-
Notifications
You must be signed in to change notification settings - Fork 0
/
security_jwt.go
135 lines (112 loc) · 3.6 KB
/
security_jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
package goapi
import (
"github.com/golang-jwt/jwt/v5"
json "github.com/json-iterator/go"
"time"
)
type (
SigningMethod = jwt.SigningMethod
SigningMethodRSA = jwt.SigningMethodRSA
SigningMethodHMAC = jwt.SigningMethodHMAC
SigningMethodECDSA = jwt.SigningMethodECDSA
SigningMethodEd25519 = jwt.SigningMethodEd25519
)
var (
// hmac
SigningMethodHS256 *SigningMethodHMAC = jwt.SigningMethodHS256
SigningMethodHS384 *SigningMethodHMAC = jwt.SigningMethodHS384
SigningMethodHS512 *SigningMethodHMAC = jwt.SigningMethodHS512
// rsa
SigningMethodRS256 *SigningMethodRSA = jwt.SigningMethodRS256
SigningMethodRS384 *SigningMethodRSA = jwt.SigningMethodRS384
SigningMethodRS512 *SigningMethodRSA = jwt.SigningMethodRS512
// ecdsa
SigningMethodES256 *SigningMethodECDSA = jwt.SigningMethodES256
SigningMethodES384 *SigningMethodECDSA = jwt.SigningMethodES384
SigningMethodES512 *SigningMethodECDSA = jwt.SigningMethodES512
// ed25519
SigningMethodEdDSA *SigningMethodEd25519 = jwt.SigningMethodEdDSA
)
// HTTPBearerJWT verification interface
type HTTPBearerJWT interface {
// EncryptKey the encrypted key
EncryptKey() (any, error)
// DecryptKey the Decryption key
DecryptKey() (any, error)
// SigningMethod encryption and decryption methods
SigningMethod() SigningMethod
// HTTPBearerJWT jwt logical
HTTPBearerJWT(jwt *JWT)
}
type JWT struct {
// the `iss` (Issuer) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1
Issuer string `json:"iss"`
// the `sub` (Subject) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
Subject string `json:"sub"`
// the `aud` (Audience) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3
Audience []string `json:"aud"`
// the `exp` (Expiration Time) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4
ExpiresAt time.Time `json:"exp"`
// the `nbf` (Not Before) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5
NotBefore time.Time `json:"nbf"`
// the `iat` (Issued At) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6
IssuedAt time.Time `json:"iat"`
// the `jti` (JWT ID) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7
ID string `json:"jti"`
Extensions map[string]any `json:"ext"`
}
func (j *JWT) GetExpirationTime() (*jwt.NumericDate, error) {
return &jwt.NumericDate{Time: j.ExpiresAt}, nil
}
func (j *JWT) GetIssuedAt() (*jwt.NumericDate, error) {
return &jwt.NumericDate{Time: j.IssuedAt}, nil
}
func (j *JWT) GetNotBefore() (*jwt.NumericDate, error) {
return &jwt.NumericDate{Time: j.NotBefore}, nil
}
func (j *JWT) GetIssuer() (string, error) {
return j.Issuer, nil
}
func (j *JWT) GetSubject() (string, error) {
return j.Subject, nil
}
func (j *JWT) GetAudience() (jwt.ClaimStrings, error) {
return j.Audience, nil
}
// Encrypt Get Jwt encrypted string
func (j *JWT) Encrypt(bearerJWT HTTPBearerJWT) (string, error) {
token := jwt.NewWithClaims(bearerJWT.SigningMethod(), j)
encryptKey, err := bearerJWT.EncryptKey()
if err != nil {
return "", err
}
return token.SignedString(encryptKey)
}
func (j *JWT) MarshalJSON() ([]byte, error) {
m := map[string]any{}
if j.Issuer != "" {
m["iss"] = j.Issuer
}
if j.Subject != "" {
m["sub"] = j.Subject
}
if len(j.Audience) > 0 {
m["aud"] = j.Audience
}
if !j.ExpiresAt.IsZero() {
m["exp"] = j.ExpiresAt.Unix()
}
if !j.NotBefore.IsZero() {
m["nbf"] = j.NotBefore.Unix()
}
if !j.IssuedAt.IsZero() {
m["iat"] = j.IssuedAt.Unix()
}
if j.ID != "" {
m["jti"] = j.ID
}
if len(j.Extensions) > 0 {
m["ext"] = j.Extensions
}
return json.Marshal(m)
}