add jwt middleware for authentication

smf8 · smf8 · commit 139454acee80 · 2020-01-16T01:39:05.000+03:30
diff --git a/common/erros.go b/common/erros.go
@@ -3,7 +3,6 @@ package common
 // got error handling idea from https://medium.com/ki-labs-engineering/rest-api-error-handling-in-go-behavioral-type-assertion-509d93636afd
 
 import (
-	"fmt"
 	"github.com/asaskevich/govalidator"
 	"github.com/labstack/echo/v4"
 	"net/http"
@@ -35,14 +34,13 @@ func NewError() *Error {
 type RequestError struct {
 	Cause  error
 	Detail string
-	Type   string
 	Status int
 }
 
 // NewBindingError creates an error with given data. "bindingType" is the type that is being bound
 // provide short description for "detail" to display to user as error message
-func NewBindingError(detail, bindingType string, err error, statusCode int) *RequestError {
-	return &RequestError{err, detail, bindingType, statusCode}
+func NewRequestError(detail string, err error, statusCode int) *RequestError {
+	return &RequestError{err, detail, statusCode}
 }
 func (se *RequestError) Error() string {
 	if se.Cause == nil {
@@ -52,8 +50,7 @@ func (se *RequestError) Error() string {
 }
 func (se *RequestError) ErrorBody() Error {
 	body := NewError()
-	body.Body["type"] = fmt.Sprintf("Error parsing request of type %s", se.Type)
-	body.Body["detail"] = se.Detail
+	body.Body["body"] = se.Detail
 	return *body
 }
 
@@ -88,16 +85,26 @@ func (e *ValidationError) ErrorBody() Error {
 // CustomHTTPErrorHandler, here we define what to do with each types of errors
 func CustomHTTPErrorHandler(err error, c echo.Context) {
 	code := http.StatusInternalServerError
-	cErr := err.(ClientError)
-	switch e := cErr.(type) {
-	case *RequestError:
-		code = e.Status
-	case *ValidationError:
-		code = http.StatusBadRequest
-	}
-	e := c.JSON(code, cErr.ErrorBody())
-	if e != nil {
-		c.Logger().Error(e)
+	switch err.(type) {
+	case ClientError:
+		ce := err.(ClientError)
+		e := c.JSON(code, ce.ErrorBody())
+		if e != nil {
+			c.Logger().Error(e)
+		}
+
+		c.Logger().Error(ce)
+		switch e := ce.(type) {
+		case *RequestError:
+			code = e.Status
+		case *ValidationError:
+			code = http.StatusBadRequest
+		}
+	case *echo.HTTPError:
+		e := c.JSON(err.(*echo.HTTPError).Code, err.(*echo.HTTPError).Message)
+		if e != nil {
+			c.Logger().Error(e)
+		}
+		c.Logger().Error(err)
 	}
-	c.Logger().Error(cErr)
 }
diff --git a/common/jwt.go b/common/jwt.go
@@ -0,0 +1,21 @@
+package common
+
+import (
+	"github.com/dgrijalva/jwt-go"
+	"net/http"
+	"time"
+)
+
+var JWTSecret = []byte("SuperSecret")
+
+func GenerateJWT(id int) (string, error) {
+	token := jwt.New(jwt.SigningMethodHS256)
+	claims := token.Claims.(jwt.MapClaims)
+	claims["id"] = id
+	claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
+	t, err := token.SignedString(JWTSecret)
+	if err != nil {
+		return "", NewRequestError("Error generating JWT token", err, http.StatusInternalServerError)
+	}
+	return t, nil
+}
diff --git a/go.mod b/go.mod
@@ -4,6 +4,7 @@ go 1.12
 
 require (
 	github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/gammazero/workerpool v0.0.0-20200108033143-79b2336fad7a
 	github.com/jinzhu/gorm v1.9.11
 	github.com/kr/pretty v0.2.0 // indirect
diff --git a/go.sum b/go.sum
@@ -17,6 +17,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3 h1:tkum0XDgfR0jcVVXuTsYv/erY2NnEDqwRojbxR1rBYA=
 github.com/denisenkom/go-mssqldb v0.0.0-20190515213511-eb9f6a1743f3/go.mod h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
diff --git a/middleware/jwt.go b/middleware/jwt.go
@@ -0,0 +1,42 @@
+// codes from https://github.com/labstack/echo/blob/master/middleware/jwt.go
+package middleware
+
+import (
+	"github.com/labstack/echo/v4"
+	"github.com/labstack/echo/v4/middleware"
+	"strings"
+)
+
+type whiteList struct {
+	path   string
+	method string
+}
+
+// authWhiteList specifies paths to be skipped by jwt authentication middleware
+var authWhiteList []whiteList
+
+// AddToWhiteList is used to add a path to skipper white list
+// provide path relative to api version like /api/your/path/here as skipper uses strings.Contains to find whether
+// it is in context path or not
+func AddToWhiteList(path string, method string) {
+	if authWhiteList == nil {
+		authWhiteList = make([]whiteList, 0)
+	}
+	authWhiteList = append(authWhiteList, whiteList{path, method})
+}
+
+func skipper(c echo.Context) bool {
+	for _, v := range authWhiteList {
+		if strings.Contains(c.Path(), v.path) && c.Request().Method == v.method {
+			return true
+		}
+	}
+	return false
+}
+
+func JWT(key interface{}) echo.MiddlewareFunc {
+	c := middleware.DefaultJWTConfig
+	c.SigningKey = key
+	c.Skipper = skipper
+	return middleware.JWTWithConfig(c)
+}
