Token Logout - Redis black list.

Author: raul-brainattica

controllers/auth_controller.go

@@ -5,6 +5,8 @@ import (
 	"api.jwt.auth/core/authentication"
 	"api.jwt.auth/services/models"
 	"encoding/json"
+	"fmt"
+	jwt "github.com/dgrijalva/jwt-go"
 	"net/http"
 )
 
@@ -19,6 +21,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 		token := parameters.TokenAuthentication{authBackend.GenerateToken()}
 		response, _ := json.Marshal(token)
 		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
 		w.Write(response)
 
 	} else {
@@ -37,5 +40,21 @@ func RefresfhToken(w http.ResponseWriter, r *http.Request, next http.HandlerFunc
 }
 
 func Logout(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
-	w.Write([]byte("Unauthorized"))
+	authBackend := authentication.InitJWTAuthenticationBackend()
+	token, err := jwt.ParseFromRequest(r, func(token *jwt.Token) (interface{}, error) {
+		return authBackend.PublicKey, nil
+	})
+	tokenString := r.Header.Get("Authorization")
+
+	err = authBackend.Logout(tokenString, token)
+
+	w.Header().Set("Content-Type", "application/json")
+	if err != nil {
+		fmt.Println(http.StatusInternalServerError)
+		fmt.Println(err)
+		w.WriteHeader(http.StatusInternalServerError)
+	} else {
+		fmt.Println(http.StatusOK)
+		w.WriteHeader(http.StatusOK)
+	}
 }

core/authentication/jwt_backend.go

@@ -1,18 +1,25 @@
 package authentication
 
 import (
+	"api.jwt.auth/core/redis"
 	"api.jwt.auth/services/models"
 	jwt "github.com/dgrijalva/jwt-go"
 	"golang.org/x/crypto/bcrypt"
 	"io/ioutil"
 	"path/filepath"
+	"time"
 )
 
 type JWTAuthenticationBackend struct {
 	privateKey []byte
 	PublicKey  []byte
 }
 
+const (
+	tokenDuration = 72
+	expireOffset  = 3600
+)
+
 func InitJWTAuthenticationBackend() *JWTAuthenticationBackend {
 	authBack := new(JWTAuthenticationBackend)
 	privateKeyPath, _ := filepath.Abs("./core/authentication/keys/private_key")
@@ -25,6 +32,7 @@ func InitJWTAuthenticationBackend() *JWTAuthenticationBackend {
 
 func (backend *JWTAuthenticationBackend) GenerateToken() string {
 	token := jwt.New(jwt.GetSigningMethod("RS256"))
+	token.Claims["exp"] = time.Now().Add(time.Hour * time.Duration(tokenDuration)).Unix()
 	tokenString, _ := token.SignedString(backend.privateKey)
 	return tokenString
 }
@@ -40,6 +48,29 @@ func (backend *JWTAuthenticationBackend) Authenticate(user *models.User) bool {
 	return user.Username == testUser.Username && bcrypt.CompareHashAndPassword([]byte(testUser.Password), []byte(user.Password)) == nil
 }
 
-func (backend *JWTAuthenticationBackend) Logout(token string) error {
-	return nil
+func (backend *JWTAuthenticationBackend) getTokenRemainingValidity(timestamp interface{}) int {
+	if validity, ok := timestamp.(float64); ok {
+		tm := time.Unix(int64(validity), 0)
+		remainer := tm.Sub(time.Now())
+		if remainer > 0 {
+			return int(remainer.Seconds() + expireOffset)
+		}
+	}
+	return expireOffset
+}
+
+func (backend *JWTAuthenticationBackend) Logout(tokenString string, token *jwt.Token) error {
+	redisConn := redis.Connect()
+	return redisConn.SetValue(tokenString, tokenString, backend.getTokenRemainingValidity(token.Claims["exp"]))
+}
+
+func (backend *JWTAuthenticationBackend) IsInBlacklist(token string) bool {
+	redisConn := redis.Connect()
+	redisToken, _ := redisConn.GetValue(token)
+
+	if redisToken == nil {
+		return false
+	}
+
+	return true
 }

core/authentication/middlewares.go

@@ -12,7 +12,7 @@ func RequireTokenAuthentication(rw http.ResponseWriter, req *http.Request, next
 		return authBackend.PublicKey, nil
 	})
 
-	if err == nil && token.Valid {
+	if err == nil && token.Valid && !authBackend.IsInBlacklist(req.Header.Get("Authorization")) {
 		next(rw, req)
 	} else {
 		rw.WriteHeader(http.StatusUnauthorized)

core/redis/redis_cli.go

@@ -0,0 +1,45 @@
+package redis
+
+import (
+	"github.com/garyburd/redigo/redis"
+)
+
+type RedisCli struct {
+	conn redis.Conn
+}
+
+var instanceRedisCli *RedisCli = nil
+
+func Connect() (conn *RedisCli) {
+	if instanceRedisCli == nil {
+		instanceRedisCli = new(RedisCli)
+		var err error
+
+		instanceRedisCli.conn, err = redis.Dial("tcp", ":6379")
+
+		if err != nil {
+			panic(err)
+		}
+
+		if _, err := instanceRedisCli.conn.Do("AUTH", "Brainattica"); err != nil {
+			instanceRedisCli.conn.Close()
+			panic(err)
+		}
+	}
+
+	return instanceRedisCli
+}
+
+func (redisCli *RedisCli) SetValue(key string, value string, expiration ...interface{}) error {
+	_, err := redisCli.conn.Do("SET", key, value)
+
+	if err == nil && expiration != nil {
+		redisCli.conn.Do("EXPIRE", key, expiration[0])
+	}
+
+	return err
+}
+
+func (redisCli *RedisCli) GetValue(key string) (interface{}, error) {
+	return redisCli.conn.Do("GET", key)
+}

routers/authentication.go

@@ -10,5 +10,6 @@ import (
 func SetAuthenticationRoutes(router *mux.Router) *mux.Router {
 	router.HandleFunc("/token-auth", controllers.Login).Methods("POST")
 	router.Handle("/refresh-token-auth", negroni.New(negroni.HandlerFunc(authentication.RequireTokenAuthentication), negroni.HandlerFunc(controllers.RefresfhToken))).Methods("GET")
+	router.Handle("/logout", negroni.New(negroni.HandlerFunc(authentication.RequireTokenAuthentication), negroni.HandlerFunc(controllers.Logout))).Methods("GET")
 	return router
 }