chore(Easyauth): add checkuser function for smaler interface
This commit is contained in:
parent
1e61d9dd15
commit
a14596c55a
2 changed files with 22 additions and 6 deletions
25
easyauth.go
25
easyauth.go
|
@ -12,7 +12,8 @@ import (
|
||||||
|
|
||||||
type EasyAuth struct {
|
type EasyAuth struct {
|
||||||
client Auth
|
client Auth
|
||||||
jwtSecret []byte
|
JwtSecret []byte
|
||||||
|
TimeUntilJWTExpired time.Duration
|
||||||
}
|
}
|
||||||
|
|
||||||
type UserClaims struct {
|
type UserClaims struct {
|
||||||
|
@ -23,10 +24,24 @@ type UserClaims struct {
|
||||||
func NewEasyAuth(client Auth) (EasyAuth, error) {
|
func NewEasyAuth(client Auth) (EasyAuth, error) {
|
||||||
e := EasyAuth{}
|
e := EasyAuth{}
|
||||||
e.client = client
|
e.client = client
|
||||||
e.jwtSecret = []byte("hsajedogö")
|
e.JwtSecret = []byte("hsajedogö")
|
||||||
|
e.TimeUntilJWTExpired = 120 * time.Minute
|
||||||
return e, nil
|
return e, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (e EasyAuth) CheckUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, error) {
|
||||||
|
user, con, err := e.GetUser(w, r)
|
||||||
|
if err != nil {
|
||||||
|
return AuthentikUser{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if !con {
|
||||||
|
return AuthentikUser{}, ErrUserNeedRedirect
|
||||||
|
}
|
||||||
|
|
||||||
|
return user, nil
|
||||||
|
}
|
||||||
|
|
||||||
func (e EasyAuth) GetUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, bool, error) {
|
func (e EasyAuth) GetUser(w http.ResponseWriter, r *http.Request) (AuthentikUser, bool, error) {
|
||||||
store, err := session.Start(context.Background(), w, r)
|
store, err := session.Start(context.Background(), w, r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -48,7 +63,7 @@ func (e EasyAuth) GetUser(w http.ResponseWriter, r *http.Request) (AuthentikUser
|
||||||
jwtString := fmt.Sprintf("%s", jwtData)
|
jwtString := fmt.Sprintf("%s", jwtData)
|
||||||
|
|
||||||
parsedAccessToken, _ := jwt.ParseWithClaims(jwtString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
|
parsedAccessToken, _ := jwt.ParseWithClaims(jwtString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
|
||||||
return e.jwtSecret, nil
|
return e.JwtSecret, nil
|
||||||
})
|
})
|
||||||
|
|
||||||
if !parsedAccessToken.Valid {
|
if !parsedAccessToken.Valid {
|
||||||
|
@ -83,7 +98,7 @@ func (e EasyAuth) AuthHTTPHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
panic(err) // TODO: Deal with error
|
panic(err) // TODO: Deal with error
|
||||||
}
|
}
|
||||||
|
|
||||||
expired := time.Now().Add(5 * time.Minute)
|
expired := time.Now().Add(e.TimeUntilJWTExpired)
|
||||||
|
|
||||||
claims := UserClaims{}
|
claims := UserClaims{}
|
||||||
claims.Issuer = "EasyAuth"
|
claims.Issuer = "EasyAuth"
|
||||||
|
@ -94,7 +109,7 @@ func (e EasyAuth) AuthHTTPHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
claims.User = user
|
claims.User = user
|
||||||
|
|
||||||
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
|
jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
|
||||||
jwtString, err := jwtToken.SignedString(e.jwtSecret)
|
jwtString, err := jwtToken.SignedString(e.JwtSecret)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err) // TODO: Deal with error
|
panic(err) // TODO: Deal with error
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,4 +11,5 @@ var (
|
||||||
ErrWrongResponseFromServer = errors.New("cant get access token from server")
|
ErrWrongResponseFromServer = errors.New("cant get access token from server")
|
||||||
ErrCantGetUserInfo = errors.New("cant get user info")
|
ErrCantGetUserInfo = errors.New("cant get user info")
|
||||||
ErrCreateRequestForUserInfo = errors.New("cant create request for get user")
|
ErrCreateRequestForUserInfo = errors.New("cant create request for get user")
|
||||||
|
ErrUserNeedRedirect = errors.New("user need to login at oauth server")
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue