go-packages/iris
1
0
Fork 0
mirror of https://github.com/kataras/iris.git synced 2025-02-02 15:30:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

add some godoc to jwt

Browse Source
This commit is contained in:
Gerasimos (Makis) Maropoulos 2020-11-01 04:23:36 +02:00
parent 3d59d19de6
commit 836fb18c57
No known key found for this signature in database
GPG Key ID: 5DBE766BD26A54E7
2 changed files with 49 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
middleware/jwt/signer.go
View File

@ -7,6 +7,11 @@ import (
"github.com/kataras/jwt" "github.com/kataras/jwt"
) )
// Signer holds common options to sign and generate a token.
// Its Sign method can be used to generate a token which can be sent to the client.
// Its NewTokenPair can be used to construct a token pair (access_token, refresh_token).
//
// It does not support JWE, JWK.
type Signer struct { type Signer struct {
Alg Alg Alg Alg
Key interface{} Key interface{}
@ -16,6 +21,14 @@ type Signer struct {
Encrypt func([]byte) ([]byte, error) Encrypt func([]byte) ([]byte, error)
} }
// NewSigner accepts the signature algorithm among with its (private or shared) key
// and the max life time duration of generated tokens and returns a JWT signer.
// See its Sign method.
//
// Usage:
//
// signer := NewSigner(HS256, secret, 15*time.Minute)
// token, err := signer.Sign(userClaims{Username: "kataras"})
func NewSigner(signatureAlg Alg, signatureKey interface{}, maxAge time.Duration) *Signer { func NewSigner(signatureAlg Alg, signatureKey interface{}, maxAge time.Duration) *Signer {
return &Signer{ return &Signer{
Alg: signatureAlg, Alg: signatureAlg,
@ -24,7 +37,7 @@ func NewSigner(signatureAlg Alg, signatureKey interface{}, maxAge time.Duration)
} }
} }
// WithEncryption enables AES-GCM payload decryption. // WithEncryption enables AES-GCM payload-only decryption.
func (s *Signer) WithEncryption(key, additionalData []byte) *Signer { func (s *Signer) WithEncryption(key, additionalData []byte) *Signer {
encrypt, _, err := jwt.GCM(key, additionalData) encrypt, _, err := jwt.GCM(key, additionalData)
if err != nil { if err != nil {

39
middleware/jwt/verifier.go
View File

@ -38,6 +38,8 @@ func GetVerifiedToken(ctx *context.Context) *VerifiedToken {
// Verifier holds common options to verify an incoming token. // Verifier holds common options to verify an incoming token.
// Its Verify method can be used as a middleware to allow authorized clients to access an API. // Its Verify method can be used as a middleware to allow authorized clients to access an API.
//
// It does not support JWE, JWK.
type Verifier struct { type Verifier struct {
Alg Alg Alg Alg
Key interface{} Key interface{}
@ -53,10 +55,30 @@ type Verifier struct {
DisableContextUser bool DisableContextUser bool
} }
// NewVerifier accepts the algorithm for the token's signature among with its (private) key // NewVerifier accepts the algorithm for the token's signature among with its (public) key
// and optionally some token validators for all verify middlewares that may initialized under this Verifier. // and optionally some token validators for all verify middlewares that may initialized under this Verifier.
//
// See its Verify method. // See its Verify method.
//
// Usage:
//
// verifier := NewVerifier(HS256, secret)
// OR
// verifier := NewVerifier(HS256, secret, Expected{Issuer: "my-app"})
//
// claimsGetter := func() interface{} { return new(userClaims) }
// middleware := verifier.Verify(claimsGetter)
// OR
// middleware := verifier.Verify(claimsGetter, Expected{Issuer: "my-app"})
//
// Register the middleware, e.g.
// app.Use(middleware)
//
// Get the claims:
// claims := jwt.Get(ctx).(*userClaims)
// username := claims.Username
//
// Get the context user:
// username, err := ctx.User().GetUsername()
func NewVerifier(signatureAlg Alg, signatureKey interface{}, validators ...TokenValidator) *Verifier { func NewVerifier(signatureAlg Alg, signatureKey interface{}, validators ...TokenValidator) *Verifier {
return &Verifier{ return &Verifier{
Alg: signatureAlg, Alg: signatureAlg,
@ -69,7 +91,7 @@ func NewVerifier(signatureAlg Alg, signatureKey interface{}, validators ...Token
} }
} }
// WithDecryption enables AES-GCM payload encryption. // WithDecryption enables AES-GCM payload-only encryption.
func (v *Verifier) WithDecryption(key, additionalData []byte) *Verifier { func (v *Verifier) WithDecryption(key, additionalData []byte) *Verifier {
_, decrypt, err := jwt.GCM(key, additionalData) _, decrypt, err := jwt.GCM(key, additionalData)
if err != nil { if err != nil {
@ -137,7 +159,16 @@ func (v *Verifier) VerifyToken(token []byte, validators ...TokenValidator) (*Ver
// from unauthorized client requests. After this, the route handlers can access the claims // from unauthorized client requests. After this, the route handlers can access the claims
// through the jwt.Get package-level function. // through the jwt.Get package-level function.
// //
// Example Code: // By default it extracts the token from Authorization: Bearer $token header and ?token URL Query parameter,
// to change that behavior modify its Extractors field.
//
// By default a 401 status code with a generic message will be sent to the client on
// a token verification or claims validation failure, to change that behavior
// modify its ErrorHandler field or register OnErrorCode(401, errorHandler) and
// retrieve the error through Context.GetErr method.
//
// If the "claimsType" is nil then only the jwt.GetVerifiedToken is available
// and the handler should unmarshal the payload to extract the claims by itself.
func (v *Verifier) Verify(claimsType func() interface{}, validators ...TokenValidator) context.Handler { func (v *Verifier) Verify(claimsType func() interface{}, validators ...TokenValidator) context.Handler {
unmarshal := jwt.Unmarshal unmarshal := jwt.Unmarshal
if claimsType != nil { if claimsType != nil {