth") {
|
||||
@ -70,8 +71,12 @@ func checkAuthority(c *gin.Context) bool {
|
||||
return false
|
||||
}
|
||||
|
||||
// editAuth check
|
||||
_ = editAuth
|
||||
claims, err := authmod.ParseJWTwithClaims(editAuth)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
fmt.Println(claims.UserInfo)
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user