feat(auth): Add /token endpoint to request a access token
This commit is contained in:
Björn Benouarets
@@ -6,7 +6,10 @@ import (
|
||||
|
||||
"git.secnex.io/secnex/masterlog"
|
||||
"git.secnex.io/secnex/oauth2-api/config"
|
||||
"git.secnex.io/secnex/oauth2-api/repositories"
|
||||
"git.secnex.io/secnex/oauth2-api/utils"
|
||||
"github.com/gofiber/fiber/v2"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
func AuthMiddleware() fiber.Handler {
|
||||
@@ -15,24 +18,52 @@ func AuthMiddleware() fiber.Handler {
|
||||
masterlog.Debug("Unprotected endpoint", map[string]interface{}{"path": c.Path()})
|
||||
return c.Next()
|
||||
}
|
||||
token := c.Get("Authorization")
|
||||
if token == "" {
|
||||
authHeader := c.Get("Authorization")
|
||||
if authHeader == "" {
|
||||
masterlog.Debug("No token provided", map[string]interface{}{"path": c.Path(), "authorization": c.Get("Authorization")})
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||
return utils.NewHTTPResponse(fiber.StatusUnauthorized, &fiber.Map{"message": "Unauthorized"}, "", nil, nil).Send(c)
|
||||
}
|
||||
|
||||
tokenParts := strings.Split(token, " ")
|
||||
tokenParts := strings.Split(authHeader, " ")
|
||||
if len(tokenParts) != 2 {
|
||||
masterlog.Debug("Invalid token parts", map[string]interface{}{"token_parts": tokenParts})
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||
return utils.NewHTTPResponse(fiber.StatusUnauthorized, &fiber.Map{"message": "Unauthorized"}, "", nil, nil).Send(c)
|
||||
}
|
||||
|
||||
tokenPartType, _ := tokenParts[0], tokenParts[1]
|
||||
tokenPartType := tokenParts[0]
|
||||
tokenString := tokenParts[1]
|
||||
|
||||
if tokenPartType != "Bearer" {
|
||||
masterlog.Debug("Invalid token type", map[string]interface{}{"token_type": tokenPartType})
|
||||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{"message": "Unauthorized"})
|
||||
return utils.NewHTTPResponse(fiber.StatusUnauthorized, &fiber.Map{"message": "Unauthorized"}, "", nil, nil).Send(c)
|
||||
}
|
||||
|
||||
if tokenString == "" {
|
||||
masterlog.Debug("Empty token string", map[string]interface{}{})
|
||||
return utils.NewHTTPResponse(fiber.StatusUnauthorized, &fiber.Map{"message": "Unauthorized"}, "", nil, nil).Send(c)
|
||||
}
|
||||
|
||||
masterlog.Debug("Token string", map[string]interface{}{"token_string": tokenString})
|
||||
|
||||
// Validate jwt token and get claims
|
||||
claims, err := jwt.ParseWithClaims(tokenString, &jwt.MapClaims{}, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte(config.CONFIG.JwtSecret), nil
|
||||
})
|
||||
if err != nil {
|
||||
masterlog.Debug("Invalid token", map[string]interface{}{"error": err.Error(), "token_string": tokenString})
|
||||
return utils.NewHTTPResponse(fiber.StatusUnauthorized, &fiber.Map{"message": "Unauthorized"}, "", nil, nil).Send(c)
|
||||
}
|
||||
|
||||
claimsMap := claims.Claims.(*jwt.MapClaims)
|
||||
sessionID := (*claimsMap)["sub"].(string)
|
||||
|
||||
session := repositories.GetSessionCache(sessionID)
|
||||
if session == nil {
|
||||
masterlog.Debug("Session not found", map[string]interface{}{"session_id": sessionID})
|
||||
return utils.NewHTTPResponse(fiber.StatusUnauthorized, &fiber.Map{"message": "Unauthorized"}, "", nil, nil).Send(c)
|
||||
}
|
||||
|
||||
c.Locals("user", session.UserID.String())
|
||||
return c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user