From 79bfa116399d124d686fbf8d6eaf819dda81218e Mon Sep 17 00:00:00 2001 From: Davide Ghilardi Date: Mon, 22 Aug 2016 18:43:18 +0200 Subject: [PATCH 1/2] updted dependency url for uuid package --- core/authentication/jwt_backend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/authentication/jwt_backend.go b/core/authentication/jwt_backend.go index 3e1aa25..e217ce4 100644 --- a/core/authentication/jwt_backend.go +++ b/core/authentication/jwt_backend.go @@ -5,7 +5,7 @@ import ( "api.jwt.auth/services/models" "api.jwt.auth/settings" "bufio" - "code.google.com/p/go-uuid/uuid" + "github.com/pborman/uuid" "crypto/rsa" "crypto/x509" "encoding/pem" From dec064c96ff897d8a39e2999818b9cf4bb72aa71 Mon Sep 17 00:00:00 2001 From: Davide Ghilardi Date: Mon, 22 Aug 2016 18:47:28 +0200 Subject: [PATCH 2/2] Migrate jwt-go library from v2 to v3 --- core/authentication/jwt_backend.go | 10 ++++++---- core/authentication/middlewares.go | 3 ++- services/auth_service.go | 3 ++- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/core/authentication/jwt_backend.go b/core/authentication/jwt_backend.go index e217ce4..861cfee 100644 --- a/core/authentication/jwt_backend.go +++ b/core/authentication/jwt_backend.go @@ -40,9 +40,11 @@ func InitJWTAuthenticationBackend() *JWTAuthenticationBackend { func (backend *JWTAuthenticationBackend) GenerateToken(userUUID string) (string, error) { token := jwt.New(jwt.SigningMethodRS512) - token.Claims["exp"] = time.Now().Add(time.Hour * time.Duration(settings.Get().JWTExpirationDelta)).Unix() - token.Claims["iat"] = time.Now().Unix() - token.Claims["sub"] = userUUID + token.Claims = jwt.MapClaims{ + "exp": time.Now().Add(time.Hour * time.Duration(settings.Get().JWTExpirationDelta)).Unix(), + "iat": time.Now().Unix(), + "sub": userUUID, + } tokenString, err := token.SignedString(backend.privateKey) if err != nil { panic(err) @@ -76,7 +78,7 @@ func (backend *JWTAuthenticationBackend) getTokenRemainingValidity(timestamp int func (backend *JWTAuthenticationBackend) Logout(tokenString string, token *jwt.Token) error { redisConn := redis.Connect() - return redisConn.SetValue(tokenString, tokenString, backend.getTokenRemainingValidity(token.Claims["exp"])) + return redisConn.SetValue(tokenString, tokenString, backend.getTokenRemainingValidity(token.Claims.(jwt.MapClaims)["exp"])) } func (backend *JWTAuthenticationBackend) IsInBlacklist(token string) bool { diff --git a/core/authentication/middlewares.go b/core/authentication/middlewares.go index 0cd4a7d..63c675f 100644 --- a/core/authentication/middlewares.go +++ b/core/authentication/middlewares.go @@ -3,13 +3,14 @@ package authentication import ( "fmt" jwt "github.com/dgrijalva/jwt-go" + request "github.com/dgrijalva/jwt-go/request" "net/http" ) func RequireTokenAuthentication(rw http.ResponseWriter, req *http.Request, next http.HandlerFunc) { authBackend := InitJWTAuthenticationBackend() - token, err := jwt.ParseFromRequest(req, func(token *jwt.Token) (interface{}, error) { + token, err := request.ParseFromRequest(req, request.OAuth2Extractor, func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok { return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) } else { diff --git a/services/auth_service.go b/services/auth_service.go index 4409fc2..3d26e4a 100644 --- a/services/auth_service.go +++ b/services/auth_service.go @@ -6,6 +6,7 @@ import ( "api.jwt.auth/services/models" "encoding/json" jwt "github.com/dgrijalva/jwt-go" + request "github.com/dgrijalva/jwt-go/request" "net/http" ) @@ -40,7 +41,7 @@ func RefreshToken(requestUser *models.User) []byte { func Logout(req *http.Request) error { authBackend := authentication.InitJWTAuthenticationBackend() - tokenRequest, err := jwt.ParseFromRequest(req, func(token *jwt.Token) (interface{}, error) { + tokenRequest, err := request.ParseFromRequest(req, request.OAuth2Extractor, func(token *jwt.Token) (interface{}, error) { return authBackend.PublicKey, nil }) if err != nil {