feat: add validator for jwt
This commit is contained in:
d3m0k1d
@@ -4,6 +4,7 @@ import (
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"gitea.d3m0k1d.ru/d3m0k1d/d3m0k1d.ru/backend/internal/storage"
|
||||
"github.com/gin-gonic/gin"
|
||||
@@ -14,10 +15,13 @@ var jwtSecret = []byte(os.Getenv("JWT_SECRET"))
|
||||
|
||||
func GenerateJWT(user storage.User) (string, error) {
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
|
||||
"id": user.ID,
|
||||
"email": user.Email,
|
||||
"login": user.GithubLogin,
|
||||
"github_id": user.GithubID,
|
||||
"id": user.ID,
|
||||
"email": user.Email,
|
||||
"login": user.GithubLogin,
|
||||
"github_id": user.GithubID,
|
||||
"avatar_url": user.AvatarURL,
|
||||
"exp": time.Now().Add(30 * 24 * time.Hour).Unix(), // 30 дней
|
||||
"iat": time.Now().Unix(),
|
||||
})
|
||||
tokenString, err := token.SignedString(jwtSecret)
|
||||
if err != nil {
|
||||
@@ -113,3 +117,58 @@ func RequireAdmin() gin.HandlerFunc {
|
||||
c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
func ValidateJWT(tokenString string) (*storage.User, error) {
|
||||
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
||||
}
|
||||
return jwtSecret, nil
|
||||
})
|
||||
|
||||
if err != nil || !token.Valid {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
claims, ok := token.Claims.(jwt.MapClaims)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid claims")
|
||||
}
|
||||
|
||||
if exp, ok := claims["exp"].(float64); ok {
|
||||
if time.Now().Unix() > int64(exp) {
|
||||
return nil, fmt.Errorf("token expired")
|
||||
}
|
||||
}
|
||||
idFloat, ok := claims["id"].(float64)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid id in token")
|
||||
}
|
||||
|
||||
githubIDFloat, ok := claims["github_id"].(float64)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid github_id in token")
|
||||
}
|
||||
|
||||
login, ok := claims["login"].(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid login in token")
|
||||
}
|
||||
|
||||
email, ok := claims["email"].(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("invalid email in token")
|
||||
}
|
||||
|
||||
avatarURL, _ := claims["avatar_url"].(string)
|
||||
|
||||
user := &storage.User{
|
||||
ID: int(idFloat),
|
||||
GithubID: int(githubIDFloat),
|
||||
GithubLogin: login,
|
||||
Email: email,
|
||||
AvatarURL: avatarURL,
|
||||
}
|
||||
|
||||
return user, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user