mirror of
https://github.com/kataras/iris.git
synced 2025-03-15 08:06:27 +01:00
OK, I think we are done with the new JWT package
This commit is contained in:
parent
a9e808345b
commit
d562f09531
|
@ -1,9 +1,15 @@
|
||||||
# Iris JWT Tutorial
|
# Iris JWT Tutorial
|
||||||
|
|
||||||
|
This example show how to use JWT with domain-driven design pattern with Iris. There is also a simple Go client which describes how you can use Go to authorize a user and use the server's API.
|
||||||
|
|
||||||
|
## Run the server
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ go run main.go
|
$ go run main.go
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Authenticate, get the token
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ curl --location --request POST 'http://localhost:8080/signin' \
|
$ curl --location --request POST 'http://localhost:8080/signin' \
|
||||||
--header 'Content-Type: application/x-www-form-urlencoded' \
|
--header 'Content-Type: application/x-www-form-urlencoded' \
|
||||||
|
@ -13,6 +19,8 @@ $ curl --location --request POST 'http://localhost:8080/signin' \
|
||||||
> $token
|
> $token
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Get all TODOs for this User
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ curl --location --request GET 'http://localhost:8080/todos' \
|
$ curl --location --request GET 'http://localhost:8080/todos' \
|
||||||
--header 'Authorization: Bearer $token'
|
--header 'Authorization: Bearer $token'
|
||||||
|
@ -20,6 +28,8 @@ $ curl --location --request GET 'http://localhost:8080/todos' \
|
||||||
> $todos
|
> $todos
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Get a specific User's TODO
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ curl --location --request GET 'http://localhost:8080/todos/$id' \
|
$ curl --location --request GET 'http://localhost:8080/todos/$id' \
|
||||||
--header 'Authorization: Bearer $token'
|
--header 'Authorization: Bearer $token'
|
||||||
|
@ -27,6 +37,8 @@ $ curl --location --request GET 'http://localhost:8080/todos/$id' \
|
||||||
> $todo
|
> $todo
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Get all TODOs for all Users (admin role)
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ curl --location --request GET 'http://localhost:8080/admin/todos' \
|
$ curl --location --request GET 'http://localhost:8080/admin/todos' \
|
||||||
--header 'Authorization: Bearer $token'
|
--header 'Authorization: Bearer $token'
|
||||||
|
@ -34,6 +46,8 @@ $ curl --location --request GET 'http://localhost:8080/admin/todos' \
|
||||||
> $todos
|
> $todos
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Create a new TODO
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ curl --location --request POST 'http://localhost:8080/todos' \
|
$ curl --location --request POST 'http://localhost:8080/todos' \
|
||||||
--header 'Authorization: Bearer $token' \
|
--header 'Authorization: Bearer $token' \
|
||||||
|
@ -46,5 +60,3 @@ $ curl --location --request POST 'http://localhost:8080/todos' \
|
||||||
> Status Created
|
> Status Created
|
||||||
> $todo
|
> $todo
|
||||||
```
|
```
|
||||||
|
|
||||||
TODO: write the article on https://medium.com/@kataras, https://dev.to/kataras and linkedin first.
|
|
||||||
|
|
|
@ -2,4 +2,6 @@ module github.com/kataras/iris/_examples/dependency-injection/jwt/contrib
|
||||||
|
|
||||||
go 1.15
|
go 1.15
|
||||||
|
|
||||||
require github.com/iris-contrib/middleware/jwt v0.0.0-20200810001613-32cf668f999f
|
require (
|
||||||
|
github.com/iris-contrib/middleware/jwt v0.0.0-20201017024110-39b50ffeb885
|
||||||
|
)
|
||||||
|
|
|
@ -11,40 +11,59 @@ func main() {
|
||||||
app := iris.New()
|
app := iris.New()
|
||||||
app.ConfigureContainer(register)
|
app.ConfigureContainer(register)
|
||||||
|
|
||||||
|
// http://localhost:8080/authenticate
|
||||||
|
// http://localhost:8080/restricted
|
||||||
app.Listen(":8080")
|
app.Listen(":8080")
|
||||||
}
|
}
|
||||||
|
|
||||||
func register(api *iris.APIContainer) {
|
var (
|
||||||
j := jwt.HMAC(15*time.Minute, "secret", "secretforencrypt")
|
secret = []byte("secret")
|
||||||
|
signer = jwt.NewSigner(jwt.HS256, secret, 15*time.Minute)
|
||||||
|
verify = jwt.NewVerifier(jwt.HS256, secret, jwt.Expected{Issuer: "myapp"}).Verify(func() interface{} {
|
||||||
|
return new(userClaims)
|
||||||
|
})
|
||||||
|
)
|
||||||
|
|
||||||
api.RegisterDependency(func(ctx iris.Context) (claims userClaims) {
|
func register(api *iris.APIContainer) {
|
||||||
if err := j.VerifyToken(ctx, &claims); err != nil {
|
// To register the middleware in the whole api container:
|
||||||
ctx.StopWithError(iris.StatusUnauthorized, err)
|
// api.Use(verify)
|
||||||
return
|
// Otherwise, protect routes when userClaims is expected on the functions input
|
||||||
|
// by calling the middleware manually, see below.
|
||||||
|
api.RegisterDependency(func(ctx iris.Context) (claims *userClaims) {
|
||||||
|
if ctx.Proceed(verify) { // the "verify" middleware will stop the execution if it's failed to verify the request.
|
||||||
|
// Map the input parameter of "restricted" function with the claims.
|
||||||
|
return jwt.Get(ctx).(*userClaims)
|
||||||
}
|
}
|
||||||
|
|
||||||
return
|
return nil
|
||||||
})
|
})
|
||||||
|
|
||||||
api.Get("/authenticate", writeToken(j))
|
api.Get("/authenticate", writeToken)
|
||||||
api.Get("/restricted", restrictedPage)
|
api.Get("/restricted", restrictedPage)
|
||||||
}
|
}
|
||||||
|
|
||||||
type userClaims struct {
|
type userClaims struct {
|
||||||
jwt.Claims
|
Username string `json:"username"`
|
||||||
Username string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func writeToken(j *jwt.JWT) iris.Handler {
|
func writeToken(ctx iris.Context) {
|
||||||
return func(ctx iris.Context) {
|
claims := userClaims{
|
||||||
j.WriteToken(ctx, userClaims{
|
Username: "kataras",
|
||||||
Claims: j.Expiry(jwt.Claims{Issuer: "an-issuer"}),
|
|
||||||
Username: "kataras",
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
standardClaims := jwt.Claims{
|
||||||
|
Issuer: "myapp",
|
||||||
|
}
|
||||||
|
|
||||||
|
token, err := signer.Sign(claims, standardClaims)
|
||||||
|
if err != nil {
|
||||||
|
ctx.StopWithError(iris.StatusInternalServerError, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx.Write(token)
|
||||||
}
|
}
|
||||||
|
|
||||||
func restrictedPage(claims userClaims) string {
|
func restrictedPage(claims *userClaims) string {
|
||||||
// userClaims.Username: kataras
|
// userClaims.Username: kataras
|
||||||
return "userClaims.Username: " + claims.Username
|
return "userClaims.Username: " + claims.Username
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user