feat: rename jwt to session & introduce upload keys
This commit is contained in:
parent
3fc792fd53
commit
3b02f4931e
7 changed files with 98 additions and 15 deletions
103
internal/auth/session/session.go
Normal file
103
internal/auth/session/session.go
Normal file
|
|
@ -0,0 +1,103 @@
|
|||
/*
|
||||
Copyright (C) 2025 hexlocation (hex@iwakura.rip) & grngxd (grng@iwakura.rip)
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package session
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
"stereo.cat/backend/internal/auth"
|
||||
"stereo.cat/backend/internal/types"
|
||||
)
|
||||
|
||||
func GenerateSessionJWT(key string, user auth.User, expiryTimestamp uint64) (string, error) {
|
||||
claims := auth.SessionClaims{
|
||||
User: user,
|
||||
Exp: expiryTimestamp,
|
||||
}
|
||||
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
return token.SignedString([]byte(key))
|
||||
}
|
||||
|
||||
|
||||
func SessionMiddleware(secret string) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
jwt, err := c.Cookie("jwt")
|
||||
if err != nil {
|
||||
// js as a fallback incase hex does a stupid again
|
||||
jwtSplit := strings.Split(c.GetHeader("Authorization"), " ")
|
||||
|
||||
if len(jwtSplit) < 2 || jwtSplit[0] != "Bearer" {
|
||||
types.ErrorUnauthorized.Throw(c, nil)
|
||||
return
|
||||
}
|
||||
|
||||
jwt = jwtSplit[1]
|
||||
}
|
||||
|
||||
claims, err := ValidateSession(jwt, secret)
|
||||
if err != nil {
|
||||
types.ErrorUnauthorized.Throw(c, err)
|
||||
return
|
||||
}
|
||||
|
||||
if userClaims, ok := claims["user"].(map[string]interface{}); ok {
|
||||
userJSON, err := json.Marshal(userClaims) // Convert map to JSON
|
||||
if err != nil {
|
||||
types.ErrorUnauthorized.Throw(c, err)
|
||||
return
|
||||
}
|
||||
|
||||
var user auth.User
|
||||
err = json.Unmarshal(userJSON, &user)
|
||||
if err != nil {
|
||||
types.ErrorUserNotFound.Throw(c, err)
|
||||
return
|
||||
}
|
||||
|
||||
claims["user"] = user
|
||||
}
|
||||
|
||||
c.Set("claims", claims)
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func ValidateSession(jwtString, key string) (jwt.MapClaims, error) {
|
||||
token, err := jwt.Parse(jwtString, func(token *jwt.Token) (any, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("Invalid signing method!")
|
||||
}
|
||||
|
||||
return []byte(key), nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
|
||||
return claims, nil
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("Invalid token!")
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue